Friday, February 22, 2013

Complexity & Change Management - A Lesson for the Week

Complexity in IT is common place. No matter how hard we try to reduce complexity some solutions are complex. Sometime over the life-cycle of a system, changes cause the once simple solution to be complex.

Change Management - "Change management is an approach to shifting/transitioning individuals, teams, and organizations from a current state to a desired future " - from wikipedia. Every organization has different practices ranging from the formal to the informal.

My organization has a fairly informal change management process, outside of certain changes going through a form in the help desk system, changes are on the less documented side. Now let me be clear with 7 members of the IT department, most of us are all aware of the changes that are happening. Yes there is room for improvement into the process.

So to the lesson this week, needing to elevate the Windows Domain and Forest to 2008 level instead of the mixed mode we have been in. Being in mixed mode is now limiting us in GPO tasks and other important projects moving forward.  Server admin's task was to demote 6 DC's across two domains this week.

This started off by consulting the Department's - Jedi Holocrons
Image from
That starts by yelling over the cube walls "Hey Dave! If we are going to do this what are we going to break? " I rattle off the things that I know that will be effected plus a couple more that are maybes.

Demotion of DC's start, and are moving a quick clip. Server Admin works with our developer to make sure some custom user provisioning process get moved.

Bump number one - Several web apps point at the demoted dc's for authentication. Fix for one was change in web.config and iisreset. Other was a bit more complex as in change authentication.config then push that into the app.

Bump number two - Custom user provisioning code is hard coded to specific DC's. Stood over the developer's shoulder to verify changes were correct, then install all the dependencies for it to run on the server that we moved the code to.

So hopefully the last DC will get demoted this weekend without any trouble and we can move forward.

Luckily only one set of our users were affected by these bumps, and yes that was faculty/staff opposed to students.

So what seems to be a simple process turns into a bigger one with the lack of complete documentation and change management processes. I am not an advocate of ITIL or a strict rigid change management process, but having a process will help.

In this situation we could have avoided the bumps if some more documentation was kept and read through. But by understanding the overall picture and knowing what we needed to get through we were able to work through the bumps.

Sunday, February 17, 2013

PacketFence 3.5

So back in August of last year, I wrote about the previous version of PacketFence that I ran for many years, version 1.6.7 [See Here]

In that post I stated that I would write more about the newer version, well months have past, going to change plans about that post due to the fact that version 3.6.1 is out.

So I will highlight some of the big differences between the versions.

  • No more ARP spoofing - Multiple options, including use of snmp traps and port-security, to 802.1x mac security.
  • Effectiveness of trapping - Once a client has been identified they are switched to a vlan, instead of having the router address spoofed. It works fast and with less overhead.
  • Scale of server - Due to the fact that traffic is not all trunked into the server the server can handle more tasks and is more responsive to the admin requests.
  • 3.5 has included many of the components under the control of the PacketFence processes- freeradius being a big one.

Problems that still are being addressed: Xbox 360's dhcp fingerprint is not detected correctly, so that they do not auto-register. Some of the reports still need work as they take a long time to run (some of these have been fixed in 3.6.x)

Features that I still need to try or want to implement:
  • Guest Access - PacketFence has a guest portal, this would be ideal to the separate SSID/system currently used on my campus.
  • Game system registration form - In 3.6.x there is a self-service form to register Xbox's and other systems that my not auto-register. This would help the manual process done now. 

So this is a quick follow-up to the post from August on my PacketFence install.