Print

Configuration design and definition is at the core of good network architecture.  I have experimented with what configuration elements are important, which should be shared and which should be maintained locally on each host.  Whether an instance is virtual, physical or a container, these concepts apply universally.  This article talks about my thoughts on the overall management of the cohesive network of both UNIX and UNIX-like servers and desktops administrated by minimal staff.

I don't believe it is so much so today, but there was a lot of apprehension to share both application and configuration over a network.  I guess this comes from either people who cannot think 3 dimensionally or those whose background is solely administrating a Windows network of which the design has morphed from a limited stand alone host architecture.  Realistically today, if there was no network, we'd not be able to do much anyway.  Developing a sustainable architecture surrounding the UNIX/Linux network is efficient and manageable.  Managing security is a separate topic for discussion.

The first step in managing a network of open system computers is to establish a federated name service with the purpose of managing user accounts and groups as well as provide a common reference repository for other information.  I have leveraged NIS, NIS+ and LDAP as name service through the years.  I favor LDAP since the directory server provides a better system for redundancy and service delivery, particularly on a global network.  MS Windows Active Directory can be made to work on UNIX/Linux hosts by enabling SSL, make some security rule changes and adding the schema supporting open systems.  The downside to Active Directory compared to a Netscape based directory service is managing the schema.  On Active Directory, once the schema has been extended, you cannot rescind the schema unless you rebuild the entire installation from scratch.

In a shop where there are multiple flavors of open systems, there have been ways that I have leveraged automounter to store binaries that are shared on a given OS platform/version.  Leveraging on NAS storage such as Netapp, replication can be performed across administrative centers that can be used universally and maintained from one host.  For the 5 hosts I maintain at home, I have found FreeNAS to be a good opensource solution to deliver shared data to my Linux and OSX hosts.

The most cumbersome activity toward setting up a holistic network is deciding on what utilities and software is to be shared across the network from a single source.  Depending on the flavor, the path to the binary will be different.  Further, the version won't be consistent between OS versions or platform.  Having a common share to provide for scripting languages such as Perl or Python help to provide a single path to reference in scripting, including plugin inclusion.  It requires some knowledge on how to compile and install opensource software.  More architectural discussion is included in the article User profile and environment over how to manage the same look and feel though different over the network.

Along with managing application software across a network, logically the user home directory has to be shared from a NAS.  Since the user profile is stored in the home directory, it has to be standardized generically to function on all platforms and possibly versions.  Decisions are needed for ordering the PATH and whether structure is needed in the profile to extend functionality to provide for user customizations or local versus global network environments.  At a minimum, the stock user profile must be unified so that it can be managed consistently over all the user community, possibly with the exception of application software related administration accounts that are specific to the installation of a single application.

Lastly, it is important to document that architecture and set standards for maintaining a holistic network as well as provide a guide to all administrators that will provide consistency in practice.

These links below provide more detail toward what I have proven in architecting and deployment of a consistent network of open systems.