sponsors
Full Training Program
Full Day
Rik Farrow (S1, M1) began working with UNIX system security in 1984 and with TCP/IP networks in 1988. He taught his first security class in 1987 and started teaching internationally the following year. He has been a consultant since 1980 and has advised both firewall and intrusion detection companies in the design of their products. Rik has published two books, one on UNIX security and the other on system administration. He designed a five-day, hands-on class in Internet security for internal use by the Department of Defense. He wrote the "Network Defense" column for Network Magazine for over six years and is currently the editor of ;login:, the USENIX magazine. Rik lives with his wife in the high desert of northern Arizona, where he continues to work and do research, and he still ventures out to teach.
Nautilus 3
This tutorial is also available for live streaming.
Find out more Purchase this Session
Linux servers start out very secure: it's what you do with them when you use them that can create insecurities. A straight Linux server install runs minimal services and has few users and a very restrictive firewall, which is a great security posture but is pretty useless for most purposes. As users are added, services enabled, and holes punched through the firewall, the security can deteriorate quickly.
This class will show you how to maintain a strong security posture through careful configuration and proper use of Linux tools and services. Linux contains tools and software that can be enabled to slow brute-force attacks against user accounts, can notice when your accounts have weak passwords or are under attack, can keep services and software up to date, and can sandbox applications to prevent even zero-day attacks. The class will focus on attacks most recently seen, including attacks on mail and Web servers.
Linux system administrators and security managers familiar with Linux sysem administration, whether you manage a handful or clusters of Linux systems.
Techniques for securing and maintaining Linux servers.
- Minimizing risk with appropriate restrictions
- Managing and tracking application vulnerabilities
- Sandboxing to prevent attacks
- Monitoring logfiles
- Updates and configuration management
William LeFebvre (S2) has been banging on UNIX systems since 1983, and was first exposed to computer networking with the original ARPANet. He has been teaching at conferences since 1991. William is currently the chief architect for the digital group at Career Sports and Entertainment. He designs and creates production web enviroments, and consults with clients on a wide range of Internet technologies.
Marc Staveley (S2) is an independent consultant where he applies his years of experience with UNIX development and administration helping clients with server consolidation and application migration projects. Previously he held positions at SOMA Networks, Sun Microsystems, NCR, and Princeton University. He is a frequent speaker on the standards-based development, multi-threaded programming, system administration, and performance tuning.
Nautilus 2
Amazon offers a solid collection of cloud services through the Amazon Web Services (AWS). These include virtual machines and storage, load balancers, replicated databases, content data delivery, and automatic scaling and monitoring. AWS provides a very rich API to facilitate building applications that utilize these services, but the actual user interfaces can be difficult to master. This tutorial introduces the Amazon Web Services and describes the more popular services and how they can all fit together to support an infrastructure. It provides in-depth instruction on using the user-level interfaces for the more popular services: EC2, EBS, ELB, S3, Cloudfront, and others. Three interfaces will be taught: the Web console, the Firefox plug-in Elasticfox, and the command-line tools. Cautions and pitfalls will be presented along the way to ensure that the student will not make some common mistakes of first-time AWS users.
System administrators who currently use or are considering the use of Amazon Web Services (AWS), as well as individuals who are tasked with supporting AWS for production services, especially if they are unfamiliar or uncomfortable with the command-line tools and the Web-based interfaces supplied by Amazon. Experience with cloud computing is not required. Experience with the installation and support of basic tools and languages (especially Java and Ruby) would be beneficial. Time will only permit us to study the creation and support of Linux instances in the Amazon cloud.
Knowledge of the techniques, pitfalls, commands, and programs that will help you make effective use of the Amazon cloud.
- Introduction to AWS
- Elastic Compute Cloud (EC2)
- Elastic Block Store (EBS)
- Simple Storage Service (S3)
- Elastic Load Balancing (ELB)
- Relational Database Service (RDS)
- More in-depth topics: accessing EC2 instance data from within the instance, boot-time scripts in common AMIs
Lee Damon (S3) has a B.S. in Speech Communication from Oregon State University. He has been a UNIX system administrator since 1985 and has been active in SAGE (US) & LOPSA since their inceptions. He assisted in developing a mixed AIX/SunOS environment at IBM Watson Research and has developed mixed environments for Gulfstream Aerospace and QUALCOMM. He is currently leading the development effort for the Nikola project at the University of Washington Electrical Engineering department. Among other professional activities, he is a charter member of LOPSA and SAGE and past chair of the SAGE Ethics and Policies working groups. He chaired LISA '04, co-chaired CasITconf '11, and is co-chairing CasITconf '13.
Mike Ciavarella (S3, M4, M9, T8) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. His first UNIX system administration role was on a network of Sun workstations in 1991, where he built his first firewall. Since that time, Mike has made a point of actively promoting documentation and security as fundamental aspects of system administration. He has been a technical editor for Macmillan Press, has lectured on software engineering at the University of Melbourne (his alma mater), and has provided expert testimony in a number of computer security cases.
Nautilus 5
We aim to accelerate the experience curve for junior system administrators by teaching them the tricks (and effective coping strategies) that experienced administrators take for granted and which are necessary for successful growth of both the administrator and the site.
The class covers many of the best practices that senior administrators have long incorporated in their work. We will touch on tools you should use, as well as tools you should try to avoid. We will touch on things that come up frequently, as well as those which happen only once or twice a year. We will look at a basic security approach.
Junior system administrators with anywhere from little to 3+ years of experience in computer system administration. We will focus on enabling the junior system administrator to "do it right the first time." Some topics will use UNIX-specific tools as examples, but the class is applicable to any sysadmin and any OS. Most of the material covered is "the other 90%" of system administration—things every sysadmin needs to do and to know, but which aren't details of specific technical implementation.
Ideas about how to improve and to streamline your systems and your workload, and, just as important, where to look to find more answers.
- The five things every site should know
- Why your computers should all agree on what time it is
- Why root passwords should not be the same on every computer
- Why backing up every file system on every computer is not always a good idea
- Policies—where you want them and where you might want to avoid them
- Ethical issues
- Growth and success as a solo-sysadmin as well as in small, medium, and large teams
- Training, mentoring, and personal growth planning
- Site planning and roadmaps
- Budgeting
- Logistics
- Books that can help you and your users
Half Day Morning
John Arrasjid (S4) is a Principal Architect at VMware, specializing in Enterprise Private Cloud (vCloud), business continuity, disaster recovery, and virtual datacenter architecture design, and is the lead architect for the vCloud Architecture Design Toolkit (vCAT). He has over 20 years of IT and consulting experience. John regularly presents at conferences (VMworld, VMware Partner Exchange, USENIX Annual Technical Conference, and USENIX LISA). John is currently serving as Vice President on the USENIX Board of Directors and has published three books in the SAGE Short Topics Series: Cloud Computing with VMware vCloud Director, Foundation for Cloud Computing with VMware vSphere 4, and Deploying the VMware Infrastructure. John is a founding member of VMware bands Elastic Sky and The Hypervisors. John holds both VCP and VCDX (#001) certifications. John has a Bachelor of Science in Computer Science from SUNY Buffalo, NY.
Ben Lin (S4, S7) is a vCloud Solutions Specialist for the VMware Global Accounts team. He has been closely involved with vCloud solutions, having performed some of the first designs and deployments worldwide. Ben holds VCDX3/4 certification and is an author of Cloud Computing with VMware vCloud Director. Ben was a document lead for vCAT and helped create the vCloud Accelerator service kit used by field and partners worldwide. He has presented at the VMworld 2011, VMworld Europe 2011, Partner Exchange 2012, Partner Exchange 2011, HotCloud '11, LISA '11, and LISA '10 conferences.
Marina 6
This class will focus on the latest vCloud technologies. An overview of the technology, design, implementation, and management will be covered concisely, and demonstrations of various aspects will be given.
This is a vendor-specific class. VMware-specific details will be covered, but concepts may be applicable to other cloud computing technologies. This session will cover the VMware perspective on implementing a cloud solution, the technologies used, third-party integration considerations, and operational concepts.
Consumers, system administrators, cloud operators, and cloud architects who are interested in learning about the VMware vCloud solution, which is based on NIST guidelines. Experience with VMware vSphere, VMware Chargeback, and Distributed Virtual Switches is preferred but not required.
