System administration. Start
There are many tutorials for setting up programs (OSes, services, websites, etc.), but you rarely find a manual on organizational issues related to system administration. I must say, I have enough experience. The subject will be considered on my personal example of work, I will say straight away that any reasoned additions, and corrections are welcome. Also I will explain to the ministers minus: "I do not like? Do better! ”, And be sure to send a link, read with great pleasure.
Well, got a job? Even a sysadmin? Even in an office where there are from 5 to 50 computers (it is written for those who got employed exactly in such a company, because up to 5 it’s not a problem to cope and figure it out yourself, but there is no sense to rush immediately with a sword on tanks).
All the same you took! Congratulations! But do not be in a hurry to rejoice - a sysadmin, this is not the best position (and not a position at all, but a state of mind), when everything works you may not notice, and when the user has done something and everything hangs, the system administrator is certainly to blame.
I also want to note that there will not be considered the issues of network installation, equipment procurement, and similar things.
Setting up specific programs will not be considered, because Google and RTFM are the admin’s best friends.
')
The first thing you have to do is keep yourself from setting up a server and shifting the network, it will come to that. The first is to talk with the leadership. Ideal if you submit and communicate on organizational issues with the general. But in any case, you need to know from whom to receive instructions on work, otherwise each secretary will chase you.
Now it is advisable to go with a notebook, sketching the layout of the premises (in principle, you can take a fire evacuation plan and use it, but if you want precision, then take a construction plan (either in the BTI or in the accounting department, if not strange, they should have it, because the tax It requires a property tax, and it is calculated according to this plan.) We write it in a notebook (then ideally make a scheme in Visio or the SKS Expert) where what computer is (if you have a PBX, then what phone is). talking to his owner dealers-user-managery (underline, strike out too much) and know what software it uses and what he is not completely happy. So you need to get around the whole office, then sit down, think and lead to the information system.
From personal experience - My first job is a small company, 13 computers in the technical department, 5 in accounting, 10 computers in the sales department, servers - 1C, a gateway to the external network. WiFi - access point, hardware print server, two printers (shopping, accounting). PBX 6x16.
So, let's begin. No, we still do not go to the servers "put Linux there", and configure everything. Let's sit down and think about how everything should work in theory.
Important note - Rebooting the system on the server is a very tricky business, because most often there are no backup servers in medium and small companies, then you need to do this either at night, or on weekends, or on a separate computer.
After the familiarization was successful, there is a clear understanding in the head / on paper of how it works now and how it should work ideally. The next stop is the bosses. We voice our own ideas, we share the wishes of the workers (those that we collected at the very beginning).
From personal experience - I got something like this - Accounting - 1C Accounting, Bank-Client, Garant, Kontur-Extern. Trading department - 1C Trade and warehouse, CRM system, Bank-client (view only). Those. Department - a bunch of programmers, manuals, schemes. Total for all is Total Commander, Office, WinRar, Acrobat, Opera, Anti-Virus, Email Client. In general, look at your situation, as they say to each his own.
It was announced how it was necessary, but it stood like a hail, someone did not have an office, someone had a CRM, and everyone ran to each other to look :)
On servers - 1C - pure Windows 2003, antivirus, 1C bases. Internet - Windows 2003, Kerio, Merak Mail Server, antivirus.
All this was spinning in the working group, the concept of security was absent, sorting in documents and manuals was also absent.
Initially, the first things were done - checking for viruses (there were reptiles and inquisition committed to them), checking for disk and registry errors, anyone can find. Also, since I came to work not just as a sysadmin, but also following the 1C, 1C checked, duplicates removed, all that was not needed remotely.
Now you can take on servers. Perhaps we start with the Internet. So the first question is what services are required of it - I got about this situation - control, tariffing and statistics on users, with quoting and banning certain sites, mail server, DNS, firewall, proxy, FTP. The solution can be assembled both on Windows and on * nix.
Example - Windows - kerio winroute firewall (firewall, traffic count, proxy, antivirus, control in one bottle), mail server (merak or the same kerio but now kerio mail server), ftp - Serv-U. Example - FreeBSD (actually did it on it) - the necessary services will be installed on it in such software - traffic counting, statistics - stargazer, netams or abills, mail server - sendmail, DNS - bind, proxy - squid, ftp - proftpd. Firewall - ipfw.
