Unix Services
Unix Managed Systems
"Unix Managed" is an informal expression that
endeavors to convey the support offered by the Unix Services Group.
Being an integral part of the Information Technology Division, Unix
Services satisfies a critical role not only in securing
Unix-based systems at Brookhaven National Laboratory and is
constantly working to improve the performance and reliability of
each system as well. Indeed, Unix Managed reflects a high standard
of support that ranges from desktop workstations to some of the
worlds fastest supercomputing clusters.
 Can Unix Managed benefit you or your department?
Unix Services provides unparalleled Operating System support
services for a broad base of Unix and Linux Systems. Our system
engineers offers expertise ranging from ad-hoc system housekeeping
to high end server performance tuning. We also offer a wide spectrum
of systems monitoring and automated service response.
Unix Managed also means that you don’t have to. We recognize that
while many research scientists are quite capable of managing one or
more systems, doing so can consume a significant amount of time. Time that
is better spent doing science rather than keeping up with system
details or mitigating the latest security threats. Therefore, there
are various levels of administration offered.
Basic Administration - ITD Unix Services is responsible for
responding to Cyber-security alerts and notifications, and for
informing the customer. For most day-to-day activities, the customer
has control over the system.
Where ITD Unix has already evaluated the division and group for
Centralization, the system will have been processed with centralized
administration to enforce DOE mandates across the enterprise. This
process includes Centralized Authentication, Configuration
Management (CM) and auditing.
Centralized Authentication is accomplished with the Centrify
program. Centrify authenticates users against the Microsoft Active
Directory. This facilitates a single sign-in capability using fewer
passwords.
Configuration Management incorporates the CFEngine program to manage
baseline configurations.
Auditing is based on BNL’s
Ordo scanning tool. Ordo is a system used
to assess the configuration of various UNIX based operating systems.
Ordo functions as a client program running on each host. This
client collects system information, encrypts it and sends it to a central master.
See the Ordo
page for more information on Ordo.
Shared Administration - ITD Unix Services is responsible for the
system administration of the system while, the customer retains
access to the root or super-user account and has the ability to make
system changes.
Exclusive Administration - ITD Unix Services is responsible for the
entire role of system administration of the system.
How can your systems become Unix Managed?
The transition of your systems to Unix Managed in some case is
seamless. By virtue of having a Unix or Linux system connected to
the BNL network your systems may already qualify for basic response
from the ITD Helpdesk.
Supported Operating Systems
Taking a somewhat of a laissez-faire approach to supporting a wide
range of operating systems enables science to flourish. However
security requirements and practical limits are necessary.
Consequently support is limited to a specific set of
supported operating systems.
Server Monitoring
Server monitoring helps to insure reliable and optimum performance.
Unix services primarily uses the Osiris
host integrity monitor and Nagios
infrastructure monitor.
Osiris is a host integrity monitor that insures adherence to
established security policies at BNL. It monitors each system and
reports any changes made to critical files. Osiris report changes
regardless of if the changes are authorized or cause by an intrusion
to your system.
Nagios is the definitive industry Standard for enterprise
monitoring. It facilitates a proactive response by administrators
before problems are noticed and escalated by users. It provides an
insightful view of the network, individual hosts and associated
services.
Nagios is an open source monitoring tool in which ITD Unix Services
has developed a strong competence. Deploying Nagios is as simple as
contacting the ITD Helpdesk to request a service ticket.
The following table shows a high level view of support categories
offered for each level.
| |
|
Osiris |
Nagios |
Centrify |
Cfengine |
Ordo |
Register |
Install |
CM |
Backup |
Updates |
Security |
|
Desktop |
Basic |
|
|
X |
X |
X |
X |
X |
|
|
|
X |
| Shared |
|
|
X |
X |
X |
X |
X |
X |
X |
X |
X |
| Exclusive |
|
|
X |
X |
X |
X |
X |
X |
X |
X |
X |
|
Server |
Basic |
X |
X |
X |
X |
X |
|
X |
|
|
|
X |
| Shared |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
| Exclusive |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
|
Cluster |
Basic |
X |
X |
X |
X |
X |
X |
X |
|
|
|
X |
| Shared |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
| Exclusive |
|
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
Scientific
Software |
Basic |
|
X |
|
|
|
|
X |
|
|
|
X |
| Shared |
|
X |
|
|
|
|
X |
X |
X |
X |
X |
| Exclusive |
|
X |
|
|
|
|
X |
X |
X |
X |
X |
|
Applications |
Basic |
|
X |
|
|
|
|
X |
|
|
|
X |
| Shared |
|
X |
|
|
|
|
X |
X |
X |
X |
X |
| Exclusive |
|
X |
|
|
|
|
X |
X |
X |
X |
X |
Last Modified:
February 14, 2011
To reach ITD Unix Services for any support issues, please contact the
ITD Helpdesk via email (itdhelp@bnl.gov)
or call x5522. In any communications, please include the name of the
machine(s) in question, as well as their operating system, software package
and other relevant information which will allow ITD to help you more
effectively.
|
