Child pages
  • Supported Linux Configurations
Skip to end of metadata
Go to start of metadata


The School of Informatics and Computing administers hundreds of Linux systems school-wide and this page describes the options available for the configuration of these systems. These options are divided into two primary classes, UNIFIED and STANDALONE. A Unified configuration includes central home directories and access to a large and uniform collection of installed software. A Standalone system has local home directories with no centralized management and no automatic nightly home directory backups. A third HYBRID configuration provides the central management of the Unified systems but just with local home directories. A final SELF-MANAGED option allows for users to manage their own systems largely independent of the IT staff.

It should also be noted that Red Hat Enterprise Linux (RHEL) is the primary supported Linux distribution within the school. We have expertise in several other Linux distributions but the level of support we can provide for anything other than RHEL is extremely limited. If you want to run another distribution, the Self-Managed configuration is an option.

Option 1: Unified Server Configuration

This is the preferred configuration for servers that will reside in one of the computer server rooms. In this configuration, users have common home directories and environments across all unified systems and the home directories are automatically backed up nightly. System configurations are managed centrally which provides uniform system environments, access to large central software repositories, and staff time required to manage the system is minimized.

ADVANTAGES

  • User home directories are automatically backed up nightly
  • User's environment is common across all unified systems
  • User's have access to a large collection of installed software
  • Transparent access to large network storage facilities, including /scratch and /nobackup.
  • System's staff management overhead is minimized
  • Being located in one of the two secure computer machine rooms (Lindley 416, West 016) provides improved security, conditioned power with UPS, better environmental control, and enhanced system monitoring.

DISADVANTAGES

  • Linux distribution is limited to RHEL
  • Sudo permissions can be granted to most individual commands, but no root shell access or sudo ALL.
  • Mounted home directories introduces dependencies on central server and network infrastructure.
  • System cannot be located in an insecure area outside of the computer machine rooms (eg. offices, labs, etc).

Option 2: Unified Workstation Configuration

The Unified Workstation Configuration is nearly identical to the Unified Server Configuration but with one main difference. Since workstations are not housed in a secure server room, NFSv4 with Kerberos authentication is used for the secure delivery of home directories. As a result, this option provides most of the same advantages and disadvantages as the Unified Server Configuration. If a system is going to be located in an area where physical access to the network ports is not restricted, this is the preferred configuration. This includes all offices and labs within the school.

Option 3: Hybrid Configuration

The Hybrid Configuration is similar to the Unified configurations but with local home directories and no transparent access to other secure central network storage facilities. Home directories are not automatically backed up and you do not share a common home directory environment with the Unified systems but you do have a common (yet still customizable) software environment.

Option 4: Standalone Configuration

With a Standalone configuration, each system is managed independently. Users have separate home directories and environments on each standalone system and nothing is backed up automatically. A standalone system will be unique which may be an advantage when a highly customized or non-standard configuration is needed.

ADVANTAGES

  • OS configuration can be very unique.
  • The dependence on the network and server infrastructure is reduced.

DISADVANTAGES

  • Linux distribution is limited to RHEL. Other distributions will be considered on a case-by-case basis but support for non-RHEL systems will be limited.
  • Home directories are not automatically backed up.
  • Access to large network storage facilities, including /scratch and /nobackup, is limited.
  • Staff management overhead tends to be very high.

For the vast majority of systems we manage, we can provide the level of customization needed using the unified or hybrid options.  As a result, we discourage the use of the standalone configuration since the management overhead is so high.

Option 5: Self-Managed Configuration

Cyber Risk Mitigation Responsibilities

If you decide to manage a system that is on the IU network, it is critical that you adhere to IU Policy IT-28, Cyber Risk Mitigation Responsibilities.

With a Self-Managed configuration, the user is completely responsible for the installation and ongoing system administration and maintenance of the system. As such, the user can run any arbitrary Linux distribution. While the IT staff may be able to provide limited assistance, there should be no expectation of any ongoing support. It is the responsibility of the user to maintain system security in both the initial configuration and with ongoing patch management. Systems deemed to be vulnerable to exploit will be removed from the network.

Comparison Matrix

Feature

Unified Server

Unified Workstation

Hybrid

Standalone

Self-Managed

Administrative Overhead - Staff

Low

Low

Moderate

High

Low

Administrative Overhead - User

Low

Low

Low

Low

High

Common Home Directories

Yes

Yes

No

No

No

Automatic Home Directory Backups

Yes

Yes

No

No

No

Access to Large Local Software Repository

Yes

Yes

Yes

No

No

Ability to Run Arbitrary Linux Distribution

No

No

No

Limited

Yes

Sudo Access Level

Variable

Variable

Variable

Variable

Unrestricted

Kerberos Authentication For Home Directory Access

No

Yes

No

No

No

Dependence on Central Network/Server Infrastructure

High

High

Low

Low

Low

Access to Local System Storage Space

Yes

Yes

Yes

Yes

Yes

Access to Large Central Networked Storage Space

Yes

Yes

Restricted

Restricted

Restricted

Hosting in Secure Machine Room

Required

Optional

Optional

Optional

Limited

Can Reside In an Insecure Location

No

Yes

Yes

Yes

Yes