Posts by Category


Pure New Zealand

This site is driven by Blosxom

his site was written in vi

SDF is driven by NetBSD

Subscribe to this sites RSS/XML feed

This site has a Tableless Stylesheet

Email me

Nov 18, 2005

Ultimate Services (Updated 21-Nov-05)

Much like my Ultimate Server Room I'd like to be able to have the following Services (much of this is obviously cribbed from previous workplaces) -

Single Consolidated Authentication - doesn't need to be single-sign-on (although that would be nice) but there should be a single user database feeding into various services for authentication. Remembering multiple ID's & Passwords may aide security but it drives people nuts. Even if the username and password is common that would be sufficient to keep most people sane.

In an ideal world HR would create new user ID's as part of the new hire process and retire ID's when people leave. This can be made reasonably simple via a simple web form so that non-IT staff could keep it up to date and to which others can have access to as a corporate directory. This would be one of those things where IT would put in a lot of up-front development effort but once up and running it should be operable in a very 'hands-off' mode such that IT wouldn't need to be involved in anything as mundane as creating new users :-)

No new services should be implemented unless they can be integrated into the single login/password system.

Unfortunately most enterprise meta-directory services are hideously expensive. For mere mortals this kind of means you have to roll-your-own (eg MySQL, LDAP, lots of scripts) or use a prepackaged solution (eg Active Directory, Services for Unix).

If you have secure external services (eg VPN) then require a separate username and password from internal services.

For Groupware/Email I'd recommend Lotus Notes. Outlook and Exchange may be what most of the world knows and loves but its insecure and a nightmare to admin.

For Web-browsing go with Firefox.

If you can't stretch to a commercial mail system then a good secure IMAP/POP/SMTP system should do the trick with something like Thunderbird as a mail application.

For productivity its hard to go past OpenOffice.

For storage I'd recommend a Document Management System with a web-interface. I personally like SilentOne which is a commercial NZ DMS. I've also had some experience with FileNet's DMS and it seems to do the job but feels overly complicated. Alternatively there seems to be a bunch of Open Source DMS/Content Management Systems in development too.

For desktops home directories and profiles would redirect to server shares (depending on what people are doing of course - if they generate gigabytes of data on their machines theres no point shovelling it backwards and forwards across the LAN) either as folder redirection (Windows) or mount-points (Linux/Unix). This will mean anyone can log into any machine and get their 'stuff'. Laptops are more of a problem - either leave them working locally with some kind of scripted file sync or use the atrocious Offline File Sync tool for Windows (the only Unix/Linux alternatives seem to be rsync or similar tools like unison).

An intranet with a personal web space for each staff member is also fairly vital for any organisation to aide communication and collaboration. Integrating into the DMS would be handy but not absolutely vital. Something like Zope / Plone / Ubuntu would be cool. Whatever is deployed to peoples desks should be standardised and stripped back - minimal extra applications, locked down permissions and centralised management/configuration.

The desktop has to run on hardware - for WindowsXP or Linux then Dell's Optiplex or Latitude line is pretty good and you get the three year onsite warranty which is hard to beat. For MacOS X you can really only go with Apple. As with the servers its handy to have spare RAM and hard-drives to swap for faulty components. For the majority of staff a small-form-factor machine is more than sufficient (who needs all the extra drive bays and pci slots these days unless you're doing a specialist task ?).

There is the Bastard Operator From Hell part of my brain that wonders if a number of these services couldn't be run either via the web and/or terminal only to obviate the need to install anything at all on a desktop.

Many years ago I read of a Travel Agency that bought up a large number of Macintosh LC class machines (the old Pizza-box LC I, II and III) and installed the PDS slot ethernet card. Running OS 7.5 or thereabouts with everything accessible through a terminal back at the main office Unix server (eg email and travel bookings, finance system etc) and with ClarisWorks for basic productivity. Cheap easy to replace hardware, minimal security problems and no virus issues. I bet they moved to more capable machines and acquired a raft of additional support issues.

Permalink | 2005.11.18-03:53.00