First of all, account provisioning is probably one of the most crucial but utterly boring parts of IT. From the perspective of the systems administrator it's a matter creating the user record and figuring out what sort of access they need to enterprise resources. In many places it's a mater of click, click, type, click, click and then press the OK button. For the new user, this will probably be the first introduction they have to the IT organization.

Since IT doesn't do the hiring for the company, this data needs to come from somewhere. That's where HR comes in. HR provides things such as the proper spelling of the user's name, whether they will need remote access to the network (ie: VPN), and a general overview of what the user will need rights to. Again, this is another entry level, boring task that generally requires someone to fill out a help request and then let IT deal with it.

I've seen, though, in many organizations where there's a breakdown in the communication that IT gets from other parts of the organization, particularly HR. The standard operating procedure at one place that I worked was that IT was informed that there was a new employee on their first day. This resulted in a mad dash to provision an account as well as provide basic resources such as a computer, phone, or in some cases even a desk.

Now, what happens when an employee leaves? IT is usually insulated from the rest of the organization either physically or logically, so again the request to terminate access needs to come from HR. In smaller organizations this is less of a problem because generally people will hear about a departure through the grapevine. This isn't a hard and fast rule, though. In a company of less than 50 employees I'd sometimes not be told of a departure until after the fact.

This presents a problem because if IT takes it upon itself to delete a user that it thinks should be deleted there's a risk that important data could be lost, or that the user has a legitimate need to retain access for one reason or another. On the other hand, if IT decides to do nothing, there's a vector for attack where, depending on the circumstances of the employees departure, they might have a motive to use the enterprises resources maliciously.

All this leads to the need to have strong policies in place that dictate the workflow of a user request. This is a policy that both HR and IT need to agree to, and it needs to be efficient, effective, and enforceable. Unfortunately this seems to not happen in many small to medium sized business, and if nobody knows to do anything the user walks into their first day on the job not having an email address, a login, or even a computer. By creating a workflow, there's the ability to first deliver correct information on time and provide accountability across all of the steps needed to create the account.

For example, the company hires a new salesperson. Presumably there will be at least a two week lead-time before they join the company. HR then fills out a request for the new account, supplies the correct spelling of the user's name, provides whatever other information is needed by IT such as contact information and necessary access levels. IT then should, with some measure of expediency, fulfill the request and confirm with HR that the account has been provisioned.

The process should be similar when the employee leaves. HR should notify IT that there's a departure and fill out a request to have the account disabled. Depending on the circumstances of the departure it might be necessary to escalate that to a higher priority level, or let IT know about any special requests (ie: do not delete but disable the account, forward email somewhere, etc.) IT then should expediently handle the request and again confirm with HR that the request has been completed.

While many folks in the trenches (including myself) bemoan the fact that IT is a "service organization," it is one that can only do it's job efficiently when given good data and good policies to follow. For the organization to work efficiently, there needs to be clear instructions and expectations on what to do, how to do it, and when. Sadly it seems that these common-sense policies generally come into effect well after there have already been issues that could have been prevented.

Highlights include:

1. 100+ DLT backup tapes, all headed to the degausser on campus
2. 30 heavy gauge power cables from various servers
3. Norton Internet Security 2004, never opened
4. Office 2000
5. Tons and tons and tons of empty boxes.

The goal? To make it so that when I need to retreat away from the noise of my office and actually get some work done, I have a place to go that not only has a door, but a door protected by a mag reader. And, if I position myself close enough to the Liebert (which is where the table is in the room) I don't get blown on. The ambient temperature of the room is about 74 F which isn't bad, and the noise from the servers is at least better than listening to people talking loudly.

Oh, and Jae is a jerk.

Tomorrow's project will be configuring tighter rules for alerting that will go right to my phone via a text message (I only want the really critical errors to come there) as well as automatically open up a helpdesk ticket. I also began sketching out a new server inventory which I will need to put into Sharepoint along with some other documentation.

It's a fairly slow time right now, and since I've gone to work in academia I've really enjoyed the ability to set things up the right way, rather than rush from fire to fire like I had to do in startup-land. That's not to say that I don't miss some of the fun of being in a startup - I worked with some absolutely brilliant people at Grid, and I really miss spending time with them and having debates and conversations about tech.

I also found a piece of software which, so far, has helped me a lot. My desk is right outside of the office that the desktop support folks work out of, and there's a lot of traffic in and out of there. It's very distracting to be troubleshooting some server or network problem and hear people BS'ing with the desktop folks. Since my desk is actually in a really nice space (although it's a bit small) and there's political reasons why I can't move into an office, it's become imperative that I find some way of isolating myself. Well, besides the big frosted Japanese privacy screen that I set up in front of my cube, I found an OSX White Noise Generator, Noisy. I have it set to generate pink noise at about 10% of my iMac's volume. It's a small app that I just keep open on my second monitor and jack up the volume if someone starts talking loudly or I really need to focus.

I still miss working with Jae, even if he was noisy.

The picture is of my Touareg (the 'egg) at the Forked River Mountains.

Add these lines to the top of your .profile:

export PS1="[\u@\h \W]$"
export CLICOLOR=1
export LSCOLORS=ExFxCxDxBxegedabagacad

There are two courses on iTunes U that I'd like to recommend. Both come from Stanford University, and both really tie in to my love of history. The first is Colonial and Revolutionary America, a series of lectures by Jack Rackove, which examines the political and sociological environment in the colonies before, during, and shortly after the Revolution. The second, which I have only just started yesterday, is The Historical Jesus, by Thomas Sheehan, which takes a scholarly look at the life of Jesus the man, not the figure that the early Christians made him into.

It's nice to see Apple starting to publicize iTunes U. There's content from all sorts of educational institutions. I'd like to see some stuff from Princeton end up online.

Enjoy, if you're into that sort of thing!

The long and short of it is that, on the old server, you need to load the drivers for the new RAID controller. You'll have to do it manually. (Add new hardware, have disk, etc.) Then I took a CentOS 4.7 rescue disk, booted it, and DD'd the disk over to an image file on an NFS share (my iMac). Then on the new server, boot the CentOS rescue disk, dd the image from NFS to the local disk, and reboot.

Windows comes up, and will complain about needing to find new drivers for everything. But the server is now running on new hardware. Sweet. Linux to the rescue in a Windows shop!

In a few days I will be starting my new job as a Senior Sysadmin for Facilities IT at Princeton University. I'm looking forward to the change in scenery. I leave behind a lot of friends and good memories at my last job. Despite Matt saying that I am now banned from New York I'm sure they'll see me again. Besides, if they ban me than New Jersey needs to ban all the bennies coming down from Staten Island during the summer.

My plans for launching the redesigned NJPB site in time for 1/1/09 probably won't come to fruition thanks to some distractions today. It was worth it, though.

In any event, here's to a great 2009!