Transcript IT Briefing - Emory LITS: Information Technology | Home

IT Briefing
July 2006
IT Briefing Agenda 5/18/06
• EOL Updates
• Karen Jenkins
• WebTalk
• Lee Clontz
• IT Website
• Norman Hulme
• AAIT Video Services
• Brenda
Rockswold &
Jim Kruse
• Oracle Updates
• eSubmissions
• NetCom Q&A
• Evan Ehrenhalt
• Graydon Kirk
• Paul Petersen
1
EOL Fall 2006
• Given CAT, NetReg, and Software Express …
new goal for EOL
– Prepare Student computers for connectivity to Emory
networks
• EOL functionality
–
–
–
–
–
Install Symantec
Install Spybot
Turn on Windows firewall
Configure for Emory UnPlugged (new)
Test for recent Windows updates/patches (and
hopefully install) (new)
– Prompt user to plug into the wired network (new)
– Run the CAT executable (new)
• Screen shot demo in August
• Invite testing participants
([email protected])
2
WebTalk Demo
Lee Clontz
IT Website
Norman Hulme
AAIT Video
Services
Brenda Rockswold
Jim Kruse
Mission Statement
The goals of the Video Services team are to
enhance communication, collaboration,
and information access through a wide
range of services including
videoconferencing, cable television,
audio/video streaming, and webcasting.
The team offers consulting, research, and
support for these services to members of
the Emory academic, research, and
healthcare communities.
6
Customers
• Vary by service
• Emory Faculty and Staff
• Emory Students
• Emory Affiliates
• Emory Healthcare
7
Streaming Content Support
• Streaming within ECIT
• Streaming outside of ECIT
8
Streaming Content Support
• Streaming server capacity
• Supported media formats
9
Live Event Broadcasting
• Webcasting
• Cable television
10
Live Event Broadcasting
• Commencement
• Orientation
• Town Halls
11
Video Conferencing
• IP & ISDN
• Consult on desktop solutions
• Single and Multi-site support (MSU)
12
Cable Television
• 78 Channels
• Unified Channel Lineup
• Cable Broadcast of Special Events
• Satellite Downlinking
13
Video Editing and Production
• Centers support iMovie and Final
Cut
• Class support for video production
• Independent projects –
faculty/students
• AAIT production - Africa
14
For More Information
media.service.emory.edu
Brenda Rockswold
[email protected]
7-5233
Jim Kruse
[email protected]
7-7656
Jack McKinney
[email protected]
404-272-1945
15
Video Services
Questions
16
Oracle
Lets Talk
ADS-DBA Team
AAIT
*
Talk About 10g
• The new 10g version of WEB/EBO
• Oracle Internet Directory (OID)
• Advance Security Option (SSL ?)
18
10g
• The new environment for the WEB/EBO
databases will be more robust.
• 10g allows us to add processing power
during heavy use periods.
• When a box fails, the database will not
fail. It just moves to another box.
• This feature is available with 10g clients
using OID.
19
Who is Moving?
• Most developers who use the WEB
and EBO databases are AAIT.
• This does not address developers
using SLF1, SLF2, DPT1 or DPT2.
• If you are not sure which database
you are attaching to, contact your
web admin or the help desk.
20
WEB/EBO DBs go 10g
• Please start testing the 10g version of
the database now.
• Oracle 9i clients will work, but…
• Install the 10g client to use the
advanced features, such as failover.
• Use OID to access the “AAITWEBD”
service.
21
Talk about OID
• The new 10g version of WEB/EBO
• Oracle Internet Directory
• Advance Security Option (SSL ?)
22
OID: How do I get there from here?
1784 N.
Decatur RD
TNS – Old, lists machine
1784 N. Decatur Rd,
luna.cc.emory.edu
TNS - Manual Change
1762 Clifton Rd
Triton.cc.emory.edu
OID
Web
Server
OID - Do Nothing,
let us work for you!
23
OID vs TNS: How do I get there from here?
TNSNAMES requires you to specify the database server,
the port, and the database name.
If anything changes, then you must manually change the
file. How many PC’s do you support?
How do you know about every change?
OID puts the burden on the DBAs. They make the changes
when a database moves. You don’t have to.
There is no reason not to move to OID as soon as you can.
24
So How Do I Switch to OID?
First we will add a few lines to your sqlnet.ora file in your network
admin folder. Then we create a new file, the ldap.ora in the same
folder.
First lets add lines to sqlnet.ora
# Naming entries for sqlnet.ora
NAMES.DIRECTORY_PATH= (TNSNAMES, LDAP)
NAMES.DEFAULT_DOMAIN = cc.emory.edu
NAME.DEFAULT_ZONE = cc.emory.edu
%Oracle Home%/network/admin/sqlnet.ora
Both files are available on the web.
25
So How Do I Switch to OID?
Now we place a new file, ldap.ora in the same directory.
DEFAULT_ADMIN_CONTEXT = "dc=emory,dc=edu"
DIRECTORY_SERVERS=(oranamesrvr0.cc.emory.edu:389:636,
oranamesrvr2.cc.emory.edu:389:636)
DIRECTORY_SERVER_TYPE = OID
%Oracle Home%/network/admin/ldap.ora
Both files are available on the web.
