Virtualising systems often means scaling them up. Sometimes, disparate networks of machines are consolidated together, creating a mega-portfolio of assets. This carries a special set of technical challenges, but let’s not forget the managerial ones. What happens when you scale a system by virtualising servers and cramming more …
Make sure your identity management infrastructure is also ready for the increase in demand
While this article talks about the need for mature process around storage and system patching it also highlights the need for a mature identity solution underneath it all. I spend a lot of time talking to people about how they provision accounts in their environment, how they manage access rights to applications and systems. An alarmingly high number of people have a lot of manual process in the creation and management of user accounts and access controls. Scale up the environment and quickly the one guy who is adding new accounts to Active Directory when a new employee joins or is managing group membership can be overwhelmed. This can lead to a reduction in the speed at which users get access and increase the exposure for mistakes when people have access to the wrong systems.
nothing to do with 'the cloud'
This is simply a scale/process issue.
A former company, 15+ years ago tied the account creation/disabling process to the HR systems, since HR owned the master database of employees.
If you transferred from one department to another, the job would remove you from the global group for your old department and add you to the global group for your new department. If you left the company, it would lock your account and grant your former manager read-only access. S/he had 30 days' access to your account before it was archived and deleted in order to forward any projects/files to your replacement. If you were a new hire, it assigned you to the appropriate groups.
After the time spent writing the script and getting it approved, the time admins spent on account management dropped to about 2hrs/month.
The other advantage was that on your first day, after your 30 minutes in personnel, the rest of the day was spent viewing all of the mandatory training and safety videos (this was a 3M square feet manufacturing facilty with lots of heavy equipment and hazardous chemicals) to keep OSHA placated, since until the system created your account, you had no access to anything.
- HALF A BILLION TERRORISTS: WhatsApp encrypts ALL its worldwide jabber
- HUMAN DNA 'will be FOUND ON MOON' – rocking boffin Brian Cox
- Bang! You're dead. Who gets your email, iTunes and Facebook?
- YOU are the threat: True confessions of real-life sysadmins
- Blackpool hotel 'fines' couple £100 for crap TripAdvisor review