Path: utzoo!utgpu!watserv1!watmath!iuvax!rutgers!cbmvax!grr From: grr@cbmvax.commodore.com (George Robbins) Newsgroups: comp.unix.ultrix Subject: Re: Managing a network of UNIX workstations Message-ID: <9338@cbmvax.commodore.com> Date: 13 Jan 90 09:15:19 GMT References: <3949@jhunix.HCF.JHU.EDU> Reply-To: grr@cbmvax.commodore.com (George Robbins) Organization: Commodore, West Chester, PA Lines: 90 In article <3949@jhunix.HCF.JHU.EDU> barrett@jhunix.HCF.JHU.EDU (Dan Barrett) writes: > > I may be managing a network of DECstation 3100's running Ultrix in > the near future. I have been managing VAXen for a long time, but never a > network of workstations. So, I have some questions: > > (1) How do you handle inter-machine superuser privileges? > > I do NOT want to put "root" in /.rhosts -- this is a big security > risk, right? Don't unless you can control physical access to the hardware or are operating in an intentionally un-secure mode. It is may be an acceptable risk / convenience if you have a coule of servers in a secure area. > (2) How do you do transparent backups? I want to pop a tape in ONE > tape drive and say "Back up ALL files from ALL workstations onto > this tape." One traditional means is to have an "operator" account on all machines and then have all the "raw" disks readable by "operator" and use a shell script that remotely executes rdump on on each of the systems. Unforturnatly the Ultrix dump program is broken and thinks only "root" is allowed to run dump. I don't know of any convienient and secure automated way to handle this. The operator can still do the dumps from a central site/machine/tape, but he has to know the root password and log into each of the machines and manually run the dump program. > Suppose I dedicate one workstation as the "main node", mount all > other workstation disks on the main node using NFS, and then back it > up. This should work...? But don't I have to worry about > inter-machine superuser privileges? After all, we want to back up > EVERY file from EVERY machine. Yep... Plus you can only use cpio/tar across NFS. Dump/restore are generally speaking better tools. > (3) We'd like all users to have accounts on all workstations. What's > the best way to maintain an inter-machine password file? I've > heard vaguely of "yellow pages" but have never used it. Yellow pages is probably a good way to do this, especially for a cluster of workstations under one management being used in a homogenous manner. Start with the DEC YP manuals and also get ahold of a set of sun Manuals if you can... > (4) We'd like a system where the entire network appears to each user as > if it were one huge "machine". A user would log onto this "machine" > and not care which workstation s/he were actually using. (Maybe the > "machine" would automatically log the user onto the workstation with > the lightest system load. I've seen this done with VMS systems at > other schools.) Can this entire scheme be done? Transparently? All the file systems can appear as one big filesystem if you set up an appropriate cross mounting scheme. YP can help with this. Automatic load sharing is not so simple and would be hard to make transparent in most cases. > (5) Should we put disks on every workstation, or have one fileserver and > many diskless workstations? Which is better? Easier to maintain? This is a religious question. Central fileservers definitly make the backup problem *much* easier to manage. Backing up across a network is slow and painful, having a decent performance tape drive on the same system(s) as the disk drives is much faster. The fewer filesystems you have to dump the easier media management and recovery are. > My idea is to have one or two fileservers, make the other > workstations use NFS, but put a small disk on each workstation for > swapping only. Good? Bad? What's better? Another one. If you can afford to, put at least a swap disk on each system and/or a root/swap/var disk(s) on each one and let the fileserver serve files and not handle swapping or booting. Some people will tell you that network stuff is faster that low performance built-in SCSI drives. This may be true, especially on a lightly loaded net - if so, just run the systems diskless. > (6) Does anybody make a removable media drive, like the Syquist > 44-megabyte cartridge drive, for the DS3100? Anything SCSI may work, but you'll probably have to try it to test for compatibilty before buying. Small removable media hard drives are still of questionale reliability. -- George Robbins - now working for, uucp: {uunet|pyramid|rutgers}!cbmvax!grr but no way officially representing arpa: cbmvax!grr@uunet.uu.net Commodore, Engineering Department fone: 215-431-9255 (only by moonlite)