Analyze it, or why I am late every day and get a bonus
The idea to write this article was born about a week ago, it was then, in the company where I work for about 3 years, I got an assistant.
A couple of days after he left for work, a brief excursion and a small theory, the question was asked of him: “Why do you pay so little? After all, the availability of all services and services you have at least 99.98% during working hours as early as more than a year ... "
To be honest, I didn’t expect exactly this question, and I wasn’t ready to answer that very second, but after five minutes of reflection, all thoughts fell into place, I tried to formulate an answer, and gave something as follows:
- Firstly, I like my job and I work for my pleasure.
- Secondly, I come to work when I have enough sleep (usually around lunchtime), I leave no later than 18.00, and at any time I can leave for 2-3 hours for my personal affairs.
- Thirdly, $ 1500 is not such a small amount for the third largest city in Russia.
')
And now I want to talk about how I achieved this, and what it cost me. To whom it is interesting, I ask under the cat:
Not so long ago, just some 2 and a half years ago, I graduated from college with a degree in Automated Control Systems, and came to this city in order to find an interesting and decent job. During the time that I had to go to couples and sleep in lectures, I had an excellent chance to work for the benefit of the walls in which I was taught - at CIT (Information Technology Center). It was there (in CIT) that I saw Linux for the first time, heard a lot of unknown words for me and fell in love with my profession. On the basis of CIT, I wrote a diploma about Asterisk 'e already known, received excellent and went out into the world filled with new knowledge and technologies.
After I wrote the resume, they called me and called me for an interview at one rather big computer company. As it turned out, the key point was Asterisk , and they took me to work.
As a result, with a record in labor, I received about 30 servers of 250 workstations.
Of course, we must begin with an understanding of what works with what and how it all interacts. Those who came to work in a company that already someone did, know that it is not easy, and sometimes it is terribly difficult to understand the train of thought of someone whom you have never even seen. Having got my workhorse at my disposal, I put SlackWare there, first of all, I picked up monitoring for understanding and clarity, the choice fell on XYMON , since it is very informative and quite simple to install and configure, fping 'ohm scanned the entire range of the local network, and nmap ' ohm determined what needs to be monitored and what not.
Now, after 5 working hours, I had an initial idea of ​​where I went and what to do next.
Since the company's divisions were located in 5 different points of the city, the first and main problem was precisely in a single network environment, namely 1C, mail, telephony, etc. Alt Linux with OpenVPN , which clearly could not cope with its tasks, stood as routers in each department, and after a brief analysis, it was decided to replace it all with OpenBSD + IPSec . The transition to the new routing system took about 2 months. During this time, all the "new" gates were raised and tested, for access from the outside I put OpenVPN with registered certificates, after which it was time to move on to Problem No. 2.
It so happened that my predecessors didn’t really care about what was going on at the user’s workstations, so I watched not just hotbeds, but entire colonies of viruses, Trojans, rootkits and other rubbish that can be picked up from ICQ or obscure sites dating First of all, I decided to limit access to all resources unrelated to the direct activities of the company, and it started. As a proxy, SQUID + SAMS + KERBEROS + AD was chosen (Fortunately, no domain was raised), black lists and regular expressions were set up to block “unnecessary” content in my opinion.
Now, when all Internet traffic is monitored by me, it is the turn of the anti-virus, everyone chooses his own, and I always used Kaspersky , and first of all, on my working machine (which already has a monitoring server) I raise the virtual machine. Chose the VBOX , because it is very easy to install on slackware and can be run in background mode. Now you can raise w2k3 for the Kaspersky Anti-Virus administration server. It remains only to configure. Part of the post block is ready. Go ahead.
As mentioned above, something terrible was happening on the network, 75-80% of workstations were infected with viruses. In my opinion, the surest way to get rid of viruses is format C, as I did, but before that I had to save all very important information, such as mail, and so on. For temporary and permanent backups, as well as for shared files, in each unit the “servers” with samba were raised, the capacity was 1TB in Raid 1. Reinstallation took place in parts. To begin with, units with the smallest number of computers were selected, everything necessary was prepared, and starting from Friday evening to Monday morning, a Windows machine was rolled on and the necessary software was installed. After installing everything you need, the full image of the screw was taken from the machines and went to the same backup server.
After some 5-6 months, all the workstations were brought to full alert and for each of them there was an adequate backup, which took place within 5-10 minutes. Now, when users are no longer nervous because of frozen applications, one could go further.
