Check out the new USENIX Web site.
LISA '08 Banner

TRAINING PROGRAM

Overview | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | By Instructor | Series

  Sunday, November 9, 2008
  Sunday Full-Day Tutorials
 

S1 Virtualization! What's It Good For? NEW!   Begnum Frisch
Æleen Frisch, Exponential Consulting; Kyrre Begnum, Oslo University College

Who should attend: System administrators who are curious about the benefits of virtualization or who need to deploy it in their environment.

Virtualization is a hot computing topic these days, but you may be wondering whether it will actually benefit your site. When is virtualization appropriate and when isn't it? What does it take to administer a virtual infrastructure? How do you handle challenges such as OS and software installation and backups? This course will answer those questions. It will also provide the technical information you need to actually get started planning and deploying VMs and a virtualization infrastructure.

Take back to work: The ability to begin deploying virtualization in your environment, along with an understanding of the many tradeoffs you will need to address.

Topics include:

  • What virtualization is and what it can and cannot do for you
  • Available software and management options, including getting started basics
  • Typical deployment scenarios and special-purpose solutions (e.g., server isolation, server consolidation, student labs, testing environments, HPC, HA/load balancing)
  • Administrative challenges of integrating virtualization into your existing environment: monitoring, resource management, performance optimization, software upgrades, legacy hardware
  • Security issues with virtualization

S2 Solaris 10 Performance, Observability, and Debugging Mauro
James Mauro, Sun Microsystems

Who should attend: Anyone who supports or may support Solaris 10 machines.

Take back to work: How to apply the tools and utilities available in Solaris 10 to resolve performance issues and pathological behavior, and simply to understand the system and workload better.

Topics include:

  • Solaris 10 features overview
  • Solaris 10 tools and utilities
    • The conventional stat tools (mpstat, vmstat, etc.)
    • The procfs tools (ps, prstat, map, pfiles, etc.)
    • lockstat and plockstat
    • Using kstat
    • Dtrace, the Solaris dynamic tracing facility
    • Using mdb in a live system
  • Understanding memory use and performance
  • Understanding thread execution flow and profiling
  • Understanding I/O flow and performance
  • Looking at network traffic and performance
  • Application and kernel interaction
  • Putting it all together

S3 Performance Tools, Metrics, and Tuning for Solaris/Linux NEW! Cockcroft
Adrian Cockcroft, Netflix, Inc.

Who should attend: Capacity planning engineers and sysadmins with an interest in performance optimization and who work with Solaris or Linux.

Capacity planning and performance management tools have been commercially available for many years. A new generation of freely available tools provides data collectors and analysis packages. As the underlying computer platforms and network devices have evolved, they have added improved data sources and have bundled free data collectors. Several open source and freeware projects have sprung up to collect and display cross-platform data, and with the advent of highly functional free statistics and modeling packages comprehensive analysis, modeling and archival storage can now be assembled. Free and bundled tools are of special interest to sites with very diverse mixes of systems, very large sites where licensing costs become prohibitive, and sites replacing a few large single systems with many more low cost horizontally scaled systems.

The morning session provides a vendor- and operating system-independent introduction to capacity planning techniques and tools.

The afternoon session will focus on the measurement sources and tuning parameters available in Solaris and Linux. The meaning and behavior of metrics is covered in detail.

Take back to work: A vendor- and OS-independent understanding of capacity planning techniques and tools, an understanding of the meaning and behavior of metrics, and knowledge of the common fallacies, misleading indicators, sources of measurement error, and other traps for the unwary.

Topics include:

  • Computer system and network performance data collection, analysis, modeling, and capacity planning on any platform using bundled utilities and freely available tools such as Orca, Big Brother, OpenNMS, Nagios, Ganglia, SE Toolkit, R, Ethereal/Wireshark, Ntop, MySQL and PDQ
  • TCP/IP measurement and tuning
  • Complex storage subsystems
  • Virtualization
  • Advanced Solaris metrics

S4 Computer Forensics (Hands-on) Garfinkel
Simson L. Garfinkel, Naval Postgraduate School

Who should attend: Anyone interested in recovering lost or deleted data, hunting for clues, and tracking information.

Computer forensics is the study of information stored in computer systems for the purpose of learning what happened to that computer at some point in the past—and for making a convincing argument about what was learned in a court of law. This day-long course includes morning tutorials on forensics policy and law, network protocols and network forensics, Web forensics, and document forensics, in which specific files are analyzed for subtle and possibly hidden information. The afternoon session will involve hands-on experiments using a variety of network and document forensic tools, working with a data set of real captured packets.

Take back to work: An in-depth under­standing of why forensic tools are possible, what they can do, their limits, and the legal environment that governs U.S. forensics.

Topics include:

  • Introduction to computer forensics
    • What is forensics?
    • Why is information left behind on computer systems?
    • Computer forensics vs. physical forensics
    • ASCII and Unicode
  • Forensics and policy
    • Forensics and the law (discovery, criminal law, etc.)
    • The federal rules of evidence
    • Forensics history
    • The C.S.I. effect
  • Document and Web forensics
    • MS Word structure
    • PDF structure
    • Identifying similar documents
  • Anti-forensics

Tools we will use:

  • Helix Boot CD (open source Linux bootable CD with many forensics tools pre-installed)
  • WireShark
  • NetIntercept
  • Open source network monitoring and analysis tools

Bring to class:

  • Option 1: An Intel-based Windows laptop computer running XP for which you have administrative rights
  • Option 2: An Intel-based Macintosh laptop running MacOS 10.5 with VMWare Fusion 2 beta installed (not Parallels)
  • Note: Check http://simson.net/forensics/ two weeks before class to see what software you should install on your computer.


    S5 Inside the Linux 2.6 Kernel Ts'o
    Theodore Ts'o, IBM/Linux Foundation

    Who should attend: Application programmers, system administrators interested in performance tuning their Linux systems, and kernel developers. You should be somewhat familiar with C programming in the UNIX environment, but no prior experience with the UNIX or Linux kernel code is assumed.

    The Linux kernel aims to achieve conformance with existing standards and compatibility with existing operating systems; however, it is not a reworking of existing UNIX kernel code. The Linux kernel was written from scratch to provide both standard and novel features, and it takes advantage of the best practice of existing UNIX kernel designs.

    This class will primarily focus on the currently released version of the Linux 2.6 kernel, but it will also discuss how it has evolved from Linux 2.4 and earlier kernels. It will not delve into any detailed examination of the source code.

    Take back to work: An overview and roadmap of the kernel's design and functionality: its structure, the basic features it provides, and the most important algorithms it employs.

    Topics include:

    • How the kernel is organized (scheduler, virtual memory system, filesystem layers, device driver layers, networking stacks)
      • The interface between each module and the rest of the kernel
      • Kernel support functions and algorithms used by each module
      • How modules provide for multiple implementations of similar functionality
    • Ground rules of kernel programming (races, deadlock conditions)
    • Implementation and properties of the most important algorithms
      • Portability
      • Performance
      • Functionality
    • Comparison between Linux and UNIX kernels, with emphasis on differences in algorithms
    • Details of the Linux scheduler
    • The virtual memory subsystem
    • Linux's virtual file system layer
    • A quick tour through Linux's networking stack
      Sunday Morning Half-Day Tutorials

    S6 Security Without Firewalls Singer
    Abe Singer, San Diego Supercomputer Center

    Who should attend: Administrators who want or need to explore strong, low-cost, scalable security without firewalls.

    Good, possibly better, network security can be achieved without relying on firewalls. The San Diego Supercomputer Center does not use firewalls, yet managed to go almost 4 years without an intrusion. Our approach defies some common beliefs, but it seems to work, and it scales well.

    "Use a firewall" is the common mantra of much security documentation, and are the primary security "solution" in most networks. However, firewalls don't protect against activity by insiders, nor do firewalls provide protection against any activity that is allowed through the firewall. And, as is true for many academic institutions, firewalls just don't make sense in our environment. Weighting internal threats equally with external threats, SDSC has built an effective, scalable, host-based security model. The keys parts to our model are: centralized configuration management; regular and frequent patching; and strong authentication (no plaintext passwords). This model extends well to many environments beyond the academic.

    Of course, we're not perfect, and we had a compromise as part of a security incident that spanned numerous institutions. However, firewalls would have done little if anything to have mitigated that attack, and we believe our approach to security reduced the scope of compromise and helped us to recover faster than some of our peers.

    The key parts to that model are centralized configuration management, regular and frequent patching, and strong authentication (no plaintext passwords). This model extends well to many environments besides the academic.

    In addition, our system administration costs scale well. The incremental cost of adding a host to our network (beyond the cost of the hardware) is negligible, as is the cost of reinstalling a host.

    Take back to work: How to build effective, scalable, host-based security without firewalls.

    Topics include:

    • The threat perspective from a data-centric point of view
    • How to implement and maintain centralized configuration management using cfengine, and how to build reference systems for fast and consistent (re)installation of hosts
    • Secure configuration and management of core network services such as NFS, DNS, and SSH
    • Good system administration practices
    • Implementing strong authentication and eliminating use of plaintext passwords for services such as POP/IMAP
    • A sound patching strategy
    • An overview of the compromise, how we recovered, and what we learned

    S7 Advanced Perl, Part 1: Strings, Unicode, and Pattern Matching NEW! Christiansen
    Tom Christiansen, Perl Consultant

    Who should attend: Perl programmers who handle international or legacy datasets or who need to output in UTF-8 (like most Web pages).

