Slashdot Mirror
Building an IT Infrastructure Today vs. 10 Years Ago
rjupstate sends an article comparing how an IT infrastructure would be built today compared to one built a decade ago.
"Easily the biggest (and most expensive) task was connecting all the facilities together. Most of the residential facilities had just a couple of PCs in the staff office and one PC for clients to use. Larger programs that shared office space also shared a network resources and server space. There was, however, no connectivity between each site -- something my team resolved with a mix of solutions including site-to-site VPN. This made centralizing all other resources possible and it was the foundation for every other project that we took on. While you could argue this is still a core need today, there's also a compelling argument that it isn't. The residential facilities had very modest computing needs -- entering case notes, maintaining log books, documenting medication adherence, and reviewing or updating treatment plans. It's easy to contemplate these tasks being accomplished completely from a smartphone or tablet rather than a desktop PC."
How has your approach (or your IT department's approach) changed in the past ten years?
You just put it all in the cloud brah. My boss assured me it'd be okay and he got his MBA from
Support the EFF and Creative Commons. The war is coming, and they're supporting you...
not much else has changed
Most enterprises rely upon one or more software packages from a vendor, often for critical functions. You can only do what your vendor's software allows. Not everything is tablet friendly or cloud happy.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
I believe these came into effect about 10 years ago. So aside from all the advances in "the cloud", I'd ask whether that would be secure enough. I mean not just of a bunch of Slashdotters. Ask the potential cloud providers if they are HIPAA compliant and can provide documentation to that effect.
Use GMail for transferring medical records and I'll guarantee you'll be swamped with ads for everything from Vi@gr@ to funeral services.
Have gnu, will travel.
The residential facilities had very modest computing needs -- entering case notes, maintaining log books, documenting medication adherence, and reviewing or updating treatment plans. It's easy to contemplate these tasks being accomplished completely from a smartphone or tablet rather than a desktop PC.
And by the time you've paired an external keyboard in order to key in all that stuff, you might as well just use a laptop PC.
In addition, some cloud solutions make dedicated desktop application suites or specific configurations unnecessary today. Browser-based options or virtual desktops have added appeal in health organizations because data is less likely to be stored locally on a device.
That'd double an organization's spending on operating system licenses because a Terminal Server CAL for Windows Server costs about as much as a retail copy of Windows for the client.
Not much difference, really. We're using the same OS. We're using the same hardware, usually, and whatever we need to purchase is absurdly cheap (cheaper than it was 10 years ago). We rely on the Internet as much as we did then: it's important, but not mission-critical (because it's unreliable). Our industry-specific applications still suck. Networking is identical, but a bit faster.
I don't respond to AC's.
Really - I'm pretty sure my boss in the Midwest thought that was how I did it. Why would I change success?
Management thinks they can save money now, and don't believe us when we tell them how much money they'll save investing in $time-saving-technology. We still use multiplexed T1 lines for Internet access despite, say, fiber and coax having been available for decades now.
The only thing you can say that's improved over the years is an insistence on provisioning remote access capabilities. Even if you can't work from home.
You'd be doing what we do now except maybe some types of networks that use leaf and spine rather than a tree design.
We've consolidate all office application servers to 5 data centers, one per continent. Then we've rolled out end-point backup for some 80.000 laptops in the field and some 150.000 more PC's around offices across the world which includes legal hold capabilities. Each country in which we're active has a number of mobile device options for telephony, most of them being Android and Win8 based nowadays since WebOS got killed.
Then we're in the process of building a European infrastructure where we have data centers for managed customer environments in every major market in Europe. I am currently not aware of what's going on in APJ or South America. This is important in Europe however, because managed European customers don't want to see their data end up in the States, and the same goes for those that use our cloud offerings.
physical local IT staff presence in all countries has been minimized to a skeleton crew, not only because of data center consolidation but also because of the formation of a global IT helpdesk in low cost countries, and the rise of self-service portals.
The plethora of databases we had internally has been Archived using Application Information Optimizer for structured data archiving. We are our own biggest reference customer in this regard. On top of that we've beefed up our VPN access portals across the world so as to accommodate road warriors logging in from diverse locations.