Of course, this cannot be called a problem, but I, why it hurt a lot. And it was the distribution of the numbering plan on the Asterisk server. In those glorious times when Asterisk appeared in the company, numbers were distributed to everyone in order, and since then they have just added, and added, that is, internal number starting 1 could be in all 5 remote offices.
After some deliberation and coordination at the top level, it was decided to use 4-digit numbers. For each remote office, the first digit was its own, and the remaining three digits were for internal divisions, i.e. to call the call center operators for each unit, they were changed by only the first digit. The same applied to the authorities, security, etc. The Asterisk CDR and Asterisk FOP were also installed for the call center operators.
Since I worked mostly alone, I practically did not have the opportunity to answer the internal telephone for the first year. Redirection to the cellular saved, but, unfortunately, not everything can be solved by phone, it is time to think about helpdesk. Having researched everything on the Internet, I liked OOZ , installed it all on the same working machine, distributed logins and passwords to the heads of departments, made a small presentation and conducted a short training. The period also came when I began to forget how to do what I had already done. For example, the settings of the shaper, or pf, and I decided to make some reference book by selecting MediaWiki for this. Now most of the problems encountered by users, they can solve themselves by opening the appropriate section (my recruit is now studying it with great pleasure).
The company in which I work, this year will celebrate its 15 years, and our domain has long been known, now the fight against spam after all that I have already managed to do has come to the first place. The mail server is managed by the same slackware + CommuniGatePro (once purchased long ago). He used to have spamassasin, but he didn’t cope with his direct duties, now he has Kaspersky anti-spam in his partners and spam has become much less.
Since the last "global" problem (blackout in the server), more than half a year has passed. Since then, I am late every day, play solitaire, drink tea, and do not work at night.
This can be finished, although you could still write a lot about how I fought with 1C, the domain, network printers and other office equipment, but over time something was forgotten.
Thanks for attention!
UPD: Many thanks to those who helped me in this difficult period, namely: Gennady Yakovlev, Vitaly Dyuryagin, Pyatnitsin Vyacheslav, Radeonov Mikhail, Kadyrov Ruslan, Ivanov Anton, Varenov Dmitry, and Ovchinnikov Vyacheslav!
A couple of days after he left for work, a brief excursion and a small theory, the question was asked of him: “Why do you pay so little? After all, the availability of all services and services you have at least 99.98% during working hours as early as more than a year ... "
To be honest, I didn’t expect exactly this question, and I wasn’t ready to answer that very second, but after five minutes of reflection, all thoughts fell into place, I tried to formulate an answer, and gave something as follows:
- Firstly, I like my job and I work for my pleasure.
- Secondly, I come to work when I have enough sleep (usually around lunchtime), I leave no later than 18.00, and at any time I can leave for 2-3 hours for my personal affairs.
- Thirdly, $ 1500 is not such a small amount for the third largest city in Russia.
')
And now I want to talk about how I achieved this, and what it cost me. To whom it is interesting, I ask under the cat:
Not so long ago, just some 2 and a half years ago, I graduated from college with a degree in Automated Control Systems, and came to this city in order to find an interesting and decent job. During the time that I had to go to couples and sleep in lectures, I had an excellent chance to work for the benefit of the walls in which I was taught - at CIT (Information Technology Center). It was there (in CIT) that I saw Linux for the first time, heard a lot of unknown words for me and fell in love with my profession. On the basis of CIT, I wrote a diploma about Asterisk 'e already known, received excellent and went out into the world filled with new knowledge and technologies.
After I wrote the resume, they called me and called me for an interview at one rather big computer company. As it turned out, the key point was Asterisk , and they took me to work.
As a result, with a record in labor, I received about 30 servers of 250 workstations.
Where to begin?
Of course, we must begin with an understanding of what works with what and how it all interacts. Those who came to work in a company that already someone did, know that it is not easy, and sometimes it is terribly difficult to understand the train of thought of someone whom you have never even seen. Having got my workhorse at my disposal, I put SlackWare there, first of all, I picked up monitoring for understanding and clarity, the choice fell on XYMON , since it is very informative and quite simple to install and configure, fping 'ohm scanned the entire range of the local network, and nmap ' ohm determined what needs to be monitored and what not.
Now, after 5 working hours, I had an initial idea of ​​where I went and what to do next.
