IT Services Organization Chart

STANFORD UNIVERSITY • INFORMATION TECHNOLOGY SERVICES

page 1

IT Services Organization ChartIT Services Organization Chart


page 2

Authentication: SUNet IDsAuthentication: SUNet IDs

Stanford University Network IDentifier• 3-8 character identifier• Permanent – cradle to grave – but aliases allowed!• Not private and not anonymous• Your “golden key” to online services• Password – change every 180 days• http://sunetid.stanford.edu

Computing Services


page 3

Authentication: Workgroup ManagerAuthentication: Workgroup Manager

Workgroup Manager Web application Defines groups of community members for use on

restricted web pages or applications

Workgroups are:• Lists of members in a group• Identified by their SUNet IDs• Given a name that uniquely identifies them. • Replicated into the Active Directory (AD) – more on AD

later!

A workgroup may also contain subgroups!

• http://mais.stanford.edu/applications/workgroup/

Computing Services


page 4

Authentication: Types of WorkgroupsAuthentication: Types of Workgroups

3 types of workgroups:

1. System-maintained workgroups:stanford:student (students) stanford:academic (faculty and students)stanford:faculty (faculty)stanford:administrative (staff and faculty)stanford:staff (staff) stanford:stanford (students, faculty, and

staff)

2. Department workgroups (often identified by the department’s assigned stem)

organization:businessaffairs_its gsb:affiliates helpdesk:consultants

3. Individual workgroups (identified by the owner’s SUNet ID preceded by a tilde ~)

~jdoe:book_exchange ~instr:friends ~santa:naughty_children

Using workgroups (with Webauth, for example) in a .htaccess file:AuthType WebAuth AuthType WebAuth AuthType WebAuthrequire privgroup stanford:staff require privgroup its:directors require privgroup

~instr:friends

Computing Services


page 5

Authentication: KerberosAuthentication: Kerberos

Kerberos:• A network authentication system for use on physically

insecure networks. • The heart of Stanford’s campus-wide network security

infrastructure.• Prevents eavesdropping or replay attacks.• Provides for data stream integrity (detection of

modification) • Prevents unauthorized reading of data using

cryptography systems such as the Data Encryption Standard.

• Is the official method for authentication at Stanford(see Admin Guide 64)

Computing Services


page 6

Authentication: Establishing Kerberos CredentialsAuthentication: Establishing Kerberos Credentials

Windows: • Network Identity Manager (NIM) • Stanford Desktop Tools• http://www.stanford.edu/services/ess/pc/docs/kerberos/

Macs: • Kerberos for Macintosh (runs in the background) • Stanford Desktop Tools• http://www.stanford.edu/services/ess/mac/docs/kerberos/

Unix: • kinit• http://unixdocs.stanford.edu/loggingin.html

How does it work?1. User runs NIM (Windows) or Stanford Desktop Tools (Windows/Mac) or

kinit2. User logs in with valid SUNet ID and corresponding password3. Kerberos credentials are established!

Computing Services


page 7

Authentication: Web Authentication (WebAuth)Authentication: Web Authentication (WebAuth)

Open-source web-based system for authenticating users (developed here!)

Protects web sites on the main Stanford web servers Can be used with other Apache-based web servers How does it work?

1. User visits a protected website2. Login screen appears and user enters SUNet ID and password3. User’s identity and Kerberos ticket carried in a cookie

https://weblogin.stanford.edu/help.html http://webauth.stanford.edu

Computing Services


page 8

Authentication: Web Login (WebAuth continued)Authentication: Web Login (WebAuth continued)

2 keys are given to you when you log in: 1. a key to the specific web site or service you visited, 2. and a "master" key that opens other protected web sites.

The keys last until you quit your browser program, or until they expire – up to 10 hours later.

Be sure you have "turned in your keys" by quitting your browser before you leave your computer. • Otherwise other people can access websites as though

they are you!

Note:• Using a protocol called SPNEGO, supported browsers can access

protected web sites using Kerberos credentials obtained from your computer login instead of using the WebLogin screen.

• For details, go to https://weblogin.stanford.edu/config.html

Computing Services


page 9

Authentication: ShibbolethAuthentication: Shibboleth

http://www.stanford.edu/services/shibboleth/

Lets you access secured non-Stanford sites (only those who have joined a common federation) using your SUNet ID.

Lets Stanford web servers authenticate users from those non-Stanford institutions using their local authentication credentials.

