[Infrastructures] How do you manage 1000+ systems

Chris Kacoroski ckacoroski@nsd.org
Mon, 13 Jun 2005 09:08:26 -0700 

Rodrick,

IMHO, if you have an environment where
  1. you control all aspects of the machines
  2. have a bare metal build process in place (e.g. jumpstart, etc).
  3. have builds (e.g. web server) that are common to many machines
  4. the machines are always on the net (e.g. not laptops)

then something like Radmind would be an excellent choice.  Other good 
choices are bfg2 or isconf.  The key is that you manage every aspect of 
the machines.

On the other hand, if you have an environment that does not meet the 
above criteria where you only partially manage the machines, then 
cfengine is a good choice because it is flexible enough to let you 
manage what every bits you can and let the rest of the machine be unmanaged.

As for single signon, I think that Kerberos is the best option.  If you 
  just want single password, but can live with multiple sign on then you 
do not need Kerberos, but can do with just an LDAP directory (this is 
what we are doing for 100+ servers and 1500 clients this summer).

cheers,

ski

Rodrick Brown wrote:
> In my current organization as we grow more and more its becoming a
> problem trying to manage all of our users, systems and keep track of
> everything in a smoothly matter so one thing I'm looking to do deploy
> is a authorization and authentication mechanism with single sign on,
> so the first thing that comes to mind is Kerberos, LDAP, and
> auto-mount across our environment, which consists of  350 servers,
> made of Solaris, AIX, and Linux that span 3 data centers, this summer
> alone we plan to add another 100 or so servers so I need something
> that can scale very well, in 3 years alone we will have grown to 500+
> Unix servers, so I'm just looking to hear what most people think of
> Kerberos in general I'm not even sure if there are any alternatives to
> Kerberos in a pure UNIX environment.
> 
> Thanks in advance.
> 

-- 
"When we try to pick out anything by itself, we find it
   connected to the entire universe"		John Muir

Chris "Ski" Kacoroski, ckacoroski@nsd.org, 425-489-6263