NCSU OIT Integration Services

Sigh. Novell has releasd Service Pack #5 for Client-32 4.91

http://download.novell.com/Download?buildid=qmMAWSRy5q4~

We'll need to test this against our NDPS stuff to see if it fixes anything.

If you read way far down in the list of things addressed, it does mention

Ndppnt.dll from 4.91 SP4 breaks NDPS printer installs

Debbie and I spent some time this afternoon trying to quantify what was broken between ACSAD and UNITY.AD.

What we tested was creating a domain local group, and then adding members to that group from the other domain.  In all cases, we could browse and add from either domain without difficulties, but when we tried to view the members of the group, we got a "the other domain may be down" error after a long delay.

Hi gang,

 Joe and Will seem to have access controls assigned to groups rather then individual people in QIP.  Yay, go team, and woot!

For our monday meeting, I'd like to ask each of you to make a printout of all the VLANS that you have rights to in QIP, and mark up which ones you think the whole group needs, if they are to be responsible even in part for the job you're doing now.  I'd like to compile a map of VLANS, past and present.

Both UPS's in the old Microsys racks in Poe Hall have failed batteries.  Construction around Poe is causing frequent power fluctiations. 

 The unix machines co-hosted there, with only a single power supply, were bouncing up and down on a short cycle.  Tim and I moved them to a new UPS, reclaimed from the surplus pile in the third floor hallway.

The Dell hardware is surviving better, because both power supplies have to fail at the exact same moment for the machine to blip.

We're ready to try our combined on-call rotation.

On-call will run from Monday to Sunday. Kevin is the first one ot be on-call in the "shs-general" group, as he's currently due to be it in the Hosted/Citrix systems rotation.

When Nagios detects a problem with a server, it will indicate it at http://sysnews.ncsu.edu/tools-obin/server-status . This address is referred to as "the server status page."

Mark asked me if it would be possible to tie this integrate.oit.ncsu.edu blog into the administrative portal at http://mypack.ncsu.edu .  At the time, I figured it would be easy -- at a minimum we could read the RSS feeds from this site into a portlet.

Alas! Though there are clearly RSS feeds in the admin portal (you can get the WRAL news) end-users don't seem to be able to identify and use their own RSS feeds. As currently configured, the admin portal appears to be just for administrative centrally delivered stuff, and not a general purpose portal.

In order to accomplish our goals, our general implementation plan includes

• Account generation and "Pass Thru" authentication (goals 2,3,4, and 5)
• Workstation based administration (goals 1,2, and 3)
• Identity/Role Management automatic groups (goals 1,2,3 and 6)
• Administrator identification deligated by Remedy group (goals 1,2, and 3)
• Attribute level delegation (goals 1,2 and 3)

We're specifically planning to NOT implement some potential options, in order to best meet these goals:

The most important half dozen things that we see as critical for our group/environment to offer to the campus are <drumroll, please!>

GOAL 1: Assist distributed Administration
Provide reasonable defaults by default. Allow "opt-out" of defaults with a minimum of effort.

GOAL 2: Security and Privacy
We must protect confidential data from anyone who does not need that specific information to perform their job duties.

Harry charged us to come to the next meeting with our goals, bisions, and values so that we can begin to develop a shared culture.

At the CTS "big" meeting, Greg distributed a printout with the CTS Vision.  I'm reproducing it here so I'll have a machine readable copy.

The academic NC State computing environment has been based on MIT
Kerberos for XXXX (how long?) Historically, when we've needed to
support LAN systems that did not directly support Kerberos, we've
synchronized the accounts and passwords into multiple authentication
databases.

While this was necessary and desirable in order to provide
services at all, synchronization does present significant cost and
fragility over using a common authentication system directly.