institutional data flows at mit paul b. hill csg, may 1999
Post on 13-Dec-2015
213 Views
Preview:
TRANSCRIPT
Institutional Data Flows at MIT
Paul B. Hill
CSG, May 1999
Major Databases to Cover
• Moira
• MITID
• NIC
• Roles Database
• Data Warehouse
• MITDIR
Where we were
Where we are
Where we want to be
Moira
• Central repository of data for the Athena environment
• Home grown solution, now with an Oracle back end
• Unlike a warehouse, it’s more like a “write-only” database
• 10 years after writing it we discovered it was a meta-directory
Moira
• MIT ID to Kerberos principal names
• mail lists
• group memberships
• IP address to hostname mapping
• printer info
• cluster info
• ACLs
Moira feeds data to:
• Warehouse• DNS servers• Hesiod servers• KDC (new principal
names)• Mail hubs• print servers
• Boot servers• MITDIR• NIC database• NT ADS (future)• KNFS servers• PTS (AFS)
Moira gets data from:
• Registrar– manual processing of
tape
• In the future the data from the Registrar will be obtained from the Warehouse. Visibility / Suppression issues need to be dealt with.
• Warehouse– data originally from
Personnel
• User accounts– voucher, guests,
special students
– small ongoing updates done via Moira clients
More Moira info
• http://mit.edu/moira/
• Current Moira schema: http://web/moiradev/src/db/schema.sql
Moira clients
• blanche batch list maintenance tool
• chfn change finger information
• chpobox change pobox location
• chsh change login shell
• dcmmaint alternate name for moira, starts in dcm menu
• listmaint alternate name for moira, starts in list menu
• mailmaint allows naive users to add/delete themselves on mailing lists moira primary Moira client with menus for all services
• usermaint alternate name for moira, starts in user menu
Moira comments
• Client applications allow users or system administrators to perform interactive updates.
• Some changes are immediate. Many take overnight to propagate.
• Used by other systems to maintain a unified name space, e.g. checked before creating a mainframe account.
MITID
• The MIT ID Database provides authorized lookup and assignment of MIT Ids
• Supposed to be immutable
• Still be used inconsistently
• http://web.mit.edu/mitid/www/
MIT ID
• Consumers– Accounts
– Personnel
– Graduate Student Admissions
– P.E. Lottery
– Warehouse
• Suppliers– Moira
– Accounts
– Personnel
– Graduate Student Admissions
– P.E. Lottery (spouses)
MIT ID comments
• Currently it’s not unique enough– 100s of people with ID of nine 9s.– Warehouse uses Kerberos principal as the
primary key. Not all principals are users. Some users have multiple principals.
– NIC uses the Moira row number.
NIC
• Used for– X.509 certificate management– Tether account registration– DHCP registration
• Future: – will be used to update MITDIR– eventual management of DNS instead of Moira
More NIC
• Feeds– Moira
– Warehouse
• Will feed:– Warehouse
– SAP billing
MIT Warehouse
• The Data Warehouse provides the MIT community with integrated data from various administrative systems (subject areas), and stores the data in one location.
• The Warehouse is a “read-only” database, guaranteeing stability over time.
MIT Warehouse
• Balance Sheet Balances
• Balances• Balances by Fiscal
Period• Commitment History• Credit Card• Current Commitments
• Financial Detail• Graduate Awards• Overhead Rates• Personnel• Purchasing Detail• Space
Detailed info on the warehouse
• http://web.mit.edu/warehouse/
The Roles Database
• The Roles Database provides a consistent way to store and maintain access rules for other applications, such as SAP.
• Authorizations are stored in the Roles system's central database; you use the front-end application to display, create, or modify them.
Roles Continued
• The Roles Database does not enforce the access rules that it maintains. – It only collects the information and distributes
it to the appropriate applications, usually as a nightly data feed.
– Applications with an interface to the Roles Database interpret the access rules from the Roles Database and enforce them.
Details on the web
• http://web.mit.edu/rolesdb/www/
MITDIR
• MIT white pages and grey pages– White page access via finger, whois, CSO, web
form– Grey pages access via web form
• politics
– data suppression issues– query limiting issues– changing information
Notably Missing
• LDAP– will probably use Microsoft ADS– If a need develops, will find something more
robust– Global Catalog issues?
• NDS– little demand, trying to phase out central
support
ADS
• No experience yet
• Will be a subsidiary database
• Major focus over next year– data propagation and synchronization– impact on MIT KDC
More ADS
• Latest MS Logo requirements still skirt the issues
• Large number of default attributes and classes– What do we need to use?– Will we need to add attributes?
top related