In order to provide the employees of the OU with a jointly usable data storage for OU-specific data, among others also for subareas or projects in the OU, an OU directory in the KIT-wide file service can be requested for storage at the SCC Service Desk. For this purpose, the SCC operates a central storage system, which provides storage capacity for KIT facilities, within the limits of the available capacity. This data storage is integrated into the central backup service of the SCC. Advantages
- No local operation of an own file server
- No local backup infrastructure
- Independent, OU-related access rights management
- Capacity can be flexibly adjusted, within the limits of available capacity.
The storage capacity provided for an OU directory is subject to a charge above a basic capacity, which is included in the basic IT service (see the section on ordering/commissioning below).
- If the organizational requirements (e.g., KIT-OE) are met, a so-called OU directory, with a basic storage capacity included in the basic IT supply, can be set up (see also the Ordering/Commissioning section below). *)
- This basic capacity can be extended for a fee (see also section Ordering/Contracting). *)
- Budgeting is based on the requested net capacity (without snapshots and replication overhead).
*) within the limits of available capacity
Access rights Access to data in this directory with the personal KIT account if appropriate access rights are set.
Management of permission groups and thus access rights
- For each OE directory there exists a group <OE>-sccfs-admins, which by default gets full access with inheritance to the directory. The members of this group can be maintained via the group management for ITB.
- The members of this group can set up any subdirectories in the OU directory, including for subareas of the OU.
- Via the group management portal for ITB, FS administrators can create additional central groups of the OU, on the basis of which authorization structures for this OU directory can then be set up in the file server.
- All user groups of an OU have the syntax "<OE> group name ...".
- Groups created exclusively via the central GV are relevant for the use of the central IT services of the SCC!
Any delegation of administration rights below the OU directory must be defined independently within the OU and is not relevant externally (e.g. ITB or FS admin role).
Changed strategy for the provision of the OU directories!
1. Ordering to create an OU directory with a basic storage capacity:
- The OU directory with the basic storage capacity (basic quota) is a so-called cumulative service within the basic IT equipment (basic package).
- An overview of the basic quotas for the OU directories can be found under Service Charging for IT Services of the SCC, there in the section "Basic quotas of the basic package and cumulative services".
- The OU directory can be ordered by IT representatives via the sample ticket Create OU directory with basic capacity in the SCC ticket system.
- The data required for the setup is recorded in this.
2. expansion of the capacity of an already established OU directory:
- An order to expand the capacity of an existing OU directory can be placed by IT agents via the sample ticket Adjust storage capacity of an OU directory in the ticket system of the SCC.
- Increasing storage capacity beyond the base capacity will incur costs ( see applicable budgeting rules).
- Extensions are always only possible in 100GB increments.
Further documents and instructions
- Access of an OU employee with his personal KIT account
- Access via SMB/CIFS protocol and NFSv3/NFSv4 (only after separate release for the OU)
- Access from outside only via VPN
- Integrated into the central backup system of the SCC.
- Time frame production: 30 daily versions with three snapshots each are kept. Users can access these versions themselves and without significant delay to restore files. (See this documentation)
- Time frame replication: There will be a weekly snapshots depending on available disk space sometimes less in production and replication. Access to these versions is currently only with support from the SCC/SYS. The first point of contact here is the ITB/OE-FS admin of the OU! This person coordinates the recovery with the SCC/SYS. *For the disaster case, one full version per week is kept in the TSM backup (tapes) for a maximum period of 2 weeks. This backup is used for SCC internal operations only.
Services not included
NFSv3/NFSv4 access for the OU directory will only be set up if there is a corresponding written confirmation from the OU management that security problems with NFSv3 are consciously accepted. In this case, specific coordination is required with regard to provisioning.
From the SCC's point of view, a facility is a KIT OU if a corresponding assignment from the OU employees to this OU is transferred from the administrative systems to the SCC's Identity Management System (IDM). If it becomes apparent that the structuring within or with regard to a superordinate OU, the designation of the OU or the assignment of employees is not available or is incorrect, the OU must rectify this situation with the KIT administration, presumably the Personnel Service, before the KIT file service can be provided.