wiki:ALL__areas_of_responsibility
Last modified 6 years ago Last modified on 11/18/14 13:09:56

Areas of Responsibility

Original author: Beth Mercer - 20081031

Support for the University of Alaska Enterprise Directory and Authentication Service is comprised of the following (responsible department and general areas of support):

Project Management, Oversight, and Approvals

Identity and Access Management

Contact

Nathan Zierfuss
907-450-8112
njzierfuss@alaska.edu

servers (directory/gateway hosts)

TS

Contact

sdtsos@alaska.edu

Functional Responsibility

E Box Status

The LDAP responsitory and iplanet software has been moved to the IDMP cluster. The E Boxes, Edgar, Egegik, Eklutna, and Elias, are no longer maintained.

IDMP Cluster

  • RHEL O/S install and maintenance
  • iPlanet software install and maintenance
  • ISW software install and maintenance

iPlanet Directories (EDIR directory)

TS

Contact

sdtsos@alaska.edu

Functional Responsibility

  • Manage log related space
  • Monthly job archiving directory related extract and log files
    • AppWorx: EDIR_ARCHIVE
  • Create and populate directory instances on new hardware
  • Configure and monitor replication
  • Create indexes and maintain plugins
  • Apply schema changes as needed
  • Apply ACI changes as needed
  • Create iPlanet roles as needed
  • Create and maintain password profiles
  • Schedule and monitor daily exports and backups and other
    • AppWorx: LDAP_SUNONE_BACKUPS_*
    • AppWorx: LDAP_SUNONE_DUMP_*
    • AppWorx: LDAP_STATIC_FILES_*
  • Configure/monitor ISW
  • Directory SSL certificate maintenance

Oracle Databases (EDIR "registry")

EAS

Contact

sdbaps@alaska.edu

Functional Responsibility

  • Monitor daily dump and compare of registry and directory
    • Registry Scripts: dump_all.ksh and compare_dumps.ksh
  • Resolve out of sync conditions
  • Daily EDIR Banner extract and feed to EDIR
    • AppWorx: EDIR_EXT_<yyyytt>
  • Daily email feeds from Banner to EDIR
    • AppWorx: EDIR_UA?MAIL
  • Monthly EDIR unit maintenance following BOR structure table updates
    • process documented at:

Monthly Process: EDIR Unit Changes Following BOR Structure Table Changes

  • Periodic data validation and cleanup
    • Primarily cleanup of admin contacts and unit heads/delegates that are no longer employed
  • Annual directory purge (of inactive records)
  • Annual review/renew/revoke of sponsored accounts

Web Gateways

IAM

Contact

ua-iam-dept@alaska.edu

Functional Responsibility

  • EDIR Self Service Pages and AUTHSERV UI
  • Respond to approved requests for interface changes/enhancements
  • Monitor batch jobs generating static data files used by interface
    • AppWorx: LDAPGW_STATIC_FILES
  • Monitor batch job synchronizing EDIR interface related files between servers
    • crontab: rsync*.ksh
  • EAS: UPDATE
    • respond to approved requests for interface changes/enhancements
    • monitor batch jobs generating static data files used by interface
    • AppWorx: LDAP_STATIC_FILES_*

Equalizer

TS

Contact

sdtsos@alaska.edu

Functional Responsibility

respond to requests for changes to the load balancing mixes for directory related clusters

NOTE: Kerberos legacy documentation has been removed as it no longer implemented for authentication. See Overview of Enterprise Directory Architecture for an historical description of functionality.

########################################################
LEGACY CHANGE HISTORY - NOTE: All subsequent changes are recorded in TracWiki
########################################################
20081027 elm corrected typo (hardware, not hardware); added reference to David Bantz for oversite/approvals; added additional items of support/responsibility
20081031 elm corrected typos