Tips on working with Multiple Users in Open Directory Environment?
by Jesus Ali
on
Jul 22, 2008 at 6:20:46 am
Hey everyone!
I am working on salvaging a long suffering XSan installation at the small independent art college I work at. Eventually the XSan should serve different Volumes (or Mounts) to different students who log into different physical computers each day. We're looking to go live in two steps, first step is to bring 2 Macpro's and 1 G5 online. The second step is to bring 12 other G5's online.
I now have the Metadata controller and Standby controller up and running.
We've got three Apple RAIDs up and RAID'ed and sliced in to LUNs. I made multiple Volumes and they mount on the MDC.
We are having some confusing in the Gigabit Ethernet switches, I am pestering IT to give a 2nd, dedicated Gigabit switch so I can nail down the Public and Private ethernet networks.
But while I wait on that part, I am trying to move forward in the next step of designing day to day student usage.
We use an LDAP Master Directory for all students in the school to log into any of 100+ Macs in 7+ different Mac and PC labs throughout the school.
Right now, the casual student logs into their Home Directory which resides on Mirrored RAID hosted by an Xserve.
So at this point, I have Authenticated the MDC XServe to Master Directory XServe and added a Group called "XSAN". My login, the Network Admin's login and a Sample student login have each been added to the "XSAN" group membership.
I have been using the XSan Administrator's Guide and that nifty little perfect bound book on XSan published by Peach Pit (?).
But now I am at a loss as to what to do next, namely, how to "divide" or design the RAIDs into different Volumes or Mounts for different students to have access to.
My initial goal is to take the fastest Slice (of 3) across Four Arrays and make it the Volume or Mount for students to Capture live HD video to - from a Canon XL H1's HD-SDI port, but through an AJA IoHD converting it to Pro Res on capture. Maybe at some point, or if things were fast enough, capturing uncompressed HD, without ProRes. This will mainly be for shooting Green Screen with the XL H1.
But the secondary goal is to designate the Middle or Slowest slice across the Four RAIDs for the students in the "Video 1" course to use for Standard Definition video work.
I see in the XSan Administrator's Guide that it mentions Folder Affinities and Access Control Lists (ACL's). But to my frustration I don't see anywhere where these steps are explained in depth!
I suspect I should be working with the Desktop Services Manager at my school to dig around Apple Workgroup Manager to set these things up. Is that right?
Ideally, each semester I would like to take the lists of student names enrolled in each course and apply different Workgroup Group names to them to control access.
Something like, "XSanCapture" which would only put the Capture Volume or Mount on their desktop when they login. And "Video01" which would put only the Volume or Mount made from the slower Middle or Inside slice on their desktops. And then also something like "JuniorSeniorWork" which would be a Volume fast enough for some HD work on their desktop.
So for example, student JOHN SMITH was in Video 01 last semester as a Sophomore. Now he's a Junior and wants to Capture HD and work with it. So now I would delete him from the "Video01" access Group and add him to the "XSanCapture" and "JuniorSeniorWork" groups.
So, if that works, the next step is this:
How do you make it so JOHN SMITH doesn't have access to KATIE WHITE's files even though they both are in the "XSanCapture" and "JuniorSeniorWork" groups?
Can you get this level of privacy with XSan?
If any of you wonderful geniuses can point me toward tips or a tutorial or a book which outline these further processes, I would be eternally grateful!
Any other non-tutorial tips and advice would also be appreciated.
Thanks again. And if I can help out anyone stuck earlier in the process, please don't hesitate to ask!
Re: Tips on working with Multiple Users in Open Directory Environment? by Jordan Woods on Jul 22, 2008 at 4:37:34 pm
you might want to hire a freelance san/server expert to go through your whole setup. That is a very good idea since these guys will be able to see issues that may come up down the road. There are so many questions on your post it would seem worth to me.
Re: Tips on working with Multiple Users in Open Directory Environment? by Ernesto Sanchez on Jul 23, 2008 at 6:01:17 am
Short answer: Yes, XSAN with Open Directory and ACLs can give you granular control over permissions. Setting up ACLs to do this is an art form in itself.
Long answer: See Jordan's post. Sound's like you are %80 percent there. If you have enough time you could probably figure it out yourself but sound's like you already have a full time job. Hiring an XSAN integrator just for consulting probably will be worth it to you in the time it will save you.
