Meeting Minutes

Owned by Pritpal Singh
Last updated: Aug 22, 2011Version comment

IT Infrastructure Futures Workgroup - Access

Lead: Paul Singh

Attendees:
Curtis Bray (phone); Paul Drobny, Adam Getchell, Rodger Hess, Chip Mrizek, Hemang Patel ,Mark Redican, Larry Ross, Uwe Rossbach, Paul Singh, Gary Sharpe, and Lowell Valiant.

Discussion Topics - weighted

(5)   LDAP
(4)   IAM
(5)   AD
(5+) DNS
(0)   DHCP
(5)   Certificates

General topics - Federation, Security, etc.

Details of discussion -

LDAP:  Currently 2 LDAP systems for campus, campus LDAP and uConect LDAP  (Unix vs. AD).   Since AD LDAP is required for many services, leverage this.  Allow for programmatical access, including using .NET .  Other features of interest include extension of services to include password extensions.

AD: Multiple systems; Reason to run own for departmental needs vs. central (uConnect) AD.

DNS: Discussion on the value of having two DNS systems (related to LDAP above).  Additional discussion on implementation of DNSSEC and split-horizon DNS. AD uses dynamic DNS for record updates, value more on non-workstation managed records.

Certs: The value of having an auto-issuing, intermediary Certificate Authority for ucdavis.edu, which is in the trusted chain of a public CA, was discussed.  Additionally, the need for personal email certificates is a driver, as is allowing signed and secured services such as SSL, IPSec, etc, with appropriate controls and restrictions.

IAM: Both Feration design and .NET connectors need to be further evaluated.  This discussion will be deferred until other higher-weighted topics described above are discussed.

It was suggested the next meeting be scheduled for 2 hours, with DNS as the initial discussion topic.