Lastly, we use our own Records Management software suite to generate 8.000.000. unique records per day. These are archived for a particular retention period (7 years I believe) for auditing purposes.
For good or bad (and yes, there's some of both), virtualization is the single biggest change. It is central to our infrastructure. It drives many, if not most, of our other infrastructure design decisions. I could write paragraphs on the importance of integration and interoperability when it comes to (for example) storage or networking, but let it suffice to say that it is a markedly different landscape than that of 2003.
What a fucking maroon.
I don't quite understand your post. Do you the writer is dark brownish-red, or do you think they were abandoned on a desolate island?
Smart admins or individuals avoid the use servers which are
under control of a third party for any data which is in any way
sensitive or important.
There are simply too many things which can go wrong, and not
all those things will be accidental.
Virtualization and Backups: These go hand in hand. Virtualize then backup a server, if the hardware implodes run it on a toaster oven. This allows people to be more promiscuous with consumer grade hardware for three 9's applications, and thus enables you to deploy more stuff given the software licensing expense is not full-on insane.
PC Miniaturization: Where you used to buy a purpose built box you can now buy a PC to do the same thing e.g. PBX, Video Conferencing, Security Camera's, Access Card system, etc. Also, now people want to access that gear through mobile devices on short and long range wireless radio networks which, due to the hardware limitations, has given a brand new life to the mainframe computing model.
Stability Things are a lot more stable now than they were in the 2000's. Remember migrating off of win98? There's a lot less buggy code sitting around to deal with.
Scaling is now stable. To setup 100 PC's with Windows 2000 is nothing like doing Windows 7. Also you can abuse the hell out of remote-app and similar server systems to improve app performance and scalability. Ever try to run Dynamics AX across a WAN Link? Yeah.
Monitoring. Has become a lot more granular. A lotmore granular.....
Security. The game has gone from installing a firewall and laughing at the virus writers to trying to figure out which GPOL combinations will stop Cryptolocker from trashing your file-shares through an undocumented IE exploit.
We have divisions world-wide, but our Corporate/HQ division is located in America and consists of roughly 500 employees. At home, we have three facilities at different locations.
- The entire computer system is virtualized through VMware using VDIs with help from VMware View, and hosted at a major [unnamed] datacenter in Texas on a private network setup for our Company. We also have an identical setup at an Asian datacenter under the same provider, and both datacenters are linked together through VPN from the core router gateway (not in our control or access)
- The network infrastructure is setup as a Class C 172.x.x.x
- Each facility has a 100mbit direct fiber hookup.
- Each facility has Cisco switches, and a Cisco router that establishes a VPN connection to the regional datacenter (Texas or Asia depending on which continent of the world the division is located in)
- Facilities are equipped with all-in-one zero clients that connect to the VMware View Connection server that runs as a virtual machine at the Texas/Asian datacenter through the LAN via VPN by Cisco router at facility
The virtual switch in VMware vSphere/ESXi, unfortunately, I have no information on as I was not involved in that. But as far as that goes, I believe it is mostly a matter of what is most efficient in connecting our VDIs to the production servers that host the ERP software. We have a Microsoft SQL server and several servers that support the ERP software we use. The VDIs have an application client locally installed that connect to one of the handful of application servers. Some things to keep in mind is PCI compliance (credit cards, etcetera) and security, minimizing unnecessary traffic from reaching the production servers / improving bandwidth capacity between production servers and the entire client-base (VDIs). There is one or two servers for ERP that are print servers, but they are not the servers that users connect to to add and install printers into their VDI (there is another server just for this).
Then there is also a file server, a couple of load-balanced/clustered Exchange servers, some Barracuda Web Filter & Backup appliances, and a Riverbed optimizer appliance. There are over a dozen hypervisors each maxed out with 256GB of RAM, two Xeon 12-core CPUs, a Teradici PCoIP card, and some network cards.
