Early 2011 Work

So an overview of my own individual tasks for early 2011 looks like:

Replacing the DHCP servers for the university

This was scheduled for last year but the sequence of events needed to free up hardware for the service to move to has been more awkward than expected so instead we’re going to purchase two low end fault tolerant servers. Hopefully the order, delivery and base install will take place in January with testing at the end of the month. Actual deployment may take place either at the immediate start of a Tuesday standard Janet at risk period (e.g. 7am) or on a weekend, but we’ll decide closer to the time and make an announcement to the IT officers beforehand.

This is important because it’s already behind schedule and the hardware it’s replacing is out of warranty. Essentially if a DHCP servers hardware failed now, although it would failover to the other we’d be redeploying the nearest development server rather quickly as the replacement. The new hardware will be in 5 year warranty, which should be well past when the system is replaced by either an integrated IPAM (DNS/DHCP) system or virtualised.

On the virtualisation note, and before there’s any comments of ‘why don’t you put this service on a virtual host?’ I believe there’s a university virtualisation service in the works from other sections but I don’t know enough detail to talk about it. NSMS currently have a smaller service but we’ll be keeping the DHCP changeover simple for now due to the high number of people affected if there were to be an issue with the service to an offering our own team isn’t familiar with. We do virtualise the majority of our development hosts but our own team doesn’t currently have a public service virtualised – we will in the future, probably as the warranty runs out on more minor services.

ASA IPv6 firewall

The second project in January is to setup and test the intended IPv6 firewall configuration on a ASA 5510 platform that’s currently available for testing here. The decision on purchasing isn’t until the end of the month, if it went ahead I’d expect deployment near the end of February.

The is important in order to replace the temporary IPv6 firewall we currently have, it also means we can get on with deploying websites in OUCS onto IPv6 (e.g. with a AAAA) and (hopefully) websites in Maths. The Mathematical Institute has capable IT staff of it’s own but I’m keen on seeing some things deployed before others so have offered to assist.

LMS

At the start of February I’d like to spend some time trialling Cisco LMS and if this goes well perhaps the Cisco Security Manager. Specifically instead of developing our own in house scripts to manage IPv6 network restrictions (via a Perl Expect module and similar) perhaps we might have better visibility and less maintenance issues with the Cisco tools.

We also have our own in house inventory and network monitoring systems, with various overlapping reporting – I’d like to check that we aren’t needlessly making our lives hard.

Aside from saving on maintenance and misunderstandings, an important aspect I’m interested is problem visibility in a disaster. Specifically if something that should never happen does, I’d like a magical arrow that points to the exact issue. From experience I think we currently have the information needed but it takes some time to realise which place to dig it out from and compare with what, the integration and usability is low.

DNS warmspares

February should also see the deployment of two DNS warmspare hosts, to replace a host lost to hardware failure. These will be the old DHCP servers, since the hardware need not be in warranty. This will start as soon as the hardware is available and the new DHCP service has been running a couple of days.

Other

I’ve planned beyond this however with an upcoming change in management it could well be my priorities change plus well laid plans are vulnerable to some unrelated work suddenly cropping up halfway through the timeframe with a high technical or political priority and needing all other projects postponed.

We’ll also be continuing normal duties, so for 2 days a week I’m on the support queue for our team.

There’s also been progress on the new IPAM system over December however I’m not keen on making promises with regards to this project. We’re hoping for a significant development from the vendor involved in April.

Posted in Uncategorized | Comments Off on Early 2011 Work

Comments are closed.