    Take back to work: How to use the powerful new matching facilities in Perl 5.10 and how to write, debug, and maintain regexes even when the patterns grow ever more complex.

    Topics include:

    • Opening filehandles to in-memory strings
    • Constant and/or read-only strings
    • String functions from Scalar::Util
    • Cool CPAN string modules
    • Strings: binary data or character data?
    • Perl Unicode support
    • Encodings and I/O layers
    • Coping with combined characters
    • Troubleshooting Perl Unicode issues
    • Internationalization vs. globalization
    • Maximal, minimal, and new possessive quantifiers
    • New backtracking control verbs
    • New match variables and pattern switches
    • New white space controls: vertical and horizontal
    • Context and scoping issues
    • Case-conversions and quoting
    • Capture Buffers (backreferences)
    • Dynamic regexes using qr//
    • New relative and named capture buffers
    • Lookahead and lookbehind assertions
    • Embedding code in patterns
    • New dynamic and recursive patterns
    • Security concerns in pattern matching
    • Nifty CPAN regex modules

    S8 Management 101: Effective Communication Tools
    for Sysadmins
    Zwicky Halprin
    Geoff Halprin and Elizabeth Zwicky, Consultants

    Who should attend: System administrators who wish to become more proactive in managing their duties and to learn tools and tips that will assist them to communicate more effectively with their managers, users, and other important constituents of their services.

    You may have noticed that being technically adept is not sufficient. You have to be able to deal with people: your fellow team members, your boss, your customers, the finance people, the legal department, and even upper management. You need them to do things for you (if it's only leaving you alone). System administrators generally find talking to people much more stressful and less productive than talking to computers. People do not operate by the same rules that computers do, and the process often seems random, irrational, or incomprehensible.

    In this tutorial, we examine the many facets of communication and introduce various systems, tools, and techniques you can employ to ease your stress and improve your ability to attain the outcomes you desire.

    Take back to work: Improved communication skills that will make you a more effective system administrator; an understanding of how communication works, so that it becomes a tool you can use instead of a source of frustration.

    Topics include:

    • Oral communication
      • Effective listening
      • Effective talking
      • Presentations
    • Written communication
      • Progress reporting
      • Technical documentation
      • Writing proposals
      • Buy-vs.-build evaluations
      • Cost-risk evaluations
      • Audit reports
    • Understanding others
      • Understanding various communities
      • Conflict resolution
      • Personality types
    • Time management
    • Risk management
    • Project management
      Sunday Afternoon Half-Day Tutorials

    S9 Building a Logging Infrastructure and Log Analysis for Security Singer
    Abe Singer, San Diego Supercomputer Center

    Who should attend: System, network, and security administrators who want to be able to separate the wheat of warning information from the chaff of normal activity in their log files.

    This tutorial will show the importance of log files for maintaining system security and general well-being, some strategies for building a centralized logging infrastructure, explain some of the types of information that can be obtained for both real-time monitoring and forensics, and techniques for analyzing log data to obtain useful information. All the devices on medium sized network can generate millions of lines of log messages a day. Although much of the information is normal activity, hidden within that data can be the first signs of an intrusion, denial of service, worms/viruses, and system failures.

    Take back to work: How to get a handle on your log files, which can help you run your systems and networks more effectively and can provide forensic information for post-incident investigation.

    Topics include:

    • Problems, issues, and scale of handing log information
    • Generating useful log information: improving the quality of your logs
    • Collecting log information: syslog and friends, building a log host, integrating Microsoft Windows into a UNIX log architecture
    • Storing log information: centralized log architectures and log file archiving
    • Log analysis: Log file parsing tools, data analysis of log files (e.g., baselining), attack signatures, and other interesting things to look for in your logs
    • How to handle and preserve log files for human resources issues and legal matters

    S10 Advanced Perl, Part 2: Packages, Modules, and Classes NEW! Christiansen
    Tom Christiansen, Perl Consultant

    Who should attend: Perl programmers, those needing complex data structure or object facilities, and those interested in the higher-level object facilities of tying and overloading or in building their own lexical pragmas.

    Take back to work: Knowledge of Perls package mechanism, as well as the basis for modules and classes.

    Topics include:

    • Typeglobs
    • Per-package symbol-table hashes
    • Symbolic references
    • Overriding built-in functions with your own
    • Garbage collection and reference counting
    • Weak references for self-referential data structures
    • Saving complex data structures
    • New and improved pragmas and modules
    • Numbers as objects
    • Creating your own lexical pragmas
    • Conditional module loading
    • New object facilities
    • Object privacy via safe-hashes or closures
    • Diamond-inheritance issues
    • Tying variables and handles to classes
    • Overloading operations and constants
    • Packaging up modules for distros

    S11 Management 201: Effective Team Management
    of System Administrators
    Zwicky Halprin
    Geoff Halprin and Elizabeth Zwicky, Consultants

    Who should attend: System administrators who have found themselves being given (or are hoping to be given, or are anticipating with apprehension) responsibilities for "wetware systems" (i.e., other people).

    As you grow in seniority, a funny thing happens: you are expected to pass that wisdom on to others. You are given projects to run, teams to lead, apprentices to mentor, and ever larger budgets to manage effectively. The one thing, however, that you are almost never given is management training.

    This tutorial examines many of the diverse areas of team management and provides you with an extensive set of insights, tools, and tips for conquering this brave new world.

    Take back to work: The techniques you need to be effective in your "organization-facing" duties.

    Topics include:

    • Sysadmin workflow
    • Personal and workgroup productivity
    • Progress reporting and journals
    • Meeting management
    • Project management
    • Financial management
    • Team management
      • Delegation
      • Mentoring/coaching
    • People management
      • The HR cycle
      Monday, November 10, 2008
      Monday Full-Day Tutorials

    M1 Introduction to the Open Source Xen Hypervisor NEW!
    Shepherd Hu Spector
    Stephen Spector, Citrix; Wenjin Hu and Zach Shepherd, Clarkson University

    Who should attend: System administrators and architects who are interested in deploying the open source Xen hypervisor in a production environment. No prior experience with Xen is required; however, a basic knowledge of Linux is helpful.

    The Xen hypervisor offers a powerful, efficient, and secure feature set for virtualization of x86, x86_64, IA64, PowerPC, and other CPU architectures, and has been used to virtualize a wide range of guest operating systems, including Windows, Linux, Solaris, and various versions of the BSD operating systems. It is widely regarded as a strategically compelling alternative to proprietary virtualization platforms and hypervisors for x86 and IA64 platforms.

    Take back to work: How to build and deploy the Xen hypervisor.

    Topics include:

    • Xen architecture overview
    • Building a Xen hypervisor from Xen.org
    • Installation and configuration
    • Virtual machine creation and operation
    • Performance: tools and methodology
    • Best practices using Xen

    M2 System and Network Performance Tuning Staveley
    Marc Staveley, Soma Networks

    Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

    We will explore procedures and techniques for tuning systems, networks, and application code. Starting from the single system view, we will examine how the virtual memory system, the I/O system, and the file system can be measured and optimized. We'll extend the single host view to include Network File System tuning and performance strategies. Detailed treatment of networking performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues, such as system call optimization, memory usage and monitoring, code profiling, real-time programming, and techniques for controlling response time will be addressed. Many examples will be given, along with guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Question and analysis periods for particular situations will be provided.

    Take back to work: Procedures and techniques for tuning your systems, networks, and application code, along with guidelines for capacity planning and customized monitoring.

    Topics include:

    • Performance tuning strategies
      • Practical goals
      • Monitoring intervals
      • Useful statistics
      • Tools, tools, tools
    • Server tuning
      • Filesystem and disk tuning
      • Memory consumption and swap space
      • System resource monitoring
    • NFS performance tuning
      • NFS server constraints
      • NFS client improvements
      • NFS over WANs
      • Automounter and other tricks
    • Network performance, design, and capacity planning
      • Locating bottlenecks
      • Demand management
      • Media choices and protocols
      • Network topologies: bridges, switches, and routers
      • Throughput and latency considerations
      • Modeling resource usage
    • Application tuning
      • System resource usage
      • Memory allocation
      • Code profiling
      • Job scheduling and queuing
      • Real-time issues
      • Managing response time

    M3 Computer Forensics: Disk Forensics and Lab (Hands-on) NEW! Garfinkel
    Simson L. Garfinkel, Naval Postgraduate School

    Who should attend: Anyone interested in forensics or data recovery. Note: S4 is not a prerequisite to this class. Please see the Web site for what hardware and software are required.

    Computer forensics is the study of information stored in computer systems for the purpose of learning what happened to that computer at some point in the past—and for making a convincing argument about what was learned in a court of law. This day-long course includes a morning tutorial and afternoon lab during which you will work several disk forensics cases with real data using commercial and open source tools.

    Take back to work: A deeper understanding of modern disk forensic tools, including both open source and commercial; drill-down familiarity with disk forensics, including specific tools and techniques; enough information about operating systems to understand why forensic tools are possible, what they can do, and their limits.