- How VMware vCloud implements cloud functionality based on the NIST guidelines
- The basics of developing a cloud solution with VMware
- An understanding of the concepts and technology used in a vCloud-based cloud computing infrastructure
- How to utilize the VMware vCloud Architecture Toolkit (vCAT) for learning, architecting, operating, and consuming a VMware vCloud
- VMware vCloud core concepts and features
- The VMware suite of technologies used to stand up cloud computing environments, including public/private/hybrid and on/off premises
- VMware vCloud mechanisms for multi-tenancy, resource elasticity, segmentation of resources, and provisioning mechanisms through the use of VMware vCloud Director, vShield, vCenter Chargeback, vCloud Connector, and other technologies
- Sections of the vCAT materials and how they are used by architects, operators, and consumers of a vCloud-based deployment
- Demonstration of features
David Nalley (S5, M6, M11, T6) is a recovering systems administrator of 10 years and acted as a consultant for an additional 3 years. David is a committer on the Apache CloudStack project. In the Fedora Project, David is the maintainer of a few dozen software packages, is a sponsor for new packagers in Fedora, and is currently serving on the Fedora Project Board. David is a frequent author for development, sysadmin, and Linux magazines and speaks at IT and F/LOSS conferences.
Nautilus 4
Packaging software is a must for consistent and automated system provisioning and maintenance, yet very few people do so. We will explore why sysadmins should package software, what benefits accrue to software packagers, and how to package your software.
System adminstrators with a modicum of experience who have an interest in further automating their environments, and advanced sysadmins who have little or no experience with packaging.
An understanding of the benefits of packaging and the ability to begin packaging immediately.
- Automation
- Consistency
- Packaging's serendipitous benefits
- How to package software
- Tools to make packaging easier
Geoff Halprin (S6, S9, M12) has spent over 30 years as a software developer, system administrator, consultant, and troubleshooter. He has written software from system management tools to mission-critical billing systems, has built and run networks for enterprises of all sizes, and has been called upon to diagnose problems in every aspect of computing infrastructure and software.
He is the author of the System Administration Body of Knowledge (SA-BOK) and the SAGE Short Topics book A System Administrator's Guide to Auditing and was the recipient of the 2002 SAGE-AU award for outstanding contribution to the system administration profession.
Geoff has served on the boards of SAGE, SAGE-AU, USENIX, and LOPSA. He has spoken at over 20 conferences in Australia, New Zealand, Canada, Europe, and the US.
Nautilus 1
The days of monolithic software development are gone. Agile (a combination of ideas from extreme programming and lean manufacturing) is now the normal practice, even amongst the largest corporations. Agile flips traditional software development on its head, moving everything into small time-boxed iterations of a few weeks. Imagine shipping software every few weeks!
Programmers who wish to learn a better way to deliver software; programmers who have heard of agile, but don’t understand what the fuss is all about; sysadmins who wish to learn a simple set of techniques to help them maintain their scripting and infrastructure automation.
An understanding of all of the key concepts for agile software development; an immediate ability to apply these concepts and improve your delivery.
- The history of agile development
- Key concepts: iterations, stories, planning, showcases, retrospectives, Kanban, and visible workflow
- How they all come together into a cohesive, radically simpler way to develop software
Half Day Afternoon
Ben Lin (S4, S7) is a vCloud Solutions Specialist for the VMware Global Accounts team. He has been closely involved with vCloud solutions, having performed some of the first designs and deployments worldwide. Ben holds VCDX3/4 certification and is an author of Cloud Computing with VMware vCloud Director. Ben was a document lead for vCAT and helped create the vCloud Accelerator service kit used by field and partners worldwide. He has presented at the VMworld 2011, VMworld Europe 2011, Partner Exchange 2012, Partner Exchange 2011, HotCloud '11, LISA '11, and LISA '10 conferences.
David Hill (S7, M8) is a Senior Solutions Architect working at VMware, specializing in cloud computing, disaster recovery, and virtualization. He is a VMware Certified Advanced Professional (VCAP) and a VMware Certified Professional (VCP). David is a lead architect for the vCloud Architecture Toolkit. Before joining VMware, he was a self-employed IT consultant and architect for about fifteen years, working on projects for large consultancies and financial institutions.
Marina 6
This is a vendor-specific class. VMware vCloud is a suite of VMware technologies used to stand up cloud computing environments, including public/private/hybrid and on/off premises. VMware vCloud provides multi-tenancy, resource elasticity, segmentation of resources, and provisioning mechanisms through the use of VMware vCloud Director, vShield, vCenter Chargeback, vCloud Connector, and other technologies. Experience with VMware vSphere, VMware Chargeback, and Distributed Virtual Switches is preferred but not required. It is recommended, but not required, that attendees have previous knowledge of vCloud or have attended "VMware vCloud Concepts, Technology, and Operations."
Cloud architects and cloud operators who are interested in deploying a VMware vCloud.
The knowledge needed to deploy a VMware Cloud for use as an enterprise private cloud.
- VMware vCloud core concepts and features
- Architecture design considerations
- vCloud architecture design patterns and best practices
- Demonstration of features
Nautilus 4
MongoDB is an open-source, document-oriented, NoSQL database designed with both scalability and agility in mind. The goal of MongoDB is to bridge the gap between key-value stores (which are fast and scalable) and relational databases (which have rich functionality).
Attendees will work through several model operational scenarios, covering both planned and unplanned maintenance tasks, backups and recovery processes, responding to database growth requirements, and more!
Anyone interested in learning about operating a MongoDB deployment.
What you need to know to successfully deploy and maintain a MongoDB database, diagnose performance issues, import and export data from MongoDB, and establish the proper backup and restore routines.
- Setting up replica sets
- Migrating servers to different hosts
- Repairing a deployment after hardware failure
- Scaling out with auto-sharding
Geoff Halprin (S6, S9, M12) has spent over 30 years as a software developer, system administrator, consultant, and troubleshooter. He has written software from system management tools to mission-critical billing systems, has built and run networks for enterprises of all sizes, and has been called upon to diagnose problems in every aspect of computing infrastructure and software.
He is the author of the System Administration Body of Knowledge (SA-BOK) and the SAGE Short Topics book A System Administrator's Guide to Auditing and was the recipient of the 2002 SAGE-AU award for outstanding contribution to the system administration profession.
Geoff has served on the boards of SAGE, SAGE-AU, USENIX, and LOPSA. He has spoken at over 20 conferences in Australia, New Zealand, Canada, Europe, and the US.
Nautilus 1
As sysadmins, provisioning is one of the most obvious, basic, and important things we do. This simple topic covers areas as diverse as establishing the right standards, automated delivery (where applicable), ensuring software license compliance, and, oh, actually building the machine (physical or virtual).
For such an obvious part of our duties, it is surprising just how much thought goes into effective provisioning. This tutorial will cover a wide gamut of issues, many of which must be performed long before the machine is ever built.
Sysadmins, IT/IS managers, and any other folks responsible for new systems (real or virtual), installations, and integrations; sysadmins looking towards the cloud, infrastructure automation, and more maintainable systems.
A deep understanding of the provisioning process and its context in the wider infrastructure lifecycle; processes and best practices for efficient and timely roll-out and integration of systems.
- The infrastructure lifecycle
- The three parts to provisioning: planning, pre-provisioning, and provisioning
- Automation
- The MUST haves (Mandatory Ubiquitous Service Transport)
- Management traffic: in-band, out-of-band, and image distribution
- The build (physical and virtual)
- Software licensing and other topics you probably didn’t think of
Full Day
Rik Farrow (S1, M1) began working with UNIX system security in 1984 and with TCP/IP networks in 1988. He taught his first security class in 1987 and started teaching internationally the following year. He has been a consultant since 1980 and has advised both firewall and intrusion detection companies in the design of their products. Rik has published two books, one on UNIX security and the other on system administration. He designed a five-day, hands-on class in Internet security for internal use by the Department of Defense. He wrote the "Network Defense" column for Network Magazine for over six years and is currently the editor of ;login:, the USENIX magazine. Rik lives with his wife in the high desert of northern Arizona, where he continues to work and do research, and he still ventures out to teach.
Nautilus 4
SELinux provides an extra layer of security for most Linux systems—if you leave it enabled. Most commonly, SELinux gets disabled as the first step when debugging system problems, even when it is not the problem. SELinux can stop many attacks, even previously unknown (zero-day) attacks, as it confines applications' access to files, directories, commands, and network sockets.
This class will show you how to work with SELinux: how to determine if SELinux is blocking an application and how to adjust policy to move beyond problems. SELinux includes many tools for viewing audit logs, file and process contexts, modifying policy, and even interpreting log messages, and you will learn how to use these tools. You will learn how to modify file contexts, add new policy, monitor logs both graphically and in text-only mode, and, most importantly, how to recover full SELinux coverage on systems where it has been disabled. The class will cover reading and modifying existing policy where necessary, so that changes to services, such as non-standard directory locations, are accommodated. The class will also investigate adding new, custom services to SELinux policy.
