Hey guys - Here's a more detailed proposal
on the network configuration.
First - re: network addresses. I'm
assuming we will NOT be using DHCP.
- It tends to play havoc with
some server software/frameworks.
- If we want multiple names for
the same system, it doesn't work well. The reason this is important should
be clear by the end of this message.
The down side is that everyone must
configure the network on their systems with fixed IP addresses. I'm going
with the 192.168.x.y proposal from Don.
First, "x" depends on the
alphabetically sorted company name:
X - company name
1 - baltimore
2 - crosslogix
3 - entegrity
4 - netegrity
5 - novell
6 - oblix
7 - quadrasis
8 - rsa
9 - sigaba
10 - sun
11 - systinet
12 - Tivoli
13 - verisign
Using Prateek's suggested system naming I
now recommend setting "y" as follows:
Y - demo function
1 - portal
2 - application
3 - receiver
4 - responder
So, for example, the RSA portal system can
be found at IP address 192.168.8.1
At a minimum, each company will have 4
entries. This assumes that the system names are actually set to
"portal", "application", etc. If the systems where
these demo functions are hosted really have different system names than those
used above, then we just need to add additional entries for those
addresses. For example:
192.168.8.1
portal.rsa.com
# RSA portal host
192.168.8.1
philpott-lap.rsa.com # actual system
name where the portal runs
192.168.8.2
application.rsa.com # RSA content
provider host
192.168.8.2
ct009.rsa.com
# actual system name where the application resides
192.168.8.3
receiver.rsa.com
# RSA artifact receiver host
192.168.8.3
ct009.rsa.com
# the artifact receiver is also the content provider host
192.168.8.4
responder.rsa.com # RSA SAML
SOAP binding responder host
192.168.8.4
philpott-lap.rsa.com # the SAML
responder is also on the portal system
I will put together a complete etc/host
file using the default settings above. If folks want additional entries
for the specific IP addresses, you'll need to send me the IP addresses and machine
names that you'll be using. Please use the format:
192.168.x.y
machine.company.com # any comment you want
The next issue is whether to use a DNS
server or individual etc/host files.
There are pro's and con's to using an
etc/host file. Pro's - easy to modify, no DNS system to manage,
individual systems don't have to have their network config changed to account
for the DNS server. Con's - easy to get out of synch, changing the file
means updating it on all systems (and we'll have a lot of systems).
My preference would be to use a DNS
server. I've asked our comm/IT group to set one up for me on a laptop so
it will be easy to take out to the show in SF. It looks promising, but if
they decide they can't do it for me, I'll either need another company to step
up to the plate and bring one properly configured, or we'll have to go with
etc/host files. I'll let you know when I hear definitively from
them. The advantage of the DNS server is that there's just one place to
update and all systems can take advantage of it.
Does all of this make sense to folks?
RSA Security Inc.
The Most Trusted Name in
e-Security
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com
-----Original Message-----
From: Don Bowen [mailto:don.bowen@sun.com]
Sent: Friday, May 03, 2002 1:05 PM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] Questions
about dry run
I have a few questions about the dry run, which I need to secure the
right facilities at Sun. My apologies that this has not
been confirmed yet, but being out of the country and trying to coordinate it
make things difficult.
Robert
Philpott has already asked several questions, but I still haven't seen any
replies. PLEASE review these
questions, which I have inserted below in case you no longer have it:
Hey folks - I'm lining up network access for the dry run.
I've asked them to allow http, ftp, email, and VPN
protocols through the firewall.
Anything else?
Other network questions:
1.Do we want a DHCP server set up for the local
network?
2.What about a DNS
server? I would think it would be easiest to just configure an etc/hosts
file that we all
share, but I thought I'd ask. I'm not
sure I'll have time to configure a system for this here, so I would probably
need
someone else to step up to the plate.
3.Regardless of whether we want
DHCP, I assume a bunch of the boxes will need static addresses. We should
agree on ranges of address for each company
to use. Someone want to propose something?
I did
propose something for address ranges, but have seen no reply to that either.
Here is that proposal again for your
comment:
What about a netmask of 255.255.255.0 and 192.168.x.y where:
x would range from 1-N (N being number of
participants, assigned in alphabetical order)
y would be 1-M (M being the number of
machines a participant needed)
Additional
information that I need includes:
- How
many people from each company are planning to attend?
- How many machines will each of you bring with?
- What would you expect to be provided?
I'm not
trying to be pushy at all, but without input from all participants on these
questions and issues we can't make the
necessary progress. If someone wanted to volunteer to create a network diagram
that shows all participants, their
machines and any other equipment that would be great.
I will be
putting together an agenda sometime today or over the weekend for the call this
next Tuesday. Feel free to
send input. I'm leaving Munich for Paris at noon and just can't do it any
sooner.
Don;