http:// grnet service box yannis mitsos, george thanos, faidon liambotis tf-msp meeting, amsterdam...
TRANSCRIPT
http://www.grnet.gr
GRNET Service Box
Yannis Mitsos, George Thanos, Faidon Liambotis
TF-MSP meeting, AmsterdamFebruary 4th 2009
Amsterdam, February 4th, 2009 GRNET Service Box
Introduction
2
• 1U server (Dell PowerEdge 1x50) that is delivered free of charge to the Greek academic institutes,
• Provides a set of pre-installed services that suites the needs of most academic institutes,
• Mass-management and local administrator support provided by GRnet's NOC,
• Based on the GNU/Linux ecosystem, specifically Debian,
• Currently deployed in over 20 institutions over the course of 4 years.
Amsterdam, February 4th, 2009 GRNET Service Box
Service portfolio• Directory & AAI services
– LDAP, currently based on Sun DS 5.x.– Shibboleth IdP 1.3– Shibboleth demo SP– RADIUS server with LDAP backend.
• VPN service (OpenVPN).• VoIP Services
– H.323 GK based on GnuGK.– H.323 to SIP gateway using Asterisk.– SIP Registrar/Proxy using OpenSER.
• Plus various network debugging tools (e.g. multicast beacon, iperf)
3
Amsterdam, February 4th, 2009 GRNET Service Box
User Interface –UI-
• Web-based configuration interface for local administrators,• Administrators can easily configure each service's
parameters in a matter of minutes,• Highly-abstracted, not specific to the underlying software to
ease upgrade paths,• Superuser SSH access provided to the local admins only if
needed; currently only a small minority have asked for that,• Custom-made, written on Perl and using XML as the data
store format,• Very limited but has worked well so far,• Accompanied by a different LDAP user management web
tool.
4
Amsterdam, February 4th, 2009 GRNET Service Box
… a few screenshots
5
Amsterdam, February 4th, 2009 GRNET Service Box
Managing SUN Directory Service 5.X
6
Amsterdam, February 4th, 2009 GRNET Service Box
The rationale
• Many institutional NOCs do not have the required technical expertise nor the necessary manpower to deploy novel networking services,
• Many academic institutes are rather small, with an analogously limited NOC in terms of human resources (it can be even one man show),
• Helps solving chicken-and-egg issues, e.g. with federated services such as Shibboleth.
7
Amsterdam, February 4th, 2009 GRNET Service Box
Gains
• We got a better picture of the institutions' needs.
• Newly-provided services reached our users in a matter of days instead of months.
• Major infrastructure/protocol updates are being handled more easily and uniformly:– Shibboleth 1.2 → 1.3, 1.3 → 2.0 (TBD)– H.323 → SIP migration (in progress)
• Helps our goal of building a user community of administrators.
8
Amsterdam, February 4th, 2009 GRNET Service Box
Project Challenges• Marketing to the institutes has been the greatest
challenge:– Many feel that it crosses a line for the NREN's job.– It has been mostly easy to convince them to get one (it's
free!), it's more difficult to make them use it's full potential.• VoIP: interoperability with proprietary (most of them not
supporting VoIP) PBXes• LDAP
– Proprietary student management systems that don't do LDAP,
– ...or totally absent user/student management.• New services should be deployed quickly and mostly
effortlessly.• The UI has to be able to be simple and straightforward
but at the same time provide a way to configure advanced settings.
9
Amsterdam, February 4th, 2009 GRNET Service Box
Next steps
• Enhance (or rebuild) the administration interface:– Less clutter by presenting an integrated picture
(LDAP, Shibboleth, RADIUS),– Provide an “advanced mode” that allows more
fine-grained settings for some services.• Localization support,• Provide more services, esp. federated ones:
– eduRoam?– Antispam applications?
• Use virtualization to provide “virtual boxes” on an even greater scale.
10
Amsterdam, February 4th, 2009 GRNET Service Box
Open topics
• Should we offer more services on the box?• If so, which ones? • Does it make sense to provide common
services such as DNS & e-mail?• Are other NRENs eager to deploy a similar
concept?• Can it be an inter-NREN collaboration
project?• Build a community around it?
11
http://www.grnet.gr
GRNET Service Box
Yannis Mitsos, George Thanos, Faidon Liambotis
TF-MSP meeting, AmsterdamFebruary 4th 2009