System Administration

and other stuff

Andy Steingruebl
[email protected]
 Goals
The goals of this lecture are to
_ Give you a basic understanding of the purpose and
scope of system administration.
_ Teach you the basic duties of the system
administrator.
_ Relate system administration to other IT work. How
the system administrator relates to
" Management
" Users
 System Administration
Definition
System administration is the practice of installin
configuring, and managing computer systems an
their associated peripherals.
The goal of system administration is to configur
a system that is reliable, easy to use, and serves
the need of the intended users.
_ Except for their own desktop, system administrators
are not setting up machines for themselves.
System administration as a discipline is
somewhere between engineering and art.
 Definition
System administration is about putting together
network of computers ... getting them running a
then keeping them running in spite of the
activities of users who tend to cause the systems
to fail. - Mark Burgess
 System Administrator Duties
The basic duties of the system administrator are
_ System installation
_ Administering user accounts
_ Performing Backups
_ Installing software and patches
_ Monitoring, capacity planning, performance tuning
_ Security Administration and Audit
_ Documentation
_ Helping users
_ Storage Administration
* List partially taken from Nemeth – purple book.
References at end.
 Principles
Automate whenever possible
_ Who likes doing the same manual labor over and ov
again?
Keep good records/documentation
_ Or, don't get hit by a bus and be an indentured
servant.
Simplify
_ Complex systems are less reliable, harder to manage
and wake you up with a failure at 2am.
Systems and IT are not an end in themselves.
 System Installation
What operating system do I want to install?
What components do I want to install?
_ Why?
_ Do I need all of them? Installed but unused software
can become a maintenance burden and security
liability.
How do I want to configure the disk?
 Account Administration
Who should have an account on the machine?
_ Policy?
What permissions should they have?
_ Administrator, regular user, read-only?
System Policies
_ Password composition, expiration?
_ Accounts on all machines, or limited to only certain
systems?
 Backups
Policy
_ What to back up, and for how long?
_ Legal requirements?
" Retention of certain types of information?
_ Specific business requirements
" Document retention policy
" Electronic "shredding"
 Backups – continued
A lot more complicated than it seems at first.
_ How do we get a stable copy of files that change all
the time?
_ How do we back up large amounts of data?
" Lots of tapes and lots of drives
" Lots of network traffic?
" Local tapes on each machine = operators on roller skates
 Storage
SCSI vs. IDE
SANS
NAS
How do I pick?
How do I allocate, manage, report on, capacity
plan?
 Storage Interfaces/Buses
IDE
_ Integrated Drive Electronics
_ 1 bus can have 2 devices. Master and Slave.
_ Only 1 device can talk at once.
_ Commodity storage bus.
_ Not good for high I/O rates. Does not scale well
_ Fastest drives available are 7200RPM.
 SCSI
SCSI
_ Small Computer Systems Interface
_ A communications bus for disks.
_ Great table of bus speeds at
http://www.arstechnica.com/paedia/s/scsi.html
_ SCSI supports multiple simultaneous transfers.
_ Fastest drives are 15,000RPM.
_ Drives are intelligent. They can often re-order
transactions to get best performance based on locati
of drive head and platter.
 Storage – New Directions
SCSI and IDE are both parallel technologies.
_ Parallel interfaces suffer from problems of "skew"
" http://www.yale.edu/pclt/PCHW/IDESCSI.HTM has a
good picture of this.
Higher speed electronics allow us to implement
Serial technologies. Serial technologies do not
suffer from skew problems.
_ Fibre-Channel
_ FireWire (IEEE 1394)
_ USB-2.0
_ SerialATA
 Storage Area Networks (SANS)
Storage Area Networks are networks that move
disk blocks as their main data elements.
_ Fibre-channel
" 1 or 2 Gigabit/sec transport
_ 100/200 Megabyte/sec
" Can run over copper or fiber-optic cabling.
" Fibre-channel is a data-link layer. Multiple network-laye
protocols are defined.
_ SCSI
_ IP
" Tanenbaum pages 326-327.
_ ISCSI
" SCSI transported over IP.
 SANS – continued
Why SANS?
_ Allow us to share disks between many machines.
_ Virtualized storage. Allows us to dynamically
grow/shrink/partition storage resources between
systems.
" Treat Storage as a network-wide resource/utility.
" Storage modeled as electricity or bandwidth.
_ Higher performance
_ Improved topology
" Improved Fault Tolerance/Disaster Recovery
 Network Attached Storage
Network Attached Storage is a paradigm for
accessing file data over a network.
_ NFS
_ CIFS
_ AFS
Used extensively in client-server computing.
Usually a many -> one relationship between
client and server.
 NAS Continued
Semantics of NAS are File/Offset.

