Unix Managed Systems
"Unix Managed" is an informal expression that endeavors to convey the support offered by the Unix Services Group. Being an integral part of the Information Technology Division, Unix Services satisfies a critical role not only in securing Unix-based systems at Brookhaven National Laboratory and is constantly working to improve the performance and reliability of each system as well. Indeed, Unix Managed reflects a high standard of support that ranges from desktop workstations to some of the worlds fastest supercomputing clusters.
Unix Services provides unparalleled Operating System support services for a broad base of Unix and Linux Systems. Our system engineers offers expertise ranging from ad-hoc system housekeeping to high end server performance tuning. We also offer a wide spectrum of systems monitoring and automated service response.
Unix Managed also means that you donít have to. We recognize that while many research scientists are quite capable of managing one or more systems, doing so can consume a significant amount of time. Time that is better spent doing science rather than keeping up with system details or mitigating the latest security threats. Therefore, there are various levels of administration offered.
Basic Administration - ITD Unix Services is responsible for responding to Cyber-security alerts and notifications, and for informing the customer. For most day-to-day activities, the customer has control over the system.
Where ITD Unix has already evaluated the division and group for Centralization, the system will have been processed with centralized administration to enforce DOE mandates across the enterprise. This process includes Centralized Authentication, Configuration Management (CM) and auditing.
Centralized Authentication is accomplished with the Centrify program. Centrify authenticates users against the Microsoft Active Directory. This facilitates a single sign-in capability using fewer passwords.
Configuration Management incorporates the CFEngine program to manage baseline configurations.
Auditing is based on BNLís Ordo scanning tool. Ordo is a system used to assess the configuration of various UNIX based operating systems. Ordo functions as a client program running on each host. This client collects system information, encrypts it and sends it to a central master. See the Ordo page for more information on Ordo.
Shared Administration - ITD Unix Services is responsible for the system administration of the system while, the customer retains access to the root or super-user account and has the ability to make system changes.
Exclusive Administration - ITD Unix Services is responsible for the entire role of system administration of the system.
The transition of your systems to Unix Managed in some case is seamless. By virtue of having a Unix or Linux system connected to the BNL network your systems may already qualify for basic response from the ITD Helpdesk.
Taking a somewhat of a laissez-faire approach to supporting a wide range of operating systems enables science to flourish. However security requirements and practical limits are necessary. Consequently support is limited to a specific set of supported operating systems.
Osiris is a host integrity monitor that insures adherence to established security policies at BNL. It monitors each system and reports any changes made to critical files. Osiris report changes regardless of if the changes are authorized or cause by an intrusion to your system.
Nagios is the definitive industry Standard for enterprise monitoring. It facilitates a proactive response by administrators before problems are noticed and escalated by users. It provides an insightful view of the network, individual hosts and associated services.
Nagios is an open source monitoring tool in which ITD Unix Services has developed a strong competence. Deploying Nagios is as simple as contacting the ITD Helpdesk to request a service ticket.
The following table shows a high level view of support categories offered for each level.
To reach ITD Unix Services for any support issues, please contact the ITD Helpdesk via email (firstname.lastname@example.org) or call x5522. In any communications, please include the name of the machine(s) in question, as well as their operating system, software package and other relevant information which will allow ITD to help you more effectively.