This class includes exercises that will be performed using a provided VM.
Linux system administrators and security managers who want or are required to use SELinux. Participants must be familiar with Linux system administration; previous frustration with SELinux is expected but not required.
The ability to run Linux servers and desktops with SELinux enabled and to modify policy to handle configurations not supported by the default policy.
- SELinux uncloaked
- Types, contexts, and roles
- Context-based policy
- Extensions to familiar commands
- Using the sandbox command
- Using the audit file
- Tools for deciphering audit messages
- Searching audit messages
- Using setroubleshoot
- Adjusting file/directory context
- Fixing common access problems
- Using Booleans to adjust policy
- Extending policy
- Using audit2allow to correct policy
- Using sepolgen to create new policies
- Restricting users
- SELinux rule syntax
- Understanding and using macros
Shumon Huque (M2, T2) is the Director of Engineering, Research, and Development for the University of Pennsylvania's Networking and Telecommunications division and also serves as the Lead Engineer for the MAGPI GigaPoP. He is involved in network engineering, systems engineering, and the design and operation of key infrastructure services at Penn (DNS, DHCP, authentication, email, Web, VoIP, Directory, etc). He holds Bachelor's and Master's degrees in computer science from Penn. In addition to his day job, Shumon teaches (part time) a lab course on advanced network protocols at Penn's Engineering School.
Shumon is the principal IPv6 architect at Penn and has been running production IPv6 networks and services for almost a decade. Web site: http://www.huque.com/~shuque/.
Nautilus 3
The Internet is facing an imminent exhaustion of IP addresses. IPv6, the next-generation Internet Protocol, is designed to address this problem, among other things. If you have not yet started to deploy IPv6, now is the time. The "World IPv6 Launch" event took place in June 2012, and major industry players such as Google, Facebook, Comcast, Yahoo!, Akamai, and Cisco already support IPv6, with many others coming on board in the near future. You need to be next!
This tutorial will provide a detailed introduction to IPv6 and will also cover practical aspects of configuring and using IPv6 in networks, operating systems, and applications. Basic knowledge of IPv4 is assumed, but no prior knowledge of IPv6 is necessary. The course will go over the basics of IPv6 and dive into the details you need.
System administrators, network administrators, and application developers who need to prepare for migration to IPv6, and anyone who wants a general introduction to IPv6 and what is involved in deploying it.
An understanding of IPv6, with the basic knowledge to begin designing and deploying IPv6 networks, systems, and applications.
- The current IP address landscape and the motivation for IPv6
- IPv6 addresses and protocol details
- DHCPv6
- DNS
- Tunneling
- Configuring hosts and application services
- IPv6-related security topics
Time permitting, and depending on audience interests, further topics can be covered, such as configuring IPv6 routing or programming examples.
Half Day Morning
Mahesh Rajani (M3, M8) is a Consulting Architect in the CoE group at VMware. He has been in the IT industry for over fifteen years, serving in various roles from developer through system administrator to cloud architect. Mahesh is a lead architect for the vCloud Architecture Design Toolkit. He has a Master's degree in electrical engineering from Texas A&M. He is also a VMware Certified Design Expert (VCDX-34).
Marina 2
Networking and security details will be provided about VXLAN and vShield technologies for use in a vCloud infrastructure design. Some concepts will also be applicable to a vSphere deployment and will thus be of value to both vSphere- and vCloud-skilled attendees.
We present how to utilize the VMware vCloud Architecture Toolkit (vCAT) for architecture design and operations of networking and security in a vCloud infrastructure.
Attendees will learn design and operational concepts and guidelines for addressing compliance within a vCloud through the use of VMware technologies for networking and security.
Cloud architects and cloud operators who are interested in the networking and security components tied to design and operation of a vCloud infrastructure. Prior knowledge of vCloud or attendance at Sunday's vCloud classes is strongly recommended but not required.
Best practices and guidelines from vCAT to support business requirements for compliance and connectivity.
- vCloud networking, including advanced topics such as vShield and VXLAN
- vCloud security considerations for design and operations
- Demonstration of features
Mike Ciavarella (S3, M4, M9, T8) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. His first UNIX system administration role was on a network of Sun workstations in 1991, where he built his first firewall. Since that time, Mike has made a point of actively promoting documentation and security as fundamental aspects of system administration. He has been a technical editor for Macmillan Press, has lectured on software engineering at the University of Melbourne (his alma mater), and has provided expert testimony in a number of computer security cases.
Nautilus 5
Automation is critical to surviving your system administration career with your sanity, hair, and systems intact. If you can automate some or all of a task, then you stand to make considerable gains in personal productivity, task repeatability, and system predictability.
So how can you achieve this state of Nirvana? The answer is, by scripting.
This class is a practical crash course in how, using a combination of bash, Perl, and friends, you can write useful scripts that solve real-world system administration problems.
Please note that this is a hands-on class. A basic understanding of programming ("What's a loop?") and how to edit files in your favorite flavor of U*X are assumed. Attendees will need to bring a laptop with OS X, Linux, or FreeBSD installed to complete in-class tasks.
if there is sufficient interest, we will schedule a BoF for scripting challenges, where we can work them out interactively as a group.
Junior and intermediate sysadmins who are new to scripting or would like to create scripts to reliably automate sysadmin tasks.
An understanding of how to apply standard utilities in your scripts, along with recipes for automating typical administration tasks.
- Controlling programs and processes
- Script building blocks
- Searching
- Working with data
- Pipes and performance
- Tying them all together to write effective scripts
- When scripts might not be the best choice
Thomas A. Limoncelli (M5, M10, T9) is an internationally recognized author, speaker, and system administrator. His best-known books include Time Management for System Administrators (O'Reilly) and The Practice of System and Network Administration (Addison-Wesley). He received the SAGE 2005 Outstanding Achievement Award. He works at Google in NYC.
Nautilus 2
This tutorial is also available for live streaming.
Find out more Purchase this Session
If you agree with any of these statements, this class is for you:
- I don't have enough time to get all my work done.
- As a sysadmin, I can't schedule, prioritize, or plan my work.
- I'm spending all my time mopping the floor; I don't have time to fix the leaking pipe.
- My boss says I don't work hard enough, but I'm always working my ____ off!
Sysadmins and developers who need more time in their day, who have problems getting projects done because of constant interruptions, or who want more control over their time and the ability to schedule work instead of working at the whim of their users.
The skills you need to get more done in less time.
- Introduction
- Why typical "time management" books don't work for sysadmins
- What makes "to-do" lists fail, and how to make them work
- How to eliminate "I forgot" from your vocabulary
- Managing interruptions
- Preventing them from getting to you
- Managing the ones you get
- Sharing the load with co-workers
- To-do lists
- Achieving perfect follow-through
- The Cycle System for recording and processing to-do lists
- Prioritization techniques
- Scheduling your work (for a sysadmin? really?)
- Task grouping: Batching, sharding, and multitasking
- Handling the most difficult days
- The day before a vacation
- The day a big outage disrupts your perfectly planned day
David Nalley (S5, M6, M11, T6) is a recovering systems administrator of 10 years and acted as a consultant for an additional 3 years. David is a committer on the Apache CloudStack project. In the Fedora Project, David is the maintainer of a few dozen software packages, is a sponsor for new packagers in Fedora, and is currently serving on the Fedora Project Board. David is a frequent author for development, sysadmin, and Linux magazines and speaks at IT and F/LOSS conferences.
Nautilus 1
In this half-day class we'll give system administrators an understanding of IaaS clouds, with the reference implementation being Apache CloudStack. We'll cover everything from initial configuration to scaling and maintaining availability.
Intermediate to advanced sysadmins or enterprise architects wanting to deploy a production Infrastructure as a Service cloud. Experience with virtualization platforms and a deep understanding of L2/L3 networking are preferred but not required.
What you need to deploy an IaaS cloud, based on Apache CloudStack, in an enterprise environment.
- Deploying Apache CloudStack
- Next-generation network topologies, including SDN
- Scaling storage without becoming indentured to SAN vendors
- Making CloudStack scale to tens of thousands of physical nodes
- Maintaining availability in a "failure is assured" environment
Joshua Jensen (M7, T1) was until recently Cisco Systems' Lead Linux IT Engineer, but is now a one-man IT shop for an autonomous project within Cisco focused on world domination. He has worked as an IBM consultant and was Red Hat's first instructor, examiner, and RHCE. Working with Linux for the past 15 years and for Red Hat for 4 1/2 years, he wrote and maintained large parts of the Red Hat curriculum: Networking Services and Security, System Administration, Apache and Secure Web Server Administration, and the Red Hat Certified Engineer course and exam.