    Topics include:

    • Disk forensics
      • Understanding file systems
      • Searches of hard drives and recovery of deleted files with commercial and open source tools
        • Sleuth Kit
        • EnCase
        • FTK
      • Hash code databases
    • File Carving
      • Carving memory and disk partitions
    • Anti-forensics

    This tutorial will give participants hands-on experience using commercial and open source forensics tools. The lab will consist of two parts. In the first part of the lab the students will be given a CD-ROM containing tools and test data. The instructor will go through the tools with the students following along. In the second half of the lab the students will be given a second CD-ROM containing data from a fictional case involving stolen corporate information. The students will then be asked to "solve the crime."

    Tools we will use:

    • Helix Boot CD (open source Linux bootable CD with many forensics tools
    • pre-installed)
    • SleuthKit
    • AccessData's Forensic ToolKit

    Bring to class:

  • Option 1: An Intel-based Windows laptop computer running XP for which you have administrative rights
  • Option 2: An Intel-based Macintosh laptop running MacOS 10.5 with VMWare Fusion 2 beta installed (not Parallels)
  • Note: Check http://simson.net/forensics/ two weeks before class to see what software you should install on your computer.


    M4 Administering Linux in Production Environments Frisch
    Æleen Frisch, Exponential Consulting

    Who should attend: Both current Linux system administrators and administrators from sites considering converting to Linux or adding Linux systems to their current computing resources.

    This course discusses using Linux as a production- level operating system. Linux is used on the front line for mission-critical applications in major corporations and institutions, and mastery of this operating system is now becoming a major asset to system administrators.

    Linux system administrators in production environments face many challenges: the inevitable skepticism about whether an open source operating system will perform as required; how well Linux systems will integrate with existing computing facilities; how to locate, install, and manage high-end features which the standard distributions may lack; and many more. Sometimes the hardest part of ensuring that the system meets production requirements is matching the best solution with the particular local need. This course is designed to give you a broad knowledge of production-worthy Linux capabilities, as well as where Linux currently falls short. The material in the course is all based on extensive experience with production systems.

    This course will cover configuring and managing Linux computer systems in production environments. We will be focusing on the administrative issues that arise when Linux systems are deployed to address a variety of real-world tasks and problems arising from both commercial and research and development contexts. This course is designed for both current Linux system administrators and for administrators from sites considering converting to Linux or adding Linux systems to their current computing resources.

    Take back to work: The knowledge necessary to add reliability and availability to your systems and to assess and implement tools needed for production-quality Linux systems.

    Topics include:

    • Recent kernel developments
    • High-performance I/O
      • Advanced file systems and the LVM
      • Disk striping
      • Optimizing I/O performance
    • Advanced compute-server environments
      • HPC with Beowulf
      • Clustering and high availability
      • Parallelization environments/facilities
      • CPU performance optimization
    • Enterprise-wide security features, including centralized authentication
    • Automation techniques and facilities
    • Linux performance tuning

    M5 Seven Habits of the Highly Effective System Administrator:
    Hints, Tricks, Techniques, and Tools of the Trade
    CiavarellaDamon
    Lee Damon, University of Washington; Mike Ciavarella, Consultant

    Who should attend: Junior system administrators with anywhere from little to 3+ years of experience in computer system administration. We will focus on enabling the junior system administrator to "do it right the first time." Some topics will use UNIX-specific tools as examples, but the class is applicable to any sysadmin and any OS. Most of the material covered is "the other 90%" of system administrationthings every sysadmin needs to do and to know, but which aren't details of specific technical implementation.

    We aim to accelerate the experience curve for junior system administrators by teaching them the time honored tricks (and effective coping strategies) that experienced administrators take for granted and which are necessary for successful growth of both the administrator and the site.

    The class covers many of the best practices that senior administrators have long incorporated in their work. We will touch on tools you should use, as well as tools you should try to avoid. We will touch on things that come up frequently, as well as those which happen only once or twice a year. We will look at a basic security approach.

    Take back to work: Ideas about how to improve and to streamline your systems and your workload, and, just as important, where to look to find more answers.

    Topics include:

    • Why your computers should all agree on what time it is
    • Why root passwords should not be the same on every computer
    • Why backing up every file system on every computer is not always a good idea
    • Policies—where you want them and where you might want to avoid them
    • Ethical issues
    • Growth and success as a solo-sysadmin as well as in small, medium, and large teams
    • Training
    • Mentoring
    • Personal growth planning
    • Site planning
    • Budgeting
    • Logistics
    • Books that can help you and your users

    M6 Effective Change Management: Making System Integrity Easy Halprin
    Geoff Halprin Consultant

    Who should attend: System administrators who wish to learn how to better manage change and risk and become more professional in their system management practices, those who are responsible for developing or managing their organization's change management process, and those who are frustrated by and hoping to influence and improve their organization's process.

    As a system administrator, you perform change management every day. Every time your finger hovers over the return key, that's risk management. Every time you apply a patch to your desktop before you apply it to production, that's change qualification. Every time you stay late to apply a patch out of hours, that's change scheduling. Although you may be doing it now, you have probably never considered the deeper aspects of what you do and how you might do it better.

    Take back to work: A grasp of the many aspects of effective change management and how you can improve the process, using tactics, tools, and tips learned in this course.

    Topics include:

    • The basic change management process
    • Building a change plan
    • Regression planning and risk management strategies
    • Change execution tools and techniques
    • Managing an organization's change pipeline
    • Emergency changes and downtime conferences
    • Quality assurance across the change life cycle
      Monday Morning Half-Day Tutorials

    M7 Advanced Perl, Part 3: Multitasking via Processes and Threads NEW! Christiansen
    Tom Christiansen, Perl Consultant

    Who should attend: Perl programmers and sysadmins who need to write programs that do more than one thing at a time.

    Take back to work: A deep understanding of process management facilities, I/O redirection and control, the accept/connect client-server model, and threads.

    Topics include:

    • Multitasking: full-process forking vs. threading
    • Signals: safe and otherwise
    • Accessing POSIX signal facilities
    • Signals, system(), and backticks
    • Stderr redirection
    • Security concerns in external commands
    • Safe pipe opens
    • Deadlock issues in pipe handling
    • IPC::Open2 and IPC::Open3
    • Low-level primitives: fork, pipe, waitpid, exec
    • Forking servers and client-server hybrids
    • Sharing data across forks
    • The ithread model: use threads
    • Thread management: creation, joining, detaching
    • Retrieving data from a thread
    • Working with threads objects
    • Sharing data among threads
    • Yielding the processor
    • Locking protocols and deadlock avoidance
    • Locking variables, subroutines, and methods
    • The Thread::Queue module
    • Thread-queues versus process-pipes
    • Using Semaphores from Thread::Semaphore
    • Process pools vs. thread pools
    • Useful threading modules from CPAN

    M8 Working with SELinux NEW! Farrow
    Rik Farrow, Security Consultant

    Who should attend: Sysadmins and security managers of Linux systems who want or are required to use SELinux. Participants must be familiar with Linux system administration; previous frustration while using SELinux is expected but not required.

    This tutorial focuses on getting SELinux working again in enforcing mode after it has been disabled. SELinux is included by default in many popular distros along with a policy targeted at sandboxing popular network services and some applications. But even minor changes to a server's files, or enabling features in a currently running server, will cause SELinux to prevent an application from working. The usual fix is to disable SELinux.

    Take back to work: An awareness of new tools and techniques for debugging problems with SELinux configuration and applications.

    Topics include:

    • SELinux uncloaked
      • Types, contexts, and roles
      • Policy
      • Extensions to familiar commands
    • Using the audit file
      • New tools for deciphering log messages
    • Adjusting file/directory context
    • Using booleans to adjust policy
    • Editing and rebuilding policy

    M9 RRDtool as a Communication Tool Oetiker
    Tobias Oetiker, Consultant and Author of RRDtool

    Who should attend: Scripters and programmers who would like to create a custom monitoring application with great presentation tools. Attendees are expected to have some scripting experience.

    Over the past few years RRDtool has become the standard method for handling time-series data in the networking area. RRDtool takes care of all the work related to data storage and presentation. Many users only access RRDtool through some front-end application like Cacti or Cricket.

    In this half-day tutorial you will learn how RRDtool works from a programmer's point of view and how you can use it to write your own custom monitoring applications. An emphasis will be put on presentation aspects. The best data is worth only as much as your bosses and customers understand and appreciate the graphs you create with it.

    Take back to work: Ideas for building the monitoring application of your dreams.

    Topics include:

    • RRDtool overview
      • Problems to be solved
      • Round Robin Database setup
      • Data acquisition
      • Graphing
    • Programming with RRDtool
      • The command line interface
      • The pipe interface
      • The Perl API
    • In-depth graphing
      • Concepts
      • Simple graphs
      • The joy of RPN
      • Graph disassembly
      • How to make graphs talk
    • Scaling RRDtool
      • The RRD file format
      • Optimizing OS interaction
      • Tweaking Linux for speed
    • Latest developments
      Monday Afternoon Half-Day Tutorials

    M10 Performance Tracking with Cacti Sellens
    John Sellens, SYONEX

    Who should attend: Network and system administrators ready to implement a graphical performance and activity monitoring tool, who prefer an integrated, Web-based interface. Participants should have an understanding of the fundamentals of networking, familiarity with computing and network components, UNIX system administration experience, and some understanding of UNIX programming and scripting languages.

