guys - Here's a more detailed proposal on the network configuration.
- re: network addresses. I'm assuming we will NOT be using DHCP.
tends to play havoc with some server software/frameworks.
we want multiple names for the same system, it doesn't work well. The reason
this is important should be clear by the end of this message.
down side is that everyone must configure the network on their systems
with fixed IP addresses. I'm going with the 192.168.x.y proposal
"x" depends on the alphabetically sorted company name:
- company name
Prateek's suggested system naming I now recommend setting "y" as follows:
- demo function
for example, the RSA portal system can be found at IP address 192.168.8.1
a minimum, each company will have 4 entries. This assumes that the
system names are actually set to "portal", "application", etc. If
the systems where these demo functions are hosted really have different
system names than those used above, then we just need to add additional
entries for those addresses. For example:
# RSA portal host
philpott-lap.rsa.com # actual
system name where the portal runs
application.rsa.com # RSA content
# actual system name where the application resides
# RSA artifact receiver host
# the artifact receiver is also the content provider host
responder.rsa.com # RSA
SAML SOAP binding responder host
philpott-lap.rsa.com # the SAML
responder is also on the portal system
will put together a complete etc/host file using the default settings above.
If folks want additional entries for the specific IP addresses, you'll
need to send me the IP addresses and machine names that you'll be using.
Please use the format:
machine.company.com # any comment you want
next issue is whether to use a DNS server or individual etc/host files.
are pro's and con's to using an etc/host file. Pro's - easy to modify,
no DNS system to manage, individual systems don't have to have their network
config changed to account for the DNS server. Con's - easy to get
out of synch, changing the file means updating it on all systems (and we'll
have a lot of systems).
preference would be to use a DNS server. I've asked our comm/IT group
to set one up for me on a laptop so it will be easy to take out to the
show in SF. It looks promising, but if they decide they can't do
it for me, I'll either need another company to step up to the plate and
bring one properly configured, or we'll have to go with etc/host files.
I'll let you know when I hear definitively from them. The advantage
of the DNS server is that there's just one place to update and all systems
can take advantage of it.
all of this make sense to folks?
Most Trusted Name in e-Security
Don Bowen [mailto:firstname.lastname@example.org
Friday, May 03, 2002 1:05 PM
[saml-dev] Questions about dry run
have a few questions about the dry run, which I need to secure the right
facilities at Sun. My apologies that this has not
been confirmed yet, but
being out of the country and trying to coordinate it make things difficult.
Philpott has already asked several questions, but I still haven't seen
any replies. PLEASE review these
questions, which I have
inserted below in case you no longer have it:
folks - I'm lining up network access for the dry run. I've asked them to
allow http, ftp, email, and VPN
protocols through the firewall.
1.Do we want a DHCP server set up for the local network?
2.What about a DNS
server? I would think it would be easiest to just configure an etc/hosts
file that we all
share, but I thought I'd ask.
I'm not sure I'll have time to configure a system for this here, so I would
someone else to step up to the plate.
3.Regardless of whether
we want DHCP, I assume a bunch of the boxes will need static addresses.
agree on ranges of address for each
company to use. Someone want to propose something?
did propose something for address ranges, but have seen no reply to that
either. Here is that proposal again for your
about a netmask of 255.255.255.0 and 192.168.x.y where:
x would range from 1-N (N being
number of participants, assigned in alphabetical order)
y would be 1-M (M being the number
of machines a participant needed)
information that I need includes:
How many people from each company are planning to attend?
- How many machines will
each of you bring with?
- What would you expect
to be provided?
not trying to be pushy at all, but without input from all participants
on these questions and issues we can't make the
necessary progress. If someone
wanted to volunteer to create a network diagram that shows all participants,
machines and any other equipment
that would be great.
will be putting together an agenda sometime today or over the weekend for
the call this next Tuesday. Feel free to
send input. I'm leaving
Munich for Paris at noon and just can't do it any sooner.