5. Common Questions

5.1. Can I run EEM on other Linux flavours than Debian?

The EEM system is developed for the Debian GNU/Linux operating system as target platform and we do not support other Linux distributions.

5.2. How do I install Debian?

The Debian installation manual provides comprehensive guidance for anyone who is not already familiar with installing Debian GNU/Linux.

5.3. How do I configure VLANs in Debian?

You will need to specify the relevant interface in /etc/network/interfaces, for example the following sample configures 3 VLANs on the first Ethernet interface (eth0), where VLAN 13 is used to provide host connectivity to the outside world (note that you do not need to specify IP addresses for all interfaces - only the one that will be used to contact the gateway):
auto lo iface lo inet loopback auto eth0.13 iface eth0.13 inet static address 129.67.160.17 netmask 255.255.252.0 gateway 129.67.3.254 auto eth0.100 auto eth0.105

5.4. What is a /itss principal and how do I set one up?

Oxford SSO accounts include a Kerberos principal that can be used for authentication - to prove your identity. Normal SSO accounts are based on a "simple" principal of the form unit9999@OX.AC.UK - the first part is often referred to as the Oxford username. These accounts are used for a wide variety of purposes, and the account password is likely to be used in a number of situations where convenience is preferred over security.

For certain administrative IT activities, such as establishing server-to-server trust, a higher level of security is required than can be assumed for most SSO accounts. IT Services therefore issues a separate set of credentials to ITSS who need this facility. For consistency and ease of remembering, the principal is based on the usual SSO username, taking the form unit9999/itss@OX.AC.UK. The password constraints on these accounts are more stringent as well, requiring a minimum of 8 characters. /itss accounts can be managed in the same way as a normal SSO account, through the Webauth account management pages.

Registered ITSS can request a /itss principal by email to sysdev@it.ox.ac.uk. In order to set a password on this account you will typically need to visit IT Services with your University Card as photographic identification, although we can send temporary passwords encrypted with GPG where we already have trusted keys for the relevant recipient.

5.5. Who is responsible for maintaining the gateway once it is installed?

Responsibility for maintenance is shared between yourself and IT Services. Under normal circumstances IT Services will ensure that updates to the installed Debian release are applied expediently, and will manage the system configuration. You should maintain the infrastructure (physical or virtual), environment, and network connectivity.

IT Services will endeavour to identify and resolve minor platform issues if/when they arise. If a problem cannot be resolved then you may need to reinstall the gateway using the instructions above. EEM gateways are not backed up as the only data that could be lost are the recent observations of active devices.

Upgrading to future Debian releases is expected to be the responsibility of local ITSS, carried out by way of a new installation / full reinstallation. This has not yet been explored or tested however, and a more lightweight upgrade option may become available.

5.6. What if I am not able to provide a suitable platform?

Some people may not have the infrastructure, resources, capabilities, or authorisation to meet the requirements set out above to run their own part managed EEM gateway. Therefore you can request a fully managed gateway provided by IT Services free of charge.

5.7. Why don't you make krb5-user a dependency of eem-gateway-oxford?

The main reason is that krb5-user on its own is not enough - you also need proper configuration in /etc/krb5.conf. The eem-configure step will do both things for you, which is why it comes before the kadmin step in the installation instructions.

5.8. Does EEM work with Cisco VMPS / dynamic VLANs?

No. EEM is perfectly capable of being used on VLANs, and even of waking up hosts that move from one VLAN to another, and works well with systems such as the Bradford Campus Manager. However, Cisco's VMPS DVLAN solution actually marks as "inactive" any managed switch ports that have not seen traffic from the connected device for a given period of time, and will not forward any further network packets on that port. This means that when a computer is turned off, the switch port is marked "inactive" and the switch will not send the wake-on-LAN magic packet to the target host.

The Cisco support forms include a ticket about this issue, available at https://supportforums.cisco.com/thread/15213

5.9. Does EEM work with Windows 8?

Windows 8 introduces a new behaviour during normal shutdown where the network adaptor is disabled. This means that if a user shuts down their machine via this route, it will not be possible to use EEM to wake up the system (including, for example, for HFS backups). Instead, the user would need to suspend or hibernate the system. This should be considered during any large-scale Windows 8 deployments on EEM-supported networks.

The Microsoft support documentation includes an article about this issue, available at http://support.microsoft.com/kb/2776718. However, please note that the workarounds on this page do not directly enable wakeups following shutdown.

Up: Contents Previous: 4. Testing the Gateway