This is an old revision of the document!
Table of Contents
System Administration
This page will describe how we organise ourselves to operate the lab's network and server infrastructure.
Categories
We separate administration into categories based on the level of security required. This is so that we can make a trade-off between including more interested members vs restricting access to sensitive data or highly critical systems.
Internet of Things | Lights, sound, automation | Inclusive |
General Systems | Public-facing webapps | Moderate |
Network | Router, firewall, switches, cabling, DNS, DHCP | Slightly restricted to manage risk of outage |
Personal Data | Members database, home directories, netflow records, access control | Restricted to meet legal obligations |
Network
Sysadmin
Restricted Access
These are the currently restricted services:
- ehl-vm-access:
- Access control for doors, tools and lockers.
- Hosted on magnesium.
- Available to sysadmin unix group.
- ehl-vm-admin:
- Members database
- Hosted on magnesium.
- Available to sysadmin unix group.
- ehl-vm-audit:
- Netflow, syslog, mqtt logs. 30 day retention.
- Hosted on Tim's server.
- Available to Tim.
- magnesium:
- Bare-metal VM server.
- Contains VMs with personal data, and VM that belong to individual members.
- Available to sysadmin unix group.
- ganymede and shell server:
- Home directories.
- Hosted on magnesium.
- Available to sysadmin unix group.
Tim's commentary: I would like to restructure these services so that the sysadmin team can be more inclusive. The members database will be moved to an external VM. I would like to adjust the expectations of privacy for home directories and members VMs so that more people can administrate the underlying host (magnesium).