Dear All,
There is a section under OTC manager, called Locations, where one creates
the location as the basis configuration (with default settings primary and
secondary directory server pointing to the local OTC).
Which then get assigned to devices and other entities. From the conceptual
point of view this gives an impression that OTC can be setup in multi-site
locations properly, each containing their own configuration and separated
NFS store. Secondary Directory setting also gives an option to authenticate
users (and read group info) from a "central" LDAP server.
However I am not very clear on how to go about the setup, as there a number
of bottlenecks...
Allow me to better document and describe what I've conceived so far;
Please excuse my ignorance if i totally misunderstood (or missed the
existing features built in OTC) to accomplish these.
There is little or no documentation in OTC multi-site setup and I'm learning
as I go along...
Assuming one has multiple sites (physically separated shops), each running
on their own private LAN
Shop 1
-------
LAN IP: 192.168.10.xxx
WAN IP: static_ip_address
ROUTER: only port forwarding allowed, with basic NAT setup
VPN-SETUP: PPTP server connects to Shop 2 and 2
Download/Upload bandwidth: 1Mb down / 512 up
Shop 2
-------
LAN IP: 192.168.11.xxx
WAN IP: static_ip_address
ROUTER: only port forwarding allowed, with basic NAT setup
VPN-SETUP: PPTP server connects to Shop 3 and 1
Download/Upload bandwidth: 1Mb down / 256 up
Shop 3
-------
LAN IP: 192.168.12.xxx
WAN IP: static_ip_address
ROUTER: only port forwarding allowed, with basic NAT setup
VPN-SETUP: PPTP server connects to Shop 2 and 1
Download/Upload bandwidth: 1Mb down / 256 up
The question would be, how to go about setting up OTC in these shops and
managing them through OTC Manager?
I believe there are different approaches, each having their
advantage/disadvantages. But I would like to hear from You to better
understand how to go about it...
Approach 1 - Goals:
a) User and Login information is hosted in an openLDAP server which is
located at off-site data center.
b) Each shop will have an instance of OTC Server installed in an LAN
server (in that shop)
c) OTC Server in each shop will be configured to use Secondary Directory
server to read Users and Groups (from the remote openLDAP server)
d) - "User X" in "Shop N" will access their home folder from the local
("shop N") -LAN OTC Server NFS- ( ../home/userX )
e) In order to manage each Shop's OTC Server, port-forwarding will be
enabled (10389) pointing to the LAN OTC Server.
f) Each shop may have different divisoning (i.e. RetailSales, Finance),
where a related "Location" will be created under the OTC Manager of that
Shop. The creation of Location will allow to configure the thinclients in
that divison separately (different hardware, different access rights etc.)
Questions on Approach 1:
1) If you setup the OTC Server in each Shop to read User and Group
information from a remote-central OpenLDAP (goals a and c), how do you
assign the Application Group and other rights?
As user and group info. is coming from remote/secondary-directory
OpenLDAP server, how do we go about setting up the Rights to the Users?
Do we need to create the same-name "GROUPS" in the OTC server? Will OTC
server read the Group from the secondary directory server and match with the
locally created one?
Literally, I am trying to understand on how to go about assigning rights
(applications, clients) for users authenticating from secondary directory
server(openLDAP) when its configured to read "User and Group info"
2) If a user in SHOP 1 goes to SHOP 2 and tries to access his account,
technically the authentication can take place from the central openLDAP, but
the user's HOME folders left on SHOP 1 NFS server.
What are the sort of options does OTC provide in terms of "feasability"
for centralizing the STORAGE?
What would be the challenges involved in setting up a central NFS server,
where the OTC Server in each office will be able to read and write users
home folders from the remote-central NFS server?
Bandwidth being one of the concerns and the OTC OS's almost-constant
dependancy to the NFS server (write syslog, read/write gnome settings ...)
In short, what sort of specs. in bandwidth and network setup needed to
centralize the NFS (STORAGE) for all Shops in one single location?
3) Taking into consideration all Shops are connected to each other via
PPTP VPN (perhaps not the best VPN setup)
and each having different LAN IP ranges;
Shop1: 192.168.10.1 to .244
Shop2: 192.168.11.1 to .244
Shop3: 192.168.12.1 to .244
Is it possible to setup the OTC Server centrally? I understand DHCP
server of OTC serves to the current subnet, but I am not sure what can be
done to achieve such?
Is it technically possible to setup multiple instances of OTC DHCP
servers ONLY at each Shop, where these servers will do nothing more than
sending the OS to the clients in that shop?
Which then, the Clients will all connect/tap into the Central OTC Server
(where the "CORE" ApacheLDAP that contains configurations), NFS server,
Secondary LDAP server running.
To sum this question, how one can setup a "mother" OTC Server in single
location which wont require (complete) OTC Servers in each Shop? Each shop
will only have the basic DHCP+TFTP server parts of the OTC but nothing else
- reasoning being each subnet (10.x, 11.x, 12.x) will require its own DHCP.
4) What would be challenges to setup a central OTC Server and configure
each SHOP to be on same subnet, connected via PPTP VPN to each other;
Shop1: 192.168.10.1 to .50
Shop2: 192.168.11.51 to .70
Shop3: 192.168.12.71 to .100
As such, one OTC server would be able to serve to all the VPN-connected
SHOPs as they are on the same subnet.
The obvious problem with such setup is the total number of equipment
(thinclients+printers+servers+gadgets) will be limited to 254 for all shops.
Which is fine for our case (not many end-users) but will limit the scale
ability of the network as the company grows.
Some of these may sound stupid or trivial, but I am sure it will help to
better understand setup-use-cases of OTC in multi-site, multi-location
scenarios -
Where users may need to use Terminals at any of the Shop and still retain
their desktop+files -
and central OTC being setup centrally, all backup+upKeep+management tasks
can be carried where IT savy personnel is present
If nothing, it should be food for thought and understanding for
documentating OTC in multi-site.
All the best!
--
View this message in context:
http://www.nabble.com/Questions-on-setting-OTC-in-multi-site-tp20057041p20057041.html
Sent from the openthinclient.org users' mailing list mailing list archive at
Nabble.com.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
The Open Source Thin Client Solution http://openthinclient.org
[email protected]
https://lists.sourceforge.net/lists/listinfo/openthinclient-user
