Meeting Minutes
IT Infrastructure Futures Workgroup - Access
Lead: Paul Singh
Attendees:
Curtis Bray (phone); Paul Drobny, Adam Getchell, Rodger Hess, Chip Mrizek, Hemang Patel ,Mark Redican, Larry Ross, Uwe Rossbach, Paul Singh, Gary Sharpe, and Lowell Valiant.
Discussion Topics - weighted
(5) LDAP
(4) IAM
(5) AD
(5+) DNS
(0) DHCP
(5) Certificates
General topics - Federation, Security, etc.
Details of discussion -
LDAP: Currently 2 LDAP systems for campus, campus LDAP and uConect LDAP (Unix vs. AD). Since AD LDAP is required for many services, leverage this. Allow for programmatical access, including using .NET . Other features of interest include extension of services to include password extensions.
AD: Multiple systems; Reason to run own for departmental needs vs. central (uConnect) AD.
DNS: Discussion on the value of having two DNS systems (related to LDAP above). Additional discussion on implementation of DNSSEC and split-horizon DNS. AD uses dynamic DNS for record updates, value more on non-workstation managed records.
Certs: The value of having an auto-issuing, intermediary Certificate Authority for ucdavis.edu, which is in the trusted chain of a public CA, was discussed. Additionally, the need for personal email certificates is a driver, as is allowing signed and secured services such as SSL, IPSec, etc, with appropriate controls and restrictions.
IAM: Both Feration design and .NET connectors need to be further evaluated. This discussion will be deferred until other higher-weighted topics described above are discussed.
It was suggested the next meeting be scheduled for 2 hours, with DNS as the initial discussion topic.