    This tutorial will provide in-depth instruction in the installation and configuration of Cacti, a popular Web-based tool for graphing time-series data from systems and devices on your network, using RRDtool, PHP, and MySQL.

    Take back to work: The information needed to immediately implement and use Cacti to monitor systems and devices on your networks.

    Topics include:

    • Installation: Basic steps, prerequisites, common problems and solutions
    • Configuration, setup options, and how to manage larger and nontrivial configurations
    • User management and access control
    • Special cases: how to deal with interesting problems
    • Extending Cacti: how to write scripts or programs to extend the functionality of the basic package
    • Security concerns and access control
    • Ongoing operations

    M11 Wireshark (Ethereal) and the Art of Debugging Networks Carter
    Gerald Carter, Likewise Software

    Who should attend: System and network administrators who are interested in learning more about the TCP/IP protocol and how network traffic monitoring and analysis can be used as a debugging, auditing, and security tool.

    System logs can turn out to be incomplete or incorrect when you're trying to track down network application failures. Sometimes the quickest, or the only, way to find the cause is to look at the raw data on the wire. This course is designed to help you make sense of that data.

    Take back to work: How to use the Wireshark protocol analyzer as a debugging and auditing tool for TCP/IP networks.

    Topics include:

    • Introduction to Wireshark (Ethereal) for local and remote network tracing
    • TCP/IP protocol basics
    • Analysis of popular application protocols such as DNS, DHCP, HTTP, NFS, CIFS, and LDAP
    • How some kinds of TCP/IP network attacks can be recognized

    M12 The Joy of Running Diskless Linux Oetiker
    Tobias Oetiker, Consultant and Author of RRDtool

    Who should attend: Linux/UNIX sysadmins who manage several networked UNIX workstations or cluster nodes.

    Would you like to reap all the benefits of a thin client infrastructure without compromising on raw CPU and graphics performance? Would you like to be able to set up new workstations before you even have the hardware on site? Would you like to be able to upgrade, patch, and test without any of your users noticing, until everything is ready, and then have a downtime of only one reboot? Would you like to be able to install 10 new workstations or cluster nodes in 5 minutes? If you answer yes to one of these questions, come join us on this adventure.

    Running diskless Linux is as simple as using PXE to boot a server and hosting the filesystem on NFS. If you want to do this with a large number of machines, there are many ways to optimize procedures and provide unique features to your users.

    Take back to work: The ability to slash your installation times and downtime.

    Topics include:

    • Basic PXE netboot and NFS setup
    • Installing Linux without a workstation
    • Organizing NFS roots
    • Update procedures
    • Providing a homogeneous application environment
    • Managing user accounts
    • How to make the automounter sit up and beg
    • Managing mixed 32- and 64-bit environments
      Tuesday, November 11, 2008
      Tuesday Full-Day Tutorials

    T1 Virtualization with VMware ESX 3i for UNIX Administrators:
    The Fundamentals
       Deuskar Arrasjid
    John Arrasjid and Shridhar Deuskar, VMware

    Who should attend: System administrators and architects who are interested in deploying a VMware Virtual Infrastructure, including ESX Server and VirtualCenter, in a production environment. No prior experience with VMware products is required. Knowledge of Linux is helpful; basic knowledge of SANs is useful but not required.

    VMware Infrastructure is the new computing platform from VMWare. It helps organizations solve a range of computing challenges. This workshop will provide an overview of VMware Infrastructure by focusing on ESXi 3.5 and VirtualCenter. ESXi 3.5 has only a 32MB footprint and runs independent of a general purpose operating system. We will discuss the Remote Command Line Interface (RCLI), which will be the primary command line tool to manage an ESXi 3.5 system. Additionally, we will provide an overview of VMI (Virtual Machine Interface), a guest OS communication interface with the hypervisor.

    Take back to work: An understanding of ESXi 3.5 and VirtualCenter installation, configuration, and basic design architectures around networking and storage.

    Topics include:

    • Virtualization overview
    • ESX 3i Installation and Configuration
    • Networking overview and configuring vSwitches
    • Storage overview and configuring datastores
    • RCLI for the UNIX administrator
    • VMI 101
    • Virtual machines, virtual appliances, and the OVF
    • Clusters, Resource Pools and VMware HA, VMware DRS

    T2 Solaris Dynamic Tracing (DTrace) NEW! Mauro
    James Mauro, Sun Microsystems

    Who should attend: Sysadmins and other production support staff that need to look at systems and figure out what theyre doing or why they're running slowly on a regular basis. Some general programming knowledge will be assumed, along the lines of writing shell, awk, or Perl scripts, as well as general familiarity with using and administering systems running some variant of UNIX.

    This tutorial covers using the Dynamic Tracing (DTrace) technology that originated in Solaris and OpenSolaris and is now available in Mac OS X 10.5 (Leopard) and FreeBSD 8.0. DTrace is a framework that allows for dynamically inserting points of instrumentation, called probes, in the operating system (kernel) as well as user processes.

    This session will combine slides with live demos of DTrace on several operating systems.

    Take back to work: How to use Dynamic Tracing (DTrace) technology to understand the behavior of your systems and the workloads they run, whether youre chasing a performance problem or pathological behavior or you simply wish to better understand how applications are using the underlying system.

    Topics include:

    • Introduction to DTrace
      • What DTrace is and is not
      • Overview of the DTrace framework
      • Overview of DTrace providers
      • DTrace architecture
      • Differences in DTrace among the current operating systems that support DTrace
      • DTrace Resources
    • DTrace components
      • Providers
      • Probes
      • Variables
      • Predicates, actions, and subroutines
      • Aggregations
      • The D Language and writing DTrace scripts
    • Using DTrace
      • Providers and their arguments
      • DTrace and CPU consumers
      • DTrace and memory use
      • DTrace and disk IO
      • DTrace and network IO
      • DTrace and user processes and threads
      • The DTrace toolkit
    • DTrace in open source software
      • DTrace and Java
      • DTrace and Perl
      • DTrace and PHP
      • DTrace and Ruby on Rails
      • DTrace and MySQL
    • Advanced topics
      • DTrace destructive actions
      • DTrace speculative buffers
      • DTrace USDT Probes
      • Inserting DTrace probes in application code
      Tuesday Morning Half-Day Tutorials

    T3 Databases: What You Need to Know Sellens
    John Sellens, SYONEX

    Who should attend: System and application administrators who need to support databases and database-backed applications.

    Databases used to run almost exclusively on dedicated database servers, with one or more database administrators (DBAs) dedicated to their care. These days, with the easy availability of database software such as MySQL and PostgreSQL, databases are popping up in many more places and are used by many more applications.

    As a system administrator you need to understand databases, their care and feeding. This course provides an introduction to database concepts, use, and implementation, specifically aimed at system administrators.

    Take back to work: A better understanding of databases and their use and of how to deploy and support common database software and database-backed applications.

    Topics include:

    • An introduction to database concepts
    • The basics of SQL (Structured Query Language)
    • Common applications of databases
    • Berkeley DB and its applications
    • MySQL installation, configuration, and management
    • PostgreSQL installation, configuration, and management
    • Security, user management, and access controls
    • Ad hoc queries with standard interfaces
    • ODBC and other access methods
    • Database access from other tools (Perl, PHP, sqsh, etc.)

    T4 RRDtool by Example NEW! Oetiker
    Tobias Oetiker, Consultant and Author of RRDtool

    Who should attend: Sysadmins who may only have accessed RRDtool through some front-end application such as Cacti or Cricket and would like to get a look under the hood. Attendees are expected to have some scripting experience.

    Over the past few years RRDtool has become the standard method for handling time-series data in the networking area. RRDtool takes care of all the work related to data storage and presentation. In this half-day tutorial you will get eye-to-eye through many example usages as they are demonstrated and explained live.

    Take back to work: How to use RRDtool directly to handle time-series data in the networking area.

    Topics include:

    • RRDtool overview
      • Rundown on components of RRDtool
      • Update on new functionality introduced in version 1.3
    • The RRD Database Format
      • How RRDtool stores that data
      • Interaction with the OS cache sub-system
      • Linux tricks
      • Fixing "bad data" after the fact
    • How to setup an RRD performance test
    • RRD graphing
      • Simple graphs and autoconfiguration
      • Alternate scaling
      • Working with transparency
      • Creating gradients
      • RPN magic
    • Putting it together
      • Scripting interface
      • The graphv, updatev, and info interfaces

    T5 Advanced Shell Programming Ciavarella
    Mike Ciavarella, Consultant

    Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).

    The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages. This tutorial details techniques that move beyond the quick-and-dirty shell script.

    Take back to work: An understanding of how to use the "lowly" shell to achieve lofty goals.

    Topics include:

    • Common mistakes and unsafe practices
    • Modular shell script programming
    • Building blocks: awk, sed, etc.
    • Writing secure shell scripts
    • Performance tuning
    • Choosing the right utilities for the job
    • Addressing portability at the design stage
    • When not to use shell scripts

    T6 Disk-to-Disk Backup and Eliminating Backup System Bottlenecks
    UPDATED FOR 2008!
    Farmer
    Jacob Farmer, Cambridge Computer Services

    Who should attend: System administrators involved in the design and management of backup systems and policymakers responsible for protecting their organization's data. A general familiarity with server and storage hardware is assumed. The class focuses on architectures and core technologies and is relevant regardless of what backup hardware and software you currently use.

    The data protection industry is going through a mini-renaissance. In the past few years, the cost of disk media has dropped to the point where it is practical to use disk arrays in backup systems, thus minimizing and sometimes eliminating the need for tape. In the first incarnations of disk-to-disk backup—disk staging and virtual tape libraries—disk has been used as a direct replacement for tape media. While this compensates for the mechanical shortcomings of tape drives, it fails to address other critical bottlenecks in the backup system, and thus many disk-to-disk backup projects fall short of expectations. Meanwhile, many early adopters of disk-to-disk backup are discovering that the longterm costs of disk staging and virtual tape libraries are prohibitive.

    The good news is that the next generation of disk-enabled data protection solutions has reached a level of maturity where they can assist—and sometimes even replace—conventional enterprise backup systems. These new D2D solutions leverage the random access properties of disk devices to use capacity much more efficiently and to obviate many of the hidden backup-system bottlenecks that are not addressed by first-generation solutions. The challenge to the backup system architect is to cut through the industry hype, sort out all of these new technologies, and figure out how to integrate them into an existing backup system.

    This tutorial identifies the major bottlenecks in conventional backup systems and explains how to address them. The emphasis is placed on the various roles for inexpensive disk in your data protection strategy; however, attention is given to SAN-enabled backup, the current state and future of tape drives, and iSCSI.

    Take back to work: Ideas for immediate, effective, inexpensive improvements to your backup systems.

    Topics include:

    • Identifying and eliminating backup system bottlenecks
    • Conventional disk staging
    • Virtual tape libraries
    • Removable disk media
    • Incremental forever and synthetic full backup strategies
    • Block- and object-level incremental backups
    • Information lifecycle management and nearline archiving
    • Data replication
    • CDP (Continuous Data Protection)
    • Snapshots
    • Current and future tape drives
    • Capacity Optimization (Single-Instance File Systems)
    • Minimizing and even eliminating tape drives
    • iSCSI

    T7 Recovering from Linux Hard Drive Disasters Ts'o
    Theodore Ts'o, IBM/Linux Foundation

    Who should attend: Linux system administrators and users.

    Ever had a hard drive fail? Ever kick yourself because you didn't keep backups of critical files, or you discovered that your regularly nightly backup didn't succeed? Of course not: everybody keeps regular backups and verifies them to make sure they are successful. But for those people who think they might nevertheless someday need this information, this tutorial will discuss ways of recovering from storage disasters caused by failures somewhere in the hardware or software stack.

    Take back to work: How to recover from storage disasters caused by failures somewhere in the hardware or software stack.

    Topics include:

    • How data is stored on hard drives
    • Recovering from a corrupted partition table
    • Recovering from failed software RAID systems
    • Low-level techniques to recover data from a corrupted ext2/ext3 filesystem when backups aren't available
    • Using e2image to back up critical ext2/3 filesystem metadata
    • Using e2fsck and debugfs to sift through a corrupted filesystem
    • Preventive measures to avoid needing to use heroic measures

    T8 Integrating Cfengine into Organizational Service Management NEW! Burgess
    Mark Burgess, Oslo University College

    Who should attend: Those wanting an overview of Cfengine concepts for business issues, with implementation examples. The tutorial is suitable for anyone with a basic knowledge of cfengine and an interest in organizational (including business) process.

    The tutorial is loosely aligned around the IT Infrastructure Library (ITIL) and SOX/EURO-SOX notions of best practices and includes topics listed below, with reference to BS/ISO 17799, BS15000, ISO20000, ITIL, eTOM. A natural extension of this is the issue of inter-domain management configuration.

    Take back to work: How to evaluate the principles used in configuring hosts and devices, relate them to standards, and apply them to your own environments.

    Topics include:

    • Cfengine policy management
    • Incident management
    • Change management
    • Release management
    • Availability and capacity management
    • Security management
    • Role-based access control

    T9 Reinventing Yourself NEW! Ranum
    Marcus Ranum, Consultant

    Who should attend: Anyone who feels stuck in their career slot, who is contemplating a jump to something new, who wants to grow to the next level, and who needs a little help figuring out how to get from here to there.

    As you move through your career, you may discover that a job you loved is about to go away or will change to the point where you no longer love it. Or, perhaps, you never loved it at all, and have always wanted to try something different. More likely still, you need to obtain new skills for a new position, a promotion, or a lateral shift within your organization, and feel intimidated about where to start.

    The class will be structured as an interactive discussion of techniques people have found effective in their lives. We will also draw from the life experiences of USENIX and SAGE notables.

    Take back to work: Effective techniques to make a career transition and help in finding the path to becoming notable in your own (and your boss's) eyes!

    Topics include:

    • Reinventing yourself: why and wherefore?
    • Defining success and making a roadmap
    • Finding mentors
    • Broadening your horizons
    • Jumping out of planes without parachutes
      Tuesday Afternoon Half-Day Tutorials

    T10 Nagios: Advanced Topics Sellens
    John Sellens, SYONEX

    Who should attend: Network and system administrators ready to implement or extend their use of the Nagios system and network monitoring tool.

    Nagios is a very widely used tool for monitoring hosts and services on a network. It's very flexible, configurable, and can be extended in many ways, using home-grown or already existing extensions.

    This tutorial will cover the advanced features and abilities of Nagios and related tools, which are especially useful in larger or more complex environments, or for higher degrees of automation or integration with other systems.

    Take back to work: The information you need to immediately implement and use the advanced features of Nagios and related tools for monitoring systems and devices on your networks.

    Topics include:

    • Theory of operation
    • Configuration for more complex environments
    • Plug-ins: Their creation, use, and abuse
    • Extensions: NRPE, NSCA, NDOUtils
    • Add-ons: Graphing, integration with other tools
    • Abuse: Unexpected uses and abuses of Nagios

    T11 Writing JavaScript Applications Running in the Browser with Qooxdoo NEW! Oetiker
    Tobias Oetiker, Consultant and Author of RRDtool

    Who should attend: People with a good grasp of programming who would like to put the fun back into writing Web applications with fully interactive interfaces.

    Imagine writing a Web application where the server part is only a few lines of Perl or PHP code. The fully interactive front end runs completely in the browser (FF/IE/Opera/Safari) and just calls upon the server to pull or submit data, much like it used to be in classical client server applications.

    Until recently in the AJAX world, writing JavaScript has been a necessary evil, and most frameworks try to shield the users from that experience by providing means of coding in other languages and creating the necessary JavaScript on the fly.

    The Qooxdoo framework takes a radically different aproach. It enhances JavaScript with a Qt inspired object-oriented programming model, which does away with most of the tedious aspects of JavaScript. Coupled with a fast, themeable cross-browser widget set, it provides a powerful and pleasant programming environment.

    In this half-day tutorial, I will pass on the experience I gained over the past year writing Qooxdoo applications from scratch, as well as integrating Qooxdoo elements in SmokePing.

    Take back to work: How to use Qooxdoo to write a Web application where the server part is only a few lines of Perl or PHP code, essentially grabbing data off your database without having to care about presentation or the front end in general.

    Topics include:


    T12 Documentation Techniques for Sysadmins Ciavarella
    Mike Ciavarella, Consultant

    Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.

    Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

    Take back to work: The ability to make immediate, practical use of the documentation techniques presented in this tutorial in your day-to-day tasks.

    Topics include:

    • Why system administrators need to document
    • The document life cycle
    • Targeting your audience
    • An adaptable document framework
    • Common mistakes
    • Tools to assist the documentation process

    T13 Next-Generation Storage Networking UPDATED FOR 2008! Farmer
    Jacob Farmer, Cambridge Computer Services

    Who should attend: Sysadmins running day-to-day operations and those who set or enforce budgets. This tutorial is technical in nature, but it does not address command-line syntax or the operation of specific products or technologies. Rather, the focus is on general architectures and various approaches to scaling in both performance and capacity. Since storage networking technologies tend to be costly, there is some discussion of the relative cost of different technologies and of strategies for managing cost and achieving results on a limited budget.

    There has been tremendous innovation in the data storage industry over the past few years. Proprietary, monolithic SAN and NAS solutions are beginning to give way to open-system solutions and distributed architectures. Traditional storage interfaces such as parallel SCSI and Fibre Channel are being challenged by iSCSI (SCSI over TCP/IP), SATA (serial ATA), SAS (serial attached SCSI), and even Infiniband. New filesystem designs and alternatives to NFS and CIFS are enabling high-performance filesharing measured in gigabytes (yes, "bytes," not "bits") per second. New spindle management techniques are enabling higher-performance and lower-cost disk storage. Meanwhile, a whole new set of efficiency technologies are allowing storage protocols to flow over the WAN with unprecedented performance. This tutorial is a survey of the latest storage networking technologies, with commentary on where and when these technologies are most suitably deployed.

