SlideShare a Scribd company logo

SouthEast LinuxFest 2015 - Managing linux in a engineering college

E
edgester

This document summarizes the Linux management practices at the William States Lee College of Engineering at UNC Charlotte. It discusses that the college IT team manages over 140 Linux machines including servers and desktops using Red Hat Enterprise Linux and automation tools like Kickstart, CFEngine, and scripts. They use OpenAFS for network storage and aim to provide high levels of customer service while automating management tasks and ensuring all systems are disposable to handle growth. Upcoming goals include transitioning to Red Hat Satellite and exploring new technologies like Docker.

Technology
1 of 18
Download to read offline
Managing Linux in an Engineering College A Case Study
My opinions are my own. The Lawyers Made Me Do It
About Me Jason Edgecombe (@edgester) ● Linux Administrator in the College of Engineering at UNC Charlotte ● OpenAFS contributor & buildbot admin ● http://engrmosaic.uncc.edu ● https://github.com/edgester ● http://rampaginggeek.com
The William States Lee College of Engineering at UNC Charlotte ● 5 Departments o Civil and Environmental Engineering o Electrical and Computer Engineering o Engineering Technology o Mechanical Engineering and Engineering Science o Systems Engineering and Engineering Management ● Various research centers (EPIC)
College Stats ● 3322 Students who major in COE (Fall 2014) o 2710 undergrad, 612 grad ● 154 faculty (140 FTE), 60 staff FTE ● 4342 login accounts (May 2015) ● 10 person IT team (full-time) + student interns ● 2 Linux admins
What We Support ● 2 Managed platforms o Mosaic Windows  1200+ Mosaic windows machines o Mosaic Linux  41 production servers (mix of bare-metal and VM’s)  65 Linux desktops (offices and research labs)  141 total Linux machines (that we manage) ● Assorted standalone boxes (research)
What We DON’T Maintain ● The main campus network ● Primary departmental/college web sites ● Research compute cluster ● Other stuff provided by university-level IT ● Moodle ● Campus ERP systems
Mosaic Linux Platform ● 50+ commercial and open source software suites ● RedHat Enterprise Linux 5 (Client & Server) ● Only IT staff have root/sudo ● OpenAFS for network storage (Linux & Windows)
Key Philosophies ● High level of customer service ● Lots of automation o Scripted installation and management. (little or no imaging) ● Store everything in AFS (Windows & Linux) o Roaming profiles and home directories ● Workstations and servers are disposable o Primary disks must not contain persistent user data
Remote Access ● Current: 10 servers, 8C/16T, 96GB RAM ● Future: 2 servers, 8C/64T, 256GB RAM ● Remote graphical and ssh access ● Today: FreeNX over globally-accessible ssh port ● Near Future: Xrdp and ssh behind the VPN ● Used by on-site and off-site users
Current Automation ● Kickstart automated installation ● Masterless cfengine w/AFS to distribute files ● Scripts (Bash, Perl, Python) ● Git for VCS and moving code changes between environments ● Folders of RPMs to designate patchsets (separate from git)
Future Automation/Platform ● RHEL7 ● RedHat Satellite (Puppet, Katello, Foreman, Pulp) ○ Use lifecycle environments to promote Dev→Test→Prod ○ Content views to synchronize puppet modules and RPMs ○ Reduce the dependency on a shared file system for our management tools
Ongoing Challenges & Responses ● Usual suspects: budget & staff time ○ Automate and streamline ○ Engage stakeholders to set priorities ○ Interns for some stuff ● Growth (12% student growth 2009-2014) ○ Automate ○ Set priorities ● Bimodal user populations ○ Set expectations per application
Ongoing Challenges & Responses 2 ● Users want root/sudo (especially Elec. Eng.) ○ Better customer service ○ Make the managed offering irresistible ● Need to support centralized and distributed usage models ○ Users can choose their support model ○ Support both with a hybrid team
Ongoing Challenges & Responses 3 ● Divergent application requirements ○ Install dependencies in separate folders with applications ○ Can’t always fix this. Can Docker help? ● Semi-trusted network ○ Assume the attackers are inside the machines! ○ Run fail2ban on workstations ○ Be wary of applications that have little/no security
Challenges Yet To Be Conquered! ● Research ○ Special requirements that can’t be handled by the managed offering. (security & technical) ● Storage (More!) ● Security ○ Risk of more one-offs ○ Belligerent users ● Consolidation?
The Future Is Uncertain ● Looking to replace our: o Network file system o User Directory o Backup system ● Docker ● Cloud ● Continuous Delivery ○ automated testing, logging, metrics
Discussion http://engrmosaic.uncc.edu

