Infrastructure Unit Forum Planning

NOTE: we specifically DON'T address the network here. That's being planned separately.


We should have a "full inf-unit presence" at KB. That means: a KDC, a LDAP slave, and a network infrastructure machine. We'll leave the existing KDC there. We'll run the LDAP slave on the same machine for now, though in due course we'll redeploy one of the KDC machines from BP or FH. A new netinf machine was recently installed, which we'll leave there.


  • Move master KDC to Forum
  • Existing slave KDC in AT
  • No need for a separate slave KDC in the Forum
  • Existing slave KDC at KB
  • Migrate all KDCs onto wire B
  • Current BP and FH KDC machines have a couple of years of warranty left -- redeploy them

  • Suggest running AFSDB on KDCs

  • Remote management required
  • No particular bandwidth requirements

Other authentication services

We believe the authportal can become unsupported, and turned off when we leave FH. (If absolutely necessary we could park the existing machine in a corner somewhere for a while!)

Other things are co-located with KDCs anyway.


  • Move KB cosign server to Forum
  • Leave the AT server there

  • Remote managenent required
  • No particular bandwidth requirements


  • Move master to Forum
  • Move all read functionality to the slaves
  • Shift towards caching clients means we'll need beefy slaves. These will have to be new machines, as we don't have anything suitable still on warranty. Three required for load-sharing and resilience.
  • KB site slave will be a redeployed KDC from either BP or FH
  • Probably now safe to run lcfg2ldap on one of the main LDAP machines

  • Remote management required
  • 1Gb links required


  • Move KB monitor host to Forum
  • Leave existing AT monitor host there
  • Reconfigure so each monitors its own site

  • Remote management desirable
  • Probably no particular bandwidth requrements


  • Stalled project
  • Probably one server in Forum and one at AT

Routing and filtering

  • New AT network machines were installed recently -- keep them there
  • New network infrastructure machine installed at KB -- keep it there
  • ALL other routers, nameservers, etc are out of warranty, so...
  • New routers required for Forum
  • Probably OK to run nameservers on out-of-warranty kit for now

  • Remote management required
  • Network connectivity critical

-- GeorgeRoss - 26 Oct 2007

Edit | Attach | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r3 - 26 Oct 2007 - 10:31:48 - GeorgeRoss
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies