Ask Slashdot: Herding Cats, Aging Systems?

An anonymous reader writes: I've recently started a job at a medium-sized enterprise in the UK. They claimed to be an advocate of open-source. The job was advertised as a Linux sys-admin. I've been in the role a short while and the systems right across the business are end-of-life: lots of XP and 2003 servers, a handful of LAMP web servers, and a large IT department with almost no skills in the technologies on site. Most boxes have the default password still. As a senior techie, I've been tasked with helping bring the skillset of the rest of the staff up. Where would you start, given that most of the kit is EoL?

Don't train them in the current systems

[Chris+Mattern]

That's the most obvious thing. Bring in supported systems and train them in those systems as you deploy them.

Re:Don't train them in the current systems

[Archangel+Michael]

Before you bring in supported systems, you have to have a budget. Without a budget delineated, the rest of the decision making process is pure insanity.

My first response is, estimate what the "golden" cost will be, and quadruple it. They will cut it in half, and it will cost you twice what you think it will, and you'll end up with an excellent system that is designed well and built right.

If you need "enterprise" grade systems, make sure that you are identifying the vendors in the space and calculate budget accordingly. And remember, vendors lie.

Re:Don't train them in the current systems

[King_TJ]

This is great advice.... If this place is anything like a couple of them I've seen before though? They likely decided to become primarily a "Linux shop" in the first place because they were unwilling to spend much on I.T. -- and somewhere along the line, staff deployed Linux as a way to keep old/obsolete hardware functional.

Assuming you can get some kind of workable I.T. budget in place, I think you want to start by analyzing what's exactly going on, on the server-side of things. Windows Server 2003 still in use? Where and why? Is there an Active Directory master keeping all of the user account logins? How many servers are just doing basic file/print or web services for various things?

In the last 2 jobs I've had, it made sense to invest in a relatively high-spec server to run VMWare ESXi and create virtual servers in place of the older, physical systems. Right off the bat, you get a cost savings in electrical power usage (less heat generated by a bunch of older servers in a computer room, etc.). If they have "legacy" apps that would be problematic to get running properly on a current OS, at least you can virtualize that old environment and run it on the new system where making regular snapshot images of the whole thing is trivial. And you often remove physical constraints on the maximum available storage space too. (Old servers with SCSI RAID cards may not support drive partitions over a certain size, and you may not be able to add hard drives of the capacities you typically see today.)

On the PC workstation side of things? Anything running XP should be budgeted for complete replacement, IMO. Yes, some of those systems can easily run Windows 7 -- but by the time you buy the licenses for them, you're probably spending about as much as the used hardware is worth in resale value, if not more. Exceptions might be any laptops bought in the Win 7 era that just had XP loaded on them because that was what they preferred.... On those, maybe you can just load a Win 7 recovery/restore disc that came with it to begin with and get it current at no cost except for your time.

Re:Don't train them in the current systems

[FranTaylor]

I would say to bring in a couple of new systems first right away. Their eventual use will be testing. Use them to train the staff and test the new applications and determine capacity. THEN you can whip out the budget spreadsheet.

Re:Don't train them in the current systems

[Archangel+Michael]

If you can't get a real IT budget, then all the Linux Wizardry isn't going to solve any problems. I have a phrase I use, "Good IT is expensive. Bad IT is costly".

I've seen people "cheap out" trying to save a buck, only to lose their proverbial shirt in the process. It isn't worth it. It isn't worth it to work there, it isn't worth it to be a wizard for people who do not value IT.

Re:Don't train them in the current systems

[HornWumpus]

If they won't give you a budget and respond 'come to us with purchases and we will approve them on a case by case basis' then 'run away'.

That is how they got to where they are.

Re:Don't train them in the current systems

[jrumney]

Before you bring in supported systems, you have to have a budget.

LOL. Why do you think they are advocates of open source?

Re:Don't train them in the current systems

[Larryish]

Nuke it from orbit.

It's the only way to be sure.

Re:Don't train them in the current systems

[Lonewolf666]

If this place is anything like a couple of them I've seen before though? They likely decided to become primarily a "Linux shop" in the first place because they were unwilling to spend much on I.T. -- and somewhere along the line, staff deployed Linux as a way to keep old/obsolete hardware functional.

