Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
384
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
2
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. BeoLink.org AFS Identity Management Fabrizio Manfredi FuruholmenAFS Workshop October 2008
  • 2. Agenda BeoLink.org   Introduction   AFS Manager   Introduction   Features   Demo   Next Steps   PtServer-NG   Introduction   Architecture   Demo   Open Points
  • 3. PtServer BeoLink.orgIntroduction Centrally administration “means” security and time/resource savings
  • 4. PtServer BeoLink.orgIntroduction Accounts Centralization • Enterprise Directory • Change Application • High Availability Centralized Provisioning • Connectors for applications • Product • Identity Management
  • 5. PtServer BeoLink.orgIntroduction Distributed Centralized • You don’t need change apps • Real-time • Low problem on HA • Consistency View • IDM with RBAC • Reuse existing Architecture
  • 6. PtServer BeoLink.orgIntroduction AFS Manager • Graphical User Interface • Provisioning Interface ( multi mode) • Administration Task PtServer NG • Active Directory Integration • Directory Integration
  • 7. BeoLink.orgAFS Manager
  • 8. AFS Manager BeoLink.orgGoalsGUI • Interface for Windows Administrators • Simple to use • Complete overview of the Cell • Standard object for php scripting (CLI)Monitoring • Volume Access Monitoring • Volume Space Usage • System StatisticsWebService Interface • Provisioning Interface for Volume, User, Group • Automatic volume layout • Re-Balance (replications, move volumes ..)
  • 9. AFS Manager BeoLink.orgDemo Demo …
  • 10. AFS Manager BeoLink.orgArchitecture Client • AJAX • Acrobat APACHE + PHP • XML • JSON • PHP >= 5 • SQL Lite AFS • Adm Command Line
  • 11. AFS Manager BeoLink.orgNext Code • Java backend ? • PHP Library • Object Cache WebService Interface • Automatic volume layout • Re-Balance (replications, move volumes ..)
  • 12. BeoLink.orgEnd of part 1
  • 13. BeoLink.orgPtserver NG
  • 14. PtServer BeoLink.orgOverview Ptserver keeps user/group information • Ptserver contains entries for every user and group in the cell • Ptserver allocates AFS IDs for new user, machine and group entries and maps each ID to the corresponding name. • Ptserver generates a current protection subgroup (CPS) at the File Servers request. The CPS lists all groups to which a user or machine belongs Ubik is the openAFS database • Ubik is a single linear database • Ubik is automatically replicated across a number of servers. • Ubik is a ‘transactional’ database (supports fully distributed changes as long as a majority of the servers are up and are synchronized together in a write quorum)
  • 15. PtServer BeoLink.orgGoals Create Pluggable user storage • Ubik • Ldap • Windows Create flexible user mapping • Mapping user id on existing system • Mapping group id on existing system
  • 16. PtServer BeoLink.orgWinbindWinbind unifies UNIX and Windows NT account management byallowing a UNIX box to become a full member of an NT domainAuthentication • NTLM • ADS (Kerberos)Users Information • Account info • ID mappingGroups Information • Group info • ID Mapping
  • 17. PtServer BeoLink.orgArchitecturePtserver • Network Layer • AD DriverWindbind • Cache • IDMAP EngineIDMAP Storage • Ldap • ADS • FileDomain Controller • Samba • WinNT/Win2*
  • 18. Overview BeoLink.orgDemo Demo … high probability of crash ..
  • 19. PtServer BeoLink.org Advantages • Single identity (single storage) • id mapping • gid mapping • Real time update • Pluggable in existing infrastructure Disvantages • Reliability • Performance
  • 20. PtServer BeoLink.orgOpen points .. Licences • Load GPL 3 library, compatibility ? Performance • How many request per second ? Where to Store .. • Flags • Quota Group
  • 21. BeoLink.org Reference• For Further Questions:• Fabrizio Manfredi• fabrizio.manfredi@gmail.com manfred.furuholmen@gmail.com• http://www.beolink.org Too Long The End
  • 22. AD as IDM BeoLink.orgIdMappingIDMAP SID<->UID/GID • LDAP • Internal (TDB) • ADS (SFU/RFC)