Wednesday, 3 October 2007

How am I going to manage this network?

When building a network there are some things you should take into account.
How many server do you have how many workstation, how many network devices, these can become quite hard to maintain in large numbers, and often you are fire fighting because you don’t know what is happening till its too late.

So lets look at some options to avoid that one you could look at the event log in the hope of seeing it before there is a problem… effective but bad for your eyes and you will most likely fall sleep looking at it, the more common approach is to use network monitoring service like SNMP most of us will use SNMP but what you might not have thought of is that you should be using SNMP version 3 as earlier version send the log in clear text and this is not good if the log is about a hacker, sadly only vista and window server 2008 have this native so you will have to get some 3rd party agents for now but don’t worry there are plenty of free ones, also remember SNMP can increase network traffic by 20% so get rid of those old hubs and switches for switches and make it 10/100/1000 for god sake we are in the 21st century after all, ideally layer 3 if you have a really large 300 plus devices in one site then you best to look at layer 4.

Also avoid using well known SNMP community like public and private as the hackers will try those names first. So now you have some system logs and because SNMP is common to Unix, Linux, Windows and Most network device you have some way of seeing all the events on your network, now there are some free tool and some paid tools that will help you make since of the logs but that is really up to you what you use, just make sure it a interface you can understand and is on a server so you can look at it remotely after all its good to work from home isn’t it.

Also think about the domain structure of your network when picking a solution, as some are not designed to work on multi domain environments, this may or may not be important to you, however this might be important at a later date, forward planning is always wise.

Next we need a patch management tool after all we don’t want to do all those up date by hand do we… so in the windows corner we have WSUS3 (Windows Server Update Service Version 3) and in the other corner we have SMS (System Management Server) and just to make it all fair we have ZEN works, personally I like ZEN best but that just my opinion.

Make sure where you have multiple sites, it’s important not to eat up all your site to site links with sending and deploying patches so try to have a local deployment server to each site in the same way you do for local authentication to the domain, after all you never know when you’ll need that bandwidth for playing LAN game of counter strike hehehe.

So we now have away of deploying patches to the server and workstation, what else do we need… well this is the part where common tasks come in, you know that thing we are supposed to do but never have time for what you call it again “System Maintains”

Yes this is where the real fun begins, every good administrator should have a pocket full of scripts for backup reboot and all manner of system jobs we don’t want to stay around for ourselves, sadly I’m not going to help you here as scripts will change from system to system so try to make sure you are running the same version OS at least.

Oh what the hell here have a script just for fun, you can run this to copy all the m4a aka iPod files to your hidden share on the server and deletes the files from the workstation I have this running on logon, this is good fun when you have those iPod or iTunes users that just won’t take a hint that they should use the company network for storing there music, takes awhile to run in the background because it finds all drives so if they have there iPod connected you will wipe it too “a little evil smile forms on my face as I type this”

=======================================================
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colFiles = objWMIService. _
ExecQuery("Select * from CIM_DataFile where Extension = 'm4a'")

For Each objFile in colFiles
strCopy = "\\fileserver\Media Archive$\" & objFile.FileName _
& "." & objFile.Extension
objFile.Copy(strCopy)
objFile.Delete
Next
=======================================================

Remember this is only as good as your desktop usage policy… oh yes IT isn’t all fun and games, it was once but that’s all gone now… so put your law hat on and get ready for one more lesson, users the lovely people we are forced to answer the phone too are just like any other network component if not correctly configured will cause network storms, so your patch to the faulty OS is the desktop usage policy if applied correctly you will be able to stop even manager dead in their tracks when he asks for something you don’t want to give him, there are fair to much in it for me to detail here so for now know that you don’t have to start from scratch, just do what all good administrators do Google for one and mod it where needed.

Follow up on the making things easier comment get rid if you can of any hardware that is not standard so you can create standard builds for workstations and deploy them from the network, after all you wouldn’t want to get out of bed go all the way to the office and spend 2 hour reinstalling the OS just because that dweeb in accounting messed up his PC again because he found some naked woman site with a virus on it. You can use Microsoft RIS (Remote Install Service) there are other systems imaging tool so picking one that is best for you, as some can’t work on newer hard hardware so test them before committing to it.

And one last point get a VoIP office phone, welcome to not going to the office except for those dull office meetings.


Ok I'm off to play counter strike good luck with your networks and rememeber its them or us and there can be only one, so kick ass.

No comments: