%\documentclass[colorBG,slideColor,troispoints,pdf]{prosper} \documentclass[colorBG,total,slideColor,pdf]{prosper} %\documentclass[colorBG,slideColor,ps]{prosper} \usepackage{alltt,key,xr,cols,rcs,acro,nick,% graphicx,varioref,explanation,booktabs,multicol} %\usepackage[nolineno,noindent]{lgrind} %\definecolor{green}{rgb}{0,1,0} \RCS $Revision: 1.0 $ \renewcommand*{\bs}{\texttt{\char '134}} % Backslash `\' \newcommand*{\subject}{Operating Systems and Systems Integration} \newcommand*{\emphcolour}[1]{\emph{\red#1}} \providecommand*{\RPM}{\acro{RPM}\xspace} \providecommand*{\CD}{\acro{CD}\xspace} \providecommand*{\IPC}{\acro{IPC}\xspace} \providecommand*{\UID}{\acro{UID}\xspace} \providecommand*{\GID}{\acro{GID}\xspace} \providecommand*{\SMP}{\acro{SMP}\xspace} \providecommand*{\API}{\acro{API}\xspace} \providecommand*{\OK}{\acro{OK}\xspace} \providecommand*{\IETF}{\acro{OK}\xspace} \providecommand*{\MS}{\acro{MS}\xspace} \providecommand*{\IOS}{\acro{IOS}\xspace} \providecommand*{\NETBIOS}{Net\acro{BIOS}\xspace} \providecommand*{\SMTP}{\acro{SMTP}\xspace} \providecommand*{\RADIUS}{\acro{RADIUS}\xspace} \providecommand*{\NTP}{\acro{NTP}\xspace} \providecommand*{\NNTP}{\acro{NNTP}\xspace} \providecommand*{\POP}{\acro{POP}\xspace} \providecommand*{\IMAP}{\acro{IMAP}\xspace} \providecommand*{\IPX}{\acro{IPX}\xspace} \providecommand*{\CAT}{\acro{CAT}\xspace} \providecommand*{\BDC}{\acro{BDC}\xspace} \providecommand*{\ADS}{\acro{ADS}\xspace} \providecommand*{\ACL}{\acro{ACL}\xspace} \title{Systems Integration} \subtitle{Making Many Protocols and Networks Interoperate} \author{Nick Urbanik \texttt{}\\ \footnotesize{}Copyright Conditions: GNU FDL (see \url{http://www.gnu.org/licenses/fdl.html})} \institution{Department of Information and Communications Technology} \slideCaption{OSSI --- Systems Integration --- ver. \RCSRevision} \Logo{\includegraphics[width=15mm]{ict-logo-smaller}} \begin{document} \maketitle \begin{slide}{The Problem} \begin{itemize} \item There are so many Operating Systems: \begin{itemize} \item Microsoft: \vspace*{-1ex} \begin{multicols}{2} \begin{itemize} \item Windows 9x \item Windows \acro{CE} \item Windows \NT \item Windows 2000 \item Windows \acro{XP} \item Windows 2003 \end{itemize} \end{multicols} \vspace*{-1ex} \item Linux, from various vendors \item \UNIX \begin{itemize} \item Sun Solaris \item \acro{AIX} from \IBM \item \acro{HPUX} from Hewlett Packard \end{itemize} \item Apple: \OS X, and the previous \MAC \OS \item Cisco: \IOS, various others (e.g., for Catalyst switches, \acro{PIX} firewall,\ldots) \end{itemize} \end{itemize} \end{slide} \begin{slide}{So Many Protocols} \begin{itemize} \item Standard Protocols: \vspace*{-1ex} \begin{multicols}{4} \begin{itemize} \item \TCPIP \item \SMTP \item \HTTP \item \FTP \item \SSH \item \LDAP \item telnet \item \DHCP \item \DNS \item \PPP \item \XML \item \SNMP \item \SOAP \item \RADIUS \item \TLS \item \NTP \item \NNTP \item \POP{}3 \item \IMAP \item \makebox[0.5\width][l]{Kerberos} \end{itemize} \end{multicols} \vspace*{-1ex} \item Proprietary Protocols: \vspace*{-1ex} \begin{multicols}{2} \begin{itemize} \item \NETBIOS (Microsoft file sharing) \item Active Directory \item \WINS \item Novell Directory Services \item Database services from many providers \item Appletalk \item Novell \IPX \end{itemize} \end{multicols} \vspace*{-1ex} \end{itemize} \end{slide} \begin{slide}{Many Different Hardware Platforms} \begin{itemize} \item So many computing platforms: \begin{itemize} \item \IBM mainframes \item handheld devices \item \RAID systems \item Cluster systems \item \PC{}s \item Notebooks \end{itemize} \item So many different communication media: \begin{itemize} \item \CAT{}5 network cabling \item Wireless \LAN{}s \item Gigabit Ethernet \item Optic fibre \end{itemize} \end{itemize} \end{slide} \begin{slide}{Monoclulture} \begin{itemize} \item Why not just buy from one supplier? \end{itemize} \begin{center} \includegraphics[width=\slideWidth]{monoculture} \end{center} \end{slide} \begin{slide}{How to Make them Work Together?