Core Services: One year on June 18, 2008
Posted by Paul Cheeseman in: General, Green Computing, Team News, add a commentTags: carbon-footprint, core-services, electricity-usage, Green Computing, Team News
The Core Services team was formed in June 2007, which makes the team one year old! It doesn’t seem like a year since my first blog post.
The past year has been really interesting and challenging, and in all honesty I’ve enjoyed working on all the different projects. The team has come together quite nicely and we now have a wide range of skills available within the team. This summer will see our most ambitious plans to date, I just hope we can keep up the momentum we have built up over the past year. In the next few months we will be looking at virtualising more services and reducing the amount of physical servers in use. We will also be looking at improving the SunRay thin client service and reducing the running and support costs of the Core IT Services. We will also be rolling out more SunRay devices to some key areas of the institution, one of the bigger projects for the summer will be to implement a new institutional data backup system.
Looking over the previous blog posts I realised that I haven’t been at an external event or conference for some time. I thought it was about time I attended a conference as so far this year the rest of the team have been having all the fun!
The blog entries show that members of the team have attended Infosec 2008, a Salford Software Technical Update Event , and I’m sure there have been more events that haven’t been blogged !
I’m visiting Cardiff University on the 19th June for a ‘Sustainable IT in Universities and Colleges’ workshop. The workshop will explore issues around energy efficient configuration, cooling and power supply in computer server rooms, I’ll be looking for ideas or changes that will make our computer room more efficient. I’ll try and blog something about my thoughts and ideas tomorrow evening.
Edge Hill University’s open access Sunray implementation – Part 1 March 11, 2008
Posted by Stephen Timson in: Green Computing, Team News, add a commentStudent open access Sunray terminal project
We have recently completed our initial roll out of some 150 Sunray terminals for support and academic staff within our new £14m Faculty of Health building on the Edge Hill University Ormskirk campus.
The specification for the FOH also included initially around 25 Sunrays terminal for student open access use located in a number of learning pods located around the building.
As the requirements for staff and students are different, including different software and printing facilities this requires the Sunray terminals to provide different working environments based on the location of the terminal.
So how do Sunrays work then?
A Sunray is a “thin client” terminal, this means there is no hard disk, memory or operating system within the unit itself so both noise and power consumption are significantly reduced compared to a desktop PC. Another feature of the Sunray terminal is that because files are not stored on the device it is highly secure, if your Sunray breaks or is stolen your data is safe.
When you connect a Sunray to your network it will make a DHCP request to try to acquire an IP address and the IP address of a DNS server.
It will then use DNS to resolve the IP address of a Sunray server by looking for two default DNS names, “sunray-servers” and “sunray-config-servers”. If it is able to resolve this it will open a session based on the configuration of that Sunray server.
In most cases if no smart card is present the default action would be to enter “kiosk mode” possibly to provide restricted web browsing or as in the case of our staff implementation, a menu allowing the user to select their screen resolution or open a Windows Terminal Server connection.
It was decided based on the popularity of our PC based cyber café style “Touchdown” stations around campus that it would be desirable to provide further functionality and choice, giving the user the option of light weight web browser for quick authenticated access to the internet, or a full network login including word processing and printing facilities. It was also identified that it would be desirable that if the terminal is not in use it could deliver information to the students.
So what will the students see?
On start up the student Sunray terminal presents a dynamically updated and centrally managed information screen that could display news, exam timetables or any other information that can be delivered via the internet. Users can then press a button which will launch a menu giving the user authentication options including a full Edge Hill University student desktop, an Internet Explorer only session or the option to change the screen resolution. Once the user closes the Internet Explorer window or logs off there university desktop session the terminal will revert to the information display.
Edge Hill University’s open access Sunray implementation – Part 2 March 10, 2008
Posted by Stephen Timson in: Green Computing, Team News, 3 commentsSo how does it all work then?
