Isilon/AD Cleanup

Background document describing the current configuration: https://docs.google.com/document/d/1qTV4vMTGZe4lqRrhrtNZVXik1T80JdeYDxv7JdusWy8/edit#heading=h.r8jwzqgei0qe
Proposed agenda:
  • Issue with AD groups vs Isilon shares
    • Vetting  vs. adding/removing people
    • View only access to AD Groups?
    • Clean up needed
  • Isilon
    • Ongoing false alarm issue —> changing the Infiniband
    • Finalizing the reorg of the Isilon to have a “human free” preservation area
      • Tim’s scripts…
  • General note on repositories when handling very large video files
  • What else?


Discussion: 

In the future, if the preservation system is a black box that uses an API to get things in and a separate API to get things out - at the software layer.

Concern that specific people have direct access to the preservation system. 

At the initial setup, Delphine had wanted to have a non-human-accessible part of the system. This was always the goal, but didn't get to that stage. 

People who have direct access from their machines would have access to the deposit shares, not the preservation shares.

Video preservation is one of the main issues/concerns. But in the future, this could be the exception to the rule. 

If we had an intermediate software layer, we could manager permissions through there instead of using AD. We should research the administrative layer that comes with the Isilon. 

Preservation and Assets in CONTENTdm?

  • Every item in the CONTENTdm has a master file in the Isilon, but the metadata is in CONTENTdm. Everything is pulled together with a unique ID. This is not the system-generated ID in CONTENTdm, but a hardcoded ID that is part of the metadata. The IDs are structured to indicated collection, parent and child collections.
  • We might want to create an index that lists all of the collections and their IDs
  • doing a periodic dump of CONTENTdm metadata to isilon

Isilon AD Groups

  • When new people start or if people need access to something that they didn't have access to. Or every time a new student worker starts
  • Each time a new share is created, Tamar creates several AD groups; 1 that is read/write and 1 that is read-only
    • Over time, some Shares got renamed, but the AD groups did not get renamed, so now there is a disconnect between names of shares and names of groups.
    • There also hasn't been a cleanup of users who are no longer here. 

Tim's time allocation

  • Chad should talk to Tim and make sure that this work still makes sense with our immediate or long term goals for the Isilon. 
  • Someone will need to be designated to work with Tim and to take responsibility for what is on the Isilon and make sure that everything is where it should be and how it should all be structured.
  • Once Delphine leaves, there is no one person who knows all the ins and outs of the structure of the Isilon. 
  • This may be multiple people moving forward. And we will need to use Jira to document and track.