The Big Migration
With the more immediate problem of a failing network being solved, my attention turned to some of the more enduring challenges we faced.We were running out of patience from the Dean. We had been running Mercury/Pegasus (oh yes, that!) for our email while everyone else ran Exchange. My boss was belatedly testing Groupwise but with his departure that was it. Campus swooped in and offered their centralized Exchange solution and they took it. The Dean wasn't happy that something so basic and obvious to the users hadn't been provided by her own people.
We were running Novell on two old Dell PE2650 servers. A third PE2550 had been drafted as a development server but was put into play when a service on a main server failed. None of us knew how Novell really ran. My senior colleague knew more, but in the event of a failure, we were both up a creek without a paddling consultant. So we engaged one who had done work for us in previous years and he set about trying to fix this or that. Our old boss had bought new PE2850 servers to replace the older ones and an HP MSA 1500 FC SAN.
In the year following hire, the consultant managed to set this up for us and get the datastores onto the SAN thereby alleviating a severe space shortage. But all of this equipment was already dated by the time I took over and the problems recurred.
I was now working on these issues full time so we opened up my old position for hire. Of all the candidates, one stood out and I hired him quickly. It was a good hire. He was my age, but acted younger. An immigrant from the Middle East. His English was passable. His confidence was nil. For him it was a big break. I appreciate when you come from a very foreign country (his wife was an American) the first years are a difficult paralyzing adjustment. But in what little he'd done, he showed promise.
The confidence thing went away quickly. I grabbed him as soon as I could, trained him in all my old tasks and explained what I was doing. It began a strong friendship and I used him as a critiquing sounding board for all of my new ideas and deliberations. He got down the helpdesk support part very easily, the whole school loved him, and very soon he saw what I'd seen in my boss and asked to take over this technology, then that. I was thrilled to let him. I focused on bringing in the new things as he and the senior engineer were now firmly invested in keeping what we already had running. When I created something new, I turned it over to him and he ran with it. It made life so much easier.
Novell eDirectory wasn't cutting it. I'm sure it is a fine technology. Novell said so. The senior engineer was convinced it was much more secure than anything Microsoft made. And on paper, everything configured correctly, probably yes. But none of us could configure it.
Active Directory was comprehensible. I began looking at running two separate directories with Novell Identity Manager keeping the two databases in sync. That was a bear to learn. I had a lot of abortive efforts. I finally got the synchronization working but various things kept breaking it at inopportune times.
It would be one directory. I looked at finding a way to get rid of Novell all-together. I convinced the Dean to let us buy a new modern SAN and backup system and I had the servers already from my own budget. I set up the development environment in full. And then it was time to show the other engineers what it could do. By now we had recruited a fourth to help.
They were grudgingly impressed. For this I needed their help. There were too many users. Accounts would have to be created (I used Identity Manager for this part), Group and User shares synchronized until all users were completely off of Novell, and the workstations themselves had to be attached to the domain. A variety of free and paid applications made this much easier. And so the process began.
This was my first time with a project manager hat, breaking tasks down into component steps, assigning them, monitoring status, reporting milestones to stakeholders.
Three months after this final user migration phase finally commenced it was complete and Novell hosted no-one. I had pages of minor problems and issues to troubleshoot but this was more manageable. We were over our hump coasting down. We wiped the Novell hard drives and put the servers back into our pool as development and testing machines.
For months the COO had kept asking whether we still needed our consultant, each time as if it was a completely new inquiry. What pride was mine to finally tell him that no, we didn't.
The new SAN helped. We weren't running out of space anymore and it was expandable and easy to use and very quick to back up.
AD paid dividends. I was able to create scripts for the other engineers and to provision user features remotely. Printers, hard drives, icons on the desktop, just about everything seemed to go in after "gpupdate". GP Preferences with AD FL 2008 added even more simplicity. I began putting all the servers on the domain and adding much of what was missing. We got terminal server access mixed with our Cisco VPN. IT could access everything from home. Then so could the users.
For months the COO had kept asking whether we still needed our consultant, each time as if it was a completely new inquiry. What pride was mine to finally tell him that no, we didn't.
The new SAN helped. We weren't running out of space anymore and it was expandable and easy to use and very quick to back up.
AD paid dividends. I was able to create scripts for the other engineers and to provision user features remotely. Printers, hard drives, icons on the desktop, just about everything seemed to go in after "gpupdate". GP Preferences with AD FL 2008 added even more simplicity. I began putting all the servers on the domain and adding much of what was missing. We got terminal server access mixed with our Cisco VPN. IT could access everything from home. Then so could the users.
And then I gave our little helpdesk the ability to remote into a user's machine and fix problems on the users very own desktop. No more running out for room visits.
I simplified the user account creation process. I simplified the workstation deployment process. I simplified the user account customizations we did. I automated and streamlined the MS patching. All done centrally. No more of this one user per custom built computer the way we used Novell (you can't log onto anyone else's because it wouldn't work). Computers were generic, replaceable now. If yours died, we could exchange the box quickly and restore just about everything quickly.
We could get done in hours what took days. We could get done in minutes what took hours.
That did make the other senior engineer happy.
McAfee ePO was upgraded and new features added. Application firewall was monumentally useful. I could bring up a server, add it to AD, add it to the right group in ePO, and suddenly it was locked down very tightly. My domain servers, my DNS, my DHCP. I spent weeks fine tuning the profiles and developing the (slightly) more complex procedures now needed to patch them (so as not to upset the application firewall and break everything).
It was beautiful. A lot else was done. After AD, I began working on virtualizing. I got maybe one third of the servers virtualized before my time was up. I tried VMWare but ended up with Hyper-V. I had reasons. I just don't remember what they were.
I became part of the security working group for a campus IT innovators project and ended up giving minor lectures to the campus engineers. And on occasion they even consulted with me on the projects they had.
We added another engineer and now we were five. Student workers were coming and coming to help with the migration and later with the student affairs database redesign.
We were doing more with a lot less, in fact, and because of that we were getting more.
I simplified the user account creation process. I simplified the workstation deployment process. I simplified the user account customizations we did. I automated and streamlined the MS patching. All done centrally. No more of this one user per custom built computer the way we used Novell (you can't log onto anyone else's because it wouldn't work). Computers were generic, replaceable now. If yours died, we could exchange the box quickly and restore just about everything quickly.
We could get done in hours what took days. We could get done in minutes what took hours.
That did make the other senior engineer happy.
McAfee ePO was upgraded and new features added. Application firewall was monumentally useful. I could bring up a server, add it to AD, add it to the right group in ePO, and suddenly it was locked down very tightly. My domain servers, my DNS, my DHCP. I spent weeks fine tuning the profiles and developing the (slightly) more complex procedures now needed to patch them (so as not to upset the application firewall and break everything).
It was beautiful. A lot else was done. After AD, I began working on virtualizing. I got maybe one third of the servers virtualized before my time was up. I tried VMWare but ended up with Hyper-V. I had reasons. I just don't remember what they were.
I became part of the security working group for a campus IT innovators project and ended up giving minor lectures to the campus engineers. And on occasion they even consulted with me on the projects they had.
We added another engineer and now we were five. Student workers were coming and coming to help with the migration and later with the student affairs database redesign.
We were doing more with a lot less, in fact, and because of that we were getting more.
No comments:
Post a Comment