Health Sciences Information Technology
|
Child pages: - - - - - - - - VPHS |
SCOPE This document describes an approach for determining the UNIX support needs of the Health Sciences Node / Health Sciences Information Technology (HSIT). The target audience is HSIT IT leadership who will ultimately be responsible for determining how such a service would be deployed. The aim is to provide an introduction to UNIX and its associated support issues in a form adequate to permit that group to evaluate and develop the preliminary plan of action provided here for incorporation into the proposal being forwarded to the Provosts office. Since the current installed UNIX base within the node is not well categorized, the first step that must be undertaken is to both identify the installed UNIX base and to ascertain the ways in which it is currently used and supported. Once this information is obtained a support strategy can be developed that will at a minimum encompass current needs and that will ideally be amenable to sustaining additional support demands that arise out of any planned expansion of UNIX within the HSIT. This document is preliminary in nature. However, recommendations that will permit the HSIT IT leaders to begin to address this issue will be made. BASIC RECOMMENDATIONS FOR THE HSIT IT LEADERSHIP
GENERIC UNIX SUPPORT ISSUES This section is designed to briefly address the types of issues that should be considered when supporting a UNIX environment. It is included to provide a base understanding of the issues at hand and to assist the HSIT IT Leadership in determining what level of UNIX support they feel it is reasonable to provide for the HSIT Node based on available resources. Platform Identification A UNIX machine is not the same as a PC. Although a plain vanilla UNIX Operating System can be installed on a compatible hardware platform in an hour or so, its Operating System can rival in intricacy the Operating Systems found on legacy "mainframe" systems and, depending upon the use of the machine, the support issues can range from relatively modest (e.g., in a single-user configuration) to a complexity rivaling those of supporting a "mainframe" system (e.g., in a multi-user or server/mailhub configuration). It is also important to understand from the start that labeling a computer a UNIX machine doesnt really say much about it. There are many variations and flavors of UNIX and if you were to draw a Venn diagram of the support issues associated with each, you would quickly note that the area of intersection where the support issues are the same is smaller than the areas containing the non-intersecting non-common support issues. One of the primary determinants of what this Venn diagram would look like is a determination of the particular UNIX platforms deployed in the HSIT. The primary identifiers of a UNIX platform are a) the hardware it runs on and b) the operation system (OS) which it runs. There are several primary UNIX hardware platforms. The main ones likely to be found on campus include those built by SUN Microsystems (SUN), Hewlett Packard (HP), IBM, and Silicon Graphics Inc. (SGI). In addition, there may be some less mainstream (for our campus) machines encountered such as those produced by Digital Equipment Corporation (DEC). There are also a variety of UNIX OS designed to run on Intel (x86 architecture) based hardware platforms such as those produced by SUN, SCO, Apple Macintosh OS X, and freeware versions such as Linux. Of the OS available there tend to be two "flavors", those based on the University of Berkley version of UNIX (BSD) and those based on AT&Ts System V (SYS V). It is important to note that although BSD variants and SYS V variants are all classified as "UNIX", a system administrator versed in the support of one of these platforms could not sit down without additional education and administer the other. Additionally, not only are there inter-vendor specific differences in UNIX implementations and intra-vendor variations between OS versions, but each version of a given OS from the same vendor may have subtle differences across supported hardware platforms. Consequently, one of the critical things to be determined in the existing HSIT UNIX population is what hardware is out there, what operating systems are installed, and which versions of those OS are installed. To the extent heterogeneity in this area can be contained and minimized, so to will the support effort in man-hours and software costs required to maintain the systems be reduced. Finally, the frequency with which new patches to the operating system components come out can range from monthly to almost daily. These updates can address anything from minor OS bugs to newly discovered security weaknesses that are being actively exploited in a continual fashion by network hackers. A number I overheard in 1997 in a casual conversation was that CIT is aware of around 30 active attacks on the UB computing infrastructure per month! As an absolute minimum, I would strongly recommend HSIT support of network configuration, machine security and security auditing for machines attached to the network. A UNIX platform which has been compromised by individuals attacking it from the network is vulnerable not only to corruption of local or network accessible data and utilization problems, but the compromised machine can also be used to launch additional attacks on machines both within and outside of UB (potentially under the assumed identity of legitimate users on the machine). Common Support Areas Although the listing below covers all of the major support areas that come to mind as I prepare this document, a more complete list should be generated by the HSIT UNIX user community along with some measure of how important receiving support on each item is perceived to be. The resulting list should then be reviewed by individual(s) with UNIX expertise who will assign personnel and dollar figure estimates to each item in light of the current/proposed HSIT UNIX base. This review could then be passed on to the Steering Committee to aid in the decision process with regards to which UNIX components HSIT intends to support centrally. Note that the Steering Committee may wish to adopt a strategy whereby the UNIX user community is educated in either a coordinated or as-needed manner so as to enable them to provide adequate self-support in the areas that will not fall under HSIT support. They may also wish to provide support to the entity receiving UNIX assistance within the framework of some kind of charge back schedule.
|
University at Buffalo, State University of New York |