Marina 6
System administrators are being tasked with bringing their office environments online, whether that's one stand-alone client attached to the Internet or a distributed network of Web servers. The network services that need to be configured in order to do this can be daunting to administrators who aren't familiar with the required applications. We will cover configuration examples, as well as overviews of the underlying protocols, that attendees can take home and put to work immediately.
The tutorial will be conducted in an open manner that encourages question-and-answer interruptions.
System administrators who are implementing network services and are looking for a background in the configuration of those services as well as basics of the protocols. Attendees should have some network client/server experience and a basic knowledge of UNIX administration, but they do not need to be experienced network administrators. Both new and intermediate network administrators will leave the tutorial having learned something.
Confidence in the ability to set up and maintain secure network services.
- Overview
- Network services
- SSH: Secure shell with OpenSSH
- FTP: Explore vsftpd
- HTTP: Apache and Tux and Squid
- SMTP: Postfix MTA
- NFS: Network File Systems
- LDAP: Global authentication with OpenLDAP
- DHCP: DHCPD and PXE
- DNS: ISC's BIND
- NTP: Network Time
- LPD: Printing with cups
- Host-based security with TCP Wrappers and Xinetd
- Overview of Linux packet filtering
- Network monitoring and logging
- Network utilities you should be using
Half Day Afternoon
David Hill (S7, M8) is a Senior Solutions Architect working at VMware, specializing in cloud computing, disaster recovery, and virtualization. He is a VMware Certified Advanced Professional (VCAP) and a VMware Certified Professional (VCP). David is a lead architect for the vCloud Architecture Toolkit. Before joining VMware, he was a self-employed IT consultant and architect for about fifteen years, working on projects for large consultancies and financial institutions.
Mahesh Rajani (M3, M8) is a Consulting Architect in the CoE group at VMware. He has been in the IT industry for over fifteen years, serving in various roles from developer through system administrator to cloud architect. Mahesh is a lead architect for the vCloud Architecture Design Toolkit. He has a Master's degree in electrical engineering from Texas A&M. He is also a VMware Certified Design Expert (VCDX-34).
Marina 2
Learn about availability techniques for vCloud infrastructure and workloads. This class will cover vCloud availability design aspects for site failure, with VMware Site Recovery Manager and storage replication adapters, and for workload failure, utilizing third-party backup/restore technologies.
Cloud architects and cloud operators who are interested in availability, business continuity, and disaster recovery for both the vCloud infrastructure and the deployed workloads. Prior knowledge of vCloud or attendance at the three previous VCloud classes at LISA '12 is recommended but not required.
Best practices and guidelines from the VMware vCloud Architecture Toolkit (vCAT) to support business requirements for compliance and connectivity.
- Backup and recovery of vCloud infrastructure and workloads
- Site failover considerations and options for vCloud infrastructure and workloads
- Use of VMware HA, DRS, FT, and other technologies
- Demonstrations where appropriate, if time permits
Mike Ciavarella (S3, M4, M9, T8) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. His first UNIX system administration role was on a network of Sun workstations in 1991, where he built his first firewall. Since that time, Mike has made a point of actively promoting documentation and security as fundamental aspects of system administration. He has been a technical editor for Macmillan Press, has lectured on software engineering at the University of Melbourne (his alma mater), and has provided expert testimony in a number of computer security cases.
Nautilus 5
The humble shell script is still a mainstay of UNIX/Linux system administration scripting languages, despite the wide availability of alternatives such as Perl, Python, TCL, and other similar languages. This class details techniques that move beyond the quick-and-dirty shell script.
Intermediate system administrators or anyone with a solid knowledge of programming and with some experience in Bourne/Korn shells or their derivatives.
An understanding of how to use the "lowly" shell to achieve lofty goals.
- Common mistakes and unsafe practices
- Modular shell script programming
- Building blocks: awk, sed, etc.
- Writing secure shell scripts
- Performance tuning
- Choosing the right utilities for the job
- Addressing portability at the design stage
- When not to use shell scripts
Thomas A. Limoncelli (M5, M10, T9) is an internationally recognized author, speaker, and system administrator. His best-known books include Time Management for System Administrators (O'Reilly) and The Practice of System and Network Administration (Addison-Wesley). He received the SAGE 2005 Outstanding Achievement Award. He works at Google in NYC.
Nautilus 2
This tutorial is also available for live streaming.
Find out more Purchase this Session
Attendees must bring a laptop for in-class exercises. Techniques will apply to any wiki or collaborative document system, but the labs and demos will be done using Google Apps.
All sysadmins who want to collaborate efficiently within their team and with others (even solo sysadmins will benefit!).
Techniques to help your IT team work better, faster, and more transparently.
- Meetings and email
- Making meetings not suck
- Handling meetings that can't be fixed
- Stopping incoming email overload
- Making sure your email gets read
- How to get your co-workers to go along with your awesome ideas
- Working better together using collaborative documents
- Buy vs. build: How to get a team to agree
- Common sysadmin uses of collaborative documents
- Uncommon sysadmin uses of collaborative documents
- Communicating a new design before you build it
- Tracking loaner resources
- Doing surveys
- Assuring consistent results no matter who does the task
- Making sure everyone on the team can share the work
- Quick and easy way to document each service (and why you should)
- Quick and easy way to document procedures (so others can do them for you)
- Pager-duty tips for creating a feedback loop to assure constant improvement
- Template for a simple IT department home page
David Nalley (S5, M6, M11, T6) is a recovering systems administrator of 10 years and acted as a consultant for an additional 3 years. David is a committer on the Apache CloudStack project. In the Fedora Project, David is the maintainer of a few dozen software packages, is a sponsor for new packagers in Fedora, and is currently serving on the Fedora Project Board. David is a frequent author for development, sysadmin, and Linux magazines and speaks at IT and F/LOSS conferences.
Nautilus 1
To quote Tom Limoncelli, "It's not a service if you aren't monitoring it." A decade ago, monitoring effectively meant either cobbled together, home-grown scripts or massive and inflexible enterprise applications. In the intervening time, monitoring has become a must-have for even the smallest environment, the hodgepodge collection of scripts has grown to become unmaintainable, and the massive enterprise applications, while working well, are slow to respond to the changes happening everywhere. In that interim, monitoring with open source software has effectively become the de facto standard, because, like the browser and operating system, monitoring is now a commodity.
Zenoss is free/libre open source software for monitoring applications, networks, servers, and even whether the restroom is in use.
Sysadmins and managers who are planning to use or are evaluating Zenoss as a monitoring platform, and those who are nascent in their exploration of systems/network monitoring. Sysadmins experiencing scaling/scope issues with other tools such as RRDtool or Nagios will walk away learning much. Participants are expected to be relatively well versed in operating system and application mechanics.
A good grasp of the basics of Zenoss and monitoring theory and the ability to put this information to use immediately, along with a rudimentary understanding of some of the more esoteric features Zenoss offers.
- Monitoring theory
- Status monitoring
- Performance monitoring
- Predictive monitoring
- Overview of Zenoss capabilities
- Overview of Zenoss installation
- Methods to jumpstart monitoring
- Auto discovery
- Templating and inheritance
- Deep inspection of monitoring capabilities
- SNMP
- WMI
- Network Service Checks
- Nagios
- Syslog
- WBEM
- Esoteric things
- Dealing with the information/alerts
- Reporting
- Alerts
- Taking your monitoring to the next level
- Automated dependency checking
- Integration with configuration management systems
- ZenPacks—monitoring everything
- Event transforms
Geoff Halprin (S6, S9, M12) has spent over 30 years as a software developer, system administrator, consultant, and troubleshooter. He has written software from system management tools to mission-critical billing systems, has built and run networks for enterprises of all sizes, and has been called upon to diagnose problems in every aspect of computing infrastructure and software.
He is the author of the System Administration Body of Knowledge (SA-BOK) and the SAGE Short Topics book A System Administrator's Guide to Auditing and was the recipient of the 2002 SAGE-AU award for outstanding contribution to the system administration profession.
Geoff has served on the boards of SAGE, SAGE-AU, USENIX, and LOPSA. He has spoken at over 20 conferences in Australia, New Zealand, Canada, Europe, and the US.
Marina 6
Starting at a new company gives you exactly one chance to do things differently, to establish a new approach, realign the team's efforts, and change the tenor of the discussion. To be effective in your new role as leader, you must establish rapport with the other departments and with your team, and take control of the work pipeline.
You've made the leap. You're about to start at a new company, maybe as a senior sysadmin, maybe as a team leader or manager. Now you're asking yourself, "What do I do first?"
Moving to a different company or being promoted internally gives us a unique opportunity to put aside the history of a site and take a new look with a clean set of eyes. If you're hired as the new team lead or manager, then knowing how you're going to get to know the new site and how you're going to get on top of any site consolidation activities is critical to your longevity in the role.
