Who should attend: System administrators who wish to learn how to better manage change and risk and become more professional in their system management practices, those who are responsible for developing or managing their organization's change management process, and those who are frustrated by and hoping to influence and improve their organization's process.

As a system administrator, you perform change management every day. Every time your finger hovers over the return key, that's risk management. Every time you apply a patch to your desktop before you apply it to production, that's change qualification. Every time you stay late to apply a patch out of hours, that's change scheduling. Although you may be doing it now, you have probably never considered the deeper aspects of what you do and how you might do it better.

Take back to work: A grasp of the many aspects of effective change management and how you can improve the process, using tactics, tools, and tips learned in this course.

Topics include:

• The basic change management process
• Building a change plan
• Regression planning and risk management strategies
• Change execution tools and techniques
• Managing an organization's change pipeline
• Emergency changes and downtime conferences
• Quality assurance across the change life cycle

S5 System and Network Performance Tuning
Marc Staveley, Consultant

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We will explore procedures and techniques for tuning systems, networks, and application code. Starting from the single system view, we will examine how the virtual memory system, the I/O system, and the file system can be measured and optimized. We'll extend the single host view to include Network File System tuning and performance strategies. Detailed treatment of networking performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues, such as system call optimization, memory usage and monitoring, code profiling, real-time programming, and techniques for controlling response time will be addressed. Many examples will be given, along with guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Question and analysis periods for particular situations will be provided.

Take back to work: Procedures and techniques for tuning your systems, networks, and application code, along with guidelines for capacity planning and customized monitoring.

Topics include:

• Performance tuning strategies
• Practical goals
• Monitoring intervals
• Useful statistics
• Tools, tools, tools
• Server tuning
• Filesystem and disk tuning
• Memory consumption and swap space
• System resource monitoring
• NFS performance tuning
• NFS server constraints
• NFS client improvements
• NFS over WANs
• Automounter and other tricks
• Network performance, design, and capacity planning
• Locating bottlenecks
• Demand management
• Media choices and protocols
• Network topologies: bridges, switches, and routers
• Throughput and latency considerations
• Modeling resource usage
• Application tuning
• System resource usage
• Memory allocation
• Code profiling
• Job scheduling and queuing
• Real-time issues
• Managing response time

Sunday Morning Half-Day Tutorials

S7 Time Management for System Administrators
Tom Limoncelli, Google NYC

Who should attend: IT people, sysadmins, and other busy people who want to improve their time-management skills; those who want to have more control over their time and better follow-through on assignments.

If you agree with any of these statements, this class is for you:

• I don't have enough time to get all my work done.
• As a sysadmin, I can't schedule, prioritize, or plan my work.
• I'm spending all my time mopping the floor; I don't have time to fix the leaking pipe.
• My boss says I don't work hard enough, but I'm always working my ____ off!

Based on a new book from O'Reilly, this tutorial will help you get more done in less time.

Take back to work: The skills you need to streamline your workflow to make your users—and you!—happy.

Topics include:

• Why typical "time management" books don't work for sysadmins.
• What makes "to-do" lists fail, and how to make them work.
• How not to forget a user's request ever again!
• How to prioritize tasks so that users think you're a genius.
• Ways to have more time for fun (for people with a social life).
• How to leave the office every day with a smile on your face.

---

S8 Advanced DHCP (This Is Not Your Grandparents' DHCP) NEW!
David Hankins, ISC

Who should attend: Anyone who is involved in administering a network and who still believes that DHCP is a simple protocol like ARP that you just turn on and forget. The protocol now includes (and ISC's reference implementation now provides) important tools to improve the security, reliability, administerability, and Sarbanes-Oxley auditability.

We are well aware that your parents' home router implements DHCP along with NAT, and that you've never had to change or even look at its configuration. But, unlike that home system, your enterprise network will be attacked, hacked, and audited, and it needs to keep working even during significant partitions and failures.

Take back to work: How to use DHCP to keep your networks secure and reliable.

Topics include:

• How to make DHCP more reliable
• Configuring, managing, and administering failover
• How to have more flexible control over users (you are no longer limited to simple yes/no access control keyed on MAC address)
• Access-controlled address pools
• Conditional response
• Client classing
• Allocation by class
• Using DHCP LEASEQUERY to find information about a lease using IP address, MAC address, or client identifier
• How to integrate DHCP with Dynamic DNS (when your DHCP server allocates an address, you can make sure DNS knows about it immediately, without using the hack of giving pre-assigned DNS names to every address in your pools)
• How to configure your DHCP server so that it does everything that VOIP phones need
• Using the new RFC 3925 Vendor-Identifying Options

---

S9 Integrating Cfengine into Organizational Service Management NEW!
Mark Burgess, Oslo University College

Who should attend: Anyone with a basic knowledge of cfengine and an interest in organizational (including business) processes who would like an overview of the concepts surrounding configuration management for business, with implementation examples.

The tutorial is loosely aligned with the IT Infrastructure Library (ITIL) notion of best practices.

Take back to work: The information needed to evaluate the principles used in configuring hosts and devices, relate them to standards, and apply them to your own environments.

Topics include, with reference to BS/ISO 17799, BS15000, ISO20000, ITIL, and eTOM:

• Incident management
• Change management
• Release management
• Availability and capacity management
• Security management
• Supply chains and e-commerce models
• Service Oriented Architectures (SOAs)
• Inter-domain management configuration

Sunday Afternoon Half-Day Tutorials

S11 Systems Topics in Oracle Database Administration NEW!
Chris Page, Corporate Technologies, Inc.

Who should attend: UNIX systems managers, administrators, and others interested in learning about the operating systems features that Oracle databases rely upon and about the new systems technology introduced by Oracle which is blurring the line between system and database administration.

Take back to work: An understanding of how the new Oracle technologies will change the sysadmin's job and of the potential consequences when a DBA is attempting to deploy one or more of them.

Topics include:

• Overview
• Back to basics: Oracle database architecture review
• Databases
• Instances
• SGA
• PGA
• Listener
• File types (logs, tablespaces, etc.)
• How Oracle provides consistency and why we care
• The Oracle OS interface
• IPC used by Oracle (Shared Memory/Semaphores)
• Networking
• File access mechanisms and RAID
• Asynchronous Direct IO
• Oracle's Volume Manager (ASM)
• Overview and definitions
• ASM architecture
• Installation
• Data protection modes
• Striping and performance with ASM
• Definition of failure groups
• Configuration examples
• Accessing ASM files via OS
• Adding and removing disks
• Oracle Clusterware
• Overview and definitions
• Clusterware architecture
• Clusterware installation
• Cluster daemons/li>
• Oracle Nodeapps
• VIP management
• Oracle Clusterware and RAC
• Overview and definitions
• RAC architecture
• Service definition
• Client-side load balancing
• Server-side load balancing
• RAC installation
• Cache fusion
• Scaling in a RAC environment
• Configuring transparent application failover
• Summary

---

S12 Network Diagnosis and Improvement with Netflow NEW!
Michael W. Lucas, Author and Consultant

Who should attend: Administrators who need more information about their networks.

Netflow is an extremely powerful network management tool with a reputation for being obtuse and expensive. While Netflow might not be easy, it becomes much simpler if someone takes you through it. Netflow picks up where tools like MRTG leave off, and will not only solve technical problems but resolve administrative and social problems you probably resigned yourself to enduring years ago.

Every network administrator has had a problem that can only be caught by a packet sniffer while it's happening. Netflow is a historical packet sniffer, giving you eyes into your network over a period of time. You know not only what is happening now, but what happened yesterday or last week.

With the right knowledge, anyone can implement Netflow for small costs in both hardware and time. I will present a coherent, start-to-finish solution that works in any vaguely modern environment and can be assembled out of a few gigs of disk, some network cards and cables, a free UNIX of choice, and freely available software, while also leveraging any Cisco hardware students already have. Attendees will be fully equipped to work with Netflow the day they return home.

Take back to work: The ability to work with Netflow and improve your network performance the day you return home.

Topics include:

• Introduction
• Netflow architecture
• The sensor
• The collector
• The reporting system
• Implementing the sensor
• Available sensor tools
• Cisco netflow
• softflowd
• Implementing the collector
• flow-capture
• Collecting from multiple sensors
• Full flow record format
• Pretty pictures with flowscan
• flowscan design and modules
• Common errors and solutions
• flowdumper
• flow-stat and flow-print
• Filtering flows
• Netflow and real-world problems

---

S13 Implementing Some Autonomic Principles Using Cfengine NEW!
Mark Burgess, Oslo University College

Who should attend: Anyone who likes to use simple tools well and with an understanding of their implications; anyone who wants to make the most of a tool that deals with long- and short-term management.

A lot of marketing and hype has been invested in the term autonomics lately, but what does this actually mean? Autonomics covers a number of ideas, most of which boil down to adding feedback loops into systems so that they can sense operational changes and respond automatically. This basic idea has been embodied in cfengine for many years.

Take back to work: A simple way to use cfengine to achieve the goals of autonomic management.

Topics include:

• When and how does hands-free computer management make sense?
• What mechanisms are there in cfengine for "self-adaptation"?
• Key concepts of and obstacles to implementing hands-free administration
• Self-healing
• Fixed-point rules
• Probabilistic management
• Peer monitoring
• Intermittency and reliability measures

Who should attend: Old-timers who think they've already seen it all, and those who want to develop inventive thinking early in their career. Join us and be prepared to be delighted, disgusted, and amazed. Most of all, be ready to enrich your network and system adminstration by learning to be different.

It's time to learn how to break the rules, abuse the tools, and generally turn your system administration knowledge inside out. This class is a cornucopia of ideas for creative ways to take the standard (and sometimes not-so-standard) system administration tools and techniques and use them in ways no one would expect. We'll also cover some tools you may have missed.

Note: The teacher takes no responsibility should your head explode during this class.

Take back to work: New approaches to old problems, along with some ways to solve the insolubles.

Topics include:

• How to (ab)use perfectly good network transports by using them for purposes never dreamed of by their authors
• How to increase user satisfaction during downtimes with 6 lines of Perl
• How to improve your network services by intentionally throwing away data
• How to drive annoying Web-only applications that don't have a command line interface—without lifting a finger
• How to use ordinary objects you have lying around the house, such as Silly Putty, to make your life easier (seriously!)

M7 RRDtool as a Communication Tool NEW!
Tobias Oetiker, Consultant and author of RRDTool

Who should attend: Scripters and programmers who would like to create a custom monitoring application with great presentation tools.

Over the past few years RRDtool has become the standard method for handling time-series data in the networking area. RRDtool takes care of all the work related to data storage and presentation. Many users only access RRDtool through some front-end application such as Cacti or Cricket.

In this tutorial you will learn how RRDtool works from a programmer's point of view and how you can use it to write your own custom monitoring applications. An emphasis will be put on presentation aspects. The best data is worth only as much as your bosses and customers understand of it, so the graphs you create are key components to any such application.

Take back to work: Ideas for building the monitoring application of your dreams, so that you can find out what you need to know when you need to know it.

Topics include:

• RRDtool overview
• Problems to be solved
• Round Robin Database setup
• Data acquisition
• Graphing
• Programming with RRDtool
• The command line interface
• The pipe interface
• The Perl API
• In-depth graphing
• Concepts
• Simple graphs
• The joy of RPN
• Graph disassembly
• How to make graphs talk
• Scaling RRDtool
• The RRD file format
• Optimizing OS interaction
• Tweaking Linux for speed

---

M8 Practical Project Management for Sysadmins and IT Professionals
Strata Rose Chalup, Project Management Consultant

Who should attend: System administrators who want to stay hands-on as team leads or system architects and need a new set of skills with which to tackle bigger, more complex challenges. No previous experience with project management is required.

People who have been through traditional multi-day project management courses will be shocked, yet refreshed, by the practicality of our approach. To get the most out of this tutorial, participants should have some real-world project or complex task in mind for the lab sections.

This tutorial focuses on complementing your own organizational style (or lack thereof) with a toolbox of ways to organize and manage complex tasks without drowning in paperwork or clumsy, meeting-intensive methodologies. Also emphasized is how to bridge the gap between ad hoc methods and the kinds of tracking and reporting traditionally trained managers will understand.

Take back to work: A no-nonsense grounding in methods that work without adding significantly to one's workload. You will be able to take an arbitrarily daunting task and reduce it to a plan of attack that will be realistic, will lend itself to tracking, and will have functional, documented goals. You will be able to give succinct and useful feedback to management on overall project viability and timelines and easily deliver regular progress reports.

Topics include:

• Quick basics of project management
• The essentials you need to know
• How to map the essentials onto real-world projects
• Skill sets
• Defining success
• Chunking and milestoning
• Delegating
• Tracking
• Reporting
• Problem areas
• Teams, interactions among people
• The albatross project
• When to go deep and when to get "pointy-haired"
• When disaster strikes, should you scrap, or salvage?
• Project management tools
• What tools should do for you
• Leveraging the command line: UNIX PM
• Freeware PM tool options
• The only 15 minutes of MS Project you'll ever need

---

M9 How to Interview a System Administrator
Adam Moskowitz, Menlo Computing

Who should attend: System administrators of all levels of experience, as well as managers of system administrators. The course will focus on techniques for interviewers, but even sysadmins who are just starting out will learn some things to use as an interviewee. Managers of system administrators and junior sysadmins will learn, among other things, how to interview someone who knows more than you do. Junior administrators will also learn how to respond (as an interviewee) when asked a bad question—in particular, how to turn it into a better question.

Do you know how to interview a system administrator? Do the questions you ask elicit specific, narrowly focused information, or do they show you both the depth and breadth of a candidate's knowledge of a particular subject or technology? Do you know how to distinguish between a candidate who is just trying to bluff through the interview and one who has some knowledge of the field but hasn't yet become an expert? Are trick questions ever appropriate, and, if so, when and why? Some questions shouldn't be asked, and some would even land you in hot water with your company's HR or legal department: do you know what those questions are? Finally, have you figured out how to help a candidate do well in an interview while still getting an objective and fair assesment of their skills?

If you answered "no" or even "I'm not sure" to any of these questions, this course is for you.

Take back to work: Increased confidence in your ability to weed out the posers and hire really great sysadmins.

Topics include:

• Purposes of an interview
• To assess the candidate's technical skills
• To get a feel for the candidate's personality and interpersonal skills
• To learn whether a candidate is likely to be a good fit with the company and with the IT group
• To help the candidate figure out whether he wants this job and whether he is likely to do well in the position
• Maybe even to teach the candidate something new about system administration
• Basic questions to bear in mind
• Is the candidate comfortable?
• Does he need a drink or a bathroom break?
• Does she know who you are and what your role in the company is?
• Preparatory questions
• What are you really trying to learn about the candidate's skills, and why?
• What makes a good question good?
• What makes a bad question bad?
• How can you turn bad questions into good ones?
• When is it appropriate to ask a trick question, and why?
• What questions can't or shouldn't you ask?

Monday Afternoon Half-Day Tutorials

M10 Over the Edge System Administration, Volume 2
David N. Blank-Edelman, Northeastern University

Who should attend: Old-timers who think they've already seen it all, and those who want to develop inventive thinking early in their career. Join us and be prepared to be delighted, disgusted, and amazed. Most of all, be ready to enrich your network and system adminstration by learning to be different. Previous attendance at Volume 1 of the series is recommended but not required.

Join us for volume two of the wildly successful Over the Edge System Administration class series. Once again we'll learn how to break the rules, abuse the tools, and generally turn your system administration knowledge inside out with the help of a whole new set of examples. This class is a second cornucopia of ideas for creative ways to take the standard (and sometimes not-so-standard) system administration tools and techniques and use them in ways no one would expect. We'll also cover some tools you may have missed. This class will take some of the concepts from the first installment and develop them even further.

Once again, we feel it is important to remind you: The teacher takes no responsibility should your head explode during this class.

Take back to work: Approaches to system administration you never dreamed of—but you wish you had!

Topics include:

• How to exploit side effects to your benefit
• Applying the arts and crafts you learned in camp to system administration
• Pressing Web apps from places like Google and Yahoo! into service as sysadmin tools
• How to perform SQL queries on your network equipment
• How to use even more ordinary objects you have lying around the house to make your life easier (seriously!)

---

M11 The Joy of Running Diskless Linux NEW!
Tobias Oetiker, Consultant

Who should attend: Linux/UNIX system administrators who manage several networked UNIX workstations or cluster nodes.

Would you like to reap all the benefits of a thin client infrastructure without compromising on raw CPU and graphics performance? Would you like to be able to set up new workstations before you even have the hardware on site? Would you like to be able to upgrade, patch, and test without any of your users noticing, until everything is ready, and then have a downtime of only one reboot? Would you like to be able to install 10 new workstations or cluster nodes in 5 minutes? If you answer yes to one of these questions, come join us on this adventure.

Running diskless Linux is as simple as using PEX to boot a server and hosting the filesystem on NFS. If you want to do this with a large number of machines, there are many ways to optimize procedures and provide unique features to your users.

Course examples will be based on Debian/Ubuntu, but we will address how this approach can easily be adapted to other distros.

Take back to work: The ability to slash your installation times and downtime, and reduce hardware costs as well.

Topics include:

• Basic PXE netboot and NFS setup
• Installing Linux without a workstation
• Organizing NFS roots
• Update procedures
• Providing a homogeneous application environment
• Managing user accounts
• How to make the automounter sit up and beg
• Managing mixed 32- and 64-bit environments

---

M12 Problem-Solving for IT Professionals
Strata Rose Chalup, Project Management Consultant

Who should attend: IT support people who would like to have a better grasp of problem-solving as a discipline.

In the world of IT support, you build up a lot of specialized domains of knowledge that may or may not interact. As you will see, most types of troubleshooting rely on what you might call call "guided intuition"-- focusing your attention down a probable path of diagnosis, and then making an intuitive leap. If you haven't practiced your intuitive pole vaulting lately, don't worry. By using checklists and patterns to do brute-force troubleshooting, you will gradually build up a reservoir of understanding that will eventually have you shouting "Aha!" while other folks are still scratching their heads in puzzlement.

Take back to work:

• A solid grounding in the process of solving problems
• A framework on which to build specialized troubleshooting techniques that are specific to your environment
• Confidence in your ability to apply logic and common sense to debug problems in complex interacting systems
• How to trace out common patterns of interaction
• How to apply basic principles to isolate symptoms and interactions between subsystems

What this class does not provide:

• Detailed instruction in specific problem-solving situations, such as "what to do when the mouse stops moving"
• Information on custom environments that are unique to your employer or organization
• An intro or remedial tutorial on IT basics such as how DNS lookups occur or what TCP steps happen when a request to a Web server comes in

Rather than cover ground many of you already know, we have chosen to focus exclusively on the domain of problem-solving itself as a discipline, not on solving specific problems common to IT situations.

---

M13 Nagios in Depth NEW!
John Sellens, SYONEX

Who should attend: Network and system administrators ready to implement or extend their use of the Nagios system and network monitoring tool.

Nagios is a very widely used tool for monitoring hosts and services on a network. It's very flexible, configurable, and can be extended in many ways, using home-grown or already existing extensions.

Take back to work: The information you need to immediately implement and use Nagios and related tools for monitoring systems and devices on your networks.

Topics include:

• Introduction: Functionality, features, use, and application
• Installation: Basic steps, prerequisites, common problems
• Theory of operation
• Plug-ins: Their creation, use, and abuse
• Extensions: NRPE, NSCA, NDOUtils
• Add-ons: Graphing, integration with other tools

Who should attend: Solaris systems managers and administrators interested in the new security features in Solaris 10 (and features in previous Solaris releases that they might not be using).

Solaris has always been the premier commercial operating system, but it is also somewhat different from other UNIX/Linux systems. It has novel features and applications (some have been copied in other operating systems), and there are things you need to know to use them effectively and securely.

This course covers a variety of topics surrounding Solaris 10 and security. Note that this is not a class about specific security vulnerabilities and hardening; rather, it examines new features in Solaris 10 for addressing the entire security infrastructure, as well as new issues to consider when deploying, implementing, and managing Solaris 10. This will be a workshop featuring instruction and practice/exploration.

Take back to work: During this exploration of the important new features of Solaris 10, you'll not only learn what it does and how to get it done, but also best practices. Also covered is the status of each of these new features, how stable it is, whether it is ready for production use, and expected future enhancements.

Topics include:

• Overview
• Virtualization
• Containers (a.k.a. Zones), light-weight virtual environments for application isolation and resource management
• Installation
• Management
• Resource management
• Other Solaris virtualizations: LDOMs, Xen
• RBAC: Role Based Access Control (giving users and application access to data and functions based on the role they are filling, as opposed to their login name)
• Privileges: A new Solaris facility based on the principle of least privilege; instead of being root (or not), users are accorded 43 distinct bits of privilege, sometimes spanning classes of actions and sometimes being confined to a specific system call
• NFSv4: The latest version of NFS (based on an industry standard), featuring stateful connection, more and better security, write locks, and faster performance
• Flash archives and live upgrade (automated system builds)
• Moving from NIS to LDAP
• DTrace: Solaris 10's system profiling and debugging tool
• FTP client and server enhancements for security, reliability, and auditing
• PAM (the Pluggable Authentication Module) enhancements, for more detailed control of access to resources
• Auditing enhancements
• BSM (the Basic Security Module), providing a security auditing system (including tools to assist with analysis) and a device allocation mechanism (providing object-reuse characteristics for removable or assignable devices)
• Service Management Facility (a replacement for rc files)
• New "Secure By Default" settings
• Solaris Cryptographic Framework: A built-in system for encrypting anything, from files on disks to data streams between applications
• Kerberos enhancements
• Packet filtering with IPfilters
• BART (Basic Audit Reporting Tool): similar to Tripwire, BART enables you to determine what file-level changes have occurred on a system, relative to a known baseline
• Trusted Extension: Additions to Solaris 10 to make it "Trusted Solaris"
• Securing a Solaris 10 system

Laptop Requirements:
Each student should have a laptop with wireless access for remote access into an instructor-provided Solaris 10 machine (if you do not have a laptop, we will make every effort to pair you up with another student to work as a group; your laptop does not need to be running Solaris).

Tuesday Morning Half-Day Tutorials

T6 Advanced Shell Programming
Mike Ciavarella, University of Melbourne, Australia

Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).

The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages. This tutorial details techniques that move beyond the quick-and-dirty shell script.

Take back to work: An understanding of how to use the "lowly" shell to achieve lofty goals.

Topics include:

• Common mistakes and unsafe practices
• Modular shell script programming
• Building blocks: awk, sed, etc.
• Writing secure shell scripts
• Performance tuning
• Choosing the right utilities for the job
• Addressing portability at the design stage
• When not to use shell scripts

---

T7 Management 101: Effective Communication Tools for Sysadmins NEW!
Geoff Halprin, Consultant; Elizabeth Zwicky, Acutis, Inc.

Who should attend: System administrators who wish to become more proactive in managing their duties and to learn tools and tips that will assist them to communicate more effectively with their managers, users, and other important constituents of their services.

You may have noticed that being technically adept is not sufficient. You have to be able to deal with people: your fellow team members, your boss, your customers, the finance people, the legal department, and even upper management. You need them to do things for you (if it's only leaving you alone). System administrators generally find talking to people much more stressful and less productive than talking to computers. People do not operate by the same rules that computers do, and the process often seems random, irrational, or incomprehensible.

In this tutorial, we examine the many facets of communication and introduce various systems, tools, and techniques you can employ to ease your stress and improve your ability to attain the outcomes you desire.

Take back to work: Improved communication skills that will make you a more effective system administrator; an understanding of how communication works, so that it becomes a tool you can use instead of a source of frustration.

Topics include:

• Oral communication
• Effective listening
• Effective talking
• Presentations
• Written communication
  • Progress reporting
  • Technical documentation
  • Writing proposals
  • Buy-vs.-build evaluations
  • Cost-risk evaluations
  • Audit reports
• Understanding others
  • Understanding various communities
  • Conflict resolution
  • Personality types
• Time management
• Risk management
• Project management

---

T8 Virtualization: VMs! What Are They Good For? NEW!
Æleen Frisch, Exponential Consulting; Kyrre Begnum, Oslo University College

Who should attend: System administrators who are curious about the benefits of virtualization or who need to deploy it in their environment.

Virtualization is a hot computing topic these days, but you may be wondering whether it will actually benefit your site. When is virtualization appropriate, and when isn't it? What does it take to administer a virtual infrastructure? How do you handle challenges such as OS and software installation and backups? This course will answer those questions.

Take back to work: The ability to begin deploying virtualization in your environment, along with an understanding of the many tradeoffs you will need to address.

Topics include:

• What virtualization is and what it can and cannot do for you
• Available software and management options
• Typical deployment scenarios and special-purpose solutions
• Student labs
• Testing environments
• HPC
• HA/load balancing
• Dealing with legacy hardware
• Managing resources and resource competition
• Administrative challenges (e.g., installations, upgrades, backups)

---

T9 Disk-to-Disk Backup and Eliminating Backup System Bottlenecks
Jacob Farmer, Cambridge Computer Services

Who should attend: System administrators involved in the design and management of backup systems and policymakers responsible for protecting their organization's data. A general familiarity with server and storage hardware is assumed. The class focuses on architectures and core technologies and is relevant regardless of what backup hardware and software you currently use.

The data protection industry is going through a mini-renaissance. In the past few years, the cost of disk media has dropped to the point where it is practical to use disk arrays in backup systems, thus minimizing and sometimes eliminating the need for tape. In the first incarnations of disk-to-disk backup—disk staging and virtual tape libraries—disk has been used as a direct replacement for tape media. While this compensates for the mechanical shortcomings of tape drives, it fails to address other critical bottlenecks in the backup system, and thus many disk-to-disk backup projects fall short of expectations. Meanwhile, many early adopters of disk-to-disk backup are discovering that the longterm costs of disk staging and virtual tape libraries are prohibitive.

The good news is that the next generation of disk-enabled data protection solutions has reached a level of maturity where they can assist—and sometimes even replace—conventional enterprise backup systems. These new D2D solutions leverage the random access properties of disk devices to use capacity much more efficiently and to obviate many of the hidden backup-system bottlenecks that are not addressed by first-generation solutions. The challenge to the backup system architect is to cut through the industry hype, sort out all of these new technologies, and figure out how to integrate them into an existing backup system.

This tutorial identifies the major bottlenecks in conventional backup systems and explains how to address them. The emphasis is placed on the various roles for inexpensive disk in your data protection strategy; however, attention is given to SAN-enabled backup, the current state and future of tape drives, and iSCSI.

Take back to work: Ideas for immediate, effective, inexpensive improvements to your backup systems.

Topics include:

• Identifying and eliminating backup system bottlenecks
• Conventional disk staging
• Virtual tape libraries
• Removable disk media
• Incremental forever and synthetic full backup strategies
• Block- and object-level incremental backups
• Information lifecycle management and nearline archiving
• Data replication
• CDP (Continuous Data Protection)
• Snapshots
• Current and future tape drives
• Capacity Optimization (Single-Instance File Systems)
• Minimizing and even eliminating tape drives
• iSCSI

Tuesday Afternoon Half-Day Tutorials

T10 Documentation Techniques for Sysadmins
Mike Ciavarella, University of Melbourne, Australia

Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.

Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

Take back to work: The ability to make immediate, practical use of the documentation techniques presented in this tutorial in your day-to-day tasks.

Topics include:

• Why system administrators need to document
• The document life cycle
• Targeting your audience
• An adaptable document framework
• Common mistakes
• Tools to assist the documentation process

---

T11 Management 201: Effective Team Management of System Administrators NEW!
Geoff Halprin, Consultant; Elizabeth Zwicky, Acutis, Inc.

Who should attend: System administrators who have found themselves being given (or are hoping to be given, or are anticipating with apprehension) responsibilities for "wetware systems" (i.e., other people).

As you grow in seniority, a funny thing happens: you are expected to pass that wisdom on to others. You are given projects to run, teams to lead, apprentices to mentor, and ever larger budgets to manage effectively. The one thing, however, that you are almost never given is management training.

This tutorial examines many of the diverse areas of team management and provides you with an extensive set of insights, tools, and tips for conquering this brave new world.

Take back to work: The techniques you need to be effective in your "organization-facing" duties.

