Presentation Summary
(Links sorted by presentation title.)
- A brief history of time (synchronisation) - Julien Goodwin
- Backing up your network devices / Automated network documentation - Julien Goodwin
- Bare Metal Recover by Open Source Software - Ceasar Sun
- Centrally monitoring almost anything - Ken Wilson
- Defending VoIP on the internet - Craig Askings
- DNSSEC @ Mozilla - Shyam Mani
- En-Visage-ing system and instrumented statistics - Lindsay Holmwood
- Implementing devops in the real world - Devdas Bhagat
- ipv6 issues and experience - Peter Chubb
- Lazy Management of a Secure Gateway - Mark Suter
- Samba4 update, new features and real users - Andrew Bartlett
- Resource allocation using cgroups - Steven Ellis
- Setting up a high availability cluster in 20 minutes - Sander van Vugt
- Tuning your PostgreSQL server - Shoaib Mir
- Varnish and HTTP acceleration - Simon Lyall
Full Abstracts
(Sorted by first name of presenter.)
-
Samba4 update, new features and real users - Andrew Bartlett
Andrew Bartlett will detail how Samba4 continues to power on, bringing system administrators up to date with new features implemented this year in both it's role as a AD DC.
Samba4 can now function as and support a Read Only DC, as well as a fully functional AD domain controller. The past year has seen real-world migrations from Windows domains to Samba, and real-world experiences with it's support for AD multi-master replication.
-
Bare Metal Recover by Open Source Software - Ceasar Sun
Most people and companies think they can rebuild systems by backing up critical data. However, when a catastrophe failure occurs, they lose all, including entire operating system, data, setting and applications. It will take a lot of time if the system is rebuilt from scratch. Therefore disaster recovery is always an issue not only for enterprise but also for a person.
There are many pieces of opensource software which you can use for the bare metal recover or system deployment, e.g. Clonezilla, FOG, fsarchiver, G4L, Mondo Rescue, Partimage, Partclone, etc. Besides these open source tools, proprietary software for bare metal recover is available, e.g. Norton Ghost, Acronis True Image.
This talk will discuss briefly the differences in these bare metal software, then cover the things one has to pay attention when using these tools for bare metal recover.
-
Defending VoIP on the internet - Craig Askings
Insecure SIP servers are a profit centre for some criminal groups. Reselling calls channeled through your system at your expense.
This talk will cover methods of limiting your risk.
- firewalls
- rate limiting
- good passwords etc
What the bad guys are doing
- Current attack methods
Basic details of various FOSS sip servers (assuming there is time)
-
Implementing devops in the real world - Devdas Bhagat
While devops is today's buzzword, a lot of us old timers believe that it's just what being a good sysadmin is about.
Devdas will be speaking about changing corporate culture at a medium sized firm from a dysfunctional, siloed set of people to one where different groups actually cooperate with each other and help solve each other's requirements. This talk will be interest to sysadmins who work in a traditional corporate environment where information, access and decisions are siloed. The talk will cover both successes and failures, what worked, what did not and the speaker's opinion of why.
The expected audience for this talk is intermediate to senior operations staff and developers.
-
A brief history of time (synchronisation) - Julien Goodwin
Managing time is one of the minor, but most critical tasks of a sysadmin.
This talk explains clock strata (quality), accuracy, and synchronisation methods for both general purpose servers, and more specialised hardware.
It also covers some of the danger areas like leap seconds.
-
Backing up your network devices / Automated network documentation - Julien Goodwin
Many sites are now using tools like puppet to automate their systems configuration, but few (outside the ISP space) automate configuration or backups of their network devices.
This talk covers the use of tools like Rancid, as well as what can be built on top to generate automatic network awareness and documentation.
-
Centrally monitoring almost anything - Ken Wilson
At Opengear, we build embedded linux based appliances for wiring closet and data centre management, allowing out-of-band access to remote infrastructure for remote management and disaster recovery, and monitoring of the surrounding environment and devices. These devices can be connected back to other networks via Ethernet, 3G GSM/CDMA, PSTN modems, and Wi-Fi.
This talk will discuss the architecture and open source tools we've leveraged in our centralised monitoring and access system, and the challenges we've faced trying to provide reliable and secure access over these different network infrastructures that are often not under the clients control.
-
En-Visage-ing system and instrumented statistics - Lindsay Holmwood
Data is vitally important when responding to incidents and doing capacity planning, as it provides visibility over how systems are actually performing both long and short term.
collectd is a lightweight statistic collection daemon that is plugin based and network aware, allowing sysadmins to easily collect data from a huge number of places, both low level (CPU + memory usage, disk + network IO), and high level (Apache requests, Memcache hits/misses, MySQL queries).
