VCC Utility Shared Resource Domain

 
 

To print this document without cutting off the edges, you may need to change the page properties in your web browser to the minimum allowed value.

SRD Model
SRD Benefits
SRD College Setup Instructions Overview
SRD Trusts
SRD Group Management
Mapping Drive to SRD
Troubleshooting NetBIOS problems
SRD FAQs

SRD Model

Version: 1.3
Status: Approved 12/05/1999
Revised: 6/29/2005
Contact: Brendan L. Hogan

Purpose
The purpose of the Shared Resource Domain Model (SRD) is to define the process used to provide software distribution and allow VCCS operating units to access shared resources supported by the VCCS ITS.

Scope
This SRD model covers connecting to shared resources and distributing software.

Applicability
The SRD model covers all operating units of the VCCS.

Definition
Provides automated software distribution.  Enables college administration of login ID’s and rights to shared resources.

Model
Certain resources such as the VCCS Student Information System (SIS), Financials, general software distribution, and future shared resources are shared between the colleges.  In an effort to leave user administration at the college level and resource administration at the VCCS ITS level, the SRD utilizes a Microsoft Multiple Master Secure Domain Model with a Resource Domain.  The SRD will be used to distribute software to campus-based servers.  Domain controllers are required at the colleges and VCCS ITS to provide authentication of users to shared resources.  All VCCS operating units will no longer maintain a fully replicated WINS database to provide for NetBIOS to IP translation.

Requirements - College Level

College must install NT member server(s) in the UT domain.  Software will be automatically distributed and/or installed to this server.  This server may also function as an application server, i.e. PeopleSoft file server. This requirement is eliminated when PRODDEV is retired.

Provide a Windows-based domain.

Multiple Domain Controllers are recommended.

A one-way trust must be established from the UT domain to each college domain.

College will maintain Windows Global Groups in their domain assigning appropriate users to those groups.

NetBIOS name resolution will be provided by colleges making static entries in their WINS server and/or LMHOSTS files.

Requirements - VCCS ITS

Will provide a single resource domain named “UT”.

Will maintain and assign resources by sharing to local groups.

Will assign college global groups to these local groups.

Will automatically distribute and/or install software to campus based file server(s) that participates in the SRD.

Will provide NetBIOS name information and IP addresses.

User Access to Shared Resources

Return to top

SRD Benefits

The SRD allows global resources to be shared at the college level. Currently this includes PeopleSoft shares and direct access to the VCC ITS FTP directories.
Return to top

SRD College Setup Instructions Overview

The college LAN Administrator may work with ITS EServices personnel to install the necessary resources to participate in the SRD.

Utilize an existing college based Microsoft Domain or create one by installing an NT/Windows200X Primary Domain Controller where the college user accounts will reside.  The college will maintain full control over this domain.  This will allow the college to manage their own user ID’s and global groups. Multiple Domain Controllers are highly recommended.

Establish a one-way trust with the UT domain trusting the college domain.

Create static entries in WINS to provide NetBIOS name resolution at the clients.

Create appropriate Global Groups within College Domain and assign users.
Return to top

SRD WINS Management

WINS is recommended to provide NetBIOS name to IP address resolution.  This service can be installed on an existing NT server.  If a secondary WINS server is installed, setup replication of the Primary to/from the UT WINS hub and then replication of the Secondary to/from the Primary.

WINS Security -

The hub and spoke replication model is no longer going to be used for security issues. Static entries for ITS resources should be added to the colleges local WINS servers.

LMHOSTS can be used but is not recommended due to high maintenance requirements.  If an LMHOSTS file is used, follow these procedures:

Create an LMHOSTS file in your windows directory (or add the following information if one exists).
Click the START button.
Click Run.
For Windows 95/98 type the following in the open box and press enter:
        Edit c:\windows\lmhosts
For NT 4.0 type the following in the open box and press enter:
        Edit c:\winnt\system32\drivers\etc\lmhosts
Add lines into the file as needed to access SRD resources:
For PeopleSoft Workgroup Users add:

164.106.10.36  CSC_06  #PRE  #DOM:UT

Additional lines as resources become available.
Save and exit the file.
Click the START button.
Click run.
Type the following in the open box and press enter:
nbtstat –R (make sure you type the "R" in uppercase)

If the DOS box did not automatically close you should see the following message: "Successful purge and preload of the NBT remote cache name table".   Close the DOS box if it does not close automatically.
Return to top

SRD Trusts

Create one-way trust relationship to allow UT domain to trust college domain.