Problem number 1
Since the company's divisions were located in 5 different points of the city, the first and main problem was precisely in a single network environment, namely 1C, mail, telephony, etc. Alt Linux with OpenVPN , which clearly could not cope with its tasks, stood as routers in each department, and after a brief analysis, it was decided to replace it all with OpenBSD + IPSec . The transition to the new routing system took about 2 months. During this time, all the "new" gates were raised and tested, for access from the outside I put OpenVPN with registered certificates, after which it was time to move on to Problem No. 2.
Problem number 2
It so happened that my predecessors didn’t really care about what was going on at the user’s workstations, so I watched not just hotbeds, but entire colonies of viruses, Trojans, rootkits and other rubbish that can be picked up from ICQ or obscure sites dating First of all, I decided to limit access to all resources unrelated to the direct activities of the company, and it started. As a proxy, SQUID + SAMS + KERBEROS + AD was chosen (Fortunately, no domain was raised), black lists and regular expressions were set up to block “unnecessary” content in my opinion.
Now, when all Internet traffic is monitored by me, it is the turn of the anti-virus, everyone chooses his own, and I always used Kaspersky , and first of all, on my working machine (which already has a monitoring server) I raise the virtual machine. Chose the VBOX , because it is very easy to install on slackware and can be run in background mode. Now you can raise w2k3 for the Kaspersky Anti-Virus administration server. It remains only to configure. Part of the post block is ready. Go ahead.
Problem number 3
As mentioned above, something terrible was happening on the network, 75-80% of workstations were infected with viruses. In my opinion, the surest way to get rid of viruses is format C, as I did, but before that I had to save all very important information, such as mail, and so on. For temporary and permanent backups, as well as for shared files, in each unit the “servers” with samba were raised, the capacity was 1TB in Raid 1. Reinstallation took place in parts. To begin with, units with the smallest number of computers were selected, everything necessary was prepared, and starting from Friday evening to Monday morning, a Windows machine was rolled on and the necessary software was installed. After installing everything you need, the full image of the screw was taken from the machines and went to the same backup server.
After some 5-6 months, all the workstations were brought to full alert and for each of them there was an adequate backup, which took place within 5-10 minutes. Now, when users are no longer nervous because of frozen applications, one could go further.
Problem number 4
Of course, this cannot be called a problem, but I, why it hurt a lot. And it was the distribution of the numbering plan on the Asterisk server. In those glorious times when Asterisk appeared in the company, numbers were distributed to everyone in order, and since then they have just added, and added, that is, internal number starting 1 could be in all 5 remote offices.
After some deliberation and coordination at the top level, it was decided to use 4-digit numbers. For each remote office, the first digit was its own, and the remaining three digits were for internal divisions, i.e. to call the call center operators for each unit, they were changed by only the first digit. The same applied to the authorities, security, etc. The Asterisk CDR and Asterisk FOP were also installed for the call center operators.
Problem number 5
Since I worked mostly alone, I practically did not have the opportunity to answer the internal telephone for the first year. Redirection to the cellular saved, but, unfortunately, not everything can be solved by phone, it is time to think about helpdesk. Having researched everything on the Internet, I liked OOZ , installed it all on the same working machine, distributed logins and passwords to the heads of departments, made a small presentation and conducted a short training. The period also came when I began to forget how to do what I had already done. For example, the settings of the shaper, or pf, and I decided to make some reference book by selecting MediaWiki for this. Now most of the problems encountered by users, they can solve themselves by opening the appropriate section (my recruit is now studying it with great pleasure).
Problem number 6
The company in which I work, this year will celebrate its 15 years, and our domain has long been known, now the fight against spam after all that I have already managed to do has come to the first place. The mail server is managed by the same slackware + CommuniGatePro (once purchased long ago). He used to have spamassasin, but he didn’t cope with his direct duties, now he has Kaspersky anti-spam in his partners and spam has become much less.
Since the last "global" problem (blackout in the server), more than half a year has passed. Since then, I am late every day, play solitaire, drink tea, and do not work at night.
This can be finished, although you could still write a lot about how I fought with 1C, the domain, network printers and other office equipment, but over time something was forgotten.
Thanks for attention!
UPD: Many thanks to those who helped me in this difficult period, namely: Gennady Yakovlev, Vitaly Dyuryagin, Pyatnitsin Vyacheslav, Radeonov Mikhail, Kadyrov Ruslan, Ivanov Anton, Varenov Dmitry, and Ovchinnikov Vyacheslav!
Source: https://habr.com/ru/post/113628/
All Articles