Topics include:

• Sysadmin workflow
• Personal and workgroup productivity
• Progress reporting and journals
• Meeting management
• Project management
• Financial management
• Team management
• Delegation
• Mentoring/coaching
• People management
  • The HR cycle

---

T12 So You Have Active Directory: Now What? A Guide to AD Integration for UNIX Sysadmins
Gerald Carter, Centeris/Samba Team

Who should attend: System administrators who are tasked with integrating authentication, Web, and file/print services provided by UNIX hosts into an Active Directory domain.

Frequently, AD deployments are handled outside the UNIX infrastructure teams. This can leave UNIX/Linux sysadmins scratching their collective heads about how to make use of the new directory service and increase the amount of work duplicated by the UNIX server teams and the AD administrators. This tutorial will help reduce that workload for you.

Take back to work: In-depth understanding of the best approaches to managing your system services with Active Directory.

Topics include:

• AD domain membership using Samba
• NTLM and Kerberos authentication for Apache
• Using PAM for NTLM and Kerberos authentication
• Searching Active Directory using LDAP clients

---

T13 Next-Generation Storage Networking
Jacob Farmer, Cambridge Computer Services

Who should attend: Sysadmins running day-to-day operations and those who set or enforce budgets. This tutorial is technical in nature, but it does not address command-line syntax or the operation of specific products or technologies. Rather, the focus is on general architectures and various approaches to scaling in both performance and capacity. Since storage networking technologies tend to be costly, there is some discussion of the relative cost of different technologies and of strategies for managing cost and achieving results on a limited budget.

There has been tremendous innovation in the data storage industry over the past few years. Proprietary, monolithic SAN and NAS solutions are beginning to give way to open-system solutions and distributed architectures. Traditional storage interfaces such as parallel SCSI and Fibre Channel are being challenged by iSCSI (SCSI over TCP/IP), SATA (serial ATA), SAS (serial attached SCSI), and even Infiniband. New file system designs and alternatives to NFS and CIFS are enabling high-performance filesharing measured in gigabytes (yes, "bytes," not "bits") per second. New spindle management techniques are enabling higher-performance and lower-cost disk storage. Meanwhile, a whole new set of efficiency technologies are allowing storage protocols to flow over the WAN with unprecedented performance. This tutorial is a survey of the latest storage networking technologies, with commentary on where and when these technologies are most suitably deployed.

Take back to work: An understanding of general architectures, various approaches to scaling in both performance and capacity, relative costs of different technologies, and strategies for achieving results on a limited budget.

Topics include:

• Fundamentals of storage virtualization: the storage I/O path
• Shortcomings of conventional SAN and NAS architectures
• In-band and out-of-band virtualization architectures
• The latest storage interfaces: SATA (serial ATA), SAS (serial attached SCSI), 4Gb Fibre Channel, Infiniband, iSCSI
• Content-Addressable Storage (CAS)
• Information Life Cycle Management (ILM) and Hierarchical Storage Management (HSM)
• The convergence of SAN and NAS
• High-performance file sharing
• Parallel file systems
• SAN-enabled file systems
• Wide-area file systems (WAFS)

Who should attend: IT and sysadmin managers who want to know how to solve some fundamental management problems.

Has your IT department or system administration team fallen into a hole and can't climb out? Users hate you, managers want to cut your budget, and nobody is sure what to do next? This class takes stab at fixing the most basic problems that we see time and time again.

This class is based on the newly released second edition of The Practice of System and Network Administration, by Limoncelli, Hogan, and Chalup.

Take back to work: Ideas about how to make your life and your team work smoothly and happily.

Topics nclude:

• Three policies management can create that save system administrators time and money
• Tricks to help stop "fire fighting"
• Handling user requests really well: Ticket software, help desk management basics
• Creating a good first impression: PC deployment management, upgrade cycles
• How to make sure the CEO sees you are "turning things around"
• Eliminating "time sink"
• Documentation (no, really!)
• What to do in your first 72 hours as "the new IT manager"

W5 Wireshark (Ethereal) and the Art of Debugging Networks Gerald Carter, Centeris

Who should attend: System and network administrators who are interested in learning more about the TCP/IP protocol and how network traffic monitoring and analysis can be used as a debugging, auditing, and security tool.

System logs can turn out to be incomplete or incorrect when you're trying to track down network application failures. Sometimes the quickest, or the only, way to find the cause is to look at the raw data on the wire. This course is designed to help you make sense of that data.

Take back to work: How to use the Wireshark protocol analyzer as a debugging and auditing tool for TCP/IP networks.

Topics include:

• Introduction to Wireshark (Ethereal) for local and remote network tracing
• TCP/IP protocol basics
• Analysis of popular application protocols such as DNS, DHCP, HTTP, NFS, CIFS, and LDAP
• How some kinds of TCP/IP network attacks can be recognized

Wednesday Afternoon Half-Day Tutorials

W6 Cyrus SASL Authentication Workshop NEW!
Patrick Ben Koetter, state of mind; Ralf Hildebrandt, T-Systems

Who should attend: System administrators and integrators interested in learning Cyrus SASL–based authentication but know that there's no (usable) user manual that tells operators how to set up Cyrus SASL.

The Cyrus SASL authenticaton framework plays an important role in client-server infrastructures. Radius servers, MTAs, LDAP servers, and numerous other applications use Cyrus SASL to handle authentication requests by clients in order to authorize the clients to take a server action, e.g., permission to relay a message or select protected entries from a LDAP tree.

Take back to work: How to install, configure, and test Cyrus SASL using various authentication mechanisms and data stores.

Topics include:

• Architecture
• What is Cyrus SASL made of, and how do the pieces fit together?
• libsasl and Cyrus SASL internal communication
• Authentication interface
• Mechanisms
• Password Verification Services
• Methods
• How to install Cyrus SASL and how to get around some rough edges during installation
• Configuration and the pros and cons of authentication back ends
• shadow
• sasldb
• SQL (MySQL)
• ldapdb (OpenLDAP)
• Ways to verify and/or debug Cyrus SASL authentication

Attendees are encouraged (but not required) to bring a computer and Cyrus SASL sources (or pre-installed) on their machine.