    Take back to work: An understanding of general architectures, various approaches to scaling in both performance and capacity, relative costs of different technologies, and strategies for achieving results on a limited budget.

    Topics include:

    • Fundamentals of storage virtualization: the storage I/O path
    • Shortcomings of conventional SAN and NAS architectures
    • In-band and out-of-band virtualization architectures
    • The latest storage interfaces: SATA (serial ATA), SAS (serial attached SCSI), 4Gb Fibre Channel, Infiniband, iSCSI
    • Content-Addressable Storage (CAS)
    • Information Life Cycle Management (ILM) and Hierarchical Storage Management (HSM)
    • The convergence of SAN and NAS
    • High-performance file sharing
    • Parallel file systems
    • SAN-enabled file systems
    • Wide-area file systems (WAFS)

    T14 An Introduction to SystemTap NEW! Ts'o
    Theodore Ts'o, IBM/Linux Foundation

    Who should attend: Linux Kernel developers and advanced system administrators. Familiarity with Linux kernel internals is extremely helpful.

    SystemTap is a tool that allows kernel developers and system administrators to deeply examine the activities of a live Linux system via simple scripts. These scripts allow data from a running Linux system to be extracted, filtered, and summarized in order to help diagnose complex performance problems or track down tricky Linux kernel bugs. A SystemTap script allows handlers to be run when specific events, such as entering or exiting a function or a timer expiring, occur. A handler can extract data from the event context, store it in internal variables, or summarize and print results.

    The course will feature examples of how SystemTap can be used to track down system bugs and identify the source of performance problems.

    Take back to work: How to install and run SystemTap on your Linux systems and write basic SystemTap scripts and tapsets.

    Topics include:

    • How to get the latest version of SystemTap
    • Managing kernel debuginfo files
    • Programming SystemTap scripts
    • How to create tapsets
    • Examples of SystemTap in action

    T15 Cfengine 3 NEW! Burgess
    Mark Burgess, Oslo University College

    Who should attend: Anyone with a basic knowledge of configuration management who is interested in learning the next-generation tool.

    This year sees a complete rewrite of Cfengine that follows on from the extensive research done over the past ten years. With the rewrite comes a new syntax, with powerful pattern matching capabilities. Cfengine 3 addresses all of the criticisms levelled against earlier versions of Cfengine, while maintaining all of the strong benefits of the strong security model and simplicity of form.

    The tutorial is peppered with configuration examples, which can now be self-contained and modularized to an unprecedented degree in the new language.

    Take back to work: An understanding of the new features of the completely rewritten Cfengine 3, including its new syntax and benefits.

    Topics include:

    • The promise model
    • Bundles and templates
    • Quickstart configuration
    • Creating configuration libraries
    • Upgrading from Cfengine 2

    T16 Incident Response NEW! Singer
    Abe Singer, San Diego Supercomputer Center

    Who should attend: Security folks, system administrators, and operations staff (e.g., help desk). Examples are primarily from UNIX systems, but most of what is discussed will be operating system neutral. Note that this is not a forensics class (for those, see S4 and M3). Although some forensic analysis will be discussed, especially with regard to examples, it is only a small portion of the class.

    You get a complaint that seems to indicate that you have one or more compromised machines. What do you do? Where do you start? How do you proceed? Do you have the tools that you need and the authority to use them?

    Responding to an incident can be very stressful and, without the right tools and procedures in place in advance, very difficult. It can be easy to panic, and there is a lot of pressure to "do something" even when you don't know what's actually going on. Often, sites that do react rashly end up in a worse state and do not completely remove the intruder from their systems.

    Some examples from real intrusions will be provided.

    Take back to work: How to put together a comprehensive incident response program, from identifying the policies and tools you need to assessing the situation and determining an effective, measured response.

    Topics include:

    • Goals: What results do you want?
    • Policies: Having the authority to do the job
    • Tools: Having the stuff to do the job
    • Intelligence: Having the information to do the job
    • Initial suspicion: Complaints, alarms, anomalies
    • The "Oh, sh*t" moment: When you realize it's a compromise
    • Gathering information on your attacker
    • Assessing the extent of the compromise
    • Communicating: Inquiring minds want to know
    • Recovery: Kicking 'em out and fixing the damage
    • Evidence handling
    • The law: Dealing with law enforcement, lawyers, and HR
      Wednesday, November 12, 2008
      Wednesday Full-Day Tutorials

    W1 Virtualization with VMware ESX 3i for UNIX Administrators:
    Advanced Topics
       Arrasjid Arrasjid
    John Arrasjid and Shridhar Deuskar, VMware

    Who should attend: System administrators and architects who are interested in advanced topics on deploying a VMware infrastructure. Prior experience with VMware VI2 or VI3 environments is highly recommended.

    This tutorial will cover advanced topics related to a VMware Infrastructure 3 environment. We will focus on new and advanced concepts pertaining to networking and storage, performance optimization, and best practices. Additionally, we will cover VMware's new disaster recovery product called Site Recovery Manager(SRM). Participants will learn how SRM can be used for managing disaster recovery plans, automating failover after a disaster and performing non-disruptive tests of recovery plans. Sample disaster recovery workflows will also be presented. Time permitting, live demonstrations will be given around some of these technology areas. Technical questions in a Q&A section will be provided in the last part of the day.

    Take back to work: How to build on your experience with VMware Infrastructure to better support a VI3 environment.

    Topics include:

    • Best practices with ESX
    • New and/or advanced concepts with networking
    • New and/or advanced concepts with storage
    • Storage VMotion
    • Deep dive with VMware Site Recovery Manager
      Wednesday Morning Half-Day Tutorials

    W3 Solaris 10 Administration Workshop 1: Administration (Hands-on; laptop recommended) NEW! StaveleyGalvin
    Peter Baer Galvin, Corporate Technologies; Marc Staveley, Soma Networks

    Who should attend: Solaris systems managers and administrators interested in learning the new administration features in Solaris 10 (and features in previous Solaris releases that they might not be using).

    Solaris has always been the premier commercial operating system, and this remains the case today. Its novel features and applications (like ZFS, DTrace, and containers) keep it at the forefront of enterprise use, and many of these features have been copied in other operating systems.

    This course covers a variety of system administration topics surrounding Solaris 10. Solaris 10 includes many features introduced since the last major release of Solaris, and there are new issues to consider when deploying, implementing, and managing Solaris 10. This will be a workshop featuring instruction and practice/exploration.

    Take back to work: Intimate knowledge of the new features and best practices surrounding Solaris 10 administration.

    Topics include:

    • Solaris versions, features, selection
    • SMF and FMA
    • Booting and installing
    • Patching
    • Important administration tools
    • What's next for Solaris
    • Quick performance overview

    Laptop requirements: Each student should have a laptop with wired access for remote access into an instructor-provided Solaris 10 machine (if you do not have a laptop, we will make every effort to pair you up with another student to work as a group; your laptop does not need to be running Solaris).


    W4 Achieving High Availability (in Your Lifetime) Marcus
    Evan Marcus, Global Data Center Management

    Who should attend: System administrators and data center managers, but the material applies to developers and their managers and to IT managers as well.

    What does high availability really mean? Do you need it? Do you already have it? How high is up? How up is high? Whom can you trust to give you a practical and useful answer, an answer you can apply to your data center and your systems? How can you sort through all of the marketing noise and really put high availability into place on your systems?

    Every systems vendor, every OS vendor, every storage vendor, every networking vendor has his own definition of this very generic term—and all the definitions are different! Do any of these definitions apply to you and your systems? Probably not.

    In this lively and upbeat tutorial, we'll give you some practical and useful information about high availability. We'll show you the relationship between cost and availability. We'll walk through our list of 20 key high availability design principles—the foundation for any critical system—and how you can get started down the path toward high availability without spending boatloads of money.

    Take back to work: Simple and practical tools you can use right away to persuade the bean counters in your organization of the value of putting high availability techniques and practices into place.

    Ultimately, availability is defined by the users of a system: can they use it, or not? With that in mind, we take the approach that high availability is a very broad science, affecting every aspect of system management.

    Topics include, in reference to high availability:

    • Backups and restores
    • Storage
    • Security
    • Networking
    • The data center environment
    • Services and applications
    • WANs and replication
    • Archiving

    W5 Beyond Shell Scripts: 21st-Century Automation Tools and Techniques Frisch
    Æleen Frisch, Exponential Consulting

    Who should attend: System administrators who want to explore new ways of automating administrative tasks.

    Shell scripts are appropriate for many jobs, but more complex operations will often benefit from sophisticated tools. As the complexity of modern UNIX/Linux systems has evolved, the tried-and-true method of "just write a shell script" has become outdated. While simple tasks can still be performed this way, there are tools available that can make your job simpler yet much more sophisticated, especially when managing large numbers of systems.

    Take back to work: This class will explore a number of these tools that can make your job as a system administrator more effective and productive. You will be able to monitor and maintain more information on more systems without drastically increasing your workload. Once properly configured, most of these tools will decrease the level of effort required to do your job.

