[Infrastructures] Re: Host installs?

[Daniel Pittman]

On Tue, 4 Feb 2003, Stephen Schaefer wrote:
> This is a good answer for well understood, static environments -
> especially those exposed to the security threats of the internet, or
> indeed at any security boundary. You do, however, gain from
> *uniformity* of systems, both from the ability to rapidly repurpose
> and from the decrease in management complexity. 

I can certainly see that there might be some gain in response time to
user requests in a more dynamic environment through installing extra
software, but I cannot agree on the management complexity issue.

I would suggest that you are transferring your complexity from defining
a number of different classes to managing systems where any
adverse environmental change is more disruptive.

[...]

> but you need to find the balance between your own internal
> capabilities and vulnerabilities that matches the level of threat you
> have. 

This is true, and I should have said that your millage may vary in my
original post. I would encourage you to define suitable host classes
that do the minimum needed to serve their purposes, and use something
like Jumpstart, FAI or the various Windows automated install tools to
build machines to their target class.

This means a lower response time if, for example, you need a new
workstation now, but the lag is seldom more than half an hour in my
experience, even with Windows installs.

            Daniel

-- 
There's no sense in being precise when you don't 
even know what you're talking about.
        -- John von Neumann