2009/3/30 Pat Moloney <[email protected]>: > > In a company i used to work for we had a large bank of test machines and > each batch was allocated to various teams depending on requirements. > > Every now and again no one knew what a particular bank of machines did > due to re-orgs and team shuffles so we simply hit the power button and > shut them down until someone came crying. If they came crying within a > month or two they kept the machines if not they were re-allocated.
If you follow this approach you have to make sure that when the machines come back on they get patches straight away. > Once a year after we had re-allocated a bank of machines someone came > looking for them. Its always interesting to see someone's reaction when > you give them the dates they were re-allocated and its over 6 months I love the idea of not touching a machine for 6 months + then realising it has disappeared and wondering why. Robin > Mind you the above approach may get you killed if its a mission critical > system > > ------------------------------------------------------------------------------------------------------------- > > There are software packages specifically designed for auditing networks > and the above scenario .I cant recommend one as i work for a company > that writes auditing software and am bias. > > > > > > > Vincent Lape wrote: >> Robin, >> >> @ my last company we were required to physically inventory every >> machine & process runnong every 6 months. In our datacnter (about 800 >> physical servers) it took us a week. Granted this may not be ideal in >> all cases however our environment dealt with financial data and we >> didnt want to be the next T J Maxx :) >> >> The issue we found was exactly as you had stated. typically the dev >> tam called someone in the middle of the night to put up a machine for >> whatever reason. Of course this request was generally followed by a >> call from an executive telling you to just get it done. months later >> when the dev team was done with it they would tend to put mission >> critical processes on "test machines" >> >> anyhow the point is we should be diligent in auditing the >> infrastructure on a regular basis and providing a valid business cause >> as to why any particular machine is on the network. >> >> >> On Mar 30, 2009, at 10:14 AM, Robin Wood wrote: >> >> >>> 2009/3/30 Dan McGinn-Combs <[email protected]>: >>> >>>> In my limited experience, people, sysadmins and developer alike, >>>> remember virtual machines. Especially when they require someone to >>>> turn them on or eat developer workstation resources. >>>> Dan >>>> >>> I wasn't thinking virtual I was thinking real ones where one gets put >>> under a desk or in a spare bit of rack and then forgotten about. Being >>> a server it would never be shutdown or rebooted so would just run and >>> run. >>> >>> Robin >>> >>> >>>> -----Original Message----- >>>> From: Robin Wood <[email protected]> >>>> Sent: Monday, March 30, 2009 5:19 AM >>>> To: PaulDotCom Mailing List <[email protected]> >>>> Subject: [Pauldotcom] orphaned machines >>>> >>>> Hi >>>> In one of the last couple of episodes Larry mentioned machines which >>>> were orphaned when people left a company, my immediate thought was >>>> along a different track to what was discussed so I thought I'd >>>> mention >>>> it. >>>> >>>> What about temporary machines which are setup by sys-admins for >>>> specific jobs or departments when the sys-admin leaves. Maybe a >>>> developer needed a server with a specific version of mysql on it to >>>> test a bug, the machine gets put on the network as a temporary thing >>>> but then the sys-admin who does it leaves and the developer finishes >>>> his testing and forgets about it. I can think of quite a few >>>> scenarios >>>> where pet projects or temporary machines are forgotten about or lost >>>> when someone leaves. >>>> >>>> I supposed one solution to this is to make sure that every machine >>>> that gets added to a network is logged but in reality I think people >>>> are likely to be lazy and for short term installations bypass the >>>> paperwork. An alternative is to scan the network regularly and pick >>>> up >>>> any machines which are new or not in an approved list and have them >>>> checked out. The problem with this is that once the machine is >>>> vouched >>>> for once it becomes a recognised part of the network so wouldn't be >>>> picked up as an anomaly. >>>> >>>> So, that was my thought when orphaned machines were mentioned. >>>> >>>> Robin >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list\ >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