    Topics include:

    • Expect: Automating interactive processes
    • Open source enterprise backup tools: Bacula and Amanda
    • Network and system monitoring: SNMP overview
    • RRDtool: Examining retrospective system data
    • Front ends to RRDtool: Munin, Cricket, others
    • Nagios: Monitoring network and device performance
    • Wireshark: monitoring network data
    • Proactive security monitoring: Nessus and others
    • Other tools of Interest and Importance
      Wednesday Afternoon Half-Day Tutorials

    W6 Solaris 10 Administration Workshop 2: Virtualization (Hands-on; laptop recommended) NEW! StaveleyGalvin
    Peter Baer Galvin, Corporate Technologies; Marc Staveley, Soma Networks

    Who should attend: Solaris systems managers and administrators interested in learning about the new virtualization features in Solaris 10.

    Solaris has always been the premier commercial operating system, and this remains the case today. Its novel features and applications (such as ZFS, DTrace, and Containers) keep it at the forefront of enterprise use, and many of these features have been copied in other operating systems.

    This course covers the gamut of virtualization options in Solaris 10. It includes new issues to consider when deploying, implementing, and managing Solaris 10. This will be a workshop featuring instruction and practice/exploration.

    Take back to work: Intimate knowledge of the Solaris 10 virtualization choices and best practices surrounding Solaris 10 administration.

    Topics include:

    • Virtualization choices in Solaris
    • Zones/Containers
    • LDOMs and Domains
    • Virtualbox
    • xVM (a.k.a. Xen)

    W7 Disaster Preparedness (and Recovery): How to Keep Your Company (and Your Job) Alive Marcus
    Evan Marcus, Global Data Center Management

    Who should attend: Data center managers, IT directors, and anyone administering critical systems in an environment where extended downtime after an outage is unacceptable.

    Disaster planning is like insurance: nobody wants to talk about it and everyone runs from the salesmen. But when you need it, you are very glad to have it! And if you don't have it when you need it, it is too late to do anything about it. It's all about planning and preparation.

    We will explore the key aspects of developing a disaster recovery plan, including identifying the key components, testing the plan, and some of the technology that can speed recovery, with an eye toward balancing costs and benefits. We'll build it all around a real-life organization that completely recovered from the 9/11 disaster in less than 12 hours.

    We'll also look at the ramifications of storing data offline vs. online, what happens when archived backup media starts to get too old, and the security aspects of having a functional DR site.

    Take back to work: The ability to put together a plan that fits your company's needs and the confidence to make it work.

    Topics include:

    • What a DR plan should contain, with real-world examples
    • Potential legal and civil liabilities if you don't have a DR plan
    • Hot vs. warm vs. cold backups
    • Costs of developing a DR plan
    • Do you really need a plan at all?
    • Testing methods for the plan
    • Downtime and data loss as two sides of the same coin
    • Building and staffing DR teams
    • Senior management's role
    • Selling DR to senior management
    • Disasters that only involve the backup site

    W8 DNS and DHCP Considerations When Migrating to IPv6 NEW! Hankins
    David Hankins, Internet Systems Consortium

    Who should attend: System and network administrators who believe that someday the arguing about IPv6 will start to wind down, their organization might need to add IPv6 to its enterprise network, and they would like to make sure the transition goes smoothly.

    Many of the IP services that are familiar from IPv4 exist also in IPv6, but with differences. We at ISC have run IPv6 and IPv4 in parallel stacks for many years, and we've learned lots of sysadmin tricks for making it work smoothly.

    This tutorial focuses on the services most relevant to network and system administration, that is, DNS and DHCP and their interaction.

    Take back to work: After completing this tutorial, you should be able to acquire an IPv6 prefix, find a way to get it routed (or tunneled), and configure your DNS and DHCP infrastructure so that a client wanting to use IPv6 can do just that.

    Topics include:

    • So you have IPv6 transit. Now what?
      • Mechanics of IPv6 addresses in DNS
      • Additional DNS mechanisms for IPv6
      • Addressing assumptions, subnetting, and broadcasting
    • Making addressing plans for IPv6
      • There is so much address space; how do I spend it responsibly?
      • Reverse zones for IPv6
      • "Static" addresses for servers
    • Assigning IPv6 addresses
      • Why DHCP? Why not stateless autoconfig?
      • Keeping track of address information and assignments
      • Dynamic allocation of subnets
      • Managing prefix delegation
    • Moving some functions from DHCP to the router
      • Delivering subnet prefixes to clients
      • Routing delegated prefixes
    • Coordinating DNS and DHCP for IPv6
      • Getting dynamically assigned IPv6 addresses into DNS
      • IPv6 has more kinds of addresses than IPv4. How do they work with DNS?
      Thursday, November 13, 2008
      Thursday Full-Day Tutorials

    R1 Securing Virtual Servers: XenServer and VMware ESX Server NEW!   Cox
    Phil Cox, SystemExperts Corporation

    Who should attend: Site managers charged with selecting and setting virtual server security requirements, general users who want to know more about the security features of popular virtual environments, and system administrators who are tasked with implementing or maintaining the security of virtual servers. This course assumes no previous knowledge of or experience with virtual server technologies.

    Virtualization of physical servers is popping up all over corporate networks and may soon comprise a significant proportion of the services provided by a company. As virtual servers become more pervasive, the proper administration and security of them become critical to the security of the entire corporate network. This tutorial presents the problems and solutions surrounding the security of virtual servers. It will focus on the two main virtualization products in use today: VMware ESX and XenSource, along with some discussion of Microsoft Virtual Server and Hyper-V. The emphasis will be on practical information and solutions that can be applied by people who use the technologies and those who are tasked with providing them to their companies. Some of the topics will be demonstrated live during the course.

    Take back to work: A familiarity with current virtualization and popular technical implementations of it, as well as an understanding of how to secure virtual servers that use those current technologies.

    Topics include:

    • Virtualization 101
      • What is the virtual universe?
      • Who's using what?
      • What really matters?
    • Threats
      • What are the issues?
      • How and where to look for threats in virtual server environments
    • Popular technologies: VMware ESX and XenSource
      • Configuring a secure virtual environment
      • Securing the host OS
      • Securing the guest machine
    • Miscellaneous topics
      • Microsoft technologies
      • What is coming down the pipe

    R2 So You Have Active Directory: Now What? A Field Guide to AD Integration for UNIX Sysadmins Carter
    Gerald Carter, Likewise Software

    Who should attend: System administrators who are tasked with integrating authentication, Web, and file/print services provided by UNIX hosts into an Active Directory domain.

    Frequently, AD deployments are handled outside the UNIX infrastructure teams. This can leave UNIX/Linux sysadmins scratching their collective heads about how to make use of the new directory service and increase the amount of work duplicated by the UNIX server teams and the AD administrators. This tutorial will help reduce that workload for you.

    Take back to work: In-depth understanding of the best approaches to managing your system services with Active Directory.

    Topics include:

    • The fundamental concepts used in Active Directory Domains, Kerberos, and LDAP
    • How to utilize standard protocols and open source tools to integrate Linux, UNIX, amd Mac clients/servers into AD domains for authentication
    • Restricting logon access based on AD domain group membership
    • How to provide roaming, offline logons for Linux laptops using cached AD credentials
    • How to configure Samba file and print servers to authenticate AD domain users
    • How to define access control lists on files and directories using AD domain accounts and groups
    • How to configure Apache Web servers to provide seamless access to intranet Web content using common authentication protocols such as NTLM and Kerberos
    • How to write Perl scripts to automate daily AD administrative tasks from non-Microsoft desktops
      Thursday Morning Half-Day Tutorials

    R3 Solaris 10 Administration Workshop 3: File Systems (Hands-on; laptop recommended) NEW! StaveleyGalvin
    Peter Baer Galvin, Corporate Technologies; Marc Staveley, Soma Networks

    Who should attend: Solaris systems managers and administrators interested in learning about the new file system features in Solaris 10.

    Solaris has always been the premier commercial operating system, and this remains the case today. Its novel features and applications (such as ZFS, DTrace, and Containers) keep it at the forefront of enterprise use, and many of these features have been copied in other operating systems. This course covers Solaris 10 filesystem topics. It includes new issues to consider when deploying, implementing, and managing Solaris 10. This will be a workshop featuring instruction and practice/exploration.

    Take back to work: Intimate knowledge of the Solaris 10 filesystem choices and best practices surrounding Solaris 10 administration.

    Topics include:

    • Root disk layout
    • Mirroring and related topics
    • ZFS
    • Choosing the most appropriate file system

    Laptop requirements: Each student should have a laptop with wired access for remote access into an instructor-provided Solaris 10 machine; your laptop does not need to be running Solaris. If you do not have a laptop, we will make every effort to pair you with another student.


    R4 Over the Edge System Administration, Volume 1 Blank-Edelman
    David N. Blank-Edelman, Northeastern University

    Who should attend: Old-timers who think they've already seen it all and those who want to develop inventive thinking early in their career. Join us and be prepared to be delighted, disgusted, and amazed. Most of all, be ready to enrich your network and system adminstration by learning to be different.

    It's time to learn how to break the rules, abuse the tools, and generally turn your system administration knowledge inside out. This class is a cornucopia of ideas for creative ways to take the standard (and sometimes not-so-standard) system administration tools and techniques and use them in ways no one would expect. We'll also cover some tools you may have missed.