I hope this is educating, informational, and interesting to readers. :)
Try to control the expectations. Do not let the deadline date become the goal. When setting the roll-out / cut-over date give yourself a couple extra weeks / months if at all possible. If your ready to roll early, great. Remember.... Users / executives remember failures not the thousands of things that went right
In the mid 90s I was deploying Novell NetWare SFT III servers. Paired servers with fiber backbone cards and shared storage as A+P "clusters" (didn't use that word then), In the event the active node went down the other one would instantly (5MS) delay. Now I do application security but still work in very large data centers and no one is doing that level of availability,
The biggest difference in the past 10 years is that everything has been abstracted and there's less time spent dealing with trivial, repetitive things for deployments and upkeep. We support more users now, per administrator, than we did back then by many a massive amplitude.
No more clickclickclick for various installations on Windows, for instance. No more janky bullshit to have to deal with for proprietary RAID controllers and lengthy offline resilvers. These things have been abstracted in the name of efficiency and the build requirements of cloud/cluster/virtualization/hosting environments.
We also have a lot more shit to take care of than we did a decade ago. Many of the same systems running 10 years ago are still running - except they've been upgraded and virtualized.
Instead of many standalone systems, most (good) environments at least have a modicum of proper capacity and scaling engineering that's taken place. Equipment is more reliable, and as such, there's more acceptable cyclomatic complexity allowed: we have complex SAN systems and clustered virtualization systems on which many of these legacy applications sit, as well as many others.
This also makes our actual problems much more difficult to solve, such as those relating to performance. There are fewer errors but more vague symptoms. We can't just be familiar with performance in a certain context, we have to know how the whole ecosystem will interact when changing timing on a single ethernet device.
Unfortunately, most people are neither broad or deep enough to handle this kind of sysadmin work, so much of the 'hard work' gets done by support vendors. This is in no small part due to in-house IT staffing budgets being marginal compared to what they were a decade ago, with fewer people at lower overall skill levels. Chances are that the majority of the people doing the work today are the same ones who did it a decade ago, in many locations, simply due to the burden of spinning up to the level required to get the work done. In other places, environments simply limp by simply on the veracity of many cheap systems being able to be thrown at a complex problem, overpowering it with processing and storage which was almost unheard of even 5 years ago.
The most obnoxious thing which has NOT changed in the past decade is obscenely long boot times. Do I really need to wait 20 minutes still for a system to POST sufficiently to get to my bootloader? Really, IBM, REALLY?!
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
I think the writing is actually ok, but the web site is certainly abysmal.
for medical records management? fuck no.
no way those are compliant, out of the box, with hipaa and other privacy and data security requirements... and neither really offers true device and software management needed for compliance or this sort of application, or for 'enterprises' in general. no fucking way would i allow medical records access on those privacy-sucking, user tracking, data-compiling whores.
surface tablet with win8 pro or a generic one with linux.. with either software choice properly installed and administered..... or a desktop/laptop with same.
___
connectivity is the easy part... ordinary broadband connection with dual lan.. one for client, one for staff... staff devices and lan are ONLY for work. client lan for clients or staff's personal devices for personal use. no work stuff thru the client lan, no personal stuff on the staff lan.. no device ever connects to both, even if only one at a time. staff connects to their corporate data store or cloud using vpn or other secure connection (in tfs, perhaps is browser-based https)
"it's easy to contemplate these tasks being accomplished . . ." without security, without reliability, without stability, without privacy, without confidentiality, without accountability, without redundancy.
If I were to do that, I'd be in breach of at least half of my NDAs, and a few of my SLAs.
The biggest change has been in management, who are now trained to outsource anything and everything. Their answer to every question is to outsource it. If an organization has developed internal expertise in some in-depth area, the management will outsource whatever it is, even if they throw away the expertise in the process. And they'll probably fire the employees with the now-useless expertise and give themselves bigger bonuses. So the move to the "cloud" is not being driven by technical people, it's driven by management who gets loss-leading Azure numbers from a sales drone and wants to dismantle their infrastructure to save a few bucks. Some day, dismantling their infrastructure and firing the employees will come back to haunt these shells of what were companies. All a "company" is now is a bunch of managers giving themselves bonuses, and paying outsourcers. There's nothing left of the company any longer, and these shells will eventually collapse.
