1 / 13

Comprehensive User Access Management at Penn State University

This presentation by Steve Kellogg, Director of the Advanced Information Technologies Center for Academic Computing at Penn State University, delves into the intricacies of authorizing access to various university services. Covering topics such as authentication, delegation, and management across a heterogeneous environment, it highlights the integration of diverse systems and services catering to approximately 74,000 full-time and 25,000 employees. The session addresses user services, including email, databases, and file services, emphasizing automation and extensibility in managing user access efficiently across multiple campus locations.

ivrit
Télécharger la présentation

Comprehensive User Access Management at Penn State University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authorizing Access to Services at Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing

  2. Authorizing Access • HOW • “Baggage” v. “Luggage” • Integrated everything • Authentication, authorization, namespace, management, filesystem • Heterogenous • What • File service • Web service • Applications • Systems • Delegation

  3. Penn State Environment • 24 Campus Locations • ~74,000 Full Time Students • ~5,000 Part Time Students • ~25,000 Employees • ~5,000 “Others”

  4. CACTUS Center for Academic Computing Tracking of User Services Backend processes Signature Stations (end user $ Auth) User Services: Access(DCE), Email, web, DFS, Database, backup, Class News, Printing, Plotting, calendar, LDAP,... Accounts Database (Oracle) • One Account, Many Services • Organize data from disparate sources • Automation ALWAYS goal • Fully extensible • Scalability of services Java/web Interface External Data sources

  5. Systems Access • Lab systems • Windows • MAC • Unix(AIX, IRIX, Solaris) • Modems • Authorized based on group membership • ISP apps • email, netnews, …

  6. DCE Production Applications • Fileservice • DFS • 50MB Home Directories • webmail, portal profiles, personal webspace • 300 MB for HPC and VIZ users • 10 MB quota increment per course • Quota reduced at end of semester • Site licenses for Solaris, AIX, NT, IRIX

  7. DCE Production Applications • Group management – Admin, HPC, Classes, Ad Hoc – Web Authorization – Shared DFS access – 3 groups typically created for each group - Delegated group management - Group, group_admin, group_owner

  8. DCE Production Applications • CAC Web Service • – AIX/Solaris/Linux • – Apache w/ & w/o mod_auth_dce • – Most content in DFS • – Load balanced w/ IBM’s Network Dispatcher • – JDBC and PerlDBI access to Oracle and DB2 • .eg MicroSoft SW distribution

  9. DCE Production Applications • Web Servers (Gradient’s NetCrusader Security Adapter) – Executive Information System (EIS) – Library access to licensed Web content (LIAS) – Purchasing Catalog – Computer & Information Systems (C&IS) Web site – Microcomputer Order Center (MOC) – Smeal College of Business – Electronic Testing Services (ETS)

  10. DCE Production Applications • Other web service • Office of Physical Plant • Linux, Apache, K5 • Office of Human resources • NT, IIS, Gradient DCE RT, VB • Lab consultant management tools • AIX, K5, C • Others that we don’t necessarily know about…

  11. DCE Mandarin • OS/390 Enterprise Server; ADABAS • NT Web Servers; WebComm.dll • Authenticated RPC client • Several services; same RPC code base • Student Apps (eLion) • Business Apps (WebIBIS) • Financial Apps (FIT) • RPC protection level • integrity • privacy

  12. PKI at PSU • CREN CA Pilot • OpenSSL • Server Certs • Short term certs • Kx509 auth in DCE cell

  13. Questions?

More Related