The whole system is based on multiple Unix shell scripts. The Sunray kiosk mode (which in our case is set open a “Generic X Session” launches a shell script called “kiosk.sh” which firstly launches Mozilla Firefox from the Sunray server the terminal has connected to with a Firefox kiosk mode add in called r-kiosk making Firefox open full screen mode.
When launching Firefox we also open a simple locally stored html document. This html document contains an iframe which opens page stored on a web server, this is where you store your centrally managed content, and a java button which will simply exit the browser.
In the event that a user presses the “Edge Hill University Login” button the browser will exit and the next command in the script is executed, in this case a shell script to launch a menu adapted from our staff Sunray implementation using “wish8.3” called “menu.sh”.
If the user selects “University Network Login” from the menu a script is executed that will open an RDP connection to a Windows 2003 Terminal server allowing the user to login to the Edge Hill University computer network using the full Novell client. This gives users access to their home and shared folders and a range of desktop applications. When the user logs off the “menu.sh” process is terminated returning the user to the original “kiosk.sh” process,.
If the user selects “Browse The Internet” a script is executed that will open an RDP connection to a different Windows 2003 Terminal server, this time the user authenticates using LDAP rather than the full Novell client but launches only Microsoft Internet Explorer. When the users closes the browser the “menu.sh” process is terminated returning the user to the original “kiosk.sh” process.
The “System Preference” option allows the user to set their desired screen resolution, but how this is achieved on the Sunray system a subject for another blog.
The physical setup
This student Sunray implementation, currently in an evaluation phase is fully virtualised on a cluster of VMWare ESX Servers, there will initially be two Sunray Servers running on Solaris 10, two student terminal servers running on windows server 2003 standard with the full Novell Client and two Windows 2003 terminal servers using the pGina client with the LDAPauth plug in to provide light weight authentication against our eDirectory tree for the browser only delivery.
The pGina / LDAPauth based terminal servers double as application servers for our Sun Secure Global Desktop implementation which is also within a trail phase, which again is a subject for another blog.
How do you run two separate Sunray environments?
There are a number of ways to achieve this, some more complex than others. In this case I took a fairly simple approach. The student Sunrays terminal firmware is updated with the gui version which should available when you install your Sunray server software. This allows them to be configured to connect to a specific Sunray server rather than the default as used by our staff implementation.
This allows us to provide a completely different selection of services for our students from out staff whilst the Sunray terminals themselves are connected to the same psychical network and use the same DHCP and DNS servers.
How do I update the firmware on a specified Sunray terminal?
To update a sunray terminal with the “gui” firmware login as root on one of you default sunray servers and enter:
/opt/SUNWut/sbin/utfwadm -A -e mac_addr_of_sunray -f /opt/SUNWut/lib/firmware_gui
Next time that Sunray terminal is rebooted it will be updated with the gui firmware. Once this firmware update process is complete you can press “stop” + “m”, this will give you access t the Sunray’s configuration menu where you can specify a different Sunray server.
How do I setup Mozilla Firefox to display my content?
To launch Mozilla Firefox from a shell script while opening a local html document is a simple command however, when you do this from a Sunray session you will most likely need to address number of issues. The first is that Firefox will always ask you if it should be the default browser, by default the close browser java button in your html document will not work and your r-kiosk addin needs installed for the Sunray kiosk sessions.
To resolve these issues I did the following:
* Login to you sunray server as root.
* Open Mozilla Firefox.
* Enter “about:config” in the address bar and change the following settings:
dom.allow_scripts_to_close_windows true
browser.shell.checkDefaultBrowser false
Install your r-kiosk or any other required Firefox plugins and set any requited preferences and exit Firefox. All your preferences are now set for root, not your Sunray kiosk users so you need to copy them so they are part of the default profile for your kiosk sessions.
The Sunray kiosk sessions seemed to be generated, at least in our implementation, based on “/etc/opt/SUNWkio/prototypes/generic-session”, an educated guess at the time, so copying roots Firefox preferences there seemed like a good bet, and low and behold it works.
