Emmett offers his top tips and advice to help any interop project run smoother.
One of the constants in IT (and other fields) is simplification.
Anything that simplifies work will free up time that can be better used
elsewhere. Sometimes simplification can come in the form of a piece of software,
a hardware component, a tip or merely a change of mindset. What follows are
10 suggestions -- many of them tips and mindsets -- that can help make integration
Tip #1: Move Away from NIS
The days of using this for a central server and distributed clients has passed.
LDAP has all but replaced it in every sense of the word. If you are trying to
integrate and make NIS the common language for user authentication, you are
doing yourself no favors. Investments made in getting an implementation to work
just right based on this standard are questionable at best. Standardize on
LDAP instead for all systems in the network, and you should find easier going
as well as continued support for considerable time in the future.
Tip #2: Time Matters
Make sure the time is correct on every device that connects to the network.
Use NTP (Network Time Protocol) to keep the system time accurate, as you have to
have the exact time for everything to work the way that it should (this is true
for authentication and various other aspects of security). There is no one right
answer about whether you should add a single server to your site to supply the
time or opt to have your hosts connect to a public NTP server. Use the option
that works best for you and check every so often to make sure it is working.
Tip #3: Ditch Your Platform Biases
Toss out all preconceived notions about the superiority of one platform or another.
One of the cardinal rules of research is that you don't decide what the outcome
will be until you do the research. When administrators convince themselves that
Linux is the best platform for a solution before doing the research, or that
Windows is the only platform that should be used because they are most comfortable
with it, they are shortchanging themselves and the companies they work for.
The truth of the matter is that some things flat-out work better on Windows
than they ever will on Linux and vice-versa. Same yourself time and headaches by simply accepting that -- don't try to make a
square peg fit a round hole.
In designing interop projects, you can also take a cardinal rule from the marketing industry: start with what
consumers need and then work backward -- design products from there. If a company goes abot it the other way, first creating a product and then trying to
convince consumers that they need it, the rate of success is greatly reduced.
This same tact should be used by administrators: Start with what users need
and then work backward from there, regardless of preconceived notions.
Tip #4: Don't Be Afraid To Shrug
Sometimes you can save yourself an enormous amount of backpedaling by admitting
upfront that you have no idea what the best solution is or how to proceed. Once
you have done that, you can then look for someone, or something, that can help.
There are an endless number of resources that are just begging to be discovered
and put to use. This list includes fellow administrators, Web sites, blogs,
knowledgebases, books and a plethora of other choices.
Tip #5: Secure the Same
Keep security policies restrictive and consistent across all platforms. This
applies to file and directory permissions, user permissions and so on. It is
not uncommon to find problems crop up when administrators try to cut corners
in the interest of just making things work. You should always assign users the
least amount of permission they can function with and make certain that those
restrictions are the same across every platform.
When it comes to security, you must always act as if your system is about to
be broken into and you need to secure the data with your life. When you deviate
from this, you create an opportunity not only for someone intending to do harm
to do so, but also for honorable users to make honest mistakes that can cost
you a great deal of time to fix.
Tip #6: Ban Telnet
At one point, Telnet could pass for a definition of integration. Today
it is the poorest excuse for a network service that one can find. The few operations
that still require such a service should use SSH instead of Telnet
because of all the known vulnerabilities (security and other).
Audit your systems and see if there is any possible need for Telnet
to still be used or if there are any users still using it. The odds are good
that no one is, meaning there's no reason it should be running anywhere on your
network -- Telnet is an unlocked door just waiting for someone to discover
Tip #7: Place a High Priority on Staying Current
This tip applies to both the technology and you. Install the latest service packs and patches as they are released (after checking
them on non-production machines first). Learn and embrace the latest technologies as
they become available before you find yourself leapfrogged. A classic example
of this is VoIP -- after years of being mentioned only in idle conversations,
it suddenly became something many administrators were clamoring to master in
a short time period. Don't forget to keep your own skill set and that of
your employees current, as well.
Tip #8: Don't Overlook the Value of Communication
Just as it is imperative that the systems on your network communicate in order
for integration to work, it is equally imperative that you communicate with
other administrators for the same reason. Discussing what you are doing with
others can save you precious time, but you should also consider passing on what
you have learned: the successes and the failures. Others can learn from what
you've tried that did not work and it can save them precious time, as well.
Every administrator has the ability to add to the body of knowledge from their
Tip #9: Monitor Everything
Turn on logging everywhere you can and then read (really read) the results.
Look for what succeeds and what fails. Make log monitoring and auditing a regular
part of your routine -- don't wait until the files get too large and the job
seems overwhelming. If you spend a small amount of time looking at the logs
each day or week, you will find it so much easier to be able to keep upand spot problems early on.
Tip #10: Beware Default Values!
Default values are known by you and everyone else. Change your port assignments,
change your key encryptions and change everything else, too. Such a simple precaution
can be remarkably effective in increasing the security of a system (and decreasing the headaches involved in maintaining it.
So there are my tips to help smooth your integration implementations. Be sure to share your's by posting below.
Emmett Dulaney is the author of several books on Linux, Unix and certification,
including the Security+ Study Guide, Fourth Edition. He can be reached at [email protected].