Example: COManage – Internet2 Project• Still in development…• COManage is the Collaborative Organization Management Platform

developed by the Internet2 Middleware Initiative. It is intended as a demonstration of the capabilities offered by tying together federated identity management (Shibboleth), groups management (Grouper), and (coming soon) privilege management into a cohesive support infrastructure for a variety of collaborative applications.

• http://middleware.internet2.edu/co/• http://comanage-dev.stanford.edu/

Computing Services


page 10

Authentication: Guest AccountsAuthentication: Guest Accounts

Based on email address Uses Shibboleth as authentication A Stanford Guest Account allows you to view specific

Stanford web pages that normally require Stanford-Affiliated SUNet identification. A Guest Account might allow you to view and interact with web-authenticated department, individual, and group pages. The owner of the restricted pages can allow you to access them via your Guest Account.

Note: A Guest Account cannot be used to access any restricted data including HIPAA, FERPA, or PCI-regulated data.

http://www.stanford.edu/service/guest/

Computing Services


page 11

Distributed File Systems – AFS (Andrew File Distributed File Systems – AFS (Andrew File System)System)

Stanford’s campus-wide file system Allows users to efficiently share files across local and

wide area networks System is backed up nightly University’s main web site and linked files hosted on

AFS

http://www.stanford.edu/services/afs/

Computing Services


page 12

Distributed File Systems – AFS disk space quota Distributed File Systems – AFS disk space quota

1 GB of disk space per users, group, or department

Can be used to store web pages, text files, computer programs, pictures and other digital data

Learn more:http://www.stanford.edu/services/disk-space/

Request group/dept space or increase quota:http://tools.stanford.edu/

Computing Services


page 13

Distributed File Systems – OpenAFSDistributed File Systems – OpenAFS

Lets you access AFS space on a desktop computer as a shared drive

http://www.stanford.edu/services/openafs/

Computing Services

Mac Windows


page 14

Distributed File Systems – Copying Files to AFSDistributed File Systems – Copying Files to AFS

For step-by-step instructions on copying files to AFS, visit http://filetransfer.stanford.edu/• OpenAFS• SFTP (Fetch/SecureFX)

WebAFS is a new, web-based method to easily copy files to AFS• http://afs.stanford.edu/• http://www.stanford.edu/services/afs/webafs/userguide/

Computing Services


page 15

Distributed File Systems – Workgroup IntegrationDistributed File Systems – Workgroup Integration

Workgroups can be integrated with AFS, Mailing Lists, and the Active Directory

https://tools.stanford.edu/cgi-bin/workgroup-admin

Computing Services


page 16

Distributed File SystemsDistributed File Systems

Common Internet File System (CIFS)• CIFS (Common Internet File System) = “file servers”

• Also known as “Server Message Block”• Also known as the “Windows File Sharing”

• At Stanford, we use the CIFS protocol to provide access to a central file service.

• Can be used to share and store files for groups and departments.• Authentication is via Kerberos and NTLM version 2 (Windows NT LAN

Manager)

http://www.stanford.edu/services/storage/lowcost/cifs/

Computing Services


page 17

Backup, System Security, and Anti-VirusBackup, System Security, and Anti-Virus

Backing Up:• Desktop/laptops (e.g., Mozy, Iron Mountain (BaRS being deprecated))

• Basically outsourced with a Stanford rate - CRC can help if part of a CRC contract

• Servers (e.g., AFS) - Using TSM (looking at disk to disk backup solutions)

System Security:• BigFix – http://www.stanford.edu/services/bigfix/

An OS patch management service which distributes critical security updates to Windows PCs and Macintoshes.

• PC Security Self-Help - http://www.stanford.edu/group/security/securecomputing/

• OS Updates• Windows: http://windowsupdate.microsoft.com/• Apple: http://support.apple.com/• Linux/Unix

Anti-Virus: Sophos (Stanford site-licensed anti-malware software, providing protection from both viruses and adware/spyware)• http://ess.stanford.edu/pc/sophos.html• http://ess.stanford.edu/mac/sophos.html

Computing Services


page 18

Business Applications SupportBusiness Applications Support

Support for ITS internal business apps and campus-wide enabling applications

Pinnacle (Billing), OrderIT, MyITServices

General Enterprise/IT Support Systems• Remedy/HelpSU - tickets; reporting• CMDB (Configuration Management DataBase) – at Stanford, we use BMC

Remedy

Calendaring• Zimbra information: http://www.stanford.edu/services/emailcalendar/

Docushare• A content and document management system• http://docushare.stanford.edu

Infra • Change Management system used to create, approve, schedule, and provide

notification of change requests related to IT systems hardware and software• http://changemanagement.stanford.edu

Stanford Answers (also Client Support): http://answers.stanford.edu

Computing Services


page 19

Business Applications Support (continued)Business Applications Support (continued)

Support for ITS internal business apps and campus-wide enabling applications

ACES (Access Control Enterprise Systems) – Card access to buildings

• Lenel

• CS Gold

eCommerce – a suite of services that enables Stanford's schools, centers, and departments to establish themselves as merchants, and market and sell products and services on the web. Managed by the Controller’s Office.