Recommended

Open source communities in hong kong and asia (2012 updates) (Summer BarCam...
Open source communities in hong kong and asia (2012 updates) (Summer BarCam...Open source communities in hong kong and asia (2012 updates) (Summer BarCam...
Open source communities in hong kong and asia (2012 updates) (Summer BarCam...Sammy Fung
 
COSCUP 2013
COSCUP 2013COSCUP 2013
COSCUP 2013Sammy Fung
 
Optimizing Web Performance - A personal experience
Optimizing Web Performance - A personal experienceOptimizing Web Performance - A personal experience
Optimizing Web Performance - A personal experienceMaira Bello
 
[NijmegenJS] Node.js - 2014/04/25
[NijmegenJS] Node.js - 2014/04/25[NijmegenJS] Node.js - 2014/04/25
[NijmegenJS] Node.js - 2014/04/25jvdheijden
 
14_Ed_Symp_Open_Source
14_Ed_Symp_Open_Source14_Ed_Symp_Open_Source
14_Ed_Symp_Open_SourceSteve Arnold
 
Open Science Grid
Open Science GridOpen Science Grid
Open Science GridRob Gardner
 
[scala.by] Launching new application fast
[scala.by] Launching new application fast[scala.by] Launching new application fast
[scala.by] Launching new application fastDenis Karpenko
 
BDM29: AdamCloud Project - Part I
BDM29: AdamCloud Project - Part IBDM29: AdamCloud Project - Part I
BDM29: AdamCloud Project - Part IDavid Lauzon
 

Recommended

Open source communities in hong kong and asia (2012 updates) (Summer BarCam...
Open source communities in hong kong and asia (2012 updates) (Summer BarCam...Open source communities in hong kong and asia (2012 updates) (Summer BarCam...
Open source communities in hong kong and asia (2012 updates) (Summer BarCam...Sammy Fung
 
COSCUP 2013
COSCUP 2013COSCUP 2013
COSCUP 2013Sammy Fung
 
Optimizing Web Performance - A personal experience
Optimizing Web Performance - A personal experienceOptimizing Web Performance - A personal experience
Optimizing Web Performance - A personal experienceMaira Bello
 
[NijmegenJS] Node.js - 2014/04/25
[NijmegenJS] Node.js - 2014/04/25[NijmegenJS] Node.js - 2014/04/25
[NijmegenJS] Node.js - 2014/04/25jvdheijden
 
14_Ed_Symp_Open_Source
14_Ed_Symp_Open_Source14_Ed_Symp_Open_Source
14_Ed_Symp_Open_SourceSteve Arnold
 
Open Science Grid
Open Science GridOpen Science Grid
Open Science GridRob Gardner
 
[scala.by] Launching new application fast
[scala.by] Launching new application fast[scala.by] Launching new application fast
[scala.by] Launching new application fastDenis Karpenko
 
BDM29: AdamCloud Project - Part I
BDM29: AdamCloud Project - Part IBDM29: AdamCloud Project - Part I
BDM29: AdamCloud Project - Part IDavid Lauzon
 
Geoscience and Microservices
Geoscience and Microservices Geoscience and Microservices
Geoscience and Microservices Matthew Gerring
 
Building EUDOXUS with FOSS
Building EUDOXUS with FOSSBuilding EUDOXUS with FOSS
Building EUDOXUS with FOSSFotis Stamatelopoulos
 
Open Chemistry, JupyterLab and data: Reproducible quantum chemistry
Open Chemistry, JupyterLab and data: Reproducible quantum chemistryOpen Chemistry, JupyterLab and data: Reproducible quantum chemistry
Open Chemistry, JupyterLab and data: Reproducible quantum chemistryMarcus Hanwell
 
Snowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD PipelinesSnowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD PipelinesDrew Hansen
 
Machine learning and big data @ uber a tale of two systems
Machine learning and big data @ uber a tale of two systemsMachine learning and big data @ uber a tale of two systems
Machine learning and big data @ uber a tale of two systemsZhenxiao Luo
 
Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph
Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph
Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph Ceph Community
 
Ceph Day NYC: Building Tomorrow's Ceph
Ceph Day NYC: Building Tomorrow's CephCeph Day NYC: Building Tomorrow's Ceph
Ceph Day NYC: Building Tomorrow's CephCeph Community
 
The Professional Programmer
The Professional ProgrammerThe Professional Programmer
The Professional ProgrammerDave Cross
 
Instant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositoriesInstant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositoriesYshay Yaacobi
 
Linux Kernel Introduction
Linux Kernel IntroductionLinux Kernel Introduction
Linux Kernel IntroductionSage Sharp
 
CON6423: Scalable JavaScript applications with Project Nashorn
CON6423: Scalable JavaScript applications with Project NashornCON6423: Scalable JavaScript applications with Project Nashorn
CON6423: Scalable JavaScript applications with Project NashornMichel Graciano
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixAll Things Open
 
Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)
Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)
Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)Eugenio Minardi
 
Angular2 - A story from the trenches
Angular2 - A story from the trenchesAngular2 - A story from the trenches
Angular2 - A story from the trenchesJohannes Rudolph
 
Open Data Node - Platform and Methodology - 2015-May
Open Data Node - Platform and Methodology - 2015-MayOpen Data Node - Platform and Methodology - 2015-May
Open Data Node - Platform and Methodology - 2015-MayComsode - FP7 project
 
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...Jean Vanderdonckt
 
Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...Nir Yungster
 
Flux architecture and Redux - theory, context and practice
Flux architecture and Redux - theory, context and practiceFlux architecture and Redux - theory, context and practice
Flux architecture and Redux - theory, context and practiceJakub Kocikowski
 
Leveraging Open Standards to Build Highly Extensible Autonomous Systems
Leveraging Open Standards to Build Highly Extensible Autonomous SystemsLeveraging Open Standards to Build Highly Extensible Autonomous Systems
Leveraging Open Standards to Build Highly Extensible Autonomous SystemsICS
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

More Related Content

Similar to SouthEast LinuxFest 2015 - Managing linux in a engineering college

Geoscience and Microservices
Geoscience and Microservices Geoscience and Microservices
Geoscience and Microservices Matthew Gerring
 
Open Chemistry, JupyterLab and data: Reproducible quantum chemistry
Open Chemistry, JupyterLab and data: Reproducible quantum chemistryOpen Chemistry, JupyterLab and data: Reproducible quantum chemistry
Open Chemistry, JupyterLab and data: Reproducible quantum chemistryMarcus Hanwell
 
Snowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD PipelinesSnowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD PipelinesDrew Hansen
 
Machine learning and big data @ uber a tale of two systems
Machine learning and big data @ uber a tale of two systemsMachine learning and big data @ uber a tale of two systems
Machine learning and big data @ uber a tale of two systemsZhenxiao Luo
 
Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph
Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph
Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph Ceph Community
 
Ceph Day NYC: Building Tomorrow's Ceph
Ceph Day NYC: Building Tomorrow's CephCeph Day NYC: Building Tomorrow's Ceph
Ceph Day NYC: Building Tomorrow's CephCeph Community
 
The Professional Programmer
The Professional ProgrammerThe Professional Programmer
The Professional ProgrammerDave Cross
 
Instant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositoriesInstant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositoriesYshay Yaacobi
 
Linux Kernel Introduction
Linux Kernel IntroductionLinux Kernel Introduction
Linux Kernel IntroductionSage Sharp
 
CON6423: Scalable JavaScript applications with Project Nashorn
CON6423: Scalable JavaScript applications with Project NashornCON6423: Scalable JavaScript applications with Project Nashorn
CON6423: Scalable JavaScript applications with Project NashornMichel Graciano
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixAll Things Open
 
Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)
Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)
Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)Eugenio Minardi
 
Angular2 - A story from the trenches
Angular2 - A story from the trenchesAngular2 - A story from the trenches
Angular2 - A story from the trenchesJohannes Rudolph
 
Open Data Node - Platform and Methodology - 2015-May
Open Data Node - Platform and Methodology - 2015-MayOpen Data Node - Platform and Methodology - 2015-May
Open Data Node - Platform and Methodology - 2015-MayComsode - FP7 project
 
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...Jean Vanderdonckt
 
Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...Nir Yungster
 
Flux architecture and Redux - theory, context and practice
Flux architecture and Redux - theory, context and practiceFlux architecture and Redux - theory, context and practice
Flux architecture and Redux - theory, context and practiceJakub Kocikowski
 
Leveraging Open Standards to Build Highly Extensible Autonomous Systems
Leveraging Open Standards to Build Highly Extensible Autonomous SystemsLeveraging Open Standards to Build Highly Extensible Autonomous Systems
Leveraging Open Standards to Build Highly Extensible Autonomous SystemsICS
 

Similar to SouthEast LinuxFest 2015 - Managing linux in a engineering college (20)

Geoscience and Microservices
Geoscience and Microservices Geoscience and Microservices
Geoscience and Microservices
 
Building EUDOXUS with FOSS
Building EUDOXUS with FOSSBuilding EUDOXUS with FOSS
Building EUDOXUS with FOSS
 
Open Chemistry, JupyterLab and data: Reproducible quantum chemistry
Open Chemistry, JupyterLab and data: Reproducible quantum chemistryOpen Chemistry, JupyterLab and data: Reproducible quantum chemistry
Open Chemistry, JupyterLab and data: Reproducible quantum chemistry
 
Snowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD PipelinesSnowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD Pipelines
 
Machine learning and big data @ uber a tale of two systems
Machine learning and big data @ uber a tale of two systemsMachine learning and big data @ uber a tale of two systems
Machine learning and big data @ uber a tale of two systems
 
Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph
Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph
Ceph Day Santa Clara: Keynote: Building Tomorrow's Ceph
 
Ceph Day NYC: Building Tomorrow's Ceph
Ceph Day NYC: Building Tomorrow's CephCeph Day NYC: Building Tomorrow's Ceph
Ceph Day NYC: Building Tomorrow's Ceph
 
The Professional Programmer
The Professional ProgrammerThe Professional Programmer
The Professional Programmer
 
Instant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositoriesInstant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositories
 
Linux Kernel Introduction
Linux Kernel IntroductionLinux Kernel Introduction
Linux Kernel Introduction
 
CON6423: Scalable JavaScript applications with Project Nashorn
CON6423: Scalable JavaScript applications with Project NashornCON6423: Scalable JavaScript applications with Project Nashorn
CON6423: Scalable JavaScript applications with Project Nashorn
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at Netflix
 
Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)
Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)
Deploying an Open Source DAM in SAAS Mode (European Drupal Days 2015)
 
Angular2 - A story from the trenches
Angular2 - A story from the trenchesAngular2 - A story from the trenches
Angular2 - A story from the trenches
 
Open Data Node - Platform and Methodology - 2015-May
Open Data Node - Platform and Methodology - 2015-MayOpen Data Node - Platform and Methodology - 2015-May
Open Data Node - Platform and Methodology - 2015-May
 
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...
 
Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...
 
Flux architecture and Redux - theory, context and practice
Flux architecture and Redux - theory, context and practiceFlux architecture and Redux - theory, context and practice
Flux architecture and Redux - theory, context and practice
 
Leveraging Open Standards to Build Highly Extensible Autonomous Systems
Leveraging Open Standards to Build Highly Extensible Autonomous SystemsLeveraging Open Standards to Build Highly Extensible Autonomous Systems
Leveraging Open Standards to Build Highly Extensible Autonomous Systems
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