Copy root’s Firefox preferences to the kiosk users:
cp -R /.mozilla /etc/opt/SUNWkio/prototypes/generic-session
To launch Firefox form a script opening a local html document:
/usr/bin/firefox -url file:///opt/SUNWutMenu/info.html
And finally to undo all restrictions you have just applied to root’s browser sessions launch Firefox on safe mode and disable them:
/usr/lib/firefox -safe-mode
I don’t have the option “Generic X Session” for my kiosk mode?
It should be noted that when configuring “kiosk” mode within the Sunray administration interface the session type “Generic X Session” dose not appear to be available by default, in this case I copied the session type from our staff implementation.
The kiosk session types and session type configuration files however are located at /etc/opt/SUNWkio/prototypes and /etc/opt/SUNWkio/sessions. You can create a new kiosk session type by copying and re-naming an existing session type and editing the corresponding configuration files. If you require assistance with configuring the kiosk session types you should contact your Sunray support provider.
Our “Generic X Session” configuration file “generic.conf” looks like this:
KIOSK_SESSION_EXEC=$KIOSK_SESSION_DIR/generic-session
KIOSK_SESSION_LABEL=”Generic X Session”
KIOSK_SESSION_DESCRIPTION=”Provides a blank X session for running a Kiosk script.”
KIOSK_SESSION_ARGS=”/path/to/kiosk-app”
KIOSK_SESSION_PROTOTYPE=generic-session
That all sounds cool but what about a look at the scripts?
Some of the scripts I’m using at the time of writing this blog are Available on the downloads page (see the tabs at the top of the page), if they provide some inspiration for anyone then you are welcome however you do use them at you own risk.
Salford Software Technical Update Event – 30th October November 1, 2007
Posted by Neil Malcolm in: Events, Team News, 2 commentsTags: Linux, novell, OES, Security
Having recently joined the Core Services team this will be my very first (of many) blogs as Senior Core Services Officer.
One company we work closely with in IT Services is Salford Software, based in Mancheser our reseller of choice for all Novell products and support invited us to their ‘Technical Update Day’ on the 30th October.
So it was time to cram the team into a Grab ‘n Go car and head to Lancashire Cricket Club for the event that was designed to update there customers with the changes in the next releases of Novell products.
Misjudging the M62 traffic we arrived there in plenty of time, in fact we were the first people there which allowed us to take advantage of the jugs of coffee and plates of biscuits laid on for us! A good start to be fair!……
First up was Matt Dunkin from Salford Software, now pre-sales he talked about Novell’s ZenWorks Configuration Manager.
Edge Hill has been using ZenWorks (Zen) for years now in some degree to deliver policy driven network applications to the staff and students desktop as well as enabling us to remote control users pc’s when they phone the IT helpdesk for support.
Historically the ZenWorks suite of applications has soley used Novell eDirectory for the storage of it’s configuration objects and polices. As Matt pointed out 60% of all ZenWorks customers (new and old) are now Microsoft only houses.
The big change in this release is that they have moved all the ZenWorks config into a SQL database (supported currently are Microsoft SQL Server with Oracle support coming in a later service pack expected Feb 2008). I would of liked to see that the other way round but thats my old faithfull Oracle DBA side coming through!
With the ZenWorks config out the way this leaves the user authentication to any supported LDAP directory, Novell eDirectory/Active Directory etc.
This move increases the market for the product greatly and they are hoping for a bigger adoption of ZenWorks suite across the board.
Some new features of the new version include:
- A single web Interface to configure the all parts of the ZenWorks system
- Microsoft Vista support for desktop management
- All communications between individual components now utilize the SOAP protocol and not NCP
- The software now updates itself from update repositories on the internet
- The software is more scalable as you can run individual components/tasks on separate dedicated servers as before one server did everything.