} \begin{itemize} \item Free Software works hard to \emphcolour{include} as many protocols, file systems, vendor products, hardware platforms as possible \item Solutions are cross-platform \begin{itemize} \item Java, Perl, Python, C, \Cpp \item Linux (runs on tiny handhelds to huge mainframes, almost everything between) \item Samba for integration with Windows Networks \item \emphcolour{Netatalk} for integration with \emphcolour{Appletalk} (for older Macintosh \OS{}s) \item Apache Web server runs on almost any platform \item Open\LDAP for directory services \end{itemize} \end{itemize} \end{slide} \begin{slide}{Prefer Open Protocols} \begin{itemize} \item Use \emphcolour{open} and standard protocols as much as possible \item Avoid ``locking in'' to proprietary solutions \emphcolour{where a good open solution exists} \end{itemize} \end{slide} \begin{slide}{Samba} \begin{itemize} \item Implements Microsoft's \SMB protocol \item \SMB = Symmetric Message Block, gave project its name \item achieved through reverse engineering Microsoft's proprietary protocols (no help from \MS, but hindrance) \item good reputation for stability and performance outperforming \MS servers in both respects \item Current production version supports use as a Wondows \NT compatible server (file sharing, printing, support for network browsing) \item Runs on many platforms, including very powerful Solaris machines \begin{itemize} \item Most powerful windows servers run Solaris, not Microsoft software! \end{itemize} \end{itemize} \end{slide} \begin{slide}{Samba 2.2.x} \begin{itemize} \item The release provided with current Linux systems \item Works as an \NT4 compatible \PDC \item \emphcolour{Winbind} (part of samba) allows Linux and \UNIX machines to join a Windows Domain \end{itemize} \end{slide} \begin{slide}{Limitations of Samba 2.2.x} \begin{itemize} \item Does not support Active Directory in the way that a Windows 2000 server does \item Samba 2.2 can neither be a Backup Domain Controller (\BDC) nor use one \item User information stored on a Samba \PDC is not as complete as that stored on a Windows \PDC \item Samba obeys Linux group file access permissions on the \PDC, but it does not tell the client machine about it properly. Group file permissions are hard to set from a client. \item Full support for \ACL{}s (access control lists) depends on applying a patch to the Linux kernel and recompiling the kernel, or waiting till the Linux 2.6.x kernel is released \end{itemize} \end{slide} \begin{slide}{Samba Version 3 (alpha release)} \begin{itemize} \item Currently used in some commercial systems, but documentation not complete \item See {\footnotesize \url{http://us1.samba.org/samba/ftp/alpha/WHATSNEW.txt}} \item Supports Active Directory: a Samba 3 server can join an \ADS realm as a member server and authenticate users using \LDAP/kerberos \item Supports migrating from a Windows \NT 4 domain \item Supports trust relationships with Windows \NT domain controllers \end{itemize} \end{slide} \begin{slide}{Using \LDAP to Authenticate} \begin{itemize} \item \LDAP = Lightwieght Directory Protocol \item A network directory \item Can be used to store user accounts, group information, and information about network devices \item Any application can be made to authenticate against \LDAP \item Samba can use \LDAP to authenticate against \item Can build an infrastructure that uses \LDAP to authenticate \emphcolour{everything} \end{itemize} \end{slide} \begin{slide}{A Case Study: \ICT} \begin{itemize} \item We use Open\LDAP to hold all user accounts (thousands), both full-time, part-time and staff \item All Linux systems authenticate against this directory \item Maintained only by me as a (very!) part time activity \item I did the programming in my spare time \item All home directories are on the same server \end{itemize} \end{slide} \begin{slide}{Next Step} \begin{itemize} \item The next steps are: \begin{itemize} \item Provide better hardware \begin{itemize} \item We have an Adaptec clustering system with a dedicated shared \RAID system \end{itemize} \item Will run Red Hat Advanced Server \item Provide home directories via \NFS (as currently do) and via samba \item Provide support for old Macintosh clients via Netatalk \item Provide a single sign-on for all services for all students and staff \end{itemize} \item Time frame: by next academic year. \end{itemize} \end{slide} \end{document}