Institutional Data Flows at MIT

Paul B. Hill

CSG, May 1999

Major Databases to Cover

• Moira

• MITID

• NIC

• Roles Database

• Data Warehouse

• MITDIR

Where we were

Where we are

Where we want to be

Moira

• Central repository of data for the Athena environment

• Home grown solution, now with an Oracle back end

• Unlike a warehouse, it’s more like a “write-only” database

• 10 years after writing it we discovered it was a meta-directory

Moira

• MIT ID to Kerberos principal names

• mail lists

• group memberships

• IP address to hostname mapping

• printer info

• cluster info

• ACLs

Moira feeds data to:

• Warehouse• DNS servers• Hesiod servers• KDC (new principal

names)• Mail hubs• print servers

• Boot servers• MITDIR• NIC database• NT ADS (future)• KNFS servers• PTS (AFS)

Moira gets data from:

• Registrar– manual processing of

tape

• In the future the data from the Registrar will be obtained from the Warehouse. Visibility / Suppression issues need to be dealt with.

• Warehouse– data originally from

Personnel

• User accounts– voucher, guests,

special students

– small ongoing updates done via Moira clients

More Moira info

• http://mit.edu/moira/

• Current Moira schema: http://web/moiradev/src/db/schema.sql

Moira clients

• blanche batch list maintenance tool

• chfn change finger information

• chpobox change pobox location

• chsh change login shell

• dcmmaint alternate name for moira, starts in dcm menu

• listmaint alternate name for moira, starts in list menu

• mailmaint allows naive users to add/delete themselves on mailing lists moira primary Moira client with menus for all services

• usermaint alternate name for moira, starts in user menu

Moira comments

• Client applications allow users or system administrators to perform interactive updates.

• Some changes are immediate. Many take overnight to propagate.

• Used by other systems to maintain a unified name space, e.g. checked before creating a mainframe account.

MITID

• The MIT ID Database provides authorized lookup and assignment of MIT Ids

• Supposed to be immutable

• Still be used inconsistently

• http://web.mit.edu/mitid/www/

MIT ID

• Consumers– Accounts

– Personnel

– Graduate Student Admissions

– P.E. Lottery

– Warehouse

• Suppliers– Moira

– Accounts

– Personnel

– Graduate Student Admissions

– P.E. Lottery (spouses)

MIT ID comments

• Currently it’s not unique enough– 100s of people with ID of nine 9s.– Warehouse uses Kerberos principal as the

primary key. Not all principals are users. Some users have multiple principals.

– NIC uses the Moira row number.

NIC

• Used for– X.509 certificate management– Tether account registration– DHCP registration

• Future: – will be used to update MITDIR– eventual management of DNS instead of Moira

More NIC

• Feeds– Moira

– Warehouse

• Will feed:– Warehouse

– SAP billing

MIT Warehouse

• The Data Warehouse provides the MIT community with integrated data from various administrative systems (subject areas), and stores the data in one location.

• The Warehouse is a “read-only” database, guaranteeing stability over time.

MIT Warehouse

• Balance Sheet Balances

• Balances• Balances by Fiscal

Period• Commitment History• Credit Card• Current Commitments

• Financial Detail• Graduate Awards• Overhead Rates• Personnel• Purchasing Detail• Space

Detailed info on the warehouse

• http://web.mit.edu/warehouse/

The Roles Database

• The Roles Database provides a consistent way to store and maintain access rules for other applications, such as SAP.

• Authorizations are stored in the Roles system's central database; you use the front-end application to display, create, or modify them.

Roles Continued

• The Roles Database does not enforce the access rules that it maintains. – It only collects the information and distributes

it to the appropriate applications, usually as a nightly data feed.

– Applications with an interface to the Roles Database interpret the access rules from the Roles Database and enforce them.

Details on the web

• http://web.mit.edu/rolesdb/www/

MITDIR

• MIT white pages and grey pages– White page access via finger, whois, CSO, web

form– Grey pages access via web form

• politics

– data suppression issues– query limiting issues– changing information

Notably Missing

• LDAP– will probably use Microsoft ADS– If a need develops, will find something more

robust– Global Catalog issues?

• NDS– little demand, trying to phase out central

support

ADS

• No experience yet

• Will be a subsidiary database

• Major focus over next year– data propagation and synchronization– impact on MIT KDC

More ADS

• Latest MS Logo requirements still skirt the issues

• Large number of default attributes and classes– What do we need to use?– Will we need to add attributes?