10 System Administrator Tasks Ripe for Automation
October 14, 2010
More on data center management
A system administrator who does everything manually wastes not only her time but yours as well. Tasks that a sys admin performs repeatedly should be automated. Automation through scripting, specialized software and system scheduling frees her time, saves you money and prevents human error-related mistakes. These 10 sys admin tasks are prime targets for automation and will help streamline your daily operations.
The only time manual patching is called for is when that stubborn minority of systems will not take patches by automated means. Linux and Windows include tools to perform automated updates, but if you'd like more control of which patches your systems receive and when they receive them, investigate HP's Data Center Automation Center (HPDCAC) software (formerly Opsware). Much more than just an automated patching application, HPDCAC moves managing a complex infrastructure into a single, simple interface. If you're looking for a "patch only" solution, check out Ecora's Patch Manager for agentless patch management.
2. User and Group Maintenance
You've probably used Active Directory, LDAP, NIS+ or other user and group account management software, but have you ever used one that really made you happy? The reason you haven't is that there's not a lot of automation built into them. Sure, you can create a user account, remove a user account, and create groups and manage groups, but when it comes down to real management, you probably haven't found the right tool. The one you want might have to be the one you create yourself via scripts.
In UNIX, it's simple to create scripts to prompt you for the accounts that you wish to remove, have the system copy the user's files to a new location, change the permissions, search all systems for any files owned by that user, change permissions on those files, or move them and complete the process by removing the user account from the directory service. Check out some of the add-on modules for your user management tool of choice. Microsoft, for example, offers its Active Directory Resource Kit Book and CD that includes utilities for automation scripting.
3. Security Sweeps
You should perform regular, automated security sweeps on your entire network to expose and fix any wire-borne vulnerabilities. The frequency and intensity of the scans depends on the complexity of your network. Through scripting magic, you can set up scheduled scans, send the output to a database, extract a post-scan report from the database, and email it to yourself or create an HTML version of the report suitable for online viewing. One such tool, available for every modern operating system, is Nmap. Nmap is a free network security scanner designed to rapidly scan large networks and report vulnerabilities.
4. Disk Usage Scans
There is a constant turf war raging between users and sys admins, and it is one that the sys admin must ultimately win. To that end, the sys admin has some tools to employ: disk space quotas, disk partitions and disk space scans. Scans are regular audits of disk space usage by user. Offenders usually receive a warning or two before personal contact from a sys admin. Typical remedies for disk space gluttons are temporary account suspension, removal of files, moving the files to a new location or an extension of the user's space quota. These automated scans, when performed regularly (about once per week), prevent harsh actions by the sys admin and keep users apprised of their disk use.
5. Performance Monitoring
Taking an occasional performance snapshot is a good method for a single point-in-time glance at system performance. That singular peek is only a pixel in the entire performance picture. You need something with more depth and breadth that will provide you with performance trends and predictive peaks and valleys. Setting up such a system is easy with Orca. Orca compiles performance data from disparate sources (UNIX, Windows, Linux) and creates easy-to-read performance graphs. Gathering of data, calculations, graph generation and display are all part of the automated system.
6. File Transfers
Using command-line scripting power (Windows, UNIX and Linux), you can perform automated file transfers between hosts. There's no need to do them interactively. If you're clever in your timing, you can set up elaborate automated schemes that not only transfer your files but also unzip, change permissions, move, copy and insert information into a database. Use the secure versions of your file transfer utilities (e.g., SSH, SFTP, SCP) to ensure that anyone snooping doesn't grab an important password from your network stream.
7. Code Promotion
How you promote code from test to staging and into production can have a profound effect on marketing campaigns and other time-specific events. Moving the code from one environment to another manually is cumbersome, error-prone and requires coordination between developers and sys admins. Enable your developers to promote code from one environment to another using an automated code deployment system. Some sys admins use RSYNC for automated code deployment and it's safe to use if coupled with SSH keys to secure the transfers between hosts.
8. High-Level Administration
You can perform those housekeeping duties, service restarts and maintenance notices through automation. Set up your scripts to fire during low-use hours for clearing temporary file dumps, restarting your favorite services and sending out any maintenance or downtime notices via email. You'll find that automating these tasks takes some of the pressure off of you to remember which day it is and which list of things you need to do. There's no reason to keep a calendar of these; let the system handle them.
Yes, you can automate system restarts. Sitting around waiting for systems to bounce back to life is a waste of time. Automate the process during low-use hours. Don't worry, your automated monitoring system will notify you if the system doesn't come back online within a reasonable amount of time.
10. Malware Scans
You can scan for spyware, malware, viruses and other nasties using automated processes. Using scripts, you can map or mount drives, scan your filesystems, disconnect when finished with the scan, scrape the scan log for positive hits, and send the results to a database or in an email. You don't need to manually perform these scans when your system is perfectly happy and suited to do so on its own.
Ken Hess is a freelance writer who writes on a variety of open source topics including Linux, databases, and virtualization. He is also the coauthor of Practical Virtualization Solutions, which was published in October 2009. You may reach him through his web site at http://www.kenhess.com.