    Note: The teacher takes no responsibility should your head explode during this class.

    Take back to work: New approaches to old problems, along with some ways to solve the insolubles.

    Topics include:

    • How to (ab)use perfectly good network transports by using them for purposes never dreamed of by their authors
    • How to increase user satisfaction during downtimes with 6 lines of Perl
    • How to improve your network services by intentionally throwing away data
    • How to drive annoying Web-only applications that don't have a command line interface—without lifting a finger
    • How to use ordinary objects you have lying around the house, such as Silly Putty, to make your life easier (seriously!)
      Thursday Afternoon Half-Day Tutorials

    R5 Solaris 10 Administration Workshop 4: Security (Hands-on; laptop recommended) NEW! StaveleyGalvin
    Peter Baer Galvin, Corporate Technologies; Marc Staveley, Soma Networks

    Who should attend: Solaris systems managers and administrators interested in learning about the new security features in Solaris 10 and features in previous Solaris releases they might not be using.

    Solaris has always been the premier commercial operating system, but it is also somewhat different from other UNIX/Linux systems. It has novel features and applications (some have been copied in other operating systems), and there are things you need to know to use them effectively and securely.

    This course covers a variety of topics surrounding Solaris 10 and security. Note that this is not a class about specific security vulnerabilities and hardening; rather, it examines new features in Solaris 10 for addressing the entire security infrastructure, as well as new issues to consider when deploying, implementing, and managing Solaris 10. This will be a workshop featuring instruction and practice/exploration. Also, this course does not include virtualization (containers et al.), as that is covered in Solaris 10 Administration Workshop 2.

    Take back to work: During this exploration of the important new features of Solaris 10, you'll not only learn what it does and how to get it done, but also best practices. Also covered is the status of each of these new features, how stable it is, whether it is ready for production use, and expected future enhancements.

    Topics include:

    • RBAC—Role Based Access Control: Giving users and application access to data and functions based on the role they are filling, as opposed to their login name
    • Privileges: A new Solaris facility based on the principle of least privilege. Instead of being root (or not), users are accorded 43 distinct bits of privilege, sometimes spanning classes of actions and sometimes being confined to a specific system call.
    • NFSv4: The latest version of NFS (based on an industry standard) features stateful connection, more and better security, write locks, and faster performance.
    • Flash archives and live upgrades (automated system builds)
    • Moving from NIS to LDAP
    • DTrace (security): Solaris 10's system profiling and debugging tool
    • FTP client and server enhancements for security, reliability, and auditing
    • PAM—the Pluggable Authentication Module: Enhancements for more detailed control of access to resources
    • Auditing enhancements
    • BSM—Basic Security Module: A security auditing system, including tools to assist with analysis, and a device allocation mechanism that provides object-reuse characteristics for removable or assignable devices
    • Service Management Facility (a replacement for rc files), with new "secure by default" settings
    • Solaris Cryptographic Framework: A built-in system for encrypting anything, from files on disks to data streams between applications
    • Kerberos enhancements
    • Packet filtering with IPfilters
    • BART—Basic Audit Reporting Tool: Like Tripwire, BART enables you to determine what file-level changes have occurred on a system, relative to a known baseline
    • Trusted Extension: additions to Solaris 10 to make it "Trusted Solaris"
    • Securing a Solaris 10 system

    Laptop requirements: Each student should have a laptop with wireless access for remote access into an instructor-provided Solaris 10 machine; your laptop does not need to be running Solaris. If you do not have a laptop, we will make every effort to pair you up with another student.


    R6 Over the Edge System Administration, Volume 2 Blank-Edelman
    David N. Blank-Edelman, Northeastern University

    Who should attend: Old-timers who think they've already seen it all and those who want to develop inventive thinking early in their career. Join us and be prepared to be delighted, disgusted, and amazed. Most of all, be ready to enrich your network and system adminstration by learning to be different. Previous attendance at Volume 1 of the series is recommended but not required.

    Join us for volume 2 of the wildly successful Over the Edge System Administration class series. Once again we'll learn how to break the rules, abuse the tools, and generally turn your system administration knowledge inside out with the help of a whole new set of examples. This class is a second cornucopia of ideas for creative ways to take the standard (and sometimes not-so-standard) system administration tools and techniques and use them in ways no one would expect. We'll also cover some tools you may have missed. This class will take some of the concepts from volume 1 and develop them even further.

    We feel it is important to remind you: The teacher takes no responsibility should your head explode during this class.

    Take back to work: Approaches to system administration you never dreamed of—but you wish you had!

    Topics include:

    • How to exploit side effects to your benefit
    • Applying the arts and crafts you learned in camp to system administration
    • Pressing Web apps from places like Google and Yahoo! into service as sysadmin tools
    • How to perform SQL queries on your network equipment
    • How to use even more ordinary objects you have lying around the house to make your life easier (seriously!)
      Friday, November 14, 2008
      Friday Full-Day Tutorials

    F1 VMware ESX Performance and Tuning NEW!   McDougall
    Richard McDougall, VMware

    Who should attend: Anyone who is involved in planning or deploying virtualization on VMware ESX and wants to understand the performance characteristics of applications in a virtualized environment.

    We will walk through the implications for performance and capacity planning in a virtualized world to learn how to achieve best performance in a VMware ESX environment.

    Take back to work: How to plan, understand, characterize, diagnose, and tune for best application performance on VMware ESX.

    Topics include:

    • Introduction to virtualization
    • Understanding various hardware acceleration techniques for virtualization
    • Diagnosing performance using VMware tools
    • Diagnosing performance using guest OS tools in a virtual environment
    • Practical limits and overheads for virtualization
    • Storage performance
    • Network throughput and options
    • Using Virtual SMP
    • Guest operating system types
    • Understanding the characteristics of key applications, including Oracle, MS SQL Server, and MS Exchange
    • Capacity planning techniques

    F2 Resource Management with Solaris Containers Victor
    Jeff Victor, Sun Microsystems

    Who should attend: System administrators who want to improve resource utilization of their Solaris (SPARC, x64, and x86) systems.

    This tutorial covers the facilities available in Solaris for isolating workloads and managing system resources. These facilities enable you to safely host multiple workloads on one instance of an operating system by creating virtual operating system instances and controlling their resource usage. The features also enable workload management and service level management, as well as the ability to leverage available capacity and to manage system utilization. Controls for CPUs, processes and threads, CPU affinity, scheduling classes, memory, and network bandwidth management will be explained and demonstrated.

    Take back to work: At the conclusion of this session, you will have a solid understanding of the facilities and commands available for maximizing usage of the Solaris systems in your data center.

    Topics include:

    • What are resources?
    • Why would you want to manage them?
    • How do you use these Solaris features?
      • Dynamic Resource Pools, including processor sets
      • Physical memory management with Resource Capping and memory sets
      • Network bandwidth management with IPQoS
      • Schedulers
      • Application isolation with Zones
      • Projects and Tasks
      • Resource Controls

    F3 Implementing [Open]LDAP Directories Carter
    Gerald Carter, Likewise Software

    Who should attend: Both LDAP directory administrators and architects. The focus is on integrating standard network services with LDAP directories. The examples are based on UNIX hosts and the OpenLDAP directory server and will include actual working demonstrations throughout the course.

    System administrators are frequently tasked with integrating applications with directory technologies. DNS, NIS, LDAP, and Active Directory are all examples of the directory services that pervade today's networks. This tutorial will focus on helping you to understand how to integrate common services hosted on UNIX servers with LDAP directories. The demo-based approach will show you how to build and deploy an OpenLDAP-based directory service that consolidates account and configuration information across a variety of applications.

    Take back to work: Comfort with LDAP terms and concepts and an understanding of how to extend that knowledge to integrate future applications using LDAP into your network.

    Topics include:

    • Replacing an NIS domain with an LDAP directory
      • Storing user and group account information
      • Configuring PAM and Name Service Switch libraries on the client
    • Integrating Samba domain file and print servers
      • Configuring a Samba LDAP account database
      • Performance-tuning account lookups
    • Integrating MTAs such as Sendmail and Postfix
      • Configuring support for storing mail aliases in an LDAP directory
      • Using LDAP for storing mail routing information and virtual domains
      • Managing global address books for email clients
    • Creating customized LDAP schema items
      • Defining custom attributes and object classes
    • Examining scripting solutions for developing your own directory administration tools
      • Overview of the Net::LDAP Perl module

    F4 Practical Python for System Administrators NEW! Holden
    Steve Holden, Holden Web

    Who should attend: System administrators looking for scripting tools to assist them in performing more complex system administration tasks. Python experience is not necessary, but familiarity with scripting would be useful.

    This tutorial will introduce you to many of Python's features by example. It will present scripts to solve practical administration problems and then discuss potential modifications to broaden the scope of the script or specialize it. It will also take a look at Python's object-oriented features and try to explain how object-oriented solutions can be more flexible and easier to maintain.

    Take back to work: The ability to make your work easier through reliable automation of many complex tasks, both by adapting existing scripts and by writing your own.

    Topics include:

    • System heartbeat monitors
    • UDP-based logging utilities
    • Log analysis tasks
    ?Need help? Use our Contacts page.

    Last changed: 3 Nov. 2008 ch