SMARTS – monitoring tool to monitor and respond to alerts from networks (phone, switch, data, VOIP, Net-to-Switch/Jack), door security, and environmental systems in the data centers

Unanet – time tracking tool that IT Services uses internally to track staff work time

Jira – tool used to track bugs and other issues in enterprise software used at Stanford

Computing Services


page 20

Departmental compute serversDepartmental compute servers

Remote access to high-speed, high-power computing resources to support large jobs and provide support for core curriculum and research

Support for departmental or course-specific computing needs.

Specific compute services that don't scale to an enterprise level.

Computing Services


page 21

Database Services – MySQLDatabase Services – MySQL

IT Services provides consulting and assistance with databases and database vendors, as well as hosting and support.

MySQL service• Popular open source database management system• With PHP programming language, used to build dynamic,

interactive Web sites. • Available for Stanford departments and official University

groups and services• https://www.stanford.edu/services/sql/• http://mysql.stanford.edu

Computing Services


page 22

Database Services – Microsoft SQL and OracleDatabase Services – Microsoft SQL and Oracle

Microsoft SQL• Microsoft’s implementation of SQL• IT Services offers support for departments who have

implemented Microsoft SQL Oracle

• IT Services provides consulting and assistance with databases and database vendors, as well as hosting and support.

• Note: No Oracle DBAs in-house For-fee services - supported via Ntirety

Computing Services


page 23

Directory Services (Registries)Directory Services (Registries)

OpenLDAP (Open Lightweight Directory Access Protocol)• http://www.stanford.edu/services/pubsw/package/network/

openldap.html• http://www.stanford.edu/services/directory/• http://www.openldap.org/

Active Directory• http://windows.stanford.edu/Public/Infrastructure/Services/

Directory.html Whois / StanfordWho

• http://stanfordwho.stanford.edu/ StanfordWhat

• http://stanfordwhat.stanford.edu/ Workgroup Manager

• http://workgroup.stanford.edu/ StanfordYou

• http://stanfordyou.stanford.edu/ Printed Directory (ASSU)

• http://assu.stanford.edu/

Computing Services


page 24

Directory Services (Registries)Directory Services (Registries)

Computing Services


page 25

Technical Facilities (TFAC)Technical Facilities (TFAC)

Provides operational management and support for:• IT Services production systems• Infrastructure supporting these systems• Data Centers

• Forsythe, Sweet Hall, the 12 ECH (Electronic Communication Hub) facilities, and the Auxiliary Data Center in Livermore, CA)

Responsible for:• Space Planning• Vendor/Customer Coordination• System Hardware Installation• Cabinetry• Low Voltage Cabling and Branch Circuit Distribution• Tracking all equipment in the data centers, IT Services,

Administrative Systems, and the CFO’s office (Property Administration)

Computing Services


page 26

Storage ManagementStorage Management

IT Services provides solutions to data storage needs for all levels — individual, departmental, and institution-wide (enterprise). • 1 GB of AFS storage space is provided at no charge• Three additional tiers of fee based storage, each priced per

gigabyte for maximum flexibility. This service provided by block-level, or file-level storage

with multiple available protocols (SAN, NAS, iSCSI, CIFS, AFS, etc).

For interconnection, fiber channel and iSCSI is recommended

http://www.stanford.edu/services/storage/

Computing Services


page 27

Unix/Linux/Windows System AdministrationUnix/Linux/Windows System Administration

Unix/Linux System Administration• Plan, manage and operate development and production

servers in Forsythe Data Center, Sweet Hall, and West ECH, East ECH, and Press ECH.

• http://www.stanford.edu/services/unixcomputing/

Windows System Administration• Addresses the need to move closer to single sign-on• Provides location-independent access to resources,• Provides manageability and security for the Microsoft

Windows platform• http://windows.stanford.edu/

Computing Services


Web Services – Infrastructure StuffWeb Services – Infrastructure Stuff

ITS web services allow clients control over the collection (database) and presentation (web) of information using various tools.