From personal experience - About the mail. Later went to google mail, which I advise you, access from anywhere, a normal configuration system, plus all sorts of additional services, such as the google calendar.
I will not give the setup procedure, as everyone chooses for himself for the software, and you can always put something else instead of the one I mentioned. The main thing to remember is that the server should be logged, backed up and updated. Anyone that niks that wines.
Now let's move on to the 1C server, after some deliberation it was decided to switch to the domain structure, so the settings and follow-up convenience are much larger than with the help of working groups. Plus, the demarcation of bases, because the sales department does not need to know what is happening in the accounting department
Plus, the backup system was made on the same server (which, in addition to creating a backup, wrote to the tape itself, it was enough to insert a clean one once a day. Plus, I copied it to my computer via the network.
In addition, I deployed a file storage facility - distributions, drivers, documentation, general documents. For good, for these cases it was necessary to have a normal server, but with difficulty I begged for new hard drives so that they worked as best they could.
After setting up the servers, it is time to configure the client computers. I assembled a system specialist (later he was in reserve), installed the system on it, and replacing the corps from the managers, took it, set it up, put it back, took up the next one. With all the disks, and the disks are naturally prepared in advance, about 3-4 hours are spent on one computer. After clonezilla-images were made and recovery of the dead system began to take 15 minutes.
From personal experience - also at the same time I cleaned the case, I cleaned it with a squirrel brush and a vacuum cleaner, changed the thermal paste, tightened all the screws, put the plugs.
From personal experience - put a remote control system, such as radmin, vnc. In general, what is familiar and more convenient, sometimes helps a lot so as not to run.
That's actually about the way it happened, of course, not everything is so smooth. But now everything works. People are satisfied and much less tugging the admin, distracting from reading Habr.
And a few tips, which if I had accepted from the very beginning there would have been fewer problems.
1. If a new employee came to the company, spend an hour on training, there will be fewer problems, plus assign a responsible person from among his neighbors, who will have questions at first, it will be much faster than they call you, run and look and show the “print” button.
2. Spend a day to mark the LAN cables and phones, many times I saw how simple a bunch of wires fit the switch, and it’s not clear where what :)
3. By cartridges - try to always have a refilled cartridge. In this case, when the end of the toner in the printer, just change the cartridge, and then when there is free time, organize refills. Very rarely does toner run out at the same time for everyone.
4. Set a password for access to the antivirus !!! Otherwise, smart users can’t shut it off, ostensibly to increase the speed of work. Of course, you will learn it by logs, but sometimes it may be late.
5. Make an inventory of all the iron that you have, then write down on the discs or external hard all drivers (and preferably docks) to all this farming.
6. It is not bad to check your servers from time to time with security scanners, for example with the same Xspiderom. Get to know your mistakes first.
7. If you have been instructed to create a web site of a company, of course you can take it, but I do not advise it - professionals can do it better and faster, just in my personal opinion, there is less technical work, and more design and layout work. But support, adding news, you can safely do it yourself.
8. Master at least the basics of telephony and electrical engineering. Not prevent.
9. Reservation, reservation ... yes, I forgot the reservation again.
10. Get yourself a list with the phone-addresses of the service provider’s technical support, “odnodechniki” and similar comrades.
11. If the system has collapsed - spend half an hour or an hour reading the logs, which is why it happened, if due to glitches of hardware or software, draw conclusions for yourself. If the user is guilty - warn for the first time, then take repressive measures.
12. Regarding IP addresses, I advise you to develop a system for allocating IP addresses for equipment.
For example:
But in any case, you should be able to find out who has what IP in the case of a static assignment by looking at your records, or by looking at the dhcp leases list for dynamic addresses.
I also advise you to read:
User feedback is a great thing!
Documentation - saving time or wasting time?
Technical documentation: server and network.
Well, got a job? Even a sysadmin? Even in an office where there are from 5 to 50 computers (it is written for those who got employed exactly in such a company, because up to 5 it’s not a problem to cope and figure it out yourself, but there is no sense to rush immediately with a sword on tanks).