Next on the stage was Chris Hyde from Novell talking about the new features in Open Enterprise Server 2 on Linux. Basically this is the suite of Novell Services (File Storage/Printing/GroupWise Email/Cluster Services and eDirectory etc) running on the SUSE Linux Enterprise Server 10 platform.
You can see a big push from Novell now to get NetWare customers to migrate all the servers to the Linux platform. With this release of OES they are providing an optimized version of NetWare 6.5 that runs in the Xen virtual environment. There intention, that customers migrate to OES on Linux for new services and move there old NetWare boxes that they can’t do without and turn them into virtual machines. As an when they are ready customers can migrate there NetWare services to the Linux equivalents.
Die hard NetWare fans may see this as the end of NetWare but an advantage of virtualizing is that soon hardware support for the NetWare OS will no longer continue to exist but it will run happily on newer hardware for years to come under a virtual environment as it won’t know the difference!
One of the features arriving in OES 2 that I am excited about is DST, your thinking not another 3 letter acronym! This stands for ‘Dynamic Storage Technology’ and Novell are raving about this. Basically it allows customers to define policies to recognize active and stale data and automatically moves it to the appropriate storage device as the data’s status changes. You can use this to put active (more important) data on high-end storage devices such as your Netapp SAN for quick access with regular nightly backups and inactive or stale data (maybe data not accessing for months/years, or less business critical data such as MP3s, Images etc) can be moved automatically to the cheaper, slower storage that has a less regular backup schedule. This enables better use of your expensive storage hardware and reduces backup times and administration.
All this is seamless to you, the end user, you still only see one volume! For example a staff or students home directory (F: drive) appears the same as it always has even though some of your files may be stored on the cheaper kit whereas your important documents you update regularly are getting a nightly backup and can be accessed fast!
Once lunch was polished off, Matt again took the stage to discuss Novell Cluster Services for Linux. We have been using Cluster Services on NetWare for a couple of years now to run services such as GroupWise Email, Shared Directories and Home Directories, the University Intranet. In this session we were shown some tips ‘n tricks Salford Software have picked up from past projects at other institutions and how to successfully install and maintain a stable and highly available cluster of resources using OES 2 on Linux. This will be something we as a team will be looking at in the near future for sure.
As the day drew to a close and the bottles of mineral water were running at a premium Chris Hyde introduced the final demo about a product called ‘Sentinal from Novell’.
This is a security Information and Event Management solution that Novell have recently procured that gathers and correlates security and non-security information from across an organization’s networked infrastructure e.g User Login Failures, Password Changes, Firewall logs, Unix Syslogs, Windows event logs and server access logs. The list of devices and types of information it can gather is endless.
This product sucks in all the raw data from all your various sources and normalizes it into some kind of order to make sense of the data and turn it into useful information, you can then report on this or have it alert you to some event problem, e.g repeated unauthorized access from an IP address or user password failures from 2 geographical locations in close succession or server exploits. You can even get it to fire some work flow off, for example to disable a network account and email some admin user to tell them what has happened and who to deal with next.
As the IT Services department we deal with lots of different pieces of hardware and software ranging from network switches to LDAP servers to Finance Applications each of which has it’s own discrete logging mechanisms, this makes seeing the bigger picture alot more difficult but I can see uses for this software to pull in all this information into a central repository and allow us to report more easily across the whole range of systems…..This software does it all and could be overkill for Edge Hill but it’s at least food for thought!
I found the day very useful and informative and even though we may not get around to implementing all the software goodies mentioned in the near future we can at least find a use for the conference freebies!!!
and then there were 5 ! October 16, 2007
Posted by Paul Cheeseman in: General, Team News, add a commentTags: Groupwise, Spam, Sun-Ray, virtualisation
Just a quick note to say that the Core Services team is now complete. Neil Malcolm has joined us from the Business System team, I’d also like to welcome Adam Riches to the team. The IT Services offices in the SIC are in the process of being moved around. The Core Services team will be located at the back of the IT Services offices and the IT Services Helpdesk is moving forwards in the office and will be situated closer to the main door.