Virtual Host:• Lets you have a shorter web address (URL – Uniform Resource

Locator)• Learn more: http://virtualhosting.stanford.edu/• Request or update existing: http://tools.stanford.edu/

Scheduling Service:• Lets you schedule Unix commands to be run at a particular time.• Request or update existing: http://tools.stanford.edu/

Log Dump Request:• Lets web administrators manage site’s logging information• Using AWStats, can view statistics about activity on their site• Request or update existing: http://tools.stanford.edu/

Web Searching: • http://search.stanford.edu/• http://www.stanford.edu/services/websearch/google/

Web Space: http://www.stanford.edu/services/web/page 28

Computing Services


Web Services – DatabasesWeb Services – Databases

MySQL• Popular, free, open-source relational database

management system known for its speed, reliability, and ease of use.

• http://www.stanford.edu/services/sql/• http://mysql.stanford.edu• Request a database: http://tools.stanford.edu/

Microsoft SQL• Microsoft’s implementation of SQL• IT Services offers support for departments who have

implemented Microsoft SQL via Ntirety support (for-fee service)

page 29

Computing Services


page 30

Web Services – Forms and CGIWeb Services – Forms and CGI

CGI (Common Gateway Interface): Lets you run programs on the Web – providing dynamic

content, collecting user input, and offering services Ruby, Python, PHP and Perl languages are supported http://cgi.stanford.edu/ Request CGI service: http://tools.stanford.edu/

Form Builder: Build, publish, and manage web forms on the Stanford

servers http://formbuilder.stanford.edu http://www.stanford.edu/services/webforms/

Computing Services


Web Services – Content Management Systems Web Services – Content Management Systems (CMS)(CMS)

Content Management Systems (CMS):• Drupal installation: http://tools.stanford.edu/• Stanford look and feel templates:

http://web.stanford.edu/design/templates/modern/• SharePoint: http://www.stanford.edu/services/sharepoint/

Other systems will work, but aren’t necessarily supported. Your mileage may vary!

Note: These products are evolving. Stay tuned for new developments!

page 31

Computing Services


Web Services – BlogsWeb Services – Blogs

Blogs:• MovableType installation: http://software.stanford.edu/• WordPress installation: http://tools.stanford.edu/• Drupal installation: http://tools.stanford.edu/• Stanford look and feel templates:



page 32

Computing Services


Web Services – WikisWeb Services – Wikis

Wikis:• MediaWiki installation: http://tools.stanford.edu/• Drupal installation: http://tools.stanford.edu/• Stanford look and feel templates:



page 33

Computing Services


Web Services – SharePointWeb Services – SharePoint

Fee-based service Offers tools for managing content on the Web Contains wikis, blogs, discussion forums, event

calendars, announcements, task lists, etc. built-in Workflow tools help manage and automate business

processes (approvals/publishing) http://www.stanford.edu/services/sharepoint/

page 34

Computing Services


page 35

Email at StanfordEmail at Stanford

Email at Stanford: http://email.stanford.edu/

Antivirus / SPAM (Sophos PureMessage): http://email.stanford.edu/antispam

Bulk email: Send email to large numbers of Stanford users for official, approved Stanford administrative purposes.

Mailing list services (Mailman): http://mailman.stanford.edu

Secure email: http://secureemail.stanford.edu/T

his service is for off-campus secure communication

(extra hurdles for data security)

Support for Microsoft Exchange servers

ITS is running a BES server for Blackberry devices

Computing Services


page 36

Stanford Collaboration Tools (Email/Calendar/IM)Stanford Collaboration Tools (Email/Calendar/IM)

Integrated Email and Calendaring (IEC) web site: http://iec.stanford.edu

Stanford Email and Calendar services web site: http://www.stanford.edu/services/emailcalendar/

IEC solution• Webmail: http://webmail.stanford.edu/• Webcal: http://webcal.stanford.edu/• Desktop tools (Outlook, iCal, Apple Mail, Thunderbird):

http://www.stanford.edu/services/emailcalendar/desktop

Email Service Tools: http://tools.stanford.edu

Stanford Instant Messaging• http://im.stanford.edu/• Centrally-funded instant messaging service provided free-of-charge to

the Stanford community, using kerberos, SSL, and the jabber (XMPP) protocols

• A safe and secure way to conduct confidential Stanford business online, real-time. (Messages are secure only when sent between Stanford accounts.)

Computing Services

IT Services Organization Chart

Documents

Transcript of IT Services Organization Chart