---

W7 Setting Up a Server Room or Data Center (or Data Closet) NEW!
Hunter Matthews, Duke University

Who should attend: System administrators in most small to medium organizations, those who have either inherited a server "closet" or are trying to build a small server room.

Most small to medium organizations don't start out with a server room or data center. Instead, an office or a closet gets repurposed for the task. Power or cooling quickly takes center stage as the limiting factor to growth or system reliability. This tutorial is for the system administrator who must now either build a proper room or move the systems into an existing server room that may or may not need retrofits or upgrades. This tutorial may also benefit the sysadmin with an existing room who is looking to plan for growth.

Take back to work: How to plan the best ways to configure your server room space and spend your money wisely.

Topics include:

• Layout: Where do you put things?
• Electrical power: How to get it and deliver it
• Cooling: How much is enough?
• Console servers and remote access: Is it worth it?
• Budgeting: What is this all going to cost?
• Safety: Is what we're doing safe?
• Wire Management: The difference between good and great

Who should attend: Data center managers, IT directors, and anyone administering critical systems in an environment where extended downtime after an outage is unacceptable.

Disaster planning is like insurance: nobody wants to talk about it and everyone runs from the salesmen. But when you need it, you are very glad to have it! And if you don't have it when you need it, it is too late to do anything about it. It's all about planning and preparation.

We will explore the key aspects of developing a disaster recovery plan, including identifying the key components, testing the plan, and some of the technology that can speed recovery, with an eye toward balancing costs and benefits. We'll build it all around a real-life organization that completely recovered from the 9/11 disaster in less than 12 hours.

We'll also look at the ramifications of storing data offline vs. online, what happens when archived backup media starts to get too old, and the security aspects of having a functional DR site.

Take back to work: The ability to put together a plan that fits your company's needs and the confidence to make it work.

Topics include:

• What a DR plan should contain, with real-world examples
• Potential legal and civil liabilities if you don't have a DR plan
• Hot vs. warm vs. cold backups
• Costs of developing a DR plan
• Do you really need a plan at all?
• Testing methods for the plan
• Downtime and data loss as two sides of the same coin
• Building and staffing DR teams
• Senior management's role
• Selling DR to senior management
• Disasters that only involve the backup site

R6 Beyond Shell Scripts: 21st-Century Automation Tools and Techniques
Æleen Frisch, Exponential Consulting

Who should attend: System administrators who want to explore new ways of automating administrative tasks.

Although a good system administrator will be proficient in creating shell scripts to solve specific problems and automate routine tasks, the skill alone is no longer sufficient for the automation requirements in typical 21st-century computing environments. As system administration has moved from an informal, poorly defined, and widely varying job title to a recognized and respected profession, so its processes and procedures have developed from homegrown, ad hoc, single-purpose strategies into systematic, wide-ranging ones supported by powerful and well developed software tools. This course introduces you to several enterprise-worthy, open source administrative packages, each of which supports the configuration, management, and/or monitoring of a specific aspect of system functioning.

Take back to work: You will be ready to begin using these packages in your own environment and to realize the efficiency, reliability, and thoroughness that they offer compared to traditional approaches.

Topics include:

• Expect: automating interactive processes
• What to Expect…
• Using Expect with other tools
• Security issues
• Bacula, an enterprise backup management facility
• Prerequisites
• Configuration
• Getting the most from Bacula
• Network and system monitoring tools
• SNMP Overview
• Nagios: Monitoring network and device performance
• RRDTool: Examining retrospective system data
• Ethereal: monitoring network data

R7 Performance Tracking with Cacti NEW!
John Sellens, SYONEX

Who should attend: Network and system administrators ready to implement a graphical performance and activity monitoring tool, who prefer an integrated, Web-based interface. Participants should have an understanding of the fundamentals of networking, familiarity with computing and network components, UNIX system administration experience, and some understanding of UNIX programming and scripting languages.

This tutorial will provide in-depth instruction in the installation and configuration of Cacti, a popular Web-based tool for graphing time-series data from systems and devices on your network, using RRDTool, PHP, and MySQL.

Take back to work: The information needed to immediately implement and use Cacti to monitor systems and devices on your networks.

Topics include:

• Installation: Basic steps, prerequisites, common problems and solutions
• Configuration, setup options, and how to manage larger and nontrivial configurations
• User management and access control
• Special cases: how to deal with interesting problems
• Extending Cacti: how to write scripts or programs to extend the functionality of the basic package
• Security concerns and access control
• Ongoing operations