This class discusses the various aspects of moving from a tactical (bottom-up) view of system administration to a strategic (top-down) view. We cover the initial site survey, the first steps of identifying and cauterizing open wounds, and the process of systemic review and improvement.
Anyone starting or contemplating a new position, including making an in-house move that enables you to start over; anyone with a new boss who wants to understand and help that boss; anyone about to apply for a senior position who wants to take control of the interview process.
A set of tools and perspectives that will help you evaluate an environment, from company structure and pain points to IT systems and team skills, and help you engage a team in improvements to the department.
- Part 1: A topical view
- Organizational awareness: The boss, the company
- The team: Assessing the team; first repairs
- Building the work pipeline; second repairs
- Systems and processes: Workflow management, change management, event management
- Round 1: Cauterizing the wound
- Round 2: Some early wins
- Round 3: The Big Three
- Systemic improvement programs
- Part 2: A temporal view
- The first day
- The first week
- The first month
- The first hundred days
Full Day
Joshua Jensen (M7, T1) was until recently Cisco Systems' Lead Linux IT Engineer, but is now a one-man IT shop for an autonomous project within Cisco focused on world domination. He has worked as an IBM consultant and was Red Hat's first instructor, examiner, and RHCE. Working with Linux for the past 15 years and for Red Hat for 4 1/2 years, he wrote and maintained large parts of the Red Hat curriculum: Networking Services and Security, System Administration, Apache and Secure Web Server Administration, and the Red Hat Certified Engineer course and exam.
Marina 3
We are evolving from a single service running on a single server, complete with multiple points of hardware and software failure...but to what? With services and platforms that need to be restored before our pagers or bat-phones ring, system administrators of today have a need for high availability. Starting with the current realities of modern data centers, this full-day tutorial will explore practical uses of Linux clusters.
Linux administrators who are planning on implementing a multi-service fail-over cluster implementation in a production environment. Course attendees should be familiar with the basics of system administration in a Linux environment. At no point will the word "cloud" be used, although novice administrators and gurus alike should leave the tutorial having learned something.
The knowledge and ability to create and administer highly available services and filesystems on a Linux cluster.
- Linux HA Cluster technology: Corosync, OpenAIS, rgmanager, Conga
- Data management with shared disk implementations: SAN, iSCSI, AoE, FCoE
- Node fencing with STONITH
- Network power switches and IPMI
- Clustered logical volume management
- GFS2 filesystems with Distributed Lock Manager (DLM)
- Service management with failover domains
- Virtual machines as a cluster service
- Cluster administration with luci
- Working with cluster-unaware services
Half Day Morning
Shumon Huque (M2, T2) is the Director of Engineering, Research, and Development for the University of Pennsylvania's Networking and Telecommunications division and also serves as the Lead Engineer for the MAGPI GigaPoP. He is involved in network engineering, systems engineering, and the design and operation of key infrastructure services at Penn (DNS, DHCP, authentication, email, Web, VoIP, Directory, etc). He holds Bachelor's and Master's degrees in computer science from Penn. In addition to his day job, Shumon teaches (part time) a lab course on advanced network protocols at Penn's Engineering School.
Shumon is the principal IPv6 architect at Penn and has been running production IPv6 networks and services for almost a decade. Web site: http://www.huque.com/~shuque/.
Nautilus 3
This class will give system administrators an understanding of the DNS protocol, including advanced topics such as DNS security. It will provide practical information about configuring DNS services, using examples from the popular ISC BIND DNS software platform.
Sysadmins and network engineers who are tasked with providing DNS services, as well as anyone interested in knowing more about how the DNS works.
An understanding of DNS and DNSSEC, with the basic knowledge necessary to design and deploy DNS services.
- The DNS protocol and how it works
- DNS master zone file format
- Server configurations and recommendations
- DNSSEC (DNS Security Extensions) and how to deploy it
- Many examples of DNS query and debugging using the "dig" tool
- DNS and IPv6
Steven Murawski (T3) is the Senior Windows System Engineer for Edgenet, a data services company, and a Microsoft MVP in PowerShell. In this role, he supports a dynamic infrastructure that pushes the boundaries of the Windows platform. Steven blogs at UsePowerShell.com (http://blog.usepowershell.com). Steven also leads two local user groups, the Greater Milwaukee IT Pro User Community (http://gmitpuc.com) and the Greater Milwaukee Script Club (http://blog.usepowershell.com). He speaks regularly to local user groups and can be found at various conferences.
Nautilus 4
This tutorial is also available for live streaming.
Find out more Purchase this Session
Do you find yourself repeating a task often? Do you have to retrieve information or change settings on a number of servers or users at once or regularly? Do you find clicking repetitively just too slow to keep up?
If you answered any of these questions with a "Yes," don't miss this half-day class. We will cover a number of ways to make you more productive, in less time—and it is far easier than you may think possible.
System administrators and anyone else who wants to be more productive on the Microsoft Windows platform.
Usable commands and patterns to make attendees more effective in working with the Windows platform, along with familiarity with the discovery patterns in PowerShell, so that they can continue to develop their skills.
- Introduction to PowerShell
- Finding the commands you need
- What's in the help files
- Discovering hidden gems in command output
- Working from the shell
- Navigating the file system, registry, and more
- Working with objects (everything in PowerShell is an object)
- Working with servers and workstations
- Discovering WMI
- Working with text
- Dealing with remote machines via WMI and PowerShell Remoting
- PowerShell Version 2 and the upcoming release of Version 3
Jacob Farmer (T4, T10) is an industry-recognized expert on storage networking and data protection technologies. He has authored numerous papers and is a regular speaker at major industry events such as Storage Networking World, VMworld, Interop, and the USENIX conferences. Jacob's no-nonsense, fast-paced presentation style has won him many accolades. Jacob is a regular lecturer at many of the nation's leading colleges and universities. Recently he has given invited talks at institutions such as Brown, Columbia, Cornell, Carnegie Mellon, Duke, Harvard, and Yale. Inside the data storage industry, Jacob is best known for having authored best practices for designing and optimizing enterprise backup systems and for his expertise in the marketplace for emerging storage networking technologies. He has served on the advisory boards of many of the most successful storage technology startups. Jacob is a graduate of Yale. Follow him on Twitter @JacobAFarmer.
Marina 2
There has been tremendous innovation in the data storage industry over the past few years. New storage architectures have come to market to challenge traditional SAN and NAS products with nimble new designs that are much better suited to serving the increasingly virtual nature of applications and server infrastructure. Meanwhile, the allure of cloud computing and the emergence of affordable enterprise-class solid state storage devices have inspired ever more innovative approaches to storage caching, tiering, and deduplication. This lecture is a survey of the latest trends and advances in the data storage industry. We trace the I/O path from application to storage media and look at a wide variety of solutions to the ever-changing challenges of data storage.
System administrators running day-to-day operations, enterprise architects, storage administrators. This tutorial is technical in nature, but it does not address command-line syntax or the operation of specific products or technologies. Rather, the focus is on general architectures different ways to tackle various storage management challenges.
A better understanding of modern storage architectures, various approaches to scaling in both performance and capacity, and a framework for comparing and contrasting various types of storage solutions.
- The storage I/O path and the fundamentals of storage virtualization
- Application acceleration with solid state storage devices (SSDs)
- Automated tiered storage and information life cycle management (ILM)
- Deduplication of primary storage
- Object storage models and content-addressable storage
- Leveraging the cloud for primary storage
Mark Burgess (T5, F3) is the founder, chairman, CTO, and principal author of CFEngine. In 2011 he resigned as Professor of Network and System Administration at Oslo University College, where for twenty years he led the way in theory and practice of automation and policy-based management. In the 1990s he underlined the importance of idempotent, autonomous desired state management ("convergence") and formalized cooperative systems in the 2000s ("promise theory"). He is the author of numerous books and papers on network and system administration, including the USENIX Short Topics books A System Engineer's Guide to Host Configuration and Maintenance Using Cfengine, co-authored with Æleen Frisch, and A Sysadmin's Guide to Navigating the Business World,co-authored with Carolyn Rowland. He has won several prizes for his work.
Carolyn Rowland (T5) began working with UNIX in 1986; her professional career as a UNIX system administrator took off in 1991. She currently leads a team of sysadmins at the National Institute of Standards and Technology (NIST), driving innovation and supporting research projects for the Engineering Laboratory. She believes we need to increase the visibility of system administration by engaging senior leadership and tying our efforts to the priorities of business. Carolyn is also Secretary of the USENIX Board of Directors and the LISA '12 Program Chair. In 2011–2012 Carolyn began to focus on the community of women in computing, including co-chairing the first-ever USENIX Women in Advanced Computing (WiAC) Summit. Carolyn will continue as co-chair of WiAC in 2013.
