Please note: This material is no longer current and appears online for archival purposes only. Use the search and navigation tools above to locate more up-to-date materials, if they exist.

Distributed Computing Task Force
Business Requirements and University Direction

University Business Environment

"Penn stands out among great research universities for its strength across a wide variety of schools and fields and its ability to foster innovative connections among its disciplines, faculty, students, and the broader university community. It is a university that takes as a guiding metaphor the image of the brain, with its vast number of individual neurons connected along wondrously complex pathways. Creative intelligence comes not only from the quick retrieval of information stored in millions of cells but from the unusual ways in which that information can be connected. Penn's comparative advantage lies in its ability to develop that same sense of interlocking connections...This vision of a university constantly forging intellectual and scholarly connections provides the framework for the University's Academic Plan." [Excerpt from "Planning for the 90s: Five Year Academic Plan for the University of Pennsylvania", ALMANAC SUPPLEMENT, January 22, 1991, page II.]

These words guided the activities of the University's Networking of Heterogeneous Desktop Computers Task Force in 1991. That task force selected Novell Netware as the market leader and emerging de facto standard for PC Local Area Network (LAN) services, especially file and printer access and sharing. Novell is now used in many places at Penn, and provides important services for many work groups. It has also become increasingly clear however that Netware is not an appropriate infrastructure with which to support Penn's dynamic and diverse requirements for academic and administrative communications.

Today, in 1995, the University challenges technology planners to anticipate the Information Technology requirements of even more aggressive academic and administrative initiatives, including:

• the perpetually simmering cauldron of intellectual and scholarly activity referred to in 1991,
• Access 2000, the Library's initiative to revolutionize electronic access to Library resources,
• the Administrative Restructuring Project, also known as the first phase of the Coopers & Lybrand study, including Project Cornerstone, and
• Education of the Twenty-First Century, the development and implementation of an entirely new undergraduate experience at Penn.

Because the last three initiatives are just beginning, and the first is by nature very dynamic and hard to foresee, it is impossible to know exactly what will be required of Penn's Information Technologies. Although we do not know what the University's Information Technologies house will look like, we fortunately know much about the foundations on which it will stand. They must include robust but minimally intrusive security, access control facilities, ubiquitous file services, directory services and other user tools. These are the Information Technology foundations on which the University can base innovative and interdisciplinary linkages and systems; foundations that will help lead and support, rather than drag on the University's business opportunities and needs.

Preparing to provide this support is the work of a number of task forces already at work at Penn. The Electronic Mail Task Force has helped bring about wide-spread use of electronic mail and network news. It continues to work toward ever more functional and usable electronic mail, news, directory, calendaring and scheduling systems. The Network Architecture Task Force is working to provide an increasingly accessible, reliable, capacious, and capable network.

Similarly, the Distributed Computing Task Force seeks to provide a modular, standards-based foundation on which systems supporting academic or administrative initiatives can be built and made available on the network. In other words, to knock down the artificial, technological barriers that divide our campus into islands and inhibit collaboration, to build bridges supporting our "One University", and to maintain connections with the growing, world-wide network community.

Functional Requirements

The Distributed Computing Task Force (DCTF) draws on the ideas of a number of groups which discussed the University's academic and administrative directions and needs for Distributed Computing. Principal groups include the DCTF Advisory Committee, the Unix Users' Group at Penn, the Network Architecture Task Force, the Macintosh Network Team, the PC Networking Team, the Super Users' Group, and the 1991 Networking of Heterogeneous Desktop Computers Task Force.

The primary requirements identified by these groups are the foundations we must lay to support the University as it moves forward:

• Single Sign-on Authentication;
• Access Control and Security;
• File Services; and
• User Tools and Resources;

Single Sign-on Authentication

The ability for users and systems to prove their identity to the network of computer systems with a single login, in a manner that actually features greater protection from break-ins. Users currently have too many accounts and passwords to keep track of, and system administrators have too many replicated user profiles to manage. Re-usable, clear-text usernames and passwords that pass around the network are too susceptible to "promiscuous" listening and capture, as are some classes of data.

