dear all,
i can only assume that i scared You off with the lenghty posting.
What i am trying to understand here basically can be summarized as
following;
How to manage thinclients in multi-site (physically seperate WAN, on
different LANs) deployment?
I can see LOCATIONS section on otc manager but i dont know how to make use
of it.
Some informative description on how to utilize LOCATIONS section and how to
deal with multiple site deployments scenarios would be helpfull - either in
the form of an article or summary.
all the best!
akeilo cm wrote:
>
> Dear All,
>
> There is a section under OTC manager, called Locations, where one creates
> the location as the basis configuration (with default settings primary and
> secondary directory server pointing to the local OTC).
>
> Which then get assigned to devices and other entities. From the conceptual
> point of view this gives an impression that OTC can be setup in multi-site
> locations properly, each containing their own configuration and separated
> NFS store. Secondary Directory setting also gives an option to
> authenticate users (and read group info) from a "central" LDAP server.
>
> However I am not very clear on how to go about the setup, as there a
> number of bottlenecks...
> Allow me to better document and describe what I've conceived so far;
>
> Please excuse my ignorance if i totally misunderstood (or missed the
> existing features built in OTC) to accomplish these.
> There is little or no documentation in OTC multi-site setup and I'm
> learning as I go along...
>
> Assuming one has multiple sites (physically separated shops), each running
> on their own private LAN
>
> Shop 1
> -------
> LAN IP: 192.168.10.xxx
> WAN IP: static_ip_address
> ROUTER: only port forwarding allowed, with basic NAT setup
> VPN-SETUP: PPTP server connects to Shop 2 and 2
> Download/Upload bandwidth: 1Mb down / 512 up
>
> Shop 2
> -------
> LAN IP: 192.168.11.xxx
> WAN IP: static_ip_address
> ROUTER: only port forwarding allowed, with basic NAT setup
> VPN-SETUP: PPTP server connects to Shop 3 and 1
> Download/Upload bandwidth: 1Mb down / 256 up
>
> Shop 3
> -------
> LAN IP: 192.168.12.xxx
> WAN IP: static_ip_address
> ROUTER: only port forwarding allowed, with basic NAT setup
> VPN-SETUP: PPTP server connects to Shop 2 and 1
> Download/Upload bandwidth: 1Mb down / 256 up
>
> The question would be, how to go about setting up OTC in these shops and
> managing them through OTC Manager?
>
> I believe there are different approaches, each having their
> advantage/disadvantages. But I would like to hear from You to better
> understand how to go about it...
>
> Approach 1 - Goals:
>
> a) User and Login information is hosted in an openLDAP server which is
> located at off-site data center.
>
> b) Each shop will have an instance of OTC Server installed in an LAN
> server (in that shop)
>
> c) OTC Server in each shop will be configured to use Secondary
> Directory server to read Users and Groups (from the remote openLDAP
> server)
>
> d) - "User X" in "Shop N" will access their home folder from the local
> ("shop N") -LAN OTC Server NFS- ( ../home/userX )
>
> e) In order to manage each Shop's OTC Server, port-forwarding will be
> enabled (10389) pointing to the LAN OTC Server.
>
> f) Each shop may have different divisoning (i.e. RetailSales, Finance),
> where a related "Location" will be created under the OTC Manager of that
> Shop. The creation of Location will allow to configure the thinclients in
> that divison separately (different hardware, different access rights etc.)
>
>
> Questions on Approach 1:
>
>
> 1) If you setup the OTC Server in each Shop to read User and Group
> information from a remote-central OpenLDAP (goals a and c), how do you
> assign the Application Group and other rights?
> As user and group info. is coming from remote/secondary-directory
> OpenLDAP server, how do we go about setting up the Rights to the Users?
> Do we need to create the same-name "GROUPS" in the OTC server? Will OTC
> server read the Group from the secondary directory server and match with
> the locally created one?