This may be a valid approach if there are no Windows-only applications that are not easily replaced. But that is something you need to find out as soon as possible. IMHO that will make the difference between being able to switch to Linux in the short run and looking at a long transition period.

For the City of Munich, switching to Linux took several years because they had lots of old applications on Windows for which there were no Linux equivalents.

Go Virtual

[BDMcGrew]

Well, your question leaves out a lot of details but from what you've said so far, look at getting some new hardware in there and start virtualizing some of the the EoL systems. This will provide you an upgrade path for existing systems and a snapshot'd point of restore in the event of a failure.

Re: Go Virtual

[W.+Justice+Black]

This.

Getting things in a state that they're repeatable is step one and it very much sounds like you dont have that. Using a combination of VM and deployment technologies (like puppet) will both give you a safe sandbox to work in and careful change management. Once you have that the rest should fall into place much easier (disaster recovery, upgrade management, etc are much simpler).

Re:Go Virtual

[ShanghaiBill]

Well, your question leaves out a lot of details

The most important left out details are about politics, not technology. Do you have the support of top management? How powerful are the people that are opposed to your project? There are people that will actively work to sabotage your efforts, and use you as a scapegoat for everything that goes wrong. How are you planning to deal with that?

Since you are the "new guy" trying to change things that you don't understand, you didn't even mention end-user applications, and you seem to be more interested in OSS-evangelism than supporting your users and helping them get their job done, my prediction is that you are going to be out of a job in less than six months.

Re:Go Virtual

[avandesande]

Yup. Virtualization will transform the whole department in a short amount of time, and getting training for it is straightforward.

Re: Go Virtual

[rwa2]

Yep, Virtualize all the things was the mantra ten years ago, and still applies well today. Get everyone smart on using vagrant and VirtualBox (better yet VMware or even libvirt-kvm if you can get them to run Linux on the bare metal), and start imaging all of those legacy servers in your sandbox VMs. Build a cluster of VM servers to migrate to. Set up load balancers and test failover and rollback deploys. Set up Jenkins or Rundeck to do and log all of the actual work, and a peer review system for checkins from Github. Implement change management on a ticketing system such as Redmine or get them to pay for Jira. Set up a kanban board in Trello or Jira and coordinate everyone via HipChat or Hangouts or Skype, preferably all three. Plus the Lync people, you'll need a separate Jabberd deployment to tie those people in. Set up a monitoring system like Icinga2 and write alert plugins to HipChat and PagerDuty. That will help with backend alerts, but you'll want frontend user flow testing too so sign up for AlertSite and train your UAT people to code up their flows in the Firefox plugin. The tests will put a lot of load on your systems, though, so invest in some application performance monitoring on your toolchain like NewRelic or AppDynamics to help identify where your performance bottlenecks lie. This is a good time to migrate everything to OpsCode Chef so you can automate all of your unit testing and integration testing to prevent regressions. There are still some gaps in what Chef can accomplish with some expediency, though, so better also set up Ansible to take care of doing the actual work while the test-kitchens are running through the Continuous Integration / Continuous Delivery pipeline. Spend a good bit of time automating your CMDB tool too so you can report on all of the discrepancies that get by both Chef and Ansible. At this point Splunk is getting kinda expensive, so have a team build up an ELK stack and deploy to a dozen instances on AWS. Oh, you need a dev environment for that too, since that one time that innocuous checkin broke everything, so make that 2 dozen instances. Graphite would be very useful too, if you had someone dedicated to making dashboards for it. But someone else threw up a Dasher page over a weekend and that displayed enough of a high-level view on the workplace monitor to make the execs happy without troubling them with the actual details of things that were broken. That person got promoted and then left the company, but the dashboard page still looks good and green, so we'll leave it running for now. Except at some point a RabbitMQ feeding the ELK stack used by the Dasher page somewhere choked on something being fed to the the log pipeline by carrotd, so you better go digging for that somewhere, since the execs have a demo coming up this week and they'd really like to show that display to depict what an up-to-the-minute decision-making capability they have, but they don't want to show the Icinga2 monitor because there's too much red and amber junk on it from transient test systems that can't use the test Icinga2 instance for some weird networking issue. That could be addressed by migrating your dev environments to docker containers so everything can run within the same VM host, then figure out whether you want to orchestrate them using CoreOS or Kubernetes or swarm or fleet along with the appropriate OpenFlow network definitions, but this isn't authorized to deploy the same way to production yet, so just hang tight for now, OK? Around this time, you should be ready to tackle the migration of your services to systemd.

