The School of Informatics and Computing administers hundreds of Linux systems school-wide and this page describes the options available for the configuration of these systems. These options are divided into two primary classes, UNIFIED and STANDALONE. A Unified configuration includes central home directories and access to a large and uniform collection of installed software. A Standalone system has local home directories with no centralized management and no automatic nightly home directory backups. A third HYBRID configuration provides the central management of the Unified systems but just with local home directories. A final SELF-MANAGED option allows for users to manage their own systems largely independent of the IT staff.
It should also be noted that Red Hat Enterprise Linux (RHEL) is the primary supported Linux distribution within the school. We have expertise in several other Linux distributions but the level of support we can provide for anything other than RHEL is extremely limited. If you want to run another distribution, the Self-Managed configuration is an option.
Option 1: Unified Server Configuration
This is the preferred configuration for servers that will reside in one of the computer server rooms. In this configuration, users have common home directories and environments across all unified systems and the home directories are automatically backed up nightly. System configurations are managed centrally which provides uniform system environments, access to large central software repositories, and staff time required to manage the system is minimized.
ADVANTAGES
- User home directories are automatically backed up nightly
- User's environment is common across all unified systems
- User's have access to a large collection of installed software
- Transparent access to large network storage facilities, including /scratch and /nobackup.
- System's staff management overhead is minimized
- Being located in one of the two secure computer machine rooms (Lindley 416, West 016) provides improved security, conditioned power with UPS, better environmental control, and enhanced system monitoring.
DISADVANTAGES
- Linux distribution is limited to RHEL
- Sudo permissions can be granted to most individual commands, but no root shell access or sudo ALL.
- Mounted home directories introduces dependencies on central server and network infrastructure.
- System cannot be located in an insecure area outside of the computer machine rooms (eg. offices, labs, etc).
Option 2: Unified Workstation Configuration
The Unified Workstation Configuration is nearly identical to the Unified Server Configuration but with one main difference. Since workstations are not housed in a secure server room, NFSv4 with Kerberos authentication is used for the secure delivery of home directories. As a result, this option provides most of the same advantages and disadvantages as the Unified Server Configuration. If a system is going to be located in an area where physical access to the network ports is not restricted, this is the preferred configuration. This includes all offices and labs within the school.
Option 3: Hybrid Configuration
The Hybrid Configuration is similar to the Unified configurations but with local home directories and no transparent access to other secure central network storage facilities. Home directories are not automatically backed up and you do not share a common home directory environment with the Unified systems but you do have a common (yet still customizable) software environment.
Option 4: Standalone Configuration
With a Standalone configuration, each system is managed independently. Users have separate home directories and environments on each standalone system and nothing is backed up automatically. A standalone system will be unique which may be an advantage when a highly customized or non-standard configuration is needed.
ADVANTAGES
- OS configuration can be very unique.
- The dependence on the network and server infrastructure is reduced.
DISADVANTAGES
- Linux distribution is limited to RHEL. Other distributions will be considered on a case-by-case basis but support for non-RHEL systems will be limited.
- Home directories are not automatically backed up.
- Access to large network storage facilities, including /scratch and /nobackup, is limited.
- Staff management overhead tends to be very high.
Option 5: Self-Managed Configuration
Warning | ||
---|---|---|
| ||
If you decide to manage a system that is on the IU network, it is critical that you adhere to IU Policy IT-28, Cyber Risk Mitigation Responsibilities. |
With a Self-Managed configuration, the user is completely responsible for the installation and ongoing system administration and maintenance of the system. As such, the user can run any arbitrary Linux distribution. While the IT staff may be able to provide limited assistance, there should be no expectation of any ongoing support. It is the responsibility of the user to maintain system security in both the initial configuration and with ongoing patch management. Systems deemed to be vulnerable to exploit will be removed from the network.
Comparison Matrix
Feature | Unified Server | Unified Workstation | Hybrid | Standalone | Self-Managed |
---|---|---|---|---|---|
Administrative Overhead - Staff | Low | Low | Moderate | High | Low |
Administrative Overhead - User | Low | Low | Low | Low | High |
Common Home Directories | Yes | Yes | No | No | No |
Automatic Home Directory Backups | Yes | Yes | No | No | No |
Access to Large Local Software Repository | Yes | Yes | Yes | No | No |
Ability to Run Arbitrary Linux Distribution | No | No | No | Limited | Yes |
Sudo Access Level | Unrestricted | ||||
Kerberos Authentication For Home Directory Access | No | Yes | No | No | No |
Dependence on Central Network/Server Infrastructure | High | High | Low | Low | Low |
Access to Local System Storage Space | Yes | Yes | Yes | Yes | Yes |
Access to Large Central Networked Storage Space | Yes | Yes | Restricted | Restricted | Restricted |
Hosting in Secure Machine Room | Required | Optional | Optional | Optional | Limited |
Can Reside In an Insecure Location | No | Yes | Yes | Yes | Yes |