Directories and NRAOs Future
(Regular [individual slides] version)
Seminar "Making use of Directories": Network World, Washington DC
Why: find out about LDAP, MS Active Directory, NDS,
What we found:
is deploying some sort of enterprise-wide (or wider) directory
What does this mean for NRAO?
Three-tier: external, meta- (glue), and special purpose (NIS etc).
X.500 past, LDAP present and future
The problem: 187 separate directories for user info, e.g.:
(three: Unix, NT, AS400)
Personnel: RAO #2102 etc.
Fiscal: Purchasing, Payroll, etc.
(Snail) mailing lists, etc.
Synchronization, Distributed entry, related entries, are problems.
Meta-directory can "glue" things together; short-term solution, migration tool to more unified environment.
Directories and the Network
Eliminate "stovepipes"; custom, de facto "duct tape" between things (
, mail aliases table, list of web pages, auto-generated mailing lists...)
Concentric circles: data on inside, intranet, extranet, internet
Directories should help facilitate:
Single or near-single sign on;
Manageable PKI (Public Key Infrastructure, if used);
Easier to deploy secure and sensitive applications; give control to the person who has the authority.
"Enterprise" directories, Network OS facilities (NIS/YP) are merging.
Quality of Service: high priority to, e.g. remote observing; low or zero to less important services; routers will be directory-enabled.
Future Possibilities for a Directory Service:
Proposal submission and management
Observer management (!!)
Data Products (e.g., proprietary/public periods for VLA obs.)
Allow external users to modify their information without manual intervention by us. Think guests, observers, other NRAO "customers".
Merges info from other, existing directories (NIS, Phonebook, HR, Fiscal)
The "glue" that binds things together; provides
Legacy "directories" ultimately retired as meta-directory subsumes their roles.
Proposed Testbed Deployment: Phone Book
We're already using a poor man's "directory":
is used to generate
web page links
, dialin modem authentication, and web server redirects automatically, right now.
In principle, this info could be used for mail aliases, then (later) login records for Unix and NT.
Existing Phone Directory flat-text-and-Fortran-programs not strong enough; need a real LDAP directory/server.
Long term goal: Personnel, Fiscal, Payroll, Purchasing?
Ideal: one directory. Realistic: fewer than we have now!
AVOID TURF WARS! Any group that plans a directory deployment HAS to have top-level buy-in from ALL groups in the Observatory, and enough funding to do the job.
LDAP-based directory can provide more functions and future expansion than what we have now, at lower cost (in people's time)
We're headed that way, but
with the right tools yet
If NRAO wants to provide better services to our "Customers" (Observers, Taxpayers), we need to start planning NOW.