By Greg Keller Posted July 25, 2014
Linux® server management can be a time-consuming task for system administrators or IT admins, but it doesn’t have to be. Even leveraging configuration automation solutions, such as Chef and Puppet, and monitoring solutions, such as Nagios, still leaves a great deal of work to be done. With today’s modern infrastructures, whether internally hosted or in the cloud via IaaS provider, the server lifecycle is being automated.
Stages of the Server Lifecycle
The first stage of the lifecycle is provisioning. Historically, servers were purchased and racked. Today, servers can be “turned on” via an API call or through software systems such as OpenStack or cloud providers such as AWS®, Rackspace, or SoftLayer. The second phase of the server lifecycle is configuration. Previously, system admins would manually configure their servers or create an image that they could install. Now, over half a dozen different open source configuration automation solutions exist to help automate this process. The third phase is monitoring, and a number of solutions exist to solve this problem for Linux servers.
The last and perhaps the least automated part of the server lifecycle is management. Linux servers have the benefit of being reasonably straightforward to control remotely. Some of the key areas where system / IT administrators spend their time managing Linux servers are below:
Manage SSH Users
Perhaps one of the first tasks of an admin is to create users on systems. This is incredibly important, especially in an era where the number one attack vector is compromising user credentials. Best practices suggest that Linux servers should be accessed via SSH keys; their keys rotated periodically, accounts deactivated quickly after a user leaves, and no shared root accounts. System admins should be constantly aware of who has access to their systems. To manage user access, see the Directory-as-a-Service® platform from JumpCloud®.
Manage Patches and Security Vulnerabilities
Issues like Heartbleed can wreak havoc within a server infrastructure. Severe security vulnerabilities need to be patched quickly. Some organizations leverage a gold image that then gets rolled out across the entire server infrastructure. Not everybody’s systems work this way. In fact, most do not, and in that case, it is a challenge to patch an entire server infrastructure. For automated patch management capabilities see Automox.
Monitoring for Security Breaches
Security is not always a top priority in some widely used DevOps processes. System administrators know that individual servers can be compromised in the blink of an eye; when they are, the entire infrastructure can be at risk. To effectively monitor for breaches, there are three tasks that sysadmins complete as frequently as possible. First, they must watch all login activity. They see who is accessing systems and who is attempting logins. Second, the tasks that privileged users are completing need to be tracked. Third, outbound connections initiated by servers need to be known and surveilled regularly. Though these tasks are not the most glamorous, they are necessary for maintaining a secure infrastructure.
Check for Errors and Issues with the Server
Servers are dynamic systems generating events and issues. In order to maintain efficiency and optimal performance, servers need to be monitored for errors and exceptions. It is important to set up systems to watch key log files and event data. There are open source solutions to assist in parsing through data quickly – these tasks are not difficult but they are time consuming.
Automate Clean-up Tasks (log files, backups, etc.)
Servers generate large amounts of data in log files and elsewhere. It is critical to ensure that systems don’t overrun capacity or even get close to capacity. Setting up tasks to rotate log files, backup files, and clean-up processes is an important part of managing servers.
Whether servers are ephemeral or permanent, problems arise. One key IT admin responsibility is finding out why applications and servers behave the way they do. Investigating these issues means jumping on the box and digging around to find the root cause.
System administrators are often asked to audit their servers to ensure that they are configured properly, the right people have access, and the right software and hardware are being utilized or at least known. If the system administrator doesn’t have the right tools at her disposal, this can be an arduous task.
Those are a few of the key tasks that are part of managing servers. The challenge for system admins is to build processes that automate these critical tasks and provide them with visibility on the status of their systems.
Linux® Server Management with JumpCloud®
JumpCloud lets you tackle many of the above tasks more quickly and easily. You can do these tasks with a greater degree of centralization, visibility, and accountability. JumpCloud’s core platform is centralized user management in the cloud. JumpCloud’s Identity-as-a-Service platform connects user identities to the resources they need, including systems, applications, and networks. In addition, it provides connections through cross-platform GPO-like functionality for Macs, Windows, and Linux devices. Try it yourself for free, and let us know what you think!