Evolutionary System & Network Administration
J. Scheerder <[email protected]>, 2003
Essential System & Network Administration
J. Scheerder <[email protected]>, 2003
What’s Going On?
LecturesPractical ProjectsCourse material: http://www.os3.nl/ESNA/
Reports + Examination = Completion
Tools of the Trade
From diskless…… to content-less…… to configurationless… to fully stand-alone
Tools of the Trade
Preventing installationAutomating installationAutomating maintenanceStaying in control
To install, or not to install
From diskless…… to content-less…… to configurationless… to fully stand-alone
Not to install: simple terminals
Character terminals (VT52, …)Dumb ‘graphics’ terminals
Dedicated (Ultra-)Thin Clients
X-TerminalsSun RayICA (Citrix), VNC, RDP, …
Network-based Thick Clients
Typical stages:Obtain IP configuration (bootp, dhcp)Fetch kernel (mini-OS, boot loader, …)Obtain additional configurationMount network filesystemsBind to directory services
Netbooting
Classical Unix: diskless clientsClassical Mac OS netbootingNovell netbootingPXE netbootingMac OS X netbooting
Network-based installation
Solaris JumpStart/WebStartPXE-based installation;<http://www.cs.uu.nl/people/henkvl/presentations/rh-net-install/rh-net-install.html>
Mac OS X netinstall, netrestore
Automated installation
RedHat Linux KickStartrsync, unison, radmind, …Vendor-provided update mechanismsCommercial tools: FileWave, Symantec Ghost, Systems Management Server
Automated installation, pointers
<http://www.redhat.com/advice/tips/kickstart.html>
<http://samba.anu.edu.au/rsync/>
<http://rsug.itd.umich.edu/software/radmind/>
<http://www.symantec.com/sabu/ghost/>
<http://www.filewave.com/>
<http://www.microsoft.com/smserver/>
Homogeneity
Reduces costs of maintenance… but not much, if everything is local
May increase riskCascading failureDependencies upon implementation
Version Management
Historic: SCCSPast: RCSPresent: CVSFuture: subversion
Version Control, Notions
VersionRepositoryLockLogCheckout, update, commit
Version Management, pointers
<http://www.cvshome.org/cyclic/cyclic-pages/sccs.html>
<http://www.gnu.org/software/rcs/rcs.html>
<http://www.cvshome.org/docs/>
<http://subversion.tigris.org/>, <http://svnbook.red-bean.com/>
SSH for Secure Communication
Remote accessRemote command executionFile transferEncapsulation of network trafficStrong authenticationStrong encryption
SSH Suite
Interactive login: slogin, sshCommand execution: sshFile transfer: scp, sftp
SSH Suite (ct.)
Authentication mechanisms:Public KeyOne Time Passwords (S/Key, OPIE)Kerberos, PAM, …Reusable passwords
Building on SSH
cvssubversionrsyncunisonrdump…
Building on SSH (ct.)
Traffic encapsulation by port forwardingX11 forwarding
X11 ‘magic cookie’ exchangexauth control
See man ssh, et al.
To be continued…