IUG 2001 Conference Proceedings

Table of Contents

Session: G4

Systems Management Forum - Turnkey

Moderator:
David Jones, Santa Clara University


David introduced himself and briefly described his own background. He currently works at a software only site but has worked at a turnkey site. He has not noticed much difference in the duties of managing Innopac, since IT handles the hardware at his current location and III managed the hardware at the turnkey site.

A question was posed to Katrina Anderson from Innovative about the III presentation on Help Desk techniques. The questioner wanted to know whether the presentation would be posted on the web, perhaps at the CSDirect site. Katrina said she did not know yet how it would be handled.

Backup questions. Barbara Ritchie from the University of San Diego asked about running full backups daily. She wanted to know if there is a preferred time to run the backup. Santa Clara runs theirs at 4:00 a.m. It depends on database size and tape drive speed. Does it interfere with programs that run at night? It depends on the job and whether processes need to be sent through control. Processes queue up and run when control is restored. A show of hands indicated most are running full backups daily.

Tape loaders and automated backup-is III looking? III is always actively looking at new ways to do things.

What happens when server needs replacement? Does III notify you when it is time? If server is not up to the task to migrating to Millennium for example, III will work with you. III will notify you when memory is low based on message sent by server. Replacement is not part of maintenance. You must buy a new server either from III or convert to software only. If the server is too old, parts may not be available for support. Some could not pass Y2K compatibility. The server can be traded or kept depending on your contract with III. Some older servers can work as mail server or other non-process intensive operations. Best to upgrade sooner than later. You can make all kinds of choices. Santa Clara uses old MIPS as dns server. Is your institution willing to support aging equipment?

Is there a to do list for systems people to be more proactive? Not really. Daily backups, clean the tape drive. That's the meaning of turnkey. On the Unix side nothing is required. However, check number of records-limits from Management Information, disk space, error logs, system messages. There is a list in the appendix of the user manual. A suggestion to reboot system regularly brought forward different schools of thought. Some never reboot, while others have a schedule. The point of turnkey is that III is monitoring your system. Turnkey system administration is more than caring about the box. Keeping track of logins, passwords, network access are some of the routine tasks that should be done. Even software only sites rarely get involved in Unix. That piece is usually managed by IT.

How many have root access and what are you doing with it? Peter Murray: nothing at the moment, but needed to feel the power of having it. Wants to know what system is doing. Tweak alias file, send messages to personal email.

Network access: One site reports getting 10-20 visits per hour even when library is closed-not opac activity -no searches-often AOL. Audience suggested that some might be robots, crawling proxies, people who end up at your site. Multiple ip's from AOL may still be one person-ip's change often. Could be people checking their borrowing record, interlibrary loan requests-still tally as a visit, web access management-using databases. Early morning hits intriguing. Trace them.

Use of user licenses. It is now necessary to assign more logins on the staff side because of Millennium. In addition most modules are not entirely complete and staff still need to use character-based system. Is III doing anything to remedy this? They are developing Millennium and putting more things into it. Unlimited opac licenses help. Recommended that libraries establish policy-telnet users need a good reason to be accessing the system in this fashion and need to close when they are done. Use timeouts to bounce users out of telnet. Santa Clara has found sessions opened for 8 weeks at a time. Energy crisis is good excuse for getting folks to log out.

Screeching modem. Turn it off. Possibly spam fax mail. III will call and tell you to turn it on when they need it for diagnostic purposes. Also one less avenue for hacking.

Loading process-must it tie up a terminal? Can it run in background rather than scrolling and keeping machine tied up? Not the same as cron job. Loading is different at every institution. Getting data is quick, but actual load is slow.

What operating system is recommended? All are fine. Whatever your institution supports. Windows 95/98/2000?

Turnkey administrators still face the following kinds of diagnostics. What kind of pc, what operating system, what version of java runtime.

Now one should understand java, html, Unix and innopac. It helps in system administration role.

Who is using My Millennium? Santa Clara uses it in staff mode only. Does email work in My Millennium. Email not working in Advanced Keyword Searching, only in phrase indexes. How is email set? Field in patron record (z).

One site described the experience of having a firewall magically appear over weekend (took a week for IT to admit). Server was moved to DMZ. Now they are having the opposite effect of permanent logins-timeouts are happening extremely frequently. IT denies that timeouts are set. Actual keying required to prevent timeouts, not just a signal. They have found no consistency in the timing out. How to talk to IT? Talk to firewall person about opening telnet port. Showed them with FTP server in DMZ. Setting ports to display time can help prevent timeouts but it depends on whether your telnet software responds to time setting.

Could we receive automated monitoring reports by email from III? Enhancement to system. Could be some flexibility in mailing.

Is it dangerous to leave the diagnostic modem on? It does provide another point of access, for hackers. If that is the only access it is a problem? Most monitoring of systems by III is done over the Internet. O.K. to turn off. Always have to reset anyway, even if it is left on. Could leave it on over weekends if there is no one available to turn it on. Only use when Internet is not. The modem is necessary to get to console. One site has had no modem for 7 years.

What do people do with access denied log-Limit network access? It is a good indicator of when someone can't log in and you need more licenses. Also it can be an indicator of hacking. Depends which service is trying to be accessed-http, telnet, ftp. Ip address shows. It is a good thing to keep an eye on. It doesn't tell you if someone actually gets in. System is pretty well closed, but other boxes may be more vulnerable. Could help in identifying hacking into other services. Internet hacking is too vast to worry. It will be obvious if damage is done-system won't work or load will be heavy.

Automatic reverse lookup would be extra server load. Ip is enough. Some have resolution turned off because of performance issues. Some ip's don't resolve to names anyway-especially not bad guys.

Clock accuracy. Depends on clock inside machine. Enhancement for III.


Reporter:
Karen Johnson, University of San Francisco