Nautilus 5
As a system administrator, you are already a crack technical analyst or engineer, but does your management understand the value and importance of your work? When you ask for staff or funding to support new or existing efforts, does management readily support you? Does management look to you to develop the future of IT services in your organization? Do you feel you have enough time to focus on projects and innovation instead of fire-fighting?
If you answered no to several of the above questions, then this course is for you. The first step toward improving your professional quality of life is to create a positive and collaborative relationship with your management. So why not take responsibility for the relationship? Senior management makes the decisions about budget, staffing, and, often, new services, without understanding the full impact of their decisions. What if you could make yourself part of that process? What if it was easy to ask your management for more resources because they already believed strongly in your positive contribution to the organization?
System administrators often have all the responsibility for IT systems, but none of the control. In this course we bring the two sides together by teaching the system administrator how to communicate effectively so that management will listen and understand. You can use the tactics presented here to increase your value in the organization and improve your marketability.
Make business look good, and you become an important asset to your organization. Your management will appreciate these skills because you will be demonstrating your value in ways they understand and that empower them to make smart IT investment decisions. In turn, your professional credibility increases, putting you in a position to influence decisions impacting your role in the organization.
IT people and sysadmins interested in taking their career to the next level, improving their relationship with senior management, and increasing their value and marketability.
Skills to help you develop a productive relationship with your management.
- How to approach management to ask for resources you need
- Empowering management to make good IT decisions
- Demonstrating the value of your work in a way that management will understand
- Convincing management of the importance of time to innovate (R&D)
- Reducing time spent fire-fighting (efficiencies and cost savings)
- Growing organizational loyalty for your team
- How to build the perception that you are customer-focused and mission-oriented
- Ways to communicate the benefits of supporting a strong IT presence
- Increased organizational competitiveness
- Increased employee productivity
- Cost avoidance and efficiencies
- Risk management
- Knowledge and information management
- How to develop a collaborative relationship with your management that enables both sides to be successful
David Nalley (S5, M6, M11, T6) is a recovering systems administrator of 10 years and acted as a consultant for an additional 3 years. David is a committer on the Apache CloudStack project. In the Fedora Project, David is the maintainer of a few dozen software packages, is a sponsor for new packagers in Fedora, and is currently serving on the Fedora Project Board. David is a frequent author for development, sysadmin, and Linux magazines and speaks at IT and F/LOSS conferences.
Nautilus 1
Networking has been relatively static for decades. We've seen increases in speed, but many of the traditional topologies are inherently limited. Innovative networks are quite different. If you look at public services, such as AWS, or large private cloud deployments, you see that their networking topology looks contrary to everything that's been standard for years. In this half-day class we'll reexamine what limitations there are and what innovative options exist to remove those limitations.
Advanced system or network admins with a deep understanding of L2/L3 networking who want to learn about new networking technologies that are enabling scaling networks.
Knowledge of emerging networking standards and where they are best used.
- How massive public and private clouds build their networks to ensure scalability
- How software defined networks work
- Technologies worth looking at: VXLAN, NVGRE, GRE
Jason Faulkner (T7), a network engineer for the email and applications division of Rackspace, is responsible for maintaining Linux firewalls and load balancers for millions of business email users. He is a current member of LOPSA and an active contributor to the keepalived project. Outside of his daily responsibilities, he has also maintained the computer history website oldos.org since 2003.
Nautilus 2
We will be talking about how to configure IP addresses and static routes using iptables for security and convenience, the iproute2 utilities for advanced routing and IP configurations, and some "gotchas" that can happen with Linux networks. You'll learn why you should throw away ifconfig on Linux in favor of ip, and how to create and optimize iptables rule sets.
You will leave this class with enough IPv6 knowledge to kick-start your transitions or understand your preexisting IPv6 network. We'll also discuss how the loss of NAT doesn't mean your network can't be secure.
Novice and intermediate Linux system and network administrators, or anyone who wants to understand the ins and outs of networking on Linux. A basic understanding of the OSI model and Linux utilities is recommended but not required. This class is especially well suited for administrators making the leap from Windows to Linux.
Ways to expertly secure and route your Linux servers on an IP network.
- Basics
- Networking review
- Basic network configuration: Sysconfig-based configuration, ifconfig/route, iproute2
- Other useful network troubleshooting tools: ethtool, sysctl -a, ip route get (ip address)
- Firewalls
- High-level firewall architecture
- ip[6]tables: differences between iptables and ip6tables, common use cases, how traffic flows through iptables, targets and matches you never knew existed
- Advanced topics
- Optimization
- Complex rulesets
- Custom chains
- Other interesting things
- Multiple routing tables
- IPv6 tunneling
- Balancing among multiple ISPs
- Network tuning using sysactls
Half Day Afternoon
Mike Ciavarella (S3, M4, M9, T8) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. His first UNIX system administration role was on a network of Sun workstations in 1991, where he built his first firewall. Since that time, Mike has made a point of actively promoting documentation and security as fundamental aspects of system administration. He has been a technical editor for Macmillan Press, has lectured on software engineering at the University of Melbourne (his alma mater), and has provided expert testimony in a number of computer security cases.
Nautilus 3
Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.
System administrators who need to produce documention for the systems they manage.
The ability to make immediate, practical use of these documentation techniques.
- Why system administrators need to document
- The document life cycle
- Targeting your audience
- An adaptable document framework
- Common mistakes in documenting
- Tools to assist the documentation process
Thomas A. Limoncelli (M5, M10, T9) is an internationally recognized author, speaker, and system administrator. His best-known books include Time Management for System Administrators (O'Reilly) and The Practice of System and Network Administration (Addison-Wesley). He received the SAGE 2005 Outstanding Achievement Award. He works at Google in NYC.
Guido Trotter (T9), a Senior Systems Engineer at Google, has worked as a core Ganeti developer and designer since 2007. He is also a regular conference speaker, having presented at LISA, Fosdem, Linuxcon, Debconf, and other open source and community gatherings. He mostly speaks about Ganeti, virtualization in the open source world, and Linux networking features for virtualized environments.
Nautilus 4
This tutorial is also available for live streaming.
Find out more Purchase this Session
Ganeti is a cluster virtualization system developed mostly at Google but used by many organizations worldwide. Businesses and groups can leverage the power of Ganeti to easily and effectively manage fleets of physical hosts and use them to schedule virtual machine guests.
Reasons for choosing Ganeti include that it is very lightweight, it is simple to install and manage, and it doesn't demand special storage hardware.
System engineers interested in using virtualization and cloud technologies efficiently to consolidate systems and decouple physical hardware resources from virtual systems. Ideal participants are proficient with Linux/UNIX system administration and may already be using some virtualization technologies, but want to achieve a higher level of scalability for their systems by employing a cluster management technology such as Ganeti, without the need to invest money in specialized hardware resources such as SANs.
The knowledge needed to create and maintain your own Ganeti cluster, to provide an IaaS cloud or virtualized services.
- Setting up and managing a Ganeti cluster
- Ganeti internals: how to make changes
- Monitoring your cluster and dealing with failure
- Ganetia as a back end
- Typical and atypical use cases
This tutorial is also available for live streaming.
Find out more Purchase this Session
Jacob Farmer (T4, T10) is an industry-recognized expert on storage networking and data protection technologies. He has authored numerous papers and is a regular speaker at major industry events such as Storage Networking World, VMworld, Interop, and the USENIX conferences. Jacob's no-nonsense, fast-paced presentation style has won him many accolades. Jacob is a regular lecturer at many of the nation's leading colleges and universities. Recently he has given invited talks at institutions such as Brown, Columbia, Cornell, Carnegie Mellon, Duke, Harvard, and Yale. Inside the data storage industry, Jacob is best known for having authored best practices for designing and optimizing enterprise backup systems and for his expertise in the marketplace for emerging storage networking technologies. He has served on the advisory boards of many of the most successful storage technology startups. Jacob is a graduate of Yale. Follow him on Twitter @JacobAFarmer.
Marina 2
Most IT organizations report exponential data growth over time, and whether your data doubles every year, every two years, or every five years, the simple fact remains that if your data capacities double, then both the capacity and the performance of your backup system must double. All of this doubling stresses traditional approaches to data management. Thus, it is no surprise that backup/recovery is one of the most costly and unforgiving operations in the data center. Meanwhile, most IT organizations also report that the vast majority of their unstructured data is seldom or never accessed. Files accumulate year after year, choking the backup systems and driving up costs.