The Sun Ray Pilot is finishing this Thursday. If you haven’t seen a Sun Ray yet and you want to see what the fuss is about contact me by phone or e-mail and I’ll point you in the direction of the closest trial machine. If the trial is a success they will be deployed into the new Health building at the Ormskirk site, they will also be deployed into the open access areas in the new building.
The Spam Quarantine product is still under trial but we have moved all Edge Hill mail over to this service. The product will remain in trial until our suppliers release a new version of the software in the next few months. The next release of the software promises an improved interface to the quarantine area and a number of other features. We have also made significant changes to the Groupwise system in the past few weeks and this will give the institution a much more reliable internal and external e-mail service.
Virtualisation is still on the agenda and we are in the process of obtaining quotes from suppliers for hardware, software and consultancy. It is likely that we will implement two virtualisation servers and in the first few months of the project we are hoping to virtualise at least 10 servers.
Job Advert August 2, 2007
Posted by Paul Cheeseman in: General, Team News, add a commentTags: recruitment
The Core Services Officer post has been re-advertised with a slightly modified job description. It can be viewed on the EH jobs website
We are looking for a fourth person to join our team, full details of the post can be found on the website.
And then there were 3 ! July 22, 2007
Posted by Paul Cheeseman in: Team News, 1 commentTags: recruitment
I’m pleased to announce that David McCallum and Stephen Timson will be joining the Core Services Team on the 1st August. They have been appointed to the Senior Core Services Officer roles. I’m sure they will be posting here quite soon !
On Monday I will be picking up the applications for the recent Core Services Officer post advert. We will be interviewing in the next two weeks.
Job Advert Deadline July 20, 2007
Posted by Paul Cheeseman in: General, Team News, add a commentTags: recruitment
The closing date for applications for the vacant Core Services Officer post is Friday. The job advert can be found on the EH jobs website
A busy week July 7, 2007
Posted by Paul Cheeseman in: Team News, add a commentTags: core-services, e-mail, Groupwise, Spam
Interviews were held for the Senior Core Services officers posts on Tuesday, we have offered the posts to two candidates and we are waiting for the usual HR procedures to be completed. There is also a Core Services Officer post advertised externally, the closing date for applications is the 20th July. We are aiming to have all three of these posts in place for the 1st August, at that point the Core Services Team will officially come on line.
Our Anti-Spam appliance trial officialy started on Thursday afternoon, and despite some minor teething issues I’m please to report that the Anti-Spam appliance performance is very impressive. Our Customer Services Manager will be making everyone aware of the User Interface on Monday. The User Interface will allow users to login and view any e-mail that has been identified as Spam. Users are then given the option to block, delete or release e-mail into their e-mail accounts.
There has been a team of people (including myself) at EH today working on the Groupwise e-mail system. We are trying to improve performance and have been making some changes to the system on the advice of our external IT support. We are back in on Sunday morning to finish things off. Here’s hoping that next week is a bit quieter.
Team Update June 22, 2007
Posted by Paul Cheeseman in: Team News, add a commentTags: recruitment, Team News
The lovely people in Human Resources have been beavering away and today the Senior Core Services posts have been advertised on the intranet. The closing date for applications is the 29th June 2007.
There is one more post to be advertised externally, this is the Core Services Officer post. I’ll post a note here when the advert is published.
When there is only an I in Team! June 16, 2007
Posted by Paul Cheeseman in: Team News, 1 commentA quick click on the ‘About’ tab will show that the Core Services Team is a bit thin on the ground at the moment. In fact the only member of the team currently is……….well, errrmm…… just me 
The good news is that the job descriptions for the new team members have been finalised by Human Resources. IT Services will shortly be advertising internally for two ‘Senior Core Services Officers’, and externally for a ‘Core Services Officer’. I am hoping to have these three posts in place by the 31st of July at the latest.