Go to user manager for domains, policies, trust relationships and select trusting domain.  Enter UT as domain and supplied password (lower case) as the password (password is automatically changed by NT every 7 days).

EServices will then complete the trust in the UT domain.

EServices should now be able to add college global groups to the local resource groups. These local resource groups on the UT domain have been added to the appropriate shares.
Return to top

SRD Group Management

***This section requires further updates***

Create the following Global Groups using user manager (substitute college code for xx):

xxpsoftwg PeopleSoft workgroup members and users requiring access to the psissues.mdb. Also gives access to PeopleSoft Installation directory.

xxcsl All college CSL’s. Allows direct access to the VCCS ITS FTP server directories, resource25 installation directory, and Oracle Client installation directory.

xxr25 Add any user requiring installation rights to Resource25 (not needed to run Resource25). CSL's already have this right.

xxftpadmin VCCS ITS requiring rights to write to FTP directory.

EServices will add these global groups to equivalent local groups in SRD respectively once the trust is established.
Return to top

 

Mapping Drive to SRD

Users belonging to appropriate Global groups should allow drives to be mapped at users workstations for required resources. This can be done in an individual’s login script, or by creating a persistent drive mapping using Windows Explorer. 

Not all applications will require a mapped drive.  In many cases the UNC path \\computer\\sharename will suffice particularly when software is only being installed from a shared resource.

Return to top

Troubleshooting NetBIOS Problems

To troubleshoot connectivity problems when using an LMHOSTS file for NetBIOS name to IP address resolution, use the following procedure:

Open a DOS window then type the following in the open box and press enter:
nbtstat –R (make sure you type the "R" in uppercase)
If the DOS box did not automatically close you should see the following message:
"Successful purge and preload of the NBT remote cache name table"
Type nbtstat –c (make sure you type the "c" in lowercase)
You should see any server entries listed that you added to the LMHOSTS file. If you don’t see them there are several things that can cause this:
Make sure LMHOSTS file was created in DOS editor (not notepad) as there should be no extension on this filename. *Important: LMHOSTS file should not have .txt or .sam extension. It should be "LMHOSTS" with no extension. Use the DOS editor (not notepad) by typing edit at a command prompt.

Make sure it is located in the correct directory: 
For Windows 95/98 c:\windows\lmhosts
For NT 4.0 c:\winnt\system32\drivers\etc\lmhosts
Each entry should be kept on an individual line.

The IP address should be placed in the first column followed by the corresponding computer name. The address and the computer name should be separated by at least one space or tab. The "#" character is generally used to denote the start of a comment with the following exceptions: 
#PRE
#DOM:<domain>
#INCLUDE <filename>
#BEGIN_ALTERNATE
#END_ALTERNATE
Return to top

SRD FAQs

As an end-user, how do I obtain the appropriate rights to access a shared resource?
Please contact  your college LAN Administrator to have your user ID added to the appropriate Global Group within your college domain.

Do you have any other information on how the benefits of SRD outweigh the costs and efforts required to connect?
The Shared resource Domain Model has been fully approved by the Technology Governance Structure.  It is going to provide a secure method of shared system-wide resources and yet still give the college full control over what user ID's can access a specific resource.  The SRD provides an industry-standard method of securing resources by requiring authentication to access a resource.

What percentage of college personnel do you project will need direct access to the SRD? As a NetWare college, SRD would require reconfiguring affected users' PCs to support both NetWare Client32 and Microsoft Client and duplicating user accounts in the Academic domain.
For PeopleSoft 8, very few users require access to shared resources.
 


Return to top