All the same you took! Congratulations! But do not be in a hurry to rejoice - a sysadmin, this is not the best position (and not a position at all, but a state of mind), when everything works you may not notice, and when the user has done something and everything hangs, the system administrator is certainly to blame.
I also want to note that there will not be considered the issues of network installation, equipment procurement, and similar things.
Setting up specific programs will not be considered, because Google and RTFM are the admin’s best friends.
')
The first thing you have to do is keep yourself from setting up a server and shifting the network, it will come to that. The first is to talk with the leadership. Ideal if you submit and communicate on organizational issues with the general. But in any case, you need to know from whom to receive instructions on work, otherwise each secretary will chase you.
Now it is advisable to go with a notebook, sketching the layout of the premises (in principle, you can take a fire evacuation plan and use it, but if you want precision, then take a construction plan (either in the BTI or in the accounting department, if not strange, they should have it, because the tax It requires a property tax, and it is calculated according to this plan.) We write it in a notebook (then ideally make a scheme in Visio or the SKS Expert) where what computer is (if you have a PBX, then what phone is). talking to his owner dealers-user-managery (underline, strike out too much) and know what software it uses and what he is not completely happy. So you need to get around the whole office, then sit down, think and lead to the information system.
From personal experience - My first job is a small company, 13 computers in the technical department, 5 in accounting, 10 computers in the sales department, servers - 1C, a gateway to the external network. WiFi - access point, hardware print server, two printers (shopping, accounting). PBX 6x16.
So, let's begin. No, we still do not go to the servers "put Linux there", and configure everything. Let's sit down and think about how everything should work in theory.
Important note - Rebooting the system on the server is a very tricky business, because most often there are no backup servers in medium and small companies, then you need to do this either at night, or on weekends, or on a separate computer.
After the familiarization was successful, there is a clear understanding in the head / on paper of how it works now and how it should work ideally. The next stop is the bosses. We voice our own ideas, we share the wishes of the workers (those that we collected at the very beginning).
From personal experience - I got something like this - Accounting - 1C Accounting, Bank-Client, Garant, Kontur-Extern. Trading department - 1C Trade and warehouse, CRM system, Bank-client (view only). Those. Department - a bunch of programmers, manuals, schemes. Total for all is Total Commander, Office, WinRar, Acrobat, Opera, Anti-Virus, Email Client. In general, look at your situation, as they say to each his own.
It was announced how it was necessary, but it stood like a hail, someone did not have an office, someone had a CRM, and everyone ran to each other to look :)
On servers - 1C - pure Windows 2003, antivirus, 1C bases. Internet - Windows 2003, Kerio, Merak Mail Server, antivirus.
All this was spinning in the working group, the concept of security was absent, sorting in documents and manuals was also absent.
Initially, the first things were done - checking for viruses (there were reptiles and inquisition committed to them), checking for disk and registry errors, anyone can find. Also, since I came to work not just as a sysadmin, but also following the 1C, 1C checked, duplicates removed, all that was not needed remotely.
Now you can take on servers. Perhaps we start with the Internet. So the first question is what services are required of it - I got about this situation - control, tariffing and statistics on users, with quoting and banning certain sites, mail server, DNS, firewall, proxy, FTP. The solution can be assembled both on Windows and on * nix.
Example - Windows - kerio winroute firewall (firewall, traffic count, proxy, antivirus, control in one bottle), mail server (merak or the same kerio but now kerio mail server), ftp - Serv-U. Example - FreeBSD (actually did it on it) - the necessary services will be installed on it in such software - traffic counting, statistics - stargazer, netams or abills, mail server - sendmail, DNS - bind, proxy - squid, ftp - proftpd. Firewall - ipfw.
From personal experience - About the mail. Later went to google mail, which I advise you, access from anywhere, a normal configuration system, plus all sorts of additional services, such as the google calendar.
I will not give the setup procedure, as everyone chooses for himself for the software, and you can always put something else instead of the one I mentioned. The main thing to remember is that the server should be logged, backed up and updated. Anyone that niks that wines.