10 years ago really wasn't that big a deal. By 2003, VPN (IPSec and OpenVPN) was fairly robust, and widely supported. PPTP was on the way out for being insecure. Internet was most everywhere, and at decent-if-not-great throughput. Go back five or ten years before *that*, and things were much more difficult: connectivity was almost always over a modem; remote offices *might* be on a BRI ISDN connection (128 kb/s), probably using some sort of on-demand technology to avoid being billed out the wazoo due to US telcos doing this bizarre, per-channel surcharge for ISDN. PPP was finally supplanting (the oh, so evil) SLIP, which made things better, assuming your OS even supported TCP/IP, which was not yet clearly the victor -- leading to multiple stacks to include MS and Novell protocols.
All in all, 2003 was about when things were finally getting pretty good. Leading up to 2000 had been a tough row to how. And let's just not even go before that -- a mishmash of TCP/IP, SNA, SAA, 3270, RS-232, VT100, completely incompatible e-mail protocols, network protocol bridges, massive routing tables for SAPpy, stupid protocols... a 100% nightmare. Very, very glad to have left those days behind.
As in, AD was mostly mature, Win2003 was out, Linux was real, and PCs were commodities. An IT infrastructure now vs _20_ years ago on the other hand would be more interesting. Not much has happened since 2003.
I want to delete my account but Slashdot doesn't allow it.
He thinks the writer is in a Bugs Bunny cartoon.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
30 years ago we had T1 and multidrop to 3270s on microwave backbone
20 years ago we had token ring and Decnet on fiber in addition to microwave
10 years ago we had Ethernet to thousands of PCs and servers.
Yeah, pairing a Bluetooth keyboard with an iPad or a Nexus takes FOREVER. It's not like the connection is on in moments from a cold start, and remembered until/unless you break the pairing.
Sarcasm detected. But the fact is, when I have tried using a keyboard with one tablet and then another tablet, it broke the pairing. And if you use a ZAGGkeys Flex or any of several other brands of Bluetooth keyboard with unrooted Android 4.3, it'll pair but you won't be able to type because certain Broadcom chipsets are misrecognized as "nonalphabetic keyboards", that is, gamepads.
You might as well break out that laptop, wait 2-3 minutes for it to boot up into a usable state
When I open my laptop's lid, it takes all of four seconds to come out of sleep and get the unlock prompt up. Dell Inspiron mini 1012 running Xubuntu 12.04 LTS.
Oh yeah, because the only solution for VDI is windows.
It is if the applications on which your company relies are Windows applications known to fail in Wine.
the Reapers of Firefly
Nerd card revoked. It's Reavers. ReaVers.
Wow, never heard that before. In the USA everybody just drops in an Ironport or two and a couple Exchange servers and calls it a day. Exchange is crap, but the ironport makes it viable and end-users have been psychologically conditioned to want Outlook (also crap) so they pay big $$ for poor performing software and back it up with dead cheap awesome hardware, and end up with something any typical 13-year-old can admin after a three-week training course.
Since the NSA has been confirmed, I feel that I am obligated to explain to everyone (I work at a corporate level with many other integrated departments) that things have changed, and nothing is secure anymore, so on the level of business buyouts, where secrecy seems to be sooo important, sending all of your email through gmail isn't a good idea anymore, as all of your data is compromised.
;)
One could almost make a living off of selling slackware boxes running sendmail with mimedefang and spamassassin as their own email server that would be run in-house
Politics; n. : A religion whereby man is god.
One of the biggest changes I have seen along with some of these others that have been posted is the reduced number of wires we have to run to places. No thicknet, coax, dedicated, or even ethernet lines. WireLESS is the infrastructure and the mobility it allows is wonderful. The reduction of costs is brilliant. Thanks smart people everywhere who keep advancing our profession-this ones for you.
And if you use a ZAGGkeys Flex or any of several other brands of Bluetooth keyboard with unrooted Android 4.3, it'll pair but you won't be able to type
Android 4.4 fixes this. I tried it on my own Nexus 7.