Month: August 2012

System definitions

I’ve ran into another example of this recently. I really don’t get why this concept so hard for so many people. You have to have a definition of your system in some form that can be consumed or taken as an input. No automation will happen without it. It doesn’t really matter what it is. You can use Puppet or Chef or CFengine or VMWare templates or SCCM or even Visio…..the list is endless. What you absolutely don’t do is have a form asking someone to fill out their system details in a free text box. That scales to about 4 systems. Hell, just type it like this in a word processor of your choice:

{

“servername”: “MySuperSever”

“OS”: “Favorite Linux distro”

“APP”: “Super Widget for TPS reports”

}

Even as a completely stand-alone approach, at the very least you’re creating a blueprint of your systems and a foundation for the future. Something that can be replicated, analyzed, plugged in, transformed and consumed down the road.

 

 

Where IT goes to die

I spent the better part of the last decade at different startups and web companies, but one of my recent consulting gigs led me to a Fortune 500 company. I’ve done work at large enterprises before, but I really did forget what it’s like and it amounted to a rather jarring experience. I’ve entered a deep and dark world of enterprise architecture, frameworks, meaningless acronyms and a cesspool of “enterprise” software where it seems to breed and reproduce uncontrollably. It’s a place with abstraction at every layer, except anywhere that’s relevant.

Sometimes I got a sense that I was warped in time at least 10 years back and that everyone around me was moving at different speed. To paraphrase a famous quote: “It’s not that they are lazy, it’s just that they don’t care”.

I do have to mention some caveats. These are purely observations on IT/Ops and I had barely any idea what was happening on the dev side (which is a problem in itself). I also didn’t have visibility into every part of the organization, so perhaps everything is wonderful in other areas, though I have my doubts.

Continue reading

Security & Devops

That’s a good post about the inherent conflict between devops and security. I like his points and I think the most relevant item is automation. WAF policies should be one of the core requirements during the development process and similar to identifying everything else. Ideally, it would almost be a unit test during the workflow between qa/dev/staging/prod.

 

https://securosis.com/blog/pragmatic-waf-management-application-lifecycle-integration