Re:Go Virtual

[FranTaylor]

Do you have the support of top management?

if the stuff is really as old as he says it is, they must already be experiencing some hardware failures. it's not too hard to convince a money guy that a dead computer means no revenue.

Re: Go Virtual

Learn about paragraphs !!!
And lay off the caffine.

Re: Go Virtual

[red+crab]

+1 Funny.

This is a tough one...

No guns, no knives... do you pussies still get rope or are you going to have to find a tall building to jump off instead?

Training Program

[phantomfive]

You need to start a training program. If the current workers feel uncomfortable in the new technologies, the will oppose you every step of the way (though they won't say why). If they feel comfortable in the new technologies, they will push you faster in the adoption.

If a team has been working on a lousy codebase, your first priority should be to teach them to do better. You can try cleaning things up, but they will make messes faster than you can clean. You need to find a way to teach them to at least not make things worse.

Re: Training Program

[rickb928]

Hell, of they don't have skills in XP and 2003, it's either train or hire new. Those are legacy tech, your staff should be nailing these now.

And if they can get control of the existing tech, they have a chance at mastering the new. If they can't even handle the old, well, a new crew is in your future.

Show them the risks

[Tool+Man]

I don't know your organization's level of risk tolerance, but getting them to pay for one of the following would be an eye-opener:
- A vulnerability assessment will show a sea of red for the unsupported platforms. Maybe that'll be sufficient to convince them that it's time to upgrade (and train up on new stuff).
- A penetration test will take those same vulnerabilities, and combine it with attempting to use those vulnerabilities to see what they could get. The difference is in trying to use those issues, and turn them into "oh SHIT" screen shots in the report. It's the difference between "someone could theoretically do X" and "someone just did X, and documented it all for your edification."

On the latter engagements, especially with the dreadfully old stuff, it is quite enlightening to include those screen shots that show how I've added new users, logged in with them, and used them to poke yet more systems I couldn't reach from the starting point. The under-educated staff would only help things if social engineering was in scope too.

Running?

[gstoddart]

As a senior techie, I've been tasked with helping bring the skillset of the rest of the staff up. Where would you start, given that most of the kit is EoL?

Well, you have 3 main choices:

1) Try to fix it and succeed
2) Try to fix it and fail
3) Run like hell

You won't be able to force the rest of the staff to bring up their skillset. Management has clearly left it to rot on the vine for a very long time. And, by the sounds of it, they don't know what they've even got.

A large IT department with no skills with the technologies on site? What exactly is that large IT department doing for this company? If you have a bunch of people with no skillsets with the technology they have ... then what skillsets do they have, and how is it helping you?

Without more detail, I'm hearing "Hi, I've just joined a company with a terrible IT department, how do I fix that?" Who let it get into such a bad state? Because if they're still around, no way in hell you'll ever fix it.

Re:Running?

[TWX]

Yep. If you're not in-charge and able to make the tough calls (ie, figuring out who's actually supporting important stuff, who's not, and making the decisions about who gets a chance to migrate to something new and who needs to take their skillset elsewhere) then you're probably not going to make the difference that you want to make or that your superiors somehow expect.

What I can say, from experience, is that you need to actually learn how things are working now before you start making changes. I've had bosses brought in from the outside that thought they were gods' gift to the IT world that decided to try to remake the organization in their own image, only be be fired less than a year later because they pissed off all of the existing IT staff such that the boss got no results, and pissed off the users by failing to maintain existing workflow such that the users' jobs became much harder or required lots of direct assistance.