Friday, November 16, 2007

Full-Day Tutorials

F1 Implementing [Open]LDAP Directories Gerald Carter, Centeris/Samba Team Who should attend: Both LDAP directory administrators and architects. The focus is on integrating standard network services with LDAP directories. The examples are based on UNIX hosts and the OpenLDAP directory server and will include actual working demonstrations throughout the course. System administrators are frequently tasked with integrating applications with directory technologies. DNS, NIS, LDAP, and Active Directory are all examples of the directory services that pervade today's networks. This tutorial will focus on helping you to understand how to integrate common services hosted on UNIX servers with LDAP directories. The demo-based approach will show you how to build and deploy an OpenLDAP-based directory service that consolidates account and configuration information across a variety of applications. Take back to work: Comfort with LDAP terms and concepts and an understanding of how to extend that knowledge to integrate future applications using LDAP into your network. Topics include: Replacing an NIS domain with an LDAP directory Storing user and group account information Configuring PAM and Name Service Switch libraries on the client Integrating Samba domain file and print servers Configuring a Samba LDAP account database Performance-tuning account lookups Integrating MTAs such as Sendmail and Postfix Configuring support for storing mail aliases in an LDAP directory Using LDAP for storing mail routing information and virtual domains Managing global address books for email clients Creating customized LDAP schema items Defining custom attributes and object classes Examining scripting solutions for developing your own directory administration tools Overview of the Net::LDAP Perl module F2 Wireless Networking, Security, Vulnerability Assessment, and Penetration Testing NEW! Bruce Potter, Chief Technologist and Founder, Ponte Technologies Who should attend: Security and IT professionals involved or interested in the security assessment of 802.11 wireless networks or the practical threats wireless networks are faced with. Participants should already be familiar with 802.11 wireless network technology and network penetration testing techniques and tools, but expertise is not required. This tutorial will assist and inform and enlighten many, to include: war-driving hobbyists, individuals who have deployed wireless networks, and professionals tasked to perform security assessments for their organization. Wi-Fi is not voodoo, although it may seem that way at times, what with strange behavior and performance characteristics influenced by such things as the environment, 802.11's design, random manufacturer incompatibilities, or just ever-evolving enhancements to the technology. Additionally, Wi-Fi security is not hard, although the industry certainly has not made it appear easy. However, understanding the basic capabilities and features of wireless networking technologies such as Wi-Fi, making sense of the myriad security configurations available for that technology, and assessing and testing the security of 802.11 wireless networks can be a bit daunting for even the most seasoned IT gurus. How does Wi-Fi work? What is wrong with Wi-Fi? How do you fix it? How do you test to ensure your "fix" is in place and truly effective? How do you demonstrate that there are some things that you cannot fix? This course answers these questions and more, by providing you with relevant information in a manner that is easy to digest, with hands-on labs that reinforce what you learn. This tutorial begins with basic RF principles that lead to the core functionality and capabilities of Wi-Fi. This is followed by an in-depth inspection of the 802.11 protocol and packet-by-packet analysis of sample Wi-Fi traffic. Students are provided with 802.11 protocol analysis software and examples of traffic dumps so that they can follow along. Wi-Fi security configurations are then discussed, including EAP types and options, with a concentration on the most effective means of securing Wi-Fi for home and enterprise use. Students are provided with access points and enterprise-grade software and are instructed in the step-by-step secure configuration of home and enterprise Wi-Fi networks. Finally, techniques and tools for the vulnerability assessment and penetration testing of Wi-Fi networks are discussed. Students are given copies of these tools and can follow along as the instructor demonstrates vulnerability assessment and penetration testing of the Wi-Fi networks that have been set up in class. Detailed slides, in-depth explanations, and notes are standard, while students are given ample opportunity to ask questions to further clarify course content, if need be. Take back to work: A strong awareness of the threats against 802.11 wireless networks, as well as what practical tools and techniques are needed to properly assess the security of those networks. Topics include: Basic RF principles and how they apply to Wi-Fi The 802.11 protocol and how to capture and analyze Wi-Fi traffic Wireless network security architectures, technology, and products, as well as where and how they should be employed The range and impact of 802.11 wireless network threats, vulnerabilities, and exploits Successful design and implementation of secure 802.11 wireless networks for the home and the enterprise How to assess the security of an 802.11 wireless network, with a focus on validating implementations, as well as testing for exploitable conditions F3 Achieving High Availability (in Your Lifetime) Evan Marcus, QD Technology Who should attend: System administrators and data center managers, but the material applies to developers and their managers and to IT managers as well. What does high availability really mean? Do you need it? Do you already have it? How high is up? How up is high? Whom can you trust to give you a practical and useful answer, an answer you can apply to your data center and your systems? How can you sort through all of the marketing noise and really put high availability into place on your systems? Every systems vendor, every OS vendor, every storage vendor, every networking vendor has his own definition of this very generic termÑand all the definitions are different! Do any of these definitions apply to you and your systems? Probably not. In this lively and upbeat tutorial, we'll give you some practical and useful information about high availability. We'll show you the relationship between cost and availability. We'll walk through our list of 20 key high availability design principles—the foundation for any critical system—and how you can get started down the path toward high availability without spending boatloads of money. Take back to work: Simple and practical tools you can use right away to persuade the bean counters in your organization of the value of putting high availability techniques and practices into place. Ultimately, availability is defined by the users of a system: can they use it, or not? With that in mind, we take the approach that high availability is a very broad science, affecting every aspect of system management. Topics include, in reference to high availability: Backups and restores Storage Security Networking The data center environment Services and applications WANs and replication Archiving F4 Python in Action NEW! David Beazley, Consultant Who should attend: Software developers and system administrators who want to know the inside story of why Python programmers are able to be so productive while still having time to enjoy life, go on vacation, and play in bands. Attendees should have prior programming experience in another language such as C++, Java, or Perl. Python is a dynamic programming language which shares many features with languages such as Ruby, Tcl, and Perl. Although sometimes viewed as a scripting language, Python is actually a full-featured general-purpose programming language which incorporates ideas from a variety of other languages, including C, Smalltalk, and Lisp. In addition, it includes a large standard library that provides support for regular expressions, operating system interfaces, networking, threads, XML processing, GUI programming, and more. In this tutorial, you will learn the basics of Python programming and see how Python makes hard problems easier, impossible problems possible, and programming fun. Every topic and example in this tutorial is cross-platform and will work with a standard Python installation on any machine. Attendees will be able to follow along and try the examples if Python 2.5 is installed on their laptop computer. Take back to work: An eagerness and ability to apply Python to some of your most common and your most annoying tasks. Topics include: A tour of the Python language Basic syntax Core datatypes Control flow Exception handling Functions Iterators Classes Module system A look at major library modules Text processing Operating system interfaces Network programming Threads Internet programming Practical programming examples Effective textprocessing and parsing Data analysis and manipulation Processing of real-time data streams Programming with objects Controlling and interacting with subprocesses Building custom Web servers and other network services Concurrent programming with threads Distributed computing