But data by itself is only one part of the picture - humans need be able to visualise it in a meaningful way to identify trends and draw conclusions.
collectd stores its data in RRD, which has long been the de-facto standard for storing time series data in the systems administration and infrastructure space. Unfortunately RRD's visualisation tools produce graphs that looked dated in 1995, and collectd's visualisation tools are bound by the same limitations.
Enter Visage - a web interface for viewing collectd's statistics. Visage renders statistics in the browser using JavaScript + SVG, providing a significantly more interactive and intuitive experience when browsing and analysing stats. Visage also exposes the RRD data as JSON.
In this talk, Lindsay will introduce collectd + Visage, and guide the audience through getting Visage up and running, and visualising some custom stats collected with collectd.
-
Lazy Management of a Secure Gateway - Mark Suter
Prefer going to great effort to reduce overall energy expenditure? That's my kind of Laziness. Add some Perl-ish Impatience and Hubris and you have a good description of my current workplace.
This talk is a "How we do things" walk-through of my workplace with most of the focus on what works for us, minus some detail to keep the security people onside ;)
My workplace is a secure gateway for a large government client. It has many different types of devices all forming part of a managed response to the risks we face in connecting to the world.
Of course, I'll mention the Wiki that I presented on last year but this time with more about how it fits into our workplace and almost nothing on the wiki itself.
Slides will be available at http://zwitterion.org/talks/.
-
ipv6 issues and experience - Peter Chubb
Our group in NICTA has been one of the first in NICTA to deploy ipv6 natively. While in general everything went smoothly there are a few issues --- DDNS, and service discovery --- that we are still exploring ways to fix.
We're a research group of around 30 people; we're always plugging new bits of equipment into the network, and expect to be able to ssh, telnet, or access via the web those bits of equipment. In an ipv4 plus DHCP world, we solve this using client-provided host names and DDNS initiated from the (trusted) DHCP server. What's the equivalent when using stateless autoconfiguration and ipv6? What's the best way to tell embedded ipv6-only hardware where the NTP, print and DNS servers are? And what does a light-weight ipv6 stack look like?
This talk will relate our experience, and talk about some of the gotchas.
-
Setting up a high availability cluster in 20 minutes - Sander van Vugt
Still think setting up a High Availability cluster is hard? It's not! In this session you'll learn what's involved to set up a High Availability cluster in no more than 20 minutes using Pacemaker software. After attending this session you'll never have more than 2 minutes down time on vital services.
At the end of the presentation, you'll learn about some common errors encountered when implementing Pacemaker in an enterprise environment, and how to avoid them.
-
Tuning your PostgreSQL server - Shoaib Mir
In order to get the most out of PostgreSQL several parameters have to be properly tuned on the OS, memory, file system and database server level. These settings vary for different types of database loads (OLTP and OLAP) and not always the same values of parameters work for every scenario, which is why there is a lot of effort that goes into tuning PostgreSQL for the most optimal performance.
We will be covering specific areas that can help you get the most out of the database server, they include:
- Start of the process with benchmarking for I/O, Memory and CPU response times for initial comparison
- Optimizing the storage
- Operating system level tuning
- Tuning the configuration files for PostgreSQL
- Health check of the schema design that includes tables, indexes and procedures
- Using EXPLAIN to optimize query execution times
- Connection management
- Monitoring for the database server
-
This talk is geared towards helping sysadmins understand DNSSEC better and help them out with implementing the same in their organisations. I will also be pointing out the key issues we faced when implementing DNSSEC for mozilla.org
-
Varnish and HTTP acceleration - Simon Lyall
Putting and HTTP accelerator in front of a web server can greatly reduce the load on complicated websites by caching the generated html and only requiring the full webstack to render a fraction of page requests.
Varnish Cache ( http://www.varnish-cache.org/ ) is a specialist HTTP accelerator that has become popular in the last 5 years. It's fast and flexable configuration enables it to be used by large and complicated websites.
This talk will be a general introduction to HTTP accelerators using varnish for examples and some specific advice about using varnish.
-
Resource allocation using cgroups - Steven Ellis
A relatively recent addition to Linux, cgroups provide a mechanism to control resource allocation in a manner that has long existed on Unix environments.
With the rapid adoption of Virtualisation cgroups provide an effective way to control resource allocation that would have previously required the deployment VMWare. This provides a mechanism to meet SLAs or guarantee resources to specific virtual servers.
As cgroups are implemented at a process level they can also be used to manage resource allocation on physical servers.
This talk will provide an overview of the cgroups technology and some simple examples of how to leverage them on both physical and virtual server environments.