_ NAS protocols are filesystems

_ Filesystem to client is virtually indistinguishable fro
local filesystem.
_ Server handles concurrent access, locking,
permissions.
_ Server "owns" the filesystem
 SAN vs. NAS
Semantics
_ Semantics of SAN are disk block
_ Semantics of NAS are File/Offset
Filesystem
_ SAN – each machine owns their filesystem on disk.
" No standards for sharing filesystems.
_ NAS – server owns the filesystem.
" Arbitrates locks/concurrent access, permissions.
 SAN vs. NAS
Which to Pick?
SAN
_ Choose when you need block-level semantics.
" Database
_ When each filesystem will be used by only one serv
NAS
_ Choose when you need file/offset semantics.
" Fileserver
" Shared web storage repository
_ When you need concurrent access by multiple
systems to the same data.
 Security
System administrators touch on security all of th
time.
_ Authentication
_ Authorization
_ Audit
_ Confidentiality
_ Integrity
_ Availability
 Security
Audit is the most often overlooked component o
security.
_ System logs are critical
_ Almost all server operating systems can generate
audit logs.
" You just have to be a wizard to understand most of them
 Audit Techniques
Sherlock Holmes approach
_ Rule out everything that isn't a possibility. Anything
left is suspicious.
Log files tend to have patterns.
_ Remove known-good patterns
_ Look through remaining logs for things that are
suspicious.
_ Add known-good patterns to known-good list
_ Repeat
This process can take up to two weeks on a busy
network.
Have patience. This process is worth the time spent
 Installing Software and Patches
A main activity of the system administrator is
configuring additional software for use by users
_ Databases
_ Programming tools
_ Servers
" Webserver
" Application Server
" Email
 Patching
All systems have bugs
_ Some more than others
Patching systems can be a full time job
_ Unless you automate
_ But, patches can themselves break things. Don't wan
to automate
_ Catch-22
 User Support
Depending on the organization, the system
administrator must interact extensively with the
user community.
This is often the greatest challenge for the system
administrator.
_ System administrators often have a hard time
understanding user problems.
_ Users aren't very good at explaining problems.
" The network is down
_ = I can't read my email
_ = I can't get to cnn.com
 A Model for User Support
Greg Jackson wrote an interesting article in this
_ http://www.educause.edu/ir/library/pdf/erm0151.pd
Its all about speaking the same language, and
understanding the problem from the non-IT
perspective.
 User Support
Teach Them to Fish
Give users the tools to help themselves.
_ Good log messages
_ A website or telephone status line that tells people
what systems are up and which are down.
 Certification
A very contentious subject
_ Many believe that certifications don't demonstrate r
knowledge, skills, ability.
_ Certifications often very vendor dependent, cost a lo
of money.
_ MCSE's (Microsoft Certified System Engineer) are
not guaranteed to be skilled.
" MCSE is a paper-only test. It does not test applied skills.
_ Still, there is a need for measurable skills.
 Certification – continued
As system administration progresses from an
"art" to an engineering discipline, there is a need
for:
_ Standardization
_ Discipline
_ Consistency
_ Assurance
 Certification – cont.
What other professions have certification?
_ Doctors
_ Lawyers
_ Engineers
_ Architects
Why?
_ Safety concerns
_ Professionalism
_ A way for the government to regulate
 Certification
SAGE has had system administrator job
descriptions for a long time.
SAGE is now releasing a quality system
administrator certification.
_ Paper component
_ Applied component
SANS has their GIAC certifications
Both of these follow the CISCO model for CCIE
 Documentation
Documentation is a critical part of system
administration. Its also the most often overlooke
Documenting what you do is a large part of bein
a professional.
_ You are being paid to do it.
_ Your employer expects it.
_ It is your duty
It might even be a legal requirement.
_ Quality systems as defined by the FDA
Documentation – Change Control
Change Control
_ Process is your friend.
_ It lets other people know you are a professional that
plans
_ It sets expectations
_ It is self-documenting. Following change control
processes allows you to go back and see what you'v
done.
_ Revision control
 References
Unix System Administration Handbook- Third
Edition. Nemeth, Evi; et al. (Purple Book) 2001
The Practice of System and Network
Administration. Limoncelli, Thomas. 2001
Principles of Network and System
Administration. Burgess, Mark. 2000
SAGE. System Administrators Guild.
http://www.usenix.org/sage