>
> Literally, I am trying to understand on how to go about assigning
> rights (applications, clients) for users authenticating from secondary
> directory server(openLDAP) when its configured to read "User and Group
> info"
>
> 2) If a user in SHOP 1 goes to SHOP 2 and tries to access his account,
> technically the authentication can take place from the central openLDAP,
> but the user's HOME folders left on SHOP 1 NFS server.
>
> What are the sort of options does OTC provide in terms of "feasability"
> for centralizing the STORAGE?
>
> Would it be an option to configure the central LDAP server (i know there
> is no such feature atm for secondary directory authentication) which will
> give the NFS server IP of that authenticating user, so the OS will try to
> map to the NFS server in SHOP 2?
>
> What would be the challenges involved in setting up a central NFS
> server? , where the OTC Server in each office will be able to read and
> write users home folders from the remote-central NFS server?
> Bandwidth being one of the concerns and the OTC OS's almost-constant
> dependancy to the NFS server (write syslog, read/write gnome settings ...)
> In a nutshell what services keeps constant connectivity to the OTC
> Server (service type and its frequency of polling/pushing)
>
> In summary, what sort of specs. in bandwidth and network setup needed
> to centralize the NFS (STORAGE) for all Shops in one single location?
>
> 3) Taking into consideration all Shops are connected to each other via
> PPTP VPN (perhaps not the best VPN setup?)
> and each having different LAN IP ranges;
> Shop1: 192.168.10.1 to .244
> Shop2: 192.168.11.1 to .244
> Shop3: 192.168.12.1 to .244
>
> Is it possible to setup the OTC Server centrally? I understand DHCP
> server (generally any DHCP server i believe?) of OTC serves to the current
> subnet, but I am not sure what can be done to achieve such?
>
> Is it technically possible to setup multiple instances of OTC DHCP
> servers ONLY at each Shop, where these servers will do nothing more than
> sending the OS to the clients in that shop?
> Which then, the Clients will all connect/tap into the Central OTC
> Server (where the "CORE" ApacheLDAP that contains configurations), NFS
> server, Secondary LDAP server running.
>
> To sum. this question, how one can setup a "mother" OTC Server in
> single location which wont require complete OTC Server installation in
> each Shop? Each shop will only have the basic DHCP+TFTP server parts of
> the OTC but nothing else - reasoning being each subnet (10.x, 11.x, 12.x)
> will require its own DHCP. Pls correct me if im missing a technicality of
> the DHCP workings...
>
> 4) What would be challenges to setup a central OTC Server and configure
> each SHOP to be on same subnet, connected via PPTP VPN to each other;
> Shop1: 192.168.10.1 to .50
> Shop2: 192.168.11.51 to .70
> Shop3: 192.168.12.71 to .100
>
> As such, one OTC server would be able to serve to all the
> VPN-connected SHOPs as they are on the same subnet.
>
> The obvious problem with such setup is the total number of equipment
> (thinclients+printers+servers+gadgets) will be limited to 254 for all
> shops.
> Which is fine for our case (not many end-users) but will limit the
> scale ability of the network as the organisation grows.
>
>
>
> Some of these may sound stupid or trivial, but I am sure it will help to
> better understand setup-use-cases of OTC in multi-site, multi-location
> scenarios - and may clarify the capabilities of services involved (DHCP,
> NFS etc.)
>
> The outcome from such setup would be: users at Shop N will goto Shop Y and
> still retain their desktop+files -
>
> and central OTC being setup centrally, all backup+upKeep+management tasks
> can be carried where IT savy personnel is present. Looking at small
> organisation use-case here. May apply to medium or bigger organisations
> with the right setup
>
>
> If nothing, it should be food for thought and starting-point for
> documentation OTC in multi-site.
>
> All the best!
>
>
>
--
View this message in context:
http://www.nabble.com/Questions-on-setting-OTC-in-multi-site-tp20057041p20546832.html
Sent from the openthinclient.org users' mailing list mailing list archive at
Nabble.com.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
The Open Source Thin Client Solution http://openthinclient.org
[email protected]
https://lists.sourceforge.net/lists/listinfo/openthinclient-user