This course explores two main ways to manage the data deluge: (1) optimize backup systems by eliminating bottlenecks, streamlining operations, and bulking up backup infrastructure; and (2) manage the life cycles of unstructured data so that files that are not in active use can be managed separately from files that are in active use. We start by offering a simple framework for defining business requirements and comparing solutions at a high level. We then delve into the various mechanisms for lifecycle management and for eliminating backup system bottlenecks. Some time is spent exploring storage systems that have built-in mechanisms for data protection and lifecycle management.
System administrators involved in the design and management of backup systems and policymakers responsible for protecting their organization's data.
Ideas for immediate, effective, inexpensive improvements to your backup systems and a vision for how you might deploy a lifecycle management system that fits your organization.
- Formulating strategies for data protection and lifecycle management
- Identifying and addressing backup system bottlenecks
- Managing fixed content
- Hierarchical storage management and data migration
- In-band versus out-of-band approaches to file lifecycle management
- Breathing new life into tape storage
- Deduplication: separating hype from reality
- Object-based storage models for backup and archiving
- Self-healing and self-protecting storage systems
- Leveraging the cloud for backup and archiving
David N. Blank-Edelman (T11, R2) is the Director of Technology at the Northeastern University College of Computer and Information Science and the author of the O'Reilly book Automating System Administration with Perl (the second edition of the Otter book), available at purveyors of fine dead trees everywhere. He has spent the past 25+ years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He was the program chair of LISA '05 and was one of the LISA '06 Invited Talks co-chairs. David is honored to have been the recipient of the 2009 SAGE Outstanding Achievement Award and to serve on the USENIX Board of Directors.
Nautilus 5
Savvy sysadmins know that WordPress is no longer just a blogging engine. In more and more cases it hits a sweet spot for people who need a simple content management system to manage their Web site. It is powerful, relatively easy to use, doesn't require a consultant to set up, ties into a whole bunch of other services, is part of a thriving ecosystem, oh, and is (mostly) free.
If you ever get asked to create a Web site for your company, a non-profit you volunteer for, your religious community, a friend's business, an upcoming conference, or the ilk, you owe it to yourself to add WordPress to your toolbox. This class will teach you, from one sysadmin to another, how to implement WordPress to handle all of these scenarios.
Anyone who has recently been asked to spin up a new Web site or manage an existing WordPress site.
A sysadmin's understanding of WordPress and the confidence to implement it the right way.
- How to choose the best way to host and develop your WordPress site
- How to choose among the kerjillions of WordPress themes available
- The five plug-ins you won't want to be without
- Ways to extend WordPress to make it sing and dance the way you want it to
- How to keep your WordPress installation as safe as possible
- Where to find the best tips and tricks to further your WordPress knowledge
We'll go over all the steps a respectable sysadmin would take from first download to final deployment, including all of those testing/staging steps in between that non-sysadmins tend to forget. People with all levels of experience with WordPress are welcome. If you've already done a little work with WP, come extend and share your knowledge. After you take this class, don't be surprised if the next Web site you implement is running WordPress.
Theodore Ts'o (T12, R1) has been a Linux kernel developer since almost the very beginnings of Linux: he implemented POSIX job control in the 0.10 Linux kernel. He is the maintainer and author of the Linux COM serial port driver and the Comtrol Rocketport driver, and he architected and implemented Linux's tty layer. Outside of the kernel, he is the maintainer of the e2fsck filesystem consistency checker. Ted is currently employed by Google.
Nautilus 1
Ever had a hard drive fail? Ever kick yourself because you didn't keep backups of critical files, or you discovered that your regularly nightly backup didn't succeed?
Of course not: everybody keeps regular backups and verifies them to make sure they are successful. But for those people who think they might nevertheless someday need this information, this tutorial will discuss ways of recovering from storage disasters caused by failures somewhere in the hardware or software stack.
Linux system administrators and users.
How to recover from storage disasters caused by failures somewhere in the hardware or software stack.
- How data is stored on hard drives
- Recovering from a corrupted partition table
- Recovering from failed software RAID systems
- Low-level techniques to recover data from a corrupted ext2/3/4 filesystem when backups aren't available
- Using e2image to back up critical ext2/3/4 filesystem metadata
- Using e2fsck and debugfs to sift through a corrupted filesystem
- Preventive measures to avoid needing to use heroic measures
Full Day
Alan Robertson (W1) founded the High-Availability Linux (Linux-HA) project in 1998 and led the project for ten years; it has since become the Pacemaker project. He worked for SuSE for a year, then worked in IBM's Linux Technology Center for five years. Alan continues to work on Linux and UNIX systems for IBM on a variety of projects. His most recent open source project is the extremely scalable, discovery-driven Assimilation Monitoring Project.
Before joining SuSE, he was a Distinguished Member of Technical Staff at Bell Labs. He worked for Bell Labs for twenty-one years, in a variety of roles, among which were providing leading-edge computing support, writing software tools, and developing voicemail systems.
Marina 4
The Linux-HA project (http://linux-ha.org/), together with its child project, Pacemaker, is the oldest and most powerful open source high-availability (HA) package available, comparing favorably to well-known commercial HA packages. This software runs on a variety of POSIX-like systems, including FreeBSD, Solaris, and OS X.
Pacemaker+Linux-HA provides highly available services on clusters from one to more than 16 nodes with no single point of failure. These services and the servers they run on are monitored. If a service should fail to operate correctly, or a server should fail, the affected services will be quickly restarted or migrated to another server, dramatically improving service availability.
Pacemaker supports rules for expressing dependencies between services, and powerful rules for locating services in the cluster. Because these services are derived from init service scripts, they are familiar to system administrators and are easy to configure and manage.
System administrators and IT architects who architect, evaluate, install, or manage critical computing systems. It is suggested that participants have basic familiarity with system V/LSB-style startup scripts, shell scripting, and XML. Familiarity with high availability concepts is not assumed.
Both the basic theory of high availability systems and practical knowledge of how to plan, install, and configure highly available systems using Linux-HA and Pacemaker.
- General HA principles
- Installation of the Linux-HA and Pacemaker software
- Configuration overview
- Overview of commonly used resource agents
- Managing services supplied with init(8) scripts
- Sample configurations for Apache, NFS, DHCP, DNS, and Samba
- Writing and testing resource agents conforming to the Open Cluster Framework (OCF) specification
- Creating detailed resource dependencies
- Creating co-location constraints
- Writing resource location constraints
- Causing failovers on user-defined conditions
Bob Hancock (W2) is a principal in Sirguey-Hancock, Ltd., a consulting company in New York City. He has spoken throughout the US and Europe on using parallelism and concurrency to build scalable and fast applications in Python. He is the manager of the Google Developer Group—New York and a co-organizer of NYC Python. At Pycon 2012 his talk, "Optimizing Performance with Parallelism and Concurrency," was packed and can be seen at http://www.youtube.com/watch?v=ULdDuwf48kM. You can follow his writings at bobhancock.org and the Open Source project of the implementation of the xmeans algorithm for clustering unstructured data at https://github.com/bobhancock/goxmeans.
Marina 6
We will take a practical tour of Python, with an emphasis on using the language to solve problems in data analysis, performance, systems administration, and network programming. The emphasis will be on solving real-world problems.
Although this will not be a lab, you should have Python 3.3 installed on your laptop if you want to follow along. Go to python.org to download and install the version appropriate for your operating system.
Programmers who want to use the Python programming language and understand how it can be applied to practical problems in data analysis, system administration, systems programming, and networking. No prior Python knowledge is required, but attendees should already be experienced programmers in at least one other programming language such as C, C++, Go, Java, Perl, or Ruby.
An understanding of the Python language and how it can be used to solve your problems on a daily basis.
- The Python language
- Basic syntax
- Core datatypes
- Control flow and exception handling
- Functions, generators, and co-routines
- Modules and classes
- Testing
- C and Go extensions
- The different versions of Python
- Major library modules
- Text processing
- Operating system calls
- Network programming: core and third-party
- Web programming: client and simple server
- Practical programming examples
- Text parsing
- Data analysis
- Processing and analyzing large log files
- Performance considerations
- Interacting with the operating system
- Interacting with Web services
- Network programming
- Threads, futures, and co-routines
Stuart Kendrick (W3) is an IT Architect at the Fred Hutchinson Cancer Research Center, specializing in troubleshooting, device monitoring, and transport. He started his career in 1984, writing in FORTRAN on Crays for Science Applications International Corporation; he worked in help desk, desktop support, system administration, and network support for Cornell University in Ithaca and later Manhattan. He has been in his multi-disciplinary role at FHCRC in Seattle since 1993, where he functions as ITIL problem manager/problem analyst and leads root cause analysis efforts. He is happiest when correlating packet traces with syslog extracts and writing scripts to query device MIBs.
