More Related Content
Similar to How I manage IT infrastructure and systems for over 20 years
Similar to How I manage IT infrastructure and systems for over 20 years (20)
How I manage IT infrastructure and systems for over 20 years
- 1. Whatyouneedtoknowaboutme,andwhatIdo…
1. Iamageek,acomputerperson,someonewhoeats,drinksand
sleepsIT. Idealwithcomputers,networks,systems,technologies
etc,andliketogetthemtodowhatIwantthemtodo.Ipersist
withproblemsuntilI havebeatenthemintosubmission, andthen
moveontothenextchallenge.Engagingwiththisstuffis what
keepsmealive.
2. Icanhappilyspendmydaysoffsatinfrontofmy laptoplogged
intomyworknetworkforhoursonend,seeingwhatneedstobe
changedordevelopedorimproved.Iworkbestonmy own,and
allowedtogetonwithwhatIdo,afterall,youdon’tunderstandit,
youpaymetodoso.
3. If youwantsomeonewhositsathislaptopandadministersyour
ITsystem,keepsitgoingsmoothly,andworkingasit should,who
dealswiththetechnicalstuffthatwouldmakeyourheadache,and
makesthatstuffworkforyou,thenyouneedme.
4. Ihavemanagedthenetworkandserverinfrastructureforasmall
HigherEducationInstitutionsince1997.Westartedoffwitha
basicCat5 systemandoneDellboxrunningWindowsNT4
server,andbuiltonthat.Things I havedonedowntheyears
includethefollowing:
a. In2004movedthenetworktoActiveDirectory2000,and
upgradedthedesktopstoWindows2000Professional,
shortlyfollowedbyWindowsXP.Using group policy
workstationsbecamemulti-userdevices,withalluserdata
andpersonalizationstoredonthenetworkedfileservers.
Datawasnolongerhadtobestoredlocally.
b. OvertenyearsspentadministeringanActiveDirectory
infrastructurehaveacquiredadeepworkingknowledgeof
userandgroups,file andfolderpermissions,grouppolicy
- 2. andpreferences,DNS,DHCP,LDAP,etc.Mostofthe
configurationchangeswhichdeterminetheservices
availabletoenduserswhentheylogin toourcurrentVDI
systemaredeterminedbymembershipofoneormore
groups,locationinvariousOrganizationalUnitsin theAD,
andthewayin whichgrouppolicies/preferencesare
configuredtointeractwiththem.
c. Shortlyaftersettingupthenetwork,Imovedall
workstations/stationstoaprivateIPspaceandsetup
firewallsbetweenthepublicandprivatearea,allowingfor
variousservicestobemadeavailableoutsidetheCollege,in
particulartheabilityforuserstologontotheirdesktopand
workremotely.Createdseparatesubnetsforvariouspartsof
theCollegeandroutedthemtothemain serversubnet.
d. InresponsetoconcernsraisedbytheCollege’sentryto
HEFCEandits subsequentgovernmentfundedconnection
totheInternet,setupasystemofproxyserverstorecord
whateachuserbrowsed.
e. ExploredthetwoflavoursofHypervisoravailableatthe
time(2005)andthestability/resiliencetobeobtainedbya
virtualizedserverinfrastructurebasedonclusteredphysical
serversandsharedstorage.ChooseXenServerinsteadof
VMwareESX becauseitwasfreeandranonalmostall
hardware.Migratedallphysicalserverstoa resilientvirtual
environment.
f. ExploredtheuseofOpenSourcesoftwarecombinedwith
non-serverclasshardwareasameansofproviding
enterprisewideserviceswithlittleif anycost.Gottoknow
itsadvantagesanddisadvantages,andconcludedthat
commercialsoftwareonserverclasshardwarewasinthe
longrunmorecosteffective.
- 3. g. HavingrunaninternalIMAPbasedemailserversince
settingupthenetworkin1997,founditwasnolongerfitfor
purpose,andfailedtoprovidethecollaborativefunctions
availableviaExchange,movedtheCollegetoanexternal
providerandtransferredmailboxestothenewsystem.
h. Thelocallyadministeredswitchandfirewallinfrastructure,
whichhadgrownupin anunplannedandsomewhatorganic
fashionwasnolongerabletocopewiththelevelofuse,and
in thecourseof2010becameveryunstable.1replacedit
withanexternallymanagedfirewallandmanagedswitch
infrastructure,replacingtheflattraditionalsystemwhichhad
grownupfrom1997withaVLAN basedcollectionof
managedCiscoswitches.Thisis nowmanagedremotely
butin accordancewithourinstructions.
i. AtthisstagetheCollege’sdesktopswerebasedonWindow
XP professional,andalthoughmoststaffstoredtheirdatain
theirredirectedfoldersetc,notalldid.Using freesoftware
fromMicrosoft,Imadealltheworkstationsstateless,ie
preventinganychangesfrombeingwrittentothelocalhard
diskunlessdonebyanadministrator.Eachtimetheuser
restartedhisorhermachineanychangeswereremoved.
Doingsocutdownconsiderablyonthenumberofsupport
calls,particularlywhereavirusorspywareinfectionhad
takenplace.
j. Inspiredbythemodelofthestatelessphysicalworkstation,
andknowingthatWindows7didnotsupportthisin a
straightforwardfashionIbegantoexploretheideaofVDI in
particularthepooledstatelessdesktop,whichrevertedtoits
originalstateastheuserlogged out.Conductedanextensive
ProofofConceptonalimitednumberofstaffusers,and
gainedextensiveexperiencefromuserfeedbackwhich
- 4. provedveryusefulwhenitwasdeployedatproductionlevel
firstlytostudentsandthentostaff.Particularissueswerethe
needforfastlocalstorageonthehypervisors,optimisationof
thedesktopimage,theoptimumconfigurationof Office
2013,particularlyOutlookandWord,theabilitytoaccess
thevirtualdesktopremotely,andmethodswhereby
specializedsoftwaremightbeprovidedtotheendclient.
InitiallydeployedusingCitrixVDI inabox,Ihave
successfullyexploredXenDesktopVDIasareplacement.
Provisioningthepooledrandomdesktop,whichrevertstoits
pristinestatewhentheuserlogs offhaseliminatedlocal
hardwareasanissueforITsupport,andconsiderably
enhancedtheenduserexperience.
k. Initiallysetupalocalwirelesssystemwithunmanaged
accesspointsandacaptiveportalbasedformof
authentication.Duetoconcernsaboutthesecurityofour
internalnetwork,thewirelesssystemwasentirelyroutedvia
anexternalADSLconnection,whichprovedslowand
unreliable.Movedourwirelessprovisiontoanexternally
managedsystemwhichusesourownnetworkforstaff,
studentsandexternalacademics,butcontinuestouseADSL
forthosewhodon’tfitintoanyoftheabovecategories.
5. WhereIworkwill closein twotothreeyears’time,andmaywell
makeme redundantbeforethat.IenjoyITandtheintellectual
challengeitpresents,andwouldliketocontinuetoworkinthis
areawhenmycurrentemploymentceases.WereItohavea
preference,itwouldbeforasmallandfriendlyinstitutionwhereI
managethelocalserverdesktopinfrastructure, anddealwith
outsourcedservices.Havingatoncepointprovidedallofthese
servicesmyself,Ihavethetechnicalknowledgetoensurethatthey
aregiving youwhatyoupayfor.