Recently uploaded (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 

SouthEast LinuxFest 2015 - Managing linux in a engineering college

  • 1. Managing Linux in an Engineering College A Case Study
  • 2. My opinions are my own. The Lawyers Made Me Do It
  • 3. About Me Jason Edgecombe (@edgester) ● Linux Administrator in the College of Engineering at UNC Charlotte ● OpenAFS contributor & buildbot admin ● http://engrmosaic.uncc.edu ● https://github.com/edgester ● http://rampaginggeek.com
  • 4. The William States Lee College of Engineering at UNC Charlotte ● 5 Departments o Civil and Environmental Engineering o Electrical and Computer Engineering o Engineering Technology o Mechanical Engineering and Engineering Science o Systems Engineering and Engineering Management ● Various research centers (EPIC)
  • 5. College Stats ● 3322 Students who major in COE (Fall 2014) o 2710 undergrad, 612 grad ● 154 faculty (140 FTE), 60 staff FTE ● 4342 login accounts (May 2015) ● 10 person IT team (full-time) + student interns ● 2 Linux admins
  • 6. What We Support ● 2 Managed platforms o Mosaic Windows  1200+ Mosaic windows machines o Mosaic Linux  41 production servers (mix of bare-metal and VM’s)  65 Linux desktops (offices and research labs)  141 total Linux machines (that we manage) ● Assorted standalone boxes (research)
  • 7. What We DON’T Maintain ● The main campus network ● Primary departmental/college web sites ● Research compute cluster ● Other stuff provided by university-level IT ● Moodle ● Campus ERP systems
  • 8. Mosaic Linux Platform ● 50+ commercial and open source software suites ● RedHat Enterprise Linux 5 (Client & Server) ● Only IT staff have root/sudo ● OpenAFS for network storage (Linux & Windows)
  • 9. Key Philosophies ● High level of customer service ● Lots of automation o Scripted installation and management. (little or no imaging) ● Store everything in AFS (Windows & Linux) o Roaming profiles and home directories ● Workstations and servers are disposable o Primary disks must not contain persistent user data
  • 10. Remote Access ● Current: 10 servers, 8C/16T, 96GB RAM ● Future: 2 servers, 8C/64T, 256GB RAM ● Remote graphical and ssh access ● Today: FreeNX over globally-accessible ssh port ● Near Future: Xrdp and ssh behind the VPN ● Used by on-site and off-site users
  • 11. Current Automation ● Kickstart automated installation ● Masterless cfengine w/AFS to distribute files ● Scripts (Bash, Perl, Python) ● Git for VCS and moving code changes between environments ● Folders of RPMs to designate patchsets (separate from git)
  • 12. Future Automation/Platform ● RHEL7 ● RedHat Satellite (Puppet, Katello, Foreman, Pulp) ○ Use lifecycle environments to promote Dev→Test→Prod ○ Content views to synchronize puppet modules and RPMs ○ Reduce the dependency on a shared file system for our management tools
  • 13. Ongoing Challenges & Responses ● Usual suspects: budget & staff time ○ Automate and streamline ○ Engage stakeholders to set priorities ○ Interns for some stuff ● Growth (12% student growth 2009-2014) ○ Automate ○ Set priorities ● Bimodal user populations ○ Set expectations per application
  • 14. Ongoing Challenges & Responses 2 ● Users want root/sudo (especially Elec. Eng.) ○ Better customer service ○ Make the managed offering irresistible ● Need to support centralized and distributed usage models ○ Users can choose their support model ○ Support both with a hybrid team
  • 15. Ongoing Challenges & Responses 3 ● Divergent application requirements ○ Install dependencies in separate folders with applications ○ Can’t always fix this. Can Docker help? ● Semi-trusted network ○ Assume the attackers are inside the machines! ○ Run fail2ban on workstations ○ Be wary of applications that have little/no security
  • 16. Challenges Yet To Be Conquered! ● Research ○ Special requirements that can’t be handled by the managed offering. (security & technical) ● Storage (More!) ● Security ○ Risk of more one-offs ○ Belligerent users ● Consolidation?
  • 17. The Future Is Uncertain ● Looking to replace our: o Network file system o User Directory o Backup system ● Docker ● Cloud ● Continuous Delivery ○ automated testing, logging, metrics