orphaned machines

[dninja at gmail.com (Robin Wood)]

2009/3/30 Pat Moloney <nutjob.ie at gmail.com>:
> In a company i used to work for we had a large bank of test machines and
> each batch was allocated to various teams depending on requirements.
>
> Every now and again no one knew what a particular bank of machines did
> due to re-orgs and team shuffles so we simply hit the power button and
> shut them down until someone came crying. If they came crying within a
> month or two they kept the machines if not they were re-allocated.

If you follow this approach you have to make sure that when the
machines come back on they get patches straight away.

> Once a year after we had re-allocated a bank of machines someone came
> looking for them. Its always interesting to see someone's reaction when
> you give them the dates they were re-allocated and its over 6 months

I love the idea of not touching a machine for 6 months + then
realising it has disappeared and wondering why.

Robin

> Mind you the above approach may get you killed if its a mission critical
> system
>
> -------------------------------------------------------------------------------------------------------------
>
> There are software packages specifically designed for auditing networks
> and the above scenario .I cant recommend one as i work for a company
> that writes auditing software and am bias.
>
>
>
>
>
>
> Vincent Lape wrote:
> > Robin,
> >
> > @ my last company we were required to physically inventory every
> > machine & process runnong every 6 months. In our datacnter (about 800
> > physical servers) it took us a week. Granted this may not be ideal in
> > all cases however our environment dealt with financial data and we
> > didnt want to be the next T J Maxx :)
> >
> > The issue we found was exactly as you had stated. typically the dev
> > tam called someone in the middle of the night to put up a machine for
> > whatever reason. Of course this request was generally followed by a
> > call from an executive telling you to just get it done. months later
> > when the dev team was done with it they would tend to put mission
> > critical processes on "test machines"
> >
> > anyhow the point is we should be diligent in auditing the
> > infrastructure on a regular basis and providing a valid business cause
> > as to why any particular machine is on the network.
> >
> >
> > On Mar 30, 2009, at 10:14 AM, Robin Wood wrote:
> >
> >
> > > 2009/3/30 Dan McGinn-Combs <dgcombs at gmail.com>:
> > >
> > > > In my limited experience, people, sysadmins and developer alike,
> > > > remember virtual machines. Especially when they require someone to
> > > > turn them on or eat developer workstation resources.
> > > > Dan
> > > I wasn't thinking virtual I was thinking real ones where one gets put
> > > under a desk or in a spare bit of rack and then forgotten about. Being
> > > a server it would never be shutdown or rebooted so would just run and
> > > run.
> > >
> > > Robin
> > >
> > >
> > > > -----Original Message-----
> > > > From: Robin Wood <dninja at gmail.com>
> > > > Sent: Monday, March 30, 2009 5:19 AM
> > > > To: PaulDotCom Mailing List <pauldotcom at mail.pauldotcom.com>
> > > > Subject: [Pauldotcom] orphaned machines
> > > >
> > > > Hi
> > > > In one of the last couple of episodes Larry mentioned machines which
> > > > were orphaned when people left a company, my immediate thought was
> > > > along a different track to what was discussed so I thought I'd
> > > > mention
> > > > it.
> > > >
> > > > What about temporary machines which are setup by sys-admins for
> > > > specific jobs or departments when the sys-admin leaves. Maybe a
> > > > developer needed a server with a specific version of mysql on it to
> > > > test a bug, the machine gets put on the network as a temporary thing
> > > > but then the sys-admin who does it leaves and the developer finishes
> > > > his testing and forgets about it. I can think of quite a few
> > > > scenarios
> > > > where pet projects or temporary machines are forgotten about or lost
> > > > when someone leaves.
> > > >
> > > > I supposed one solution to this is to make sure that every machine
> > > > that gets added to a network is logged but in reality I think people
> > > > are likely to be lazy and for short term installations bypass the
> > > > paperwork. An alternative is to scan the network regularly and pick
> > > > up
> > > > any machines which are new or not in an approved list and have them
> > > > checked out. The problem with this is that once the machine is
> > > > vouched
> > > > for once it becomes a recognised part of the network so wouldn't be
> > > > picked up as an anomaly.
> > > >
> > > > So, that was my thought when orphaned machines were mentioned.
> > > >
> > > > Robin
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom at mail.pauldotcom.com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > > >
> > > > _______________________________________________
> > > > Pauldotcom mailing list\
> > > > Pauldotcom at mail.pauldotcom.com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com