As recent security breaches on campus and across the Internet have demonstrated, we face a serious threat to the integrity of our networked computer systems and the messages and data they exchange. The inherent risks of network computing are compounded by our lack of a "single sign-on" network authentication system, such as Kerberos. This is particularly alarming as we work to deploy more and more of the University's business functions using client/server, network-based information systems.

• Single Sign-on: Users only need to have one username and password to access all systems on the network. This reduces the need for people to write down or script usernames and passwords, and thus the possibility that such lists will be found and used by other people.
• No Passwords on the Network: Authentication systems also eliminate the need to send usernames and passwords in cleartext, or even in an encrypted form, across the network, where they are vulnerable to interception, decryption, and reuse.
• Strong Passwords: Passwords systems are also vulnerable to guessing attacks, wherein users pick easy to remember passwords, which are also easily guessed. Strong password enforcement protects against this by requiring hard passwords.
• One-time Passwords: Password systems are also vulnerable to people who give away or are "socially engineered" (i.e., conned or duped) out of their password. One-time password systems protect against this, but at the cost of requiring users to carry a password generating device.
• Secure Transmission: Encryption systems, which often rely on authentication, provide the basis for transparent, secure transmission of data between client and server computers.
• Ease of Account Creation and Maintenance: By providing a campus-wide database of users, groups, organizations, accounts, and policies, it becomes much easier to maintain the correct information for each. Maintaining ties to Alumni and supporting their life-long connection to the University, as well as reaching out to high school students also become possible. This inherently requires policies governing access to the authentication and username space services.

Access Control and Security

The ability to restrict access and protect resources on the network. Before people or organizations make their resources available on the network, it is often necessary to make sure access can be controlled, i.e., that a resource can be protected from people who are not supposed to have access. A critical prerequisite is securing and properly managing the systems that serve as access points to the network.

• Security Guidelines: Policies and guidelines for system administrators to follow in order for their systems to be part of the Distributed Computing system. Without such guidelines, sloppy or negligent management of a system could leave not only that system's users vulnerable, but the entire network vulnerable to attack. Less attention grabbing, but equally necessary are guidelines for system backups. One would think that responsible system administrators certainly perform backups routinely, and store tapes off-site. However, surprisingly many system administrators, who are otherwise knowledgeable, experienced, responsible and respected, often fail to take the extra steps. Formal guidelines for system administrators, clearly spelling out their duties and responsibilities are needed. Guidelines include:
  • System Integrity: System administrators are primarily obliged to maintain the integrity and usability of the system -- all else follows from this.
  • Usernames: The manner in which usernames can be assigned so as to maintain uniqueness across campus.
  • Accounts: Special accounts, such as root and bin, should never be created with easy passwords and passwords for these accounts should be changed on a regular basis.
  • Security Patches: Operating system patches for security holes should always be applied in a timely manner.
  • Backups: File system backups should be performed on a regular, announced schedule, with tapes being sent off-site for storage.
  • Security Incidents: When security incidents occur, the system administrator's primary goal remains the same. System administrators have no rights to guide their actions, only a duty to the system and its users. They must avoid situations in which they act as judge, jury and executioner.
• Access Control by User and Group: Distributed Computing resources require a variety of access permissions for individuals and groups. Some allow distributed system administrators to manage their systems. Some permit users and groups to read, write, or use specific files, programs, directory information, printers, or other computing resources. Others can prohibit access to resources by specific groups or individuals. At Penn, management of access control must be distributed to the owners of the distributed computing resources. Major points are:
  • Unauthenticated Access Control: what access to allow anonymous persons, potentially from anywhere on the Internet.
  • Foreign User Access Control: what access to allow "foreign", i.e., non-Penn, authenticated users, from sites on the Internet we choose to trust.
  • Penn User Access Control: what access to allow Penn users, depending on their memberships in a variety of groups. This must also include some discussion of what groups we will need as a base for adequately providing and controlling access. For example, by status (faculty, staff, student, alumni), school, department, project, program, class, and/or course.
  • System Administrator Access Control: what access to allow administrators of individual Distributed Computing systems, depending on whether they are unknown, registered, or trusted. Chief among these are the ability to perform administrative functions on computer resources and to create and modify information about specific users, services, groups and accounts.
• Access Control by Service: Distributed Computing services conceived of in that fashion typically employ access control lists to restrict their use. However, many widely used services pre-date this concept and require retrofitting to provide adequate access controls. Fortunately file systems already support access controls very well. Important services we would like to see greater protection for include telnet, ftp, X-Windows, mail, NetNews, printing, "real-time" messaging, directory services, Z39.50, WWW, gopher, WAIS, archie, veronica, and so on.

File Services

The ability to provide and manage ubiquitous access to file services is essential to being able to provide the ad hoc, flexible connections the University needs. File services are like the highway system, in that when someone needs to travel between two points, it is too late to build the road. The solution is also similar -- build many connected roads in advance. As files are the basis for much cooperative work, the file system must be prepared in advance.

One critical problem facing Penn's academic and administrative departments is the need to manage a growing number of increasingly powerful and complex computer systems without a corresponding increase in technical staff and support resources. Current disjointed efforts fail to provide economies of scale or specialization or to leverage one another's efforts, and leave the University at risk of not being able to provide either a competitive academic computing environment or a cost-effective administrative infrastructure.

• Ubiquitous and Consistent User View: Users should have the same access to their usual computing and communications environment and resources as they work in different locations.
• Software Distribution Functions: Use of the network for distribution of software. The present diskette, tape, and CD-ROM distribution methods are very problematic, inefficient and annoying.
• Network Configuration of Computer Systems: Configuration of computing systems without network support is labor-intensive, and sensitive to the quality of that labor. Network configuration leverages the network and human expertise resulting in what some people have called "no shoe leather" support that is also typically of superior quality.
• Software License Management Functions: The ability to distribute licenses to software on an as-needed basis could provide significant cost savings.
• File Backup and Recovery: The ability to backup and restore files and file systems across the network.
• Virtual Workstation Labs: Granting controlled access to discipline-specific software from any lab, office or dormitory room has been a desire for some time.
• Workstation Clusters: Support for workstation clusters using network as a bus.
• Dataless Workstations: Support for "dataless" workstations (operating system/paging files only; no applications and/or data stored on local hard disks).
• Manageability and Scalability: Taken together, the facilities above will all help manage the ever growing number of computer systems and their Distributed Computing technologies without ever increasing numbers of support staff.

User Tools and Resources

The University's business requirements require the infrastructural services and facilities described above, but the infrastructure alone does not meet the requirements. User Tools and Resources that use the infrastructure must be found to address the needs. For example, "client" tools for:

• Basic Network Services: accessing traditional, basic network services like mail, news, telnet, ftp, and X-Windows using the enhanced infrastructure to gain enhanced security, manageability and ubiquity.
• LAN Services: providing what are generally considered Local Area Network (LAN) services, including printing, file sharing and even "real-time" message delivery, but again with the benefits of the enhanced infrastructure.
• Directory Services: assuring that users can find and use the network computing and information resources they require.
• New Network Services: providing enhanced access to new network services, such as WWW, which could be the basis for on-line help, consulting and advice systems, as well as commercial and public information services, like the Library systems.
• Advanced Network Services: While some functions are presently possible in special situations, such as research labs and demonstration projects, their utility-like use by normal users across the enterprise remains years away. We nevertheless wish to track developments in these areas. Examples include:
  • Database Services, typically Oracle SQL*Net or Sybase networking, currently support only basic access controls and security, often insisting on performing their own authentication.
  • Parallel Processing, currently possible only with special hardware, or with special, carefully configured network software.
  • Computer-Supported Collaborative Work environments (aka groupware), like shared white-board software, and work-flow systems.

Summary

Creation of the infrastructure for cohesive, more manageable and tightly integrated distributed computing is necessary to support research, educational, and administrative computing and communications at Penn, a need that seems to grow with every new initiative. This document provides some details about the requirements for authentication, authorization, files service, and user tools that the DCTF sees as necessary to support the University's needs and direction.

While some vendors already support DCE, other vendors are taking a wait-and-see attitude on supporting DCE. Only by standardizing on DCE ourselves and beginning to implement it at Penn, can we hope to convince vendor companies that we are serious about DCE, and that they should support DCE too.

Please note: This material is no longer current and appears online for archival purposes only. Use the search and navigation tools above to locate more up-to-date materials, if they exist.