orphaned machines

[vlape at me.com (Vincent Lape)]

Robin,

@ my last company we were required to physically inventory every  
machine & process runnong every 6 months. In our datacnter (about 800  
physical servers) it took us a week. Granted this may not be ideal in  
all cases however our environment dealt with financial data and we  
didnt want to be the next T J Maxx :)

The issue we found was exactly as you had stated. typically the dev  
tam called someone in the middle of the night to put up a machine for  
whatever reason. Of course this request was generally followed by a  
call from an executive telling you to just get it done. months later  
when the dev team was done with it they would tend to put mission  
critical processes on "test machines"

anyhow the point is we should be diligent in auditing the  
infrastructure on a regular basis and providing a valid business cause  
as to why any particular machine is on the network.


On Mar 30, 2009, at 10:14 AM, Robin Wood wrote:

> 2009/3/30 Dan McGinn-Combs <dgcombs at gmail.com>:
> > In my limited experience, people, sysadmins and developer alike,  
> > remember virtual machines. Especially when they require someone to  
> > turn them on or eat developer workstation resources.
> > Dan
>
> I wasn't thinking virtual I was thinking real ones where one gets put
> under a desk or in a spare bit of rack and then forgotten about. Being
> a server it would never be shutdown or rebooted so would just run and
> run.
>
> Robin
>
> > -----Original Message-----
> > From: Robin Wood <dninja at gmail.com>
> > Sent: Monday, March 30, 2009 5:19 AM
> > To: PaulDotCom Mailing List <pauldotcom at mail.pauldotcom.com>
> > Subject: [Pauldotcom] orphaned machines
> >
> > Hi
> > In one of the last couple of episodes Larry mentioned machines which
> > were orphaned when people left a company, my immediate thought was
> > along a different track to what was discussed so I thought I'd  
> > mention
> > it.
> >
> > What about temporary machines which are setup by sys-admins for
> > specific jobs or departments when the sys-admin leaves. Maybe a
> > developer needed a server with a specific version of mysql on it to
> > test a bug, the machine gets put on the network as a temporary thing
> > but then the sys-admin who does it leaves and the developer finishes
> > his testing and forgets about it. I can think of quite a few  
> > scenarios
> > where pet projects or temporary machines are forgotten about or lost
> > when someone leaves.
> >
> > I supposed one solution to this is to make sure that every machine
> > that gets added to a network is logged but in reality I think people
> > are likely to be lazy and for short term installations bypass the
> > paperwork. An alternative is to scan the network regularly and pick  
> > up
> > any machines which are new or not in an approved list and have them
> > checked out. The problem with this is that once the machine is  
> > vouched
> > for once it becomes a recognised part of the network so wouldn't be
> > picked up as an anomaly.
> >
> > So, that was my thought when orphaned machines were mentioned.
> >
> > Robin
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com