Seabreeze
Troubleshooting is hard. I don't claim to be an expert at either doing it or teaching it. On the other hand, I have several decades of experience wielding packet analyzers, debuggers, and log parsers and have accumulated various strategies that I believe you'll find useful. This is a hands-on seminar: you will work through case studies taken from real-world situations. We divide into groups of 3–5, review a simplified version of Advance7's Rapid Problem Resolution (RPR) methodology, and then oscillate, on about a half-hour cycle, between coming together as a class and working in groups. During class time, I describe the scenario, explain the current RPR step, and offer to role-play key actors. During group time, I walk around, coaching and answering questions.
The course material includes log extracts, packet traces, strace output, network diagrams, Cacti snapshots, and vendor tech support responses, all taken from actual RCA efforts. I bring a dozen baseball caps emblazoned with Sys Admin or Storage Admin or End-User and will role-play those personas as needed.
An example: You ask the sysadmin to reboot the server. Meh, OK, the server has rebooted, but after a couple of minutes, the CPU utilization is pegged at 100% again. What do you want to do next?
BYOL (Bring Your Own Laptop) loaded with Wireshark and a graphics viewer (PDF and PNG) for some hands-on, interactive, team-oriented, real-world puzzle solving.
Draft deck visible at:
http://www.skendric.com/problem/rca/Root-Cause-Analysis-LISA-2012.pdf
System admininstrators and network engineers tasked with troubleshooting multidisciplinary problems.
Practice in employing a structured approach to analyzing problems that span multiple technology spaces.
Case studies, e.g.:
- Hourly Data Transfer Fails—Every hour, an application at the clinic wakes up, contacts its partner at a central hospital, and exchanges data, thus keeping the patient databases synchronized. Several times a day, this process fails, alerting the database administrator with the helpful message "A Network Error has occurred."
- Many Applications Crash—Outlook crashes, Word documents fail to save, Windows Explorer hangs: The office automation applications servicing ~1500 users intermittently report a range of error messages. Suspicion falls on the mass-storage device hosting home and shared directories.
- Slow Downloads—Intermittently, both internal and external users see slow downloads from the public Web site. Is it the load-balancer, or the firewall?
Full Day
Theodore Ts'o (T12, R1) has been a Linux kernel developer since almost the very beginnings of Linux: he implemented POSIX job control in the 0.10 Linux kernel. He is the maintainer and author of the Linux COM serial port driver and the Comtrol Rocketport driver, and he architected and implemented Linux's tty layer. Outside of the kernel, he is the maintainer of the e2fsck filesystem consistency checker. Ted is currently employed by Google.
Seabreeze
The Linux operating system is commonly used in both the data center and for scientific computing applications; it is used in embedded systems as small as a wristwatch, as well as in large mainframes. As a result, the Linux system has many tuning knobs, so that it can be optimized for a wide variety of workloads. Some tuning of the Linux operating system has been done "out of the box" by enterprised-optimized distributions, but there are still many opportunities for a system administrator to improve the performance of his or her workloads on a Linux system.
This class will cover the tools that can be used to monitor and analyze a Linux system, and key tuning parameters to optimize Linux for specific server applications, covering the gamut from memory usage to filesystem and storage stacks, networking, and application tuning.
Intermediate and advanced Linux system administrators who want to understand their systems better and get the most out of them.
The ability to hone your Linux systems for the specific tasks they need to perform.
- Strategies for performance tuning
- Characterizing your workload's requirements
- Finding bottlenecks
- Tools for measuring system performance
- Memory usage tuning
- Filesystem and storage tuning
- NFS performance tuning
- Network tuning
- Latency vs. throughput
- Capacity planning
- Profiling
- Memory cache and TLB tuning
- Application tuning strategies
David N. Blank-Edelman (T11, R2) is the Director of Technology at the Northeastern University College of Computer and Information Science and the author of the O'Reilly book Automating System Administration with Perl (the second edition of the Otter book), available at purveyors of fine dead trees everywhere. He has spent the past 25+ years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He was the program chair of LISA '05 and was one of the LISA '06 Invited Talks co-chairs. David is honored to have been the recipient of the 2009 SAGE Outstanding Achievement Award and to serve on the USENIX Board of Directors.
Marina 2
It's time to learn how to break the rules, abuse the tools, and generally turn your system administration knowledge inside out. This class is a cornucopia of ideas for creative ways to take the standard (and sometimes not-so-standard) system administration tools and techniques and use them in ways no one would expect. We'll also cover some tools you may have missed.
Note: The teacher takes no responsibility should your head explode during this class.
Old-timers who think they've already seen it all and those who want to develop inventive thinking early in their career. Join us and be prepared to be delighted, disgusted, and amazed. Most of all, be ready to enrich your network and system administration by learning to be different.
New approaches to old problems, along with some ways to solve the insolubles.
- How to (ab)use perfectly good network transports by using them for purposes never dreamed of by their authors
- How to improve your network services by intentionally throwing away data
- How Powerpoint karaoke can make you a better sysadmin
- And much, much more!
Full Day
Tom Wheeler's (F1) career spans more than fifteen years in the communications, biotech, financial, healthcare, aerospace, and defense industries. Before joining Cloudera, he developed engineering software at Boeing, helped to design and implement a high-volume data processing system for WebMD, and served as senior programmer/analyst for a brokerage firm. He now works as a Curriculum Developer at Cloudera, a company that helps organizations derive value from their data through products, consulting, training, certification, and support for Apache Hadoop and related tools.
Marina 2
Systems are increasingly automated, and we're generating information faster than ever before. Data storage capacity has risen while prices have fallen, finally making it possible to store and analyze vast amounts of information in order to gain valuable insight into customer behavior, important trends, and new opportunities.
At the forefront of the Big Data revolution is Apache Hadoop, an open source system that harnesses the power of commodity hardware to achieve large-scale data storage and processing. This class will begin with a solid overview of Apache Hadoop and related tools, then move into a more detailed discussion of interest to those who want to learn more about security and performance considerations, as well as the planning, installation, monitoring, and maintenance of a production Hadoop cluster.
System administrators and network operations staff; architects and IT management who have a technical background; developers who are interested in a semi-technical introduction to Hadoop.
What you need to get started with Hadoop.
- Why the world needs Hadoop
- What Hadoop is and what it can do
- Overview of the Hadoop ecosystem
- The Architecture behind Hadoop
- Hadoop cluster planning
- The Hadoop cluster operation
Nautilus 4
We will take the student through a condensed version of the three-day Puppet Master training, describe the Puppet resource model, introduce the Puppet language, write and test Puppet modules, and deploy the Puppet Master and Dashboard. To get the most out of this class, students should bring a laptop running either VMware or Virtualbox.
System administrators who are interested in deploying Puppet to subdue the chaos in their infrastructure.
A thorough understanding of what you need to know and do to deploy Puppet in your organization.
- Describing system state via Puppet Resource
- Organizing resources in Puppet modules with classes and defines
- Writing custom facts and functions
- Automating configuration of network services
- Deploying Puppet Master and Dashboard
Mark Burgess (T5, F3) is the founder, chairman, CTO, and principal author of CFEngine. In 2011 he resigned as Professor of Network and System Administration at Oslo University College, where for twenty years he led the way in theory and practice of automation and policy-based management. In the 1990s he underlined the importance of idempotent, autonomous desired state management ("convergence") and formalized cooperative systems in the 2000s ("promise theory"). He is the author of numerous books and papers on network and system administration, including the USENIX Short Topics books A System Engineer's Guide to Host Configuration and Maintenance Using Cfengine, co-authored with Æleen Frisch, and A Sysadmin's Guide to Navigating the Business World,co-authored with Carolyn Rowland. He has won several prizes for his work.
Marina 6
Following a complete rewrite of CFEngine with its popular new syntax and powerful pattern matching capabilities, this full-day class presents an introduction suitable for new users, as well as for users of CFEngine 2. The class is peppered with configuration examples, which can now be self-contained and modularized to an unprecedented degree in the new language.
Anyone with a basic knowledge of configuration management who is interested in learning the next-generation tool.
An understanding of the new features of the completely rewritten CFEngine 3, including its new syntax and benefits.
- Moving from ad hoc scripts to automation
- The importance of convergence
- The Promise model
- Templates and data types
- Quickstart configuration
- Creating configuration libraries
- Upgrading from CFEngine 2
- Example configurations and demos
- Achieving compliance with standards and regulations
- CFEngine on Windows and the Registry
- Monitoring and self-healing
- Brief overview of the community and commercial CFEngine roadmap
connect with us