grnet service box

http://www.grnet.gr

GRNET Service Box

Yannis Mitsos, George Thanos, Faidon Liambotis

TF-MSP meeting, AmsterdamFebruary 4th 2009

Amsterdam, February 4th, 2009 GRNET Service Box

Introduction

2

• 1U server (Dell PowerEdge 1x50) that is delivered free of charge to the Greek academic institutes,

• Provides a set of pre-installed services that suites the needs of most academic institutes,

• Mass-management and local administrator support provided by GRnet's NOC,

• Based on the GNU/Linux ecosystem, specifically Debian,

• Currently deployed in over 20 institutions over the course of 4 years.


Service portfolio• Directory & AAI services

– LDAP, currently based on Sun DS 5.x.– Shibboleth IdP 1.3– Shibboleth demo SP– RADIUS server with LDAP backend.

• VPN service (OpenVPN).• VoIP Services

– H.323 GK based on GnuGK.– H.323 to SIP gateway using Asterisk.– SIP Registrar/Proxy using OpenSER.

• Plus various network debugging tools (e.g. multicast beacon, iperf)

3


User Interface –UI-

• Web-based configuration interface for local administrators,• Administrators can easily configure each service's

parameters in a matter of minutes,• Highly-abstracted, not specific to the underlying software to

ease upgrade paths,• Superuser SSH access provided to the local admins only if

needed; currently only a small minority have asked for that,• Custom-made, written on Perl and using XML as the data

store format,• Very limited but has worked well so far,• Accompanied by a different LDAP user management web

tool.

4


… a few screenshots

5


Managing SUN Directory Service 5.X

6


The rationale

• Many institutional NOCs do not have the required technical expertise nor the necessary manpower to deploy novel networking services,

• Many academic institutes are rather small, with an analogously limited NOC in terms of human resources (it can be even one man show),

• Helps solving chicken-and-egg issues, e.g. with federated services such as Shibboleth.

7


Gains

• We got a better picture of the institutions' needs.

• Newly-provided services reached our users in a matter of days instead of months.

• Major infrastructure/protocol updates are being handled more easily and uniformly:– Shibboleth 1.2 → 1.3, 1.3 → 2.0 (TBD)– H.323 → SIP migration (in progress)

• Helps our goal of building a user community of administrators.

8


Project Challenges• Marketing to the institutes has been the greatest

challenge:– Many feel that it crosses a line for the NREN's job.– It has been mostly easy to convince them to get one (it's

free!), it's more difficult to make them use it's full potential.• VoIP: interoperability with proprietary (most of them not

supporting VoIP) PBXes• LDAP

– Proprietary student management systems that don't do LDAP,

– ...or totally absent user/student management.• New services should be deployed quickly and mostly

effortlessly.• The UI has to be able to be simple and straightforward

but at the same time provide a way to configure advanced settings.

9


Next steps

• Enhance (or rebuild) the administration interface:– Less clutter by presenting an integrated picture

(LDAP, Shibboleth, RADIUS),– Provide an “advanced mode” that allows more

fine-grained settings for some services.• Localization support,• Provide more services, esp. federated ones:

– eduRoam?– Antispam applications?

• Use virtualization to provide “virtual boxes” on an even greater scale.

10


Open topics

• Should we offer more services on the box?• If so, which ones? • Does it make sense to provide common

services such as DNS & e-mail?• Are other NRENs eager to deploy a similar

concept?• Can it be an inter-NREN collaboration

project?• Build a community around it?

11

http://www.grnet.gr

GRNET Service Box

Yannis Mitsos, George Thanos, Faidon Liambotis

TF-MSP meeting, AmsterdamFebruary 4th 2009

grnet service box

Documents