On Tue, 2004-05-18 at 22:07, Chad Perrin wrote:
> So. I don't have fourteen computers for which I'm directly responsible
> on a daily basis. As such, the running-in-circles method is quite
> sufficient for my needs at the moment.
The machines in my home office are customer setups. I need to keep
similar setups as my clients so that I can test software. This accounts
for six physical machines and 8 virtual ones in VMWare. The remainder
are personal machines for my family and my hobbies (e.g., some
documentation I maintain, a ray-tracing cluster, a Windows machine for
the company I work for, my internal file server, a web server, various
laptops, etc..). So the actual number of discrete installations,
counting virtual and physical machines, is closer to thirty.
> If there is not some specific reason to be so diversified in your choice
> of distributions, I might suggest standardizing on one (or two, if need
> be) distros to cut down on administrative overhead, however. Depending
> on how you manage your Win2k machines (and how many you have), you might
> think about running one box as a server to manage the Win2k boxen. The
> idea would be to mirror or otherwise create an image from the primary,
> which you administrate directly, on a regular basis (perhaps nightly)
> and, from there, re-image the bootable drives on the other Win2K
> machines. I imagine something similar could be done for a slew of Linux
> machines if they could be that standardized, but my suspicion is that
> you have far more need for configuration individuation on the Linux
> boxen. If you went the image route with the Win2k machines, you would
> probably want to either have all of them store individuated data on a
> fileserver or on a second drive locally, of course. I have been called
> upon to help out with the administration of a Windows domain that was
> managed similarly to the manner I describe, which simplified the process
> of administrating a network of forty nodes considerably. This,
> obviously, doesn't work so well if they're all on widely variable
> hardware, however.
>
> Ultimately, if this isn't a production environment with its own budget,
> you might eventually have to think about simply cutting down on the
> number of machines. You could also section off a subnet that is
> individually protected (separate firewall, et cetera) for machines whose
> functionality will (effectively) never have to change/grow and will
> never have to involve heavy communication outside that subnet, and
> simply let them run in peace without doing upgrades. Old software will
> generally continue to run as well as it ever did, and if it isn't
> connected to the outside world it doesn't need to be protected against
> it by constant security updates.
These are good suggestions. Some can be implemented a bit more readily
than others. The most difficult part is actually implementing these
things after the fact. The number of machines sort of accreted over the
course of years. When it was a single machine behind a firewall/server
it was one thing. Now... Damn.
Nevertheless, these are my notes so far...
The easist thing to implement was the IP name and numbering scheme.
Instead of my longtime naming convention of using Greek letters, I
started using a standardized naming convention representing the OS and
type. Aliases were very useful in the transition.
I fixed my DHCP to push the router and domain name to clients. Plus
added dummy entries in my DNS files so that I can access by name. Added
specific entries for the laptops based on MAC address (the laptops move
often between different networks).
I mirrored the Fedora Core 1 updates repository on a local server. This
considerably reduces the bandwidth requirements. I also enabled auto
updates on the Linux machines for RH8/RH9 (via Fedora Legacy). Since
there are only a couple Mandrake installations, I set these to pull from
the closest mirror.
Finally straightened out the Solaris PatchPro setups so that I can
manage both from a single box. They can run headless too...
Setup Windows auto-update for a single machine. I don't trust it enough
yet to have this on a critical machine.
Installed VNC on all setups.
Updated two physical RH8 machines to FC1. I can probably eliminate one
of these machines now.
> Or . . . hire an intern.
That might be best...
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:51:41 EDT