Accurate Time is Important

The real time clock built in to your computer is accurate enough for most applications. Setting it from your watch can mean it’s off by a few minutes, but it will maintain that (incorrect) time fairly well. Join a network with that computer, and suddenly the correct time becomes important. Here’s why:

1. Network Protocols Rely on Accurate Time – Many network protocols, including encryption, data transport, and data caching require the sending and receiving hardware to have accurate time to function well.
2. Log Analysis Needs Accurate Time – Analyzing data across machines in multiple log files is impossible without those machines agreeing on the time.
3. Legal Records Require Accurate Time – When you are being cross-examined and are asked “Well, how can you be sure that was the exact time in your logs?” you will be able to demonstrate the automatic process that keeps all of your computer clocks accurate.
4. Contractual Records Require Accurate Time – Knowing when a request was fulfilled is needed for billing and royality payment purposes.

Setup the NTP Server

Most *nix distributions will have NTP available to install if not installed by default. Once installed, configuring the server is as easy as:

1. Select one or two close servers from which to obtain accurate time. See The NTP Servers Web for a list of public servers. List these servers with the “server” directive in your ntp.conf file.
2. Use the “restrict” directive. List the network(s) allowed to query the time.
3. Run ntpdate several times. Until the “offset” returned is less than 1.
4. Start the ntpd service. And make sure it runs after a reboot.

You are going to set up more than one of these, right? Single Point of Failure (SPoF) is usually a bad thing…

Setup the NTP Clients

Setting up the client is almost the same procedure as setting up the server.

1. Setup your client to use your local NTP servers. List these servers with the “server” directive in your ntp.conf file.
2. Run ntpdate several times. Until the “offset” returned is less than 1.
3. Start the ntpd service. And make sure it runs after a reboot.

You may also want to change the startup script to include ntpdate -b server at start up (and before starting the daemon). This will cause the time to jump to the correct time instead of being slowly adjusted toward the correct time. Handy if your clock is way off.

Setup a Stratum 1 Server

Want to setup NTP, but on an isolated network? No problem – just setup a stratum 1 server. In NTP, “stratum” describes the distance from a stable time source – higher number is further away. Stratum 0 is the reference time source itself, like WWV or a cesium clock. Stratum 1 is the computer directly connected to the reference clock. Most reference clocks are too expensive to run yourself, but there is cheap time source that is easy to setup and connect to your NTP server.

1. Obtain a Stratum 0 time reference – Use your favorite internet search engine to find a “pulse-per-second” GPS receiver. In January of 2009, Garmin has an OEM model for about $70. Since a GPS knows it’s location by comparing it’s (derived) hyper-accurate clock against the time broadcast from GPS satelites, it can tell you the exact time, as well as it’s location. Learn more details in this great tutorial.
2. Connect the GPS to the Server – The pulse-per-second feature sends a signal every second down a wire. Plug that wire into your serial port, and NTP can use that time source as an NTP server.

This post certainly isn’t enough information to set up a stratum 1 server, but it really is pretty easy. To really set it up, you need to read the NTP docs, search the ‘net, and read the great articles that you find.

The Encrypted Network Tunnel

While researching ways of securing a connection between two networks (VPNs, SSH, etc) I kept finding pages that detailed setting up an SSH tunnel to bypass your company’s web browsing policy. And while I don’t condone that activity, there are those of us who’s job it is to prevent it from happening, so best to know how to do it. And there are legitimate reasons to use it. Creating a tunnel changes your origination point – create a tunnel to a machine in a far off land, and your web server will see the far off land as the origination of the request. So, it’s great for testing!

Three Easy Steps

So, let’s setup a tunnel! MAKE SURE YOU ARE ALLOWED TO DO SO then follow these simple steps:

1. Create an SSH Tunnel – Open an ssh connection to a host you are able to login to and specify a port to listen on for a SOCKS tunnel.
   

   ssh -D port hostname

2. Use Your Tunnel as a SOCKS Proxy – Configure your browser to use your local machine (on the same port) as a SOCKS proxy.
   

   Socks Proxy: localhost Socks Port: port from above

3. There is no step 3 – Because a SOCKS proxy is built into SSH, nothing else is needed!

If you can SSH to it, then you can proxy through it

That’s all there is to it. You can now use your local browser as if it was running on the remote machine. Any machine you can SSH to is now part of your test bed. Just to prove how simple it is, I have tested this setup using the rather stripped down environment in my wireless router as the server. It worked perfectly. This setup is equally simple on a Mac (although upgrading to the latest OpenSSH is a good idea) and Windows machines (using PuTTY as your SSH client).

Cell Phone

The cell phone is absolutely required for anyone in an operations role. Operations is a 24×7 job, and in many cases a cell phone is the difference between an outage that is a minor annoyance to you and your family, and a major login-and-fix-it event.

• Let each employee get her own phone – mandating a make or model is a waste for some people and insufficient of others.
• Let each employee use the network of her choice – Cell networks do have outages of their own, and this spreads out your risk.
• Let each employee get a Text/SMS feature in the plan – Use Text/SMS instead of a pager, and as mobile Instant Messaging.
• Consider allowing the Web feature in the plan – Being able to check the company website while mobile is a huge win, if that is part of the job.
• Get a hands free kit – That makes it so much easier to type without hurting your neck.

SMS / Pager

The pager is old technology, so if you have SMS on your cell phone, I don’t see a need for it. The one case where a pager wins is it’s coverage. While I can get an SMS in places where I can’t get a call, I can get a page in places that my cell phone is totally useless.

Use a pager if cell phone coverage is an issue in your area.

Desk Phone

Do we need another phone at our desk? Unless you need some feature that a desk phone has and your cell phone does not, ditch it.

If you do need one, consider VoIP alternatives. You become your own telephone provider, and may save in the process.

Conference Calls

A good conference call system is a valuable tool for collaboration while solving problems. You can run your own (Cisco’s Meeting Place is a popular one) or you can pick between many third party providers (just search for “conference call providers”)

The first step to management, is to have an understanding of what you are responsible for managing. This is important when you are managing people, of course, but equally so when you are managing hardware. A good inventory will make sure no machine is forgotten when it comes to backups, monitoring, and every other task you will be seeing through.

Hardcopy

I am a true believer in the power of – paper & pencil. Lugging a laptop out to the data center floor is a pain, but paper is light-weight, fool-proof, and require no power. It will serve as a physical backup of the softcopy, and an easy way to demonstrate what you physically own.

Take a look at the paper you can download from D*I*Y Planner. In addition to first-class calendar and planner layouts that you can print and use for free, they have a user-submitted templates section. The Technology section has a few templates specifically for hardware inventory.

Any hardcopy you choose should detail what the hardware is, and where it is, at a bare minimum.

Softcopy

The softcopy version of your inventory will be important for scripting your installs. Keep it in a flat file if you have a small installation, or a database if you have many to keep track of. Just make sure you can get a list of machines, and some information about them from your command line.

What else?

What do you use to keep track of your machines? Let me know in the comments.