Feb 13 – 17, 2006
Tata Institute of Fundamental Research
Europe/Zurich timezone

The DESY-Registry – account management for many backend systems

Feb 16, 2006, 2:40 PM
20m
D405 (Tata Institute of Fundamental Research)

D405

Tata Institute of Fundamental Research

Homi Bhabha Road Mumbai 400005 India
oral presentation Computing Facilities and Networking Computing Facilities and Networking

Speaker

Mr Dirk Jahnke-Zumbusch (DESY)

Description

DESY operates some thousand computers, based on different operating systems. On Servers and workstations not only the operating systems but many centrally supported software systems are used. Most of these systems, operating and software systems come with their own user and account management tools. Typically they do not know of each other, which makes live harder for users, when you have to remember your different passwords for different systems, and which is against the efforts for effective user administration and support. The DESY-Registry is a 3-tier, web-based application, which centralizes the user and account management for about 30 centrally supported systems. Accounts and access to resources like operating systems (UNIX, Windows) and prominent software systems (Oracle, RAS/VPN) as well as “virtual” systems, like computing clusters, are managed. To enable de-centralized administration in a central system, the DESY-Registry offers a role-based delegation mechanism, where administrators are able to manage accounts of “their” users and the central support group is able to manage every account. A workflow mechanism facilitates delegation and automation takes care of account expiry an enforcement of regular password policies. Since January 2005 the DESY-Registry is productive. We present details of the project objectives and the solution as well as the experiences of one year of operation.

Primary author

Presentation materials