Best Practices in Network and System Administration - Engineers Ireland

Best Practices in Network and System Administration Dónal Cunningham [email protected]

Outline • • • • •

Some notes on Infrastructure 10 rules to live by Network Administration System Administration Reading list/training Info

Infrastructure I • Space – Cabinets? Cages? Shared keys?

• Power – AC only? 220V only? – UPS area or in-cab? – Testing? UPS death?

• Air Conditioning • Fire supression • Should people be here?

Infrastructure II • Cable routing • Label EVERYTHING – (but don’t trust labels blindly) • Access (diversity – see later)

Rule 1 - Be Good Citizens • Visibility – Ticketing system – Updates must propagate outside your group

• Know your metrics – User perception (quick response) – CTO perception – Partner perception Remember! System administrators and network engineers manage systems and networks on behalf of other people

Rule 2 - Monitor your Systems • Status • Establish baselines • Watch trends • Use the right tools for the jobs • Use the right tools for your team • Start in a known state!

Routers • • • • •

Link traffic Capacity CPU Memory Environmental

• ACL hits, BGP routes...

Networks • Reachability – Ping – Traceroute – Routing loops • Latency – Directly affects end-user perception

Systems • • • • •

Disk CPU Memory Environment Services

Rule 3 – Perform Disaster Recovery Planning • Things break. All the time. • Quis custodiet ipsos custodes? – If your monitoring system breaks, who will notice? Who will care? • Timestamps are essential for correlation – NTP is your friend


3a - Networks • Redundant paths • Dynamic routing – minimal human intervention • Spares (GBICs and cables, too…) • Know your S.L.A.

3b - Systems • Load-balancing – DNS round-robin – F5/Cisco Director/Resonate Global Dispatch • Redundancy of service – MX backups – Leaf nodes should cache

3c - Backups

No, really. That’s it.

3d - Backups

USELESS unless you have tested restores!

3e - Backups • Remember “no single points of failure”? – This goes for backups, too! • • • •

Media fails Media devices fail Networks fail Try restoring on a different system…

Rule 4 - It’s not done until it’s documented

• YOU are the single point of failure! • You do want to go on holiday sometime, right? – If not, see Rule 9

4a - Change Control • Peer review – Show others how you think – Shows people what’s coming – Catches typos • Revision Control Systems – Roll-back. Say it again. Doesn’t it sound good?

Rule 5 – Establish Procedures • • • • •

Consistency Reproducibility ISO 9001 is all about procedures Helps to implement Rule 4 Peer review

Rule 6 – Practise Defence in Depth • Not all eggs in one basket – Heterogeneity – quis custodiet ipsos custodes? (Monitoring systems can fail too) • You get time to react between layers • Some are more important that others

6a - Defence in Depth • Software updates – OS and applications All software is buggy. Get over it. • Firewall – Can give false sense of security – Misconfigured? Worse than no firewall. • Monitor your network, too (IDS, honeypot) • Internal more likely than external

Rule 7 - It’s not done until it’s tested • Software installation is a risk – Yes, patches too! • Test systems – Must the software updates be applied right now? • Automate your testing, if possible

Rule 8 - Learn from Others • Don’t re-invent the wheel – Save yourself time – Save yourself money • Mailing lists – SAGE and local groups – NANOG • Conferences

8a - Other sources • Vendors – Sometimes they hire smart people • FAQs • Search engines • White papers • Books • Articles

Rule 9 - Learn to Relax • • • •

The Big Blue Room The most important metric - your family! DELEGATE! Go for a pint (beer, blackcurrant, whatever)

• Nothing messier than an exploding sysadmin...

Rule 10 - Non scriptum, non est “If it ain’t written down, it never happened” • Acceptable Use Policies – Have all users signed them? – ALL users? Including the sysadmins? – Can’t have perception of multi-tier system – Sometimes you have to fire technical people, too

Rule 11

Learn how to count to 10

Thank you. Questions?


Best Practices in Network and System Administration - Engineers Ireland

Best Practices in Network and System Administration Dónal Cunningham [email protected] Outline • • • • • Some notes on Infr...

3MB Sizes 1 Downloads 7 Views

Recommend Documents

Contract Administration Best Practices - NASPO's
This section discusses a few key elements essential to effective contract administration. While these principles may be

Network and System Administration - Kirkwood Community College
After completing a common course of study for the first three semesters, Network and System Administration majors will c

Brian Bourke - Engineers Ireland
Ass. (BSR1A). LB65/94 “Ventilation of Kitchens”. Association of British. Insurers. BSRIA. “Fire Risk Assessment Ca

SAN Fabric Administration Best Practices Guide - Brocade
DATA CENTER. SAN Fabric Administration. Best Practices Guide. Support Perspective. A high-level guide focusing on the to

Data Network Best Practices for ShoreTel VoIP
Jun 16, 2014 - Port Security and MTU Considerations. Environment: .... layer-2 switch (i.e. the data VLAN and voice VLAN

Responsibilities of the Network Administrator (System Administration
Maintaining the network. Expanding the ... TCP/IP provides services to many different types of computers, operating syst

Best Practices for Testing Ethernet and Network Synchronization at the
troubleshooting network timing-related problems. The tests in the ... Measuring wander on a synchronous Ethernet signal

Best Practices and Guidelines
lift, staircase and car park location. 6.1.3 Access plan. It takes a conscious effort to identify various accessible rou

The Practice of System and Network Administration, Second Edition
The Practice of System and Network Administration, Second Edition [Thomas A. Limoncelli, Christina J. Hogan, Strata R. C

System Administrator - Security Best Practices - SANS Institute
System Administrators are the people responsible for making computers work in the field. They are also ... Administrator