26
Can I Copy the Files From Somewhere?
Sure!
Go to: http://it.emory.edu/ and search for database.
The Self Service Database FAQ has examples for both ldap.ora
and sqlnet.ora.
Or go to:
http://www.it.emory.edu/showdoc.cfm?docid=1547&fr=1086#faqs
27
Talk About ASO
• The new 10g version of WEB/EBO
• Oracle Internet Directory
• Advance Security Option (SSL ?)
28
What is the problem?
ASO
Web
Server
Bounce
or
Your PC
Database
Server
Hackers
Unprotected
connection
Sniff
29
What about the Core?
• The Administrative Core is a good
concept. It keeps out most of the
hackers.
• The core does not protect against
staff members (or student workers)
with curiosity or malice.
30
So what is the solution?
• Implement ASO, which is the Oracle
equivalent to SSL.
• We will start requesting use of ASO.
• Over time we may move to requiring
it, depending on our security needs.
31
How to use ASO
• Oracle Advance Security is
configured in the sqlnet.ora file.
• Most machines already have what
they need. If not one module (ASO)
may need to be installed.
• Changing a few lines in the
sqlnet.ora file should do it.
32
Can I Copy the Files From Somewhere?
Sure!
Go to: http://it.emory.edu/ and search for database.
The Self Service Database FAQ has examples for both ldap.ora
and sqlnet.ora.
Or go to:
http://www.it.emory.edu/showdoc.cfm?docid=1547&fr=1086#faqs
If you don’t write at 90 MPH, the slides will be available.
33
SQLNET.ORA
The security portion of the SQLNET.ORA
looks like this:
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (MD5)
SQLNET.ENCRYPTION_TYPES_CLIENT= (RC4_40, RC4_56)
SQLNET.CRYPTO_SEED = qwertyuiop1234567890
.ORA = .ora
SQLNET.CRYPTO_CHECKSUM_CLIENT = requested
SQLNET.ENCRYPTION_CLIENT = requested
34
The Future
• Over time we would like all
communication to be encrypted.
• All servers will be set to required if
possible, or to requested for servers
with unusual clients.
• There is no timeline at this point.
35
Questions about any of this
• The new 10g version of WEB/EBO
• Oracle Internet Directory
• Advance Security Option (SSL ?)
http://www.it.emory.edu/showdoc.cfm?docid=1547&fr=1086#faqs
or
http://it.emory.edu/ then search for database to find the self service FAQ.
36
eSubmissions
Graydon Kirk
Emory Backbone
Upgrade Status
and Timeline
July 20, 2006
Paul Petersen
Director, Architecture/Engineering
Network Communications
Agenda
• Preparation Work
– Creating Router Redundancy
– Engineering VLANs
– Replacing Routers
• Timelines
– LAN Migrations
– Border & Firewall
• Challenges & Unknowns
39
Creating Router Redundancy
Typical Building
Switch Room
.1
4th
Edge
3rd
Edge
2nd
Edge
Core
Router
1
Core
Router
2
.2
.3
Master
Switch
1st
.2
40
Engineering VLANs
Typical Building
Switch Room
Core
Router
2
4th
Edge
3rd
Edge
2nd
Edge
Core
Router
1
Academic
Core
HIPAA
Core
Voice
Core
Master
Switch
1st
41
Replacing Routers
North1
Cox1
6/15 – Cox Hall
North2
Cox2
Replacement
Schedule:
7/05 – North
Clairmont1
7/10 – NDB
7/13 – Clairmont
7/24 – EUH
Clairmont2
8/14 - Crawford
NDB1
EUH1
Crawford1
Crawford2
EUH2
NDB2
42
Timeline: Router Migration
Date:
LANs Migrated:
07/20
07/24
Move 2 LANs: Anatomy Basement & FM
07/27
Move (16-20) of the Academic Core LANs at Cox
Hall Switch Room
07/31
Move (16-20) of the Academic Core LANs at
Clairmont Campus and North Campus
08/03
Move (16-20) of the Academic Core and Secure
Admin Core at North Campus and NDB
08/07
08/10
Move ResNet Core (11 LANs)
Move (16-20) of the Academic Core LANs at Cox
Hall Switch Room
Move (16-20) of the Academic Core LANs at NDB
43
Timeline: Firewall Migration
Week: Firewalls Migrated:
07/31
New Firewalls installed and manageable. ResNet
Firewall Migrated.
08/07
Two week change freeze on Academic Border
Firewalls.
08/14
Academic Border Firewalls Migrated to new
hardware.
09/11
Two week change freeze on Secure Academic
and DMZ Firewalls.
09/18
Secure Academic and DMZ Firewalls Migrated to
new hardware.
44
Challenges & Unknowns
• LAN Challenges
– Fast Ethernet LANs
– Multi-net LANs/Default Gateway Changes
– Custom Configurations
• Data Center/DMZ
• Communication
45
NetCom
Questions
46