Wednesday, October 7, 2009

it's the law (1 of 2)

ritter's first law of network administration: an administrator at rest tends to stay at rest.

an administrator's day could easily be consumed with all the little, mundane tasks that are necessary to keep things running smoothly. backing up servers, reading log files, preparing reports on resource utilization, playing world of warcraft—it all really eats into one's time. that's why i formulated my first law of network administration. i noted that, as a network admin, when things could pretty much take care of themselves, i could relax and better savor the more fulfilling moments of my job, like reducing a user's disk quota or reading a user's more provocative email messages. here is a short alliterative list of tips to help you achieve network nirvana:
  • aggregate: duplicating work increases the likelihood that you'll introduce errors and inconsistencies into your network's security, which is a bad idea no matter how you slice it. instead...

    1. locate shared resources that have common security requirements in the same directory structure on your file server. set access permissions only once on the highest-level directory that these files have in common. use permission inheritance to ensure consistent security on all the files in the hierarchy.

    2. don't assign permissions directly to users. add users to appropriate groups and assign permissions to the groups. that way you need only add a user to a group to ensure that all the access they require is properly configured.

  • automate: do nothing by hand if possible, because hands can be so mistake-prone sometimes. learn a scripting language and write (or download and customize) scripts to perform common, repetitive tasks like reading log files and collecting report data. if you administer a windows network, you must learn powershell. it's available for windows versions from xp onward, and is the "wave of the future." if you administer a linux network, you must learn bash. if you manage a mixed environment, i strongly recommend that you learn python—it's sufficiently platform-independent and very mature, with a smörgåsbord of cool features built in.

  • alert: let your network tell you when there are problems. install a network monitor system that's capable of notifying you when your file and email servers run low on disk space, or when your web server stops responding. when you can address a problem before your users even know it's there, they'll come to respect your precognitive powers and revere you for the system superhero you really are.

well, that last one, not really, because they won't know there was a problem in the first place, right? but hey, we're geeks: we're good at fantasy. now roll a d20 to see whether your invisibility-from-lumbergh spell worked before he asks for those tps reports. again.

No comments:

Post a Comment