Infrastructure Unit Forum Planning

NOTE: we specifically DON'T address the network here. That's being planned separately.

KB

We should have a "full inf-unit presence" at KB. That means: a KDC, a LDAP slave, and a network infrastructure machine. We'll leave the existing KDC there. We'll run the LDAP slave on the same machine for now, though in due course we'll redeploy one of the KDC machines from BP or FH. A new netinf machine was recently installed, which we'll leave there.

Kerberos

  • Move master KDC to Forum
  • Existing slave KDC in AT
  • No need for a separate slave KDC in the Forum
  • Existing slave KDC at KB
  • Migrate all KDCs onto wire B
  • Current BP and FH KDC machines have a couple of years of warranty left -- redeploy them

  • Suggest running AFSDB on KDCs

For Forum:

  • 1 machine
  • Dual network path desirable
  • Dual power required
  • Remote management required
  • No particular bandwidth requirements

Other authentication services

We believe the authportal can become unsupported, and turned off when we leave FH. (If absolutely necessary we could park the existing machine in a corner somewhere for a while!)

Other things are co-located with KDCs anyway.

Cosign

  • Move KB cosign server to Forum
  • Leave the AT server there

For Forum:

  • 1 machine
  • Dual network path useful
  • Remote management required
  • No particular bandwidth requirements

LDAP

  • Move master to Forum
  • Move all read functionality to the slaves
  • Shift towards caching clients means we'll need beefy slaves. These will have to be new machines, as we don't have anything suitable still on warranty. Three required for load-sharing and resilience.
  • KB site slave will be a redeployed KDC from either BP or FH
  • Probably now safe to run lcfg2ldap on one of the main LDAP machines

For Forum:

  • 3 machines
  • Dual network path desirable
  • Dual power required
  • Remote management required
  • 1Gb links required
  • Machines distributed across racks, power and switches

Monitoring

  • Move KB monitor host to Forum
  • Leave existing AT monitor host there
  • Reconfigure so each monitors its own site

For Forum:

  • 1 machine
  • Dual network path desirable
  • Dual power requred
  • Remote management desirable
  • Probably no particular bandwidth requrements

RADIUS

  • Stalled project
  • Probably one server in Forum and one at AT

Routing, filtering and other network infrastructure

  • New AT network machines were installed recently -- keep them there
  • New network infrastructure machine installed at KB -- keep it there
  • ALL other routers, nameservers, etc are out of warranty, so...
  • New routers required for Forum
  • Probably OK to run nameservers on out-of-warranty kit for now

For Forum:

  • 3 machines
  • Special-purpose network connectivity
  • Dual power required (x 2)
  • Remote management required
  • Network connectivity critical

-- GeorgeRoss - 08 Nov 2007

Edit | Attach | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r4 - 08 Nov 2007 - 15:15:50 - GeorgeRoss
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies