White papers

Included in this document :
1. The Host Rings Network Security Model
2. Managing a Production Environment
3. The Workflow of System Administration
4. A Guide to the Art of Troubleshooting
5. Good Software Management - Guidelines for Developers

The Host Rings Network Security Model

Much work has been done in recent years on Internet Firewall technology. This technology creates a "choke point" through which all traffic must pass between (typically) the Internet and the internal network. This technology is equally useful wherever a clear separation can be made between any two networks where one does not trust the other.

This is extremely valuable technology in the fight to control the security of a network. The basic assumption that this technology makes, however, is that everybody on the outside is bad and everybody on the inside is good.

In order to bring better control and security to an internal network, another security model is required. This model needs to recognise that physical and logical security attributes, and the separation of functions, as is commonplace with good client-server network design, can contribute to identifying where and what type of trust should exist between hosts.

Experience has shown that the current client-server computing environment closely matches the environment of traditional time-sharing hosts, and we should be able to draw on work performed for host security, and adapt this to network security.

The model for network security developed in this paper is called "Host Rings," or "Rings of Trust." It is similar in notion to the Multics concepts of execution domains and protection rings.

Applying these techniques using the commonplace public domain tools of tcpd, ssh and rdist can provide us with a formal security model providing many distinct advantages over the intricate and inherently untrustworthy web-of-trust so common at present.

This paper describes the host rings model, how it can be implemented, the advantages of this model, and experiences with implementing it at various sites.

For a copy of the paper, please select the version you would like by clicking on the relevant icon.

PostScript PDF
PostScript PDF

Managing a Production Environment - The Change Management and Production Acceptance Processes

Management of a production computing environment is all about the goals of Reliability, Availability and Serviceability (RAS). These have been the benchmarks for evaluating system management practices since the mainframe environments of the 1960s.

These goals were addressed in the mainframe environment primarily by one manufacturer dictating standards (both good and bad). This problem is far more complex in the open systems world where there are many manufacturers and standards bodies, and further exacerbated by the sheer scale of the distributed environments which we must manage. Such flexibility requires careful management. We must devise a model for the flexible, disciplined management of distributed computing environments.

In order to attain the goals of RAS, we must seek to maximise predictability. The quest for predictability is fought on three fronts; Standards, Processes and Technology (SPT).

With Standards, we seek to improve predictability through consistency. By improving the conceptual integrity of a site, we reduce downtime due to trouble-shooting and entropy. We keep hosts, subsystems and software versions in sync in order to support a less diverse environment.

With Processes, we seek to improve predictability by ensuring that system maintenance activities follow known paths which include quality assurance steps such as peer review, impact analysis and deployment planning. This is predictability through planning.

With Technology, we seek to improve the manner in which we manage our environment. From simple tools which automate functions and hence improve consistency of results, through tools which seek to reduce the management effort in real terms through a paradigm shift in the way we perform higher level tasks.

So, where RAS are the measures (we can measure quantities like Mean Time Between Failures and Application Availability, SPT is the strategy by which we seek to improve those measures. We can allocate a cost to downtime, and hence evaluate the effectiveness of our strategies.

In this paper I examine the processes that should be used to implement a total quality solution to the management of mission-critical production environments.

For a copy of the paper, please select the version you would like by clicking on the relevant icon.

PostScript PDF
PostScript PDF

The Workflow of System Administration

Increasingly, companies are trying to squeeze the last drop of "productivity" out of every resource, be it a computer, an employee or a sub-contractor. The IT department is, of course, caught at the bleeding edge of this push, too. Departments have their budgets reduced, and companies tender under closed bids to provide outsourced IT services for the lowest price. All of this inevitably impacts on the system administrators who are being asked to do more with less.

The only counter to this push is to proactively seek to quantify what will be provided, and hence form some basis for estimating the costs and resources required to fulfil a contract. In order to derive these costs, we must look well beyond the raw product or service being offered to the underlying infrastructure and organisational costs. Too many companies set themselves up for failure by only considering the raw materials and resource costs, ignoring the working environment which is essential for personal and organisational productivity.

In this paper we examine a wide variety of topics seeking to gain a better insight into the role of systems support, and how to deliver those services to customers in a more controlled, quality assured, productive and profitable manner.

This paper seeks to bring to the fore the aspects of system administration that tend to go unnoticed, such as the psychological factors and workflow inherent in the role. We can then consider ways to improve productivity in light of this knowledge.

For a copy of the paper, please select the version you would like by clicking on the relevant icon.

PostScript PDF
PostScript PDF

A Guide to the Art of Troubleshooting

This paper is a discussion on the art of troubleshooting. The intention is to impart some ideas, hints and tools to assist less experienced system administrators in gaining valuable insight into the attitude and mindset of senior system administrators.

What is troubleshooting? Troubleshooting is the art of taking what a user sees as a problem, determining the real underlying nature of that problem, and then resolving it (if possible). I used the word "art" to describe this pratice, as much of what is done is based upon experience, and difficult to articulate or quantify. It is this ability to define a process which turns an art into a science. This paper is my best efforts at that goal.

PostScript PDF
PostScript PDF

Good Software Management - Guidelines for Developers

Software development projects need to be pursued with the whole of the product life cycle in mind. This whole-of-life-cycle approach is necessary because, as has been well documented, 60% or more of the cost of software accrues from the in-service support and operation of these systems.

This document is intended as a series of guidelines which represent the experience of a number of years of supporting both commercial and custom software applications across a wide variety of platforms.

PostScript PDF
PostScript PDF



Home | Services | Clients | White Papers | About Us | Site Map | Contact Us
©1998 The SysAdmin Group Pty Ltd. All Rights Reserved.