Using Debian for Enterprise Infrastructure Stanford University: A - - PowerPoint PPT Presentation

using debian for enterprise infrastructure
SMART_READER_LITE
LIVE PREVIEW

Using Debian for Enterprise Infrastructure Stanford University: A - - PowerPoint PPT Presentation

Aug 22, 2022 465 likes •655 views

Stanford University July 26, 2014 1 Using Debian for Enterprise Infrastructure Stanford University: A Case Study Russ Allbery August 3, 2010 Russ Allbery (rra@stanford.edu) Stanford University July 26, 2014 2 Introduction Stanford

slide-1
SLIDE 1

Stanford University July 26, 2014 1

Using Debian for Enterprise Infrastructure

Stanford University: A Case Study Russ Allbery August 3, 2010

Russ Allbery (rra@stanford.edu)

slide-2
SLIDE 2

Stanford University July 26, 2014 2

Introduction

  • Stanford University, IT Services, Infrastructure Delivery Group
  • Maintain campus core infrastructure, including

– Authentication (Kerberos, WebAuth, Shibboleth) – E-mail routing and mail delivery – Web servers, including www.stanford.edu – Distributed file system (AFS) – Account provisioning – Active Directory

  • Sister group does system administration for hire

Russ Allbery (rra@stanford.edu)

slide-3
SLIDE 3

Stanford University July 26, 2014 3

What enterprise means

  • Large user population
  • Diverse array of services
  • Ubiquitous, invisible, and foundational services
  • Diverse client platforms and requirements
  • Diverse server and application platforms and requirements
  • ...including Windows

Russ Allbery (rra@stanford.edu)

slide-4
SLIDE 4

Stanford University July 26, 2014 4

Enterprise means working with Windows

  • Windows is not your enemy in the environment

– Mutual disrespect helps no one – Worth earning a reputation of being passionate but fair

  • Windows supports standard protocols to a surprising extent

– LDAP – Kerberos – Web services and Negotiate-Auth

  • Example of Active Directory account creation
  • Working with Windows mandatory to get into the conversation

Russ Allbery (rra@stanford.edu)

slide-5
SLIDE 5

Stanford University July 26, 2014 5

Enterprise means conservative

  • Enterprise infrastructure is not the business or goal
  • Infrastructure technology should be reliable and invisible
  • Infrastructure problems can break your organization, but rarely make it

succeed

  • Organizations leery of solutions only one person understands
  • Known quantities are lower risk
  • Did they read about it in CIO magazine?

Russ Allbery (rra@stanford.edu)

slide-6
SLIDE 6

Stanford University July 26, 2014 6

Getting into the conversation

  • Debian has a lot of features, but first it has to get in the running
  • Competing largely against other Linux, particularly Red Hat
  • Large software repository is a huge selling point
  • Pre-packaged scientific software helpful in some environments
  • Stable release cycle and speed is perfect
  • Stable plus backports hits a flexibility versus stability sweet spot
  • Debian is both integrated and flexible
  • Debian is not that different

Russ Allbery (rra@stanford.edu)

slide-7
SLIDE 7

Stanford University July 26, 2014 7

Practicality matters most

  • Does it work?
  • Is it efficient?
  • Does it hurt hiring?
  • Can it build flying cars?

Russ Allbery (rra@stanford.edu)

slide-8
SLIDE 8

Stanford University July 26, 2014 8

Building flying cars

  • Flexibility and open standards are the key
  • Most problems are integration problems
  • Technology is driven by shiny products acquired by clients
  • What’s shiny is outside your control
  • Solution needs to work, not be the thing someone read about
  • Emphasize solutions over products

Russ Allbery (rra@stanford.edu)

slide-9
SLIDE 9

Stanford University July 26, 2014 9

Enterprises run many environments

  • Deploy applications on the platforms they understand
  • Running multiple environments is expensive
  • The expense is worth it — sometimes
  • Know where Debian is a fit and where it isn’t

– Proprietary software with support contracts is a hard battle – Well-understood commodity services are much easier – Integration of obscure free software is ideal

  • Keep the overhead of adding Debian low
  • Don’t say no

Russ Allbery (rra@stanford.edu)

slide-10
SLIDE 10

Stanford University July 26, 2014 10

Enterprise means customized

  • Different problem than what stock Debian is solving
  • Different problem even than Debian EDU
  • Can share a lot of packages and infrastructure
  • There will be local customization, but you can keep it minimal and often

transient – Postfix and address lookups – Cyrus SASL and server identity – OpenLDAP packaging

  • You must be prepared to customize
  • An enterprise looks a lot like a Debian derivative

Russ Allbery (rra@stanford.edu)

slide-11
SLIDE 11

Stanford University July 26, 2014 11

Your local repository

  • Don’t skimp; this is where your customization goes
  • Stanford using debarchiver, moving to reprepro
  • Multiple repositories for different purposes
  • Need custom archive distributions for particular services
  • Need good package build mechanisms
  • Supporting multiple releases is challenging
  • Supporting Ubuntu as an instance of that is challenging

Russ Allbery (rra@stanford.edu)

slide-12
SLIDE 12

Stanford University July 26, 2014 12

Package everything

  • Policy to package anything that isn’t a configuration file
  • Everything packaged means everyone learns how to package
  • Debian packaging has a difficult learning curve
  • People package on stable
  • cowdancer is awesome, but people struggle when builds fail
  • Debian’s packaging documentation is first-rate, but huge
  • Very important to have a local expert

Russ Allbery (rra@stanford.edu)

slide-13
SLIDE 13

Stanford University July 26, 2014 13

Installation issues

  • FAI is great
  • FAI versus VM cloning
  • Prefer to rebuild from scratch periodically
  • Need to think about keying infrastructure
  • Remote console is extremely important
  • Need a configuration management system in addition to FAI
  • We’re very happy with Puppet

Russ Allbery (rra@stanford.edu)

slide-14
SLIDE 14

Stanford University July 26, 2014 14

Internal documentation is vital

  • Debian offers lots of options, which is great for Debian
  • Inside the enterprise, document the one way to do it
  • Packaging teams, please help!
  • Good documentation partly addresses hiring, training concerns
  • Debian needs work on package checking, repository analysis

Russ Allbery (rra@stanford.edu)

slide-15
SLIDE 15

Stanford University July 26, 2014 15

Where Debian could help

  • Java
  • Language packaging teams, document how to package
  • Better multi-platform build automation integrated with repo
  • Better package checking for local package sets
  • Better monitoring and reporting of Debian-specific things, such as installed

packages and pending updates

  • Packaging has a long and slow learning curve
  • Keep doing what we’re doing

Russ Allbery (rra@stanford.edu)

slide-16
SLIDE 16

Stanford University July 26, 2014 16

Summary

  • Enterprise is about integration, customization, and flexibility
  • Debian packaging skills are enterprise sysadmin skills, and vice versa
  • Ideology is important, but not the public face to present
  • ...except after all other things are equal
  • A local expert is essential
  • Commercial software and being unusual are the biggest challenges

Russ Allbery (rra@stanford.edu)

slide-17
SLIDE 17

Stanford University July 26, 2014 17

Questions?

Russ Allbery (rra@stanford.edu)