[WIN] Sun Identity Management: The new Epassword LDAP service went into production this morning. This new service offers LDAP service on new geographically-diverse Linux systems which are load balances by our F5 LTMs. The new LDAP service is more resilient in the event of a server outage. It also allows ITS to decommission some aging Sun hardware.
[WIN] F5 Disaster Recovery Test: Prior to the cut over to the new LDAP service, we performed a full disaster recovery test to simulate loss of service in the Hill Center. Our tests were successful, and we did learn a few new things about the behavior of the LTMs. The successful disaster recover test validates the architectural planning the went into the services deployed behind the LTMs.
I’m starting the upgrade to Ubuntu 8.10 on my Linux desktop so I’ll be using my laptop for most of the day. Hopefully the download of 1216 packages goes quickly, and I’ll just have to swing by and click a next or an OK every once in a while.
I just finished reading Verbal Judo: The Gentle Art of Persuasion. It is a very fast read, and it reminds me of another book that I had read in the past, specifically Way of Aikido: Life Lessons of an American Sensei. Both books deal with applying martial arts concepts to everyday life situations. This book had a few more acronyms and process enumerations, but it was a rather easy read. One of the key points of Verbal Judo is being empathetic with the person that you are communicating with, while the focus of the Aikido book was situational awareness. While I have never studied the Judo or Aikido as a martial art, I have studied Tai Chi for a while. For those that are unfamiliar with Tai Chi, it also encompasses the concepts of awareness and energy redirection. One of key concepts in Tai Chi is rooting, which is the basis for a solid foundation and balance. I’ve always tried to make a conscious effort to utilize these in my communications. In any event, I think Verbal Judo is a good conceptual book, and I’m going to try to float it around to my coworkers.
This morning I put together the finishing touches on a CSM configuration that may solve some of our connectivity issues. We currently have an issue where servers in one server farm are not able to communicate with services in other server farms due to a routing loop. As expected, the listening server responds directly to the connecting client (since the are on the same instead of communicating back through the VIP address.
I made multiple calls to the Cisco TAC, and I provided them with our current running configuration and desired end result. Unfortunately, I was not able to get a working configuration from them that met our needs. One Cisco engineer even told me that it was not possible to get what we wanted.
Luckily I did have other options to pursue like creating an internal vservers on the server network. Going this route would probably fix our issue, but it introduces an early dependancy on service that is still in the process of being deployed. I managed to find a working configuration that allows both traditional client-server communications as well as server-server communications.
The configuration that I have in test involves expanding our singel serverfarm and vserver to two serverfarms, two vservers, and a natpool. By manipulating the allowed/excluded VLANs and IP ranges to each, it’s possible to create two services points answering on the same IP address and port combination. This is definitely preferable to the AppHosting team since it means that we don’t have to worry about duplicate service points, split DNS, and such. If I get some time, I’ll generalize the document that I created for my team and post it up here for the world to see.
Just ran across a new feature in Evolution- the attachment reminder. I'm guessing that the word quote is a common sign of an email attachment.
There are a few benefits to coming to work on Memorial Day. For starters, there is essentially no traffic on the way to work and I get my pick of the parking spots. The office is also really quiet, which means that I'll get to work undistracted for a few hours. I'm trying to finish up some of the IDM project tasks that I had started on last Friday, but I did not get to complete because of the campus power outage.
I had a brief chat with one of the Network Security guys regarding a project that they are working one. It's an issue that every IT shop has to deal with- password management. The biggest problem that most organizations face is propagating the administrative passwords to key people in a safe and efficient manner. In my experience, the big questions that need to be answered are:
- How are password changes to administrative accounts propagated to key staff?
- Are there at least two people that have each password?
- Are there procedures in place for emergency account additions/removals/changes?
- Are appropriate measure in place to monitor how the administrative passwords are used?
- Has everyone tested to make sure that their access to appropriate resources works?
It's an issue that has hit home now that one of the Unix/Linux admins on my team is moving over to the storage. A different role means different access. Hence, we'll need to go through all of his systems and make sure that his access is appropriate for his new position. We'll be having what our team calls the "password party" in the near future.
All of the primary web servers (the A group) have been patched up to current levels. I've only got a few Linux systems left to complete.
Over the past hour I've received five fax calls from St Thomas Hospital. I got in with their helpdesk, and the tech said something about the ER. I hope it wasn't important…
I did something different last night after I got home from work. I did not startup my work laptop or my personal laptop at all to doing any work or surfing. That's probably the first time that I've done that in half a year.