Now let's move on to the 1C server, after some deliberation it was decided to switch to the domain structure, so the settings and follow-up convenience are much larger than with the help of working groups. Plus, the demarcation of bases, because the sales department does not need to know what is happening in the accounting department
Plus, the backup system was made on the same server (which, in addition to creating a backup, wrote to the tape itself, it was enough to insert a clean one once a day. Plus, I copied it to my computer via the network.
In addition, I deployed a file storage facility - distributions, drivers, documentation, general documents. For good, for these cases it was necessary to have a normal server, but with difficulty I begged for new hard drives so that they worked as best they could.
After setting up the servers, it is time to configure the client computers. I assembled a system specialist (later he was in reserve), installed the system on it, and replacing the corps from the managers, took it, set it up, put it back, took up the next one. With all the disks, and the disks are naturally prepared in advance, about 3-4 hours are spent on one computer. After clonezilla-images were made and recovery of the dead system began to take 15 minutes.
From personal experience - also at the same time I cleaned the case, I cleaned it with a squirrel brush and a vacuum cleaner, changed the thermal paste, tightened all the screws, put the plugs.
From personal experience - put a remote control system, such as radmin, vnc. In general, what is familiar and more convenient, sometimes helps a lot so as not to run.
That's actually about the way it happened, of course, not everything is so smooth. But now everything works. People are satisfied and much less tugging the admin, distracting from reading Habr.
And a few tips, which if I had accepted from the very beginning there would have been fewer problems.
1. If a new employee came to the company, spend an hour on training, there will be fewer problems, plus assign a responsible person from among his neighbors, who will have questions at first, it will be much faster than they call you, run and look and show the “print” button.
2. Spend a day to mark the LAN cables and phones, many times I saw how simple a bunch of wires fit the switch, and it’s not clear where what :)
3. By cartridges - try to always have a refilled cartridge. In this case, when the end of the toner in the printer, just change the cartridge, and then when there is free time, organize refills. Very rarely does toner run out at the same time for everyone.
4. Set a password for access to the antivirus !!! Otherwise, smart users can’t shut it off, ostensibly to increase the speed of work. Of course, you will learn it by logs, but sometimes it may be late.
5. Make an inventory of all the iron that you have, then write down on the discs or external hard all drivers (and preferably docks) to all this farming.
6. It is not bad to check your servers from time to time with security scanners, for example with the same Xspiderom. Get to know your mistakes first.
7. If you have been instructed to create a web site of a company, of course you can take it, but I do not advise it - professionals can do it better and faster, just in my personal opinion, there is less technical work, and more design and layout work. But support, adding news, you can safely do it yourself.
8. Master at least the basics of telephony and electrical engineering. Not prevent.
9. Reservation, reservation ... yes, I forgot the reservation again.
10. Get yourself a list with the phone-addresses of the service provider’s technical support, “odnodechniki” and similar comrades.
11. If the system has collapsed - spend half an hour or an hour reading the logs, which is why it happened, if due to glitches of hardware or software, draw conclusions for yourself. If the user is guilty - warn for the first time, then take repressive measures.
12. Regarding IP addresses, I advise you to develop a system for allocating IP addresses for equipment.
For example:
| Servers | 192.168.100.1 - 192.168.100.10 (static) |
| Sales Department | 192.168.100.20 - 192.168.100.40 (dhcp) |
| Technical department | 192.168.100.50 - 192.168.100.60 (dhcp) |
| Managed technology (access points, routers, etc.) | 192.168.100.100 - 192.168.100.110 (static) |
| Accounting | 192.168.100.120 - 192.168.100.140 (dhcp) |
| IP phones | 192.168.100.150 - 192.168.100.170 (dhcp) |
| Test or to check (in general anything can happen) | 192.168.100.180 - 192.168.100.200 (dhcp) |
But in any case, you should be able to find out who has what IP in the case of a static assignment by looking at your records, or by looking at the dhcp leases list for dynamic addresses.
I also advise you to read:
User feedback is a great thing!
Documentation - saving time or wasting time?
Technical documentation: server and network.
Source: https://habr.com/ru/post/50008/
All Articles