Articles like "I have done it like this" are useful both to readers and authors: the reader will see someone's decisions, perhaps he will apply them in his house; author - after reading the comments, he will see his system from the side, through the eyes of other specialists.
The post is more of an organizational plan, not a technical one: there are no technical problems in the implementation of the described things, if questions arise, I will try to answer in more detail in the comments.
Classes of users and their naming
- Teaching staff (PPS)
- University staff (not faculty members)
All students and university staff have their logins in AD.
For students, a simple format is used: “S” + student_number
For employees: Surname
. There are not so many cases of coincidence of the name, we deal with each individually, as a rule, we discard the middle name. Similarly, the login is set up mailbox.
We use a heterogeneous structure: this is both a Win server and a Linux server.
For example, the mail server for Exchange 2007, while its “front-end”, looking directly to the Internet - under Linux (receiving / sending mail, antispam, anti-virus check). To argue about why it was done so precisely meaningless, everyone chooses the option that best suits him.
We have 2 domain controllers, 1 file server with external disk array, a web server, a mail server, and a database server. The whole thing works mainly on HP DL 385 servers. It makes no sense to describe this case in detail, we’ll better dwell on the services that this hardware provides.Gentlemen administrators in state institutions and especially in educational institutions, do not be lazy to look at different brand iron. Large and serious firms for educational institutions, as a rule, make VERY big discounts. For example, in the winter for a stock from Sun, 2 Sun Fire X2200 M2 servers were purchased for the price of one (this is not Sun advertising, but a statement of fact, there are really a lot of such discounts).
Services for students
Students have the right to enter locally only on study computers, on administrative ones - no access.
The university has a fairly large number of classrooms with computers. Students, as a rule, are engaged in many classes during the semester. Naturally, the set of software in the classrooms is different, so that there are no conflicts of versions, paths and other things we did so that for each audience uses its own network path, where the user profile is redirected. Thus, we allow the student to move his profile within the audience and do not cause conflicts with software from other audiences.
The folders “My Documents” and “Desktop” are redirected regardless of the audience, so the student may not carry his work on disks / flash drives, they will be accessible to him from any educational audience.
Also available to students is a network drive (in our case, drive N), to which teachers have full access, and students only to read. This CD is designed to transfer assignments / lectures ... from teachers to students.
Quotas are set on the file server - 100 MB per student. Sometimes, at the request of teachers for some groups of students, this limit increases.
Employees at the entrance to the system connects multiple network drives (M, N, O)Disk M
- contains folders by usernames, the folder “My Documents” is redirected to these folders. By default, only owners see these folders, ABE is
enabled on the server, so the user sees only his folder. In some divisions, they wanted to see “my documents” of each other - they can see directories of other employees to which they have access at the root of the disk.Disk N
- available faculty, is not available to ordinary employees - as already mentioned in the section on students, it is intended for placement of materials by teachers for students.Drive O
- drive for shared documents. For each department, a directory has been created in which only employees of that department have full access. It also has many folders for the exchange of documents between different departments of the university (more than 100 in total, but thanks to ABE, the user sees about 10). Also this disk contains the catalog “! Common documents ", which is a kind of file garbage.
For employees, the disk quota is set at 1 GB; this is done not to deprive users, but to avoid a situation when people start storing movies and music in the My Documents folder. If the user really needs more space to work, he simply calls and asks to add, no paperwork, official memos are not needed for this.
When the system was first created, they thought about how to deal with the file dump (the disk quotas are disabled on it), because it can “overflow”. There were several options:
- Periodically remove everything on it (for example, once a month). Bad - because you can bang the file that "put just yesterday."
- Delete folders and files from the root that have not been accessed for more than 1 month.
- Do nothing, hoping that by itself will ruin.
We chose the second option, but eventually settled on the third. Let me explain: teachers are also people, they also have developed curiosity, which means that particularly curious people are looking for “something interesting” in this file dump - that’s why the second option doesn’t work (it’s very rare to find a file or folder that hasn’t been accessed for more than 2x weeks). Now the “dump” self-organizing structure - someone writes something, someone removes.
Periodically there are complaints - we put the necessary files there, and someone deleted them. We have to re-explain that this is not a place for important documents, as a rule, the 1st loss of documents is enough to break the habit of writing important documents in the trash. Just in case, back up even the “trash”, in some cases you have to use them.
And a little more about backups. Shadow copies of volumes are enabled and configured on the file server. They are formed 2 times a day: at lunch and at night. The thing is very useful, because cases of overwriting one document by another were not small, and with the included shadow copies, the user himself has access to previous versions of files.
On the university's website, unauthorized users have access to classes, exams, and an electronic catalog of library resources.
For a year of use, we realized that it was necessary to introduce “innovations” very gradually. Even now, many employees and most students do not use this, of course, the situation is changing, but not quickly.
Also “smoothly” we are switching to web technologies for collaboration. For a year now there has been a site managed by Sharepoint Foundation 2010 (first WSS 3), which should then take over the functions of network drives - this will allow employees and students to use materials not only from the university’s internal network, but also via the Internet.
At present, it is focused on the management staff of the university, but existing systems are gradually being rewritten under it to automate various departments of the university (departments, deans, educational management, ...). In the future, this site should be the "desktop" of many university staff.
I would very much like to hear constructive criticism and suggestions in the comments.
Even more I want to encourage habra people to write articles, where they would share their experience in creating, automating, ...
Experience, it is priceless.