1 / 6

New Hostname Policy

New Hostname Policy. Service Managers experience and feedback IT/OIS. Issues for Service Managers. AD & LanDB : "Object oriented" database deviceA DIFFERENT from InterfaceA DIFFERENT from AliasA LanDB sets NOT possible with aliases XLDAP queries: on which object ??

malaya
Download Presentation

New Hostname Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New Hostname Policy Service Managers experience and feedback IT/OIS

  2. Issues for Service Managers • AD & LanDB: "Object oriented" database • deviceADIFFERENT from InterfaceA DIFFERENT from AliasA • LanDBsets NOT possible with aliases • XLDAP queries: on which object ?? • Monitoring & management require computer name • AuthN, AuthZ, group memberships • Need the computer object name • Major source of mistake • Remote access • Secure channels NOT working out of the box with DNS aliases • Certificates and Kerberos • Cannot automate their distribution on Aliases New Hostname Policy - 2

  3. Reasons for this policy ? • Serial number / order number MUST be an attribute • Are we named by our CERNID ? • Reasons behind are obscure • Database synchronization problems ? Primary Key ? • A technical issue should not be distributed to all IT. • System was designed for batch and hypervisor nodes • Works for random anonymous nodes, fails for service specific dedicated nodes • No idea of what others in IT are doing ? • Reinventing DNS • 137.138.12.13 -> P2013412334352324353 -> TOTO01 New Hostname Policy - 3

  4. Policy application • Mr. P201300433339113 • If you can’t adapt, you’ll have to redo your services differently • Mr. P201255300322125 • Sorry guys, it’s a departmental policy • Started with Exceptions (batch orders Fall 2013) • Proves using any name is possible • Shows that these exceptions can be a rule • Continues with Exceptions • Must be justified by the Group leader (memo ? EDH document ?) New Hostname Policy - 4

  5. Summary • Imposing this policy will lead to: • Random service failure • IT internal misunderstanding • Rework the policy • Get knowledge of other services • Ask for ideas • Everyone is willing to contribute and collaborate • Design a system without exceptions where everyone can work efficiently New Hostname Policy - 5

  6. Backup Slide Issues in using alias names (instead of host names)... • Active directory (core Windows feature): "object oriented" databasecomputerAobject DIFFERENT from aliasA object • DC,LDAP requests: lot of scripts using dynamic criteria (e.g. 'select * where hostname like 'XLDAP') NOT working with aliases • Permissions, certificates, delegation, attributes, group memberships and policies NOT applicable to 'alias' objects • Windows Management tools NOT working remotely with alias names • WMI (Windows Management Instrumentation) => NOT always working remotely • Quota subsystem • Powershell: signed and/or encrypted scripts • WINS (NetBIOS) infrastructure NOT working with aliases • Front-end/back-end applications NOT working with aliases AD based => authentication, authorization, permissions, group memberships => targeting computer objects • Network load balancing (machines sharing the same resources: e.g. adfs, ldap, exchange, sharepoint, web, etc.) • DFS replication, Exchange replication • SCOM (System Center Operations Manager - Monitoring) • SCCM (System Center Configuration Manager - Installation/Configuration) • SCVMM (System Center Virtual Machine Manager - Virtual infrastructure) • CMF (Computer Management Framework - Software deployment) • lanDB : "Object oriented" database as welldeviceADIFFERENT from InterfaceA DIFFERENT from AliasA • manipulation in lanDB sets NOT possible with aliases • round robin definitions NOT feasible with aliases • DFS access • \\aliasA\sharename NOT working out of the box • Aliases not directly exposed to end-users (except in lanDB!) • Backup/restore operations (service-desk 2nd,3rd levels + sysadmins) impacted • DFS servers working as pairs (data11/12, data13/14, etc.), association not anymore with Pxxx/Pyyy • Remote accesses • Secure channels NOT working out of the box with DNS aliases • RDP => specific certificates required • SCOM (Monitoring) • E-mail and SMS notifications raised by alerts containing host-names (not aliases) • how to identify CERNDCxx , AFSDBxx, DFSrootxx ? • Internally: (AD based) proxying, permissions, delegation NOT possible with aliases New Hostname Policy - 6

More Related