Learn what's there, why it's there, and understand that most decisions were made as a reaction to something prompting it to be necessary. Change what can be changed in a sane way, but don't take personal offense to anything as it is now as there are probably good reasons why it is the way it is. If you come in with the attitude that you can rip out everything without a care, you'll find suddenly that no staff will bother to warn you of the pitfalls in front of you that they're all well aware of, and you, not them, will be the one with egg on your face when it breaks because it was your decision to change it.

Re:Running?

[gstoddart]

I've had bosses brought in from the outside that thought they were gods' gift to the IT world that decided to try to remake the organization in their own image, only be be fired less than a year later because they pissed off all of the existing IT staff such that the boss got no results

I'm going to say if you have a large IT organization which has no skills in the technologies you actually have ... then pissing off your IT department should be your goal, and if that doesn't work move to laying them off.

Yes, you can't run roughshod over everything and expect to make it work. But if your IT people don't know anything about the systems you have ... you have an utterly useless IT department, and you're wasting money on them.

I mean, what is it they actually do if it doesn't include running the system you actually have? What are they doing every day? Creating proof-of-concept systems nobody will use and honing their skills to get certifications and leave?

but don't take personal offense to anything as it is now as there are probably good reasons why it is the way it is.

Or, and this is my guess based on the thin summary... your IT has been so badly managed for so long nobody can tell you a single reason why anything is the way it is, doesn't know how to run it, and couldn't fix it if it broke.

There's a huge difference between a pathologically broken IT department and a new manager who wants to rebuild the entire thing. And there simply isn't enough information to tell which is which other than and a large IT department with almost no skills in the technologies on site.

And that screams of an organization which is not doing you much good. Legacy systems which are EoL and which nobody understands? Who was sleeping at the switch when that happened?

The whole environment has rotted around you. Figure out how that happened, because that's going to be your main issues to try to fix.

Re:Running?

[TWX]

The article submitter made it clear that he's new. He very well may not understand the workflow and who actually knows how to take care of what. He needs to learn that before he can start making changes, or he, not the existing staff, will be the one blamed when everything goes wrong.

IT attracts a fair amount of introverts. It's likely that a lot of his staff are playing their cards close to their chest because that's what they're simply used to doing. It's also possible that they themselves wanted to make changes but were not given the budget needed to do so, so legacy systems continue to be used. It could also be that a few incompetent people in key positions have gummed-up the whole works.

Do you think that anyone wants to be stuck with ancient garbage if there's something newer that actually demonstrably works better? Most of the time the decisions that hold back the IT department are made either by IT management or by those outside of the IT department.

Re:Running?

[whitelabrat]

I've worked a contract once that sound just like this, but rather there was so much turnaround there was a constant brain-drain. Crazy old stuff. After rolling out, "Your stuff is going break and you'll loose all your data forever" the manager said that would be OK because he wasn't being allocated the funds he needed to fix it. I kept things together the best I could but eventually realized I was being set up for failure. I was going to be the scapegoat. So I updated my resume and noped the heck out of there.

Later checked in with a friend who was still down there and sure enough things were failing with no option for recovery. They eventually nope out too.

Re:Running?

[gstoddart]

Well, my general observations are:

1) The number of sides to a story is proportional to the square of the number of people.
2) There is a very small amount of information in TFS, so we have very little facts.
3) There exist organizations in which people have been keeping their head down and their mouth shut for years.
4) People have stuck with ancient garbage many times if it's the ancient garbage they know best.

My ability to determine if the poster has an accurate view of his situation is precisely zero.

This sounds like a highly dysfunctional environment, which might have taken years to get there. Being able to determine if you have a hope in hell of fixing it is a valuable skill here.

In which case the response becomes: possibly you are not completely understanding what is actually there, or things are so broken you might find the task insurmountable.

Neither is a good situation.

But the claim this "large" IT organization doesn't know the platforms you have sets off klaxon alarm bells of "how the hell can your IT people NOT know your current technology and still be doing their jobs?" Likewise, how can management allow this to happen?

So my cynical worst case ... management has incompetently allowed a useless IT organization to be built up, and your attempts to fix it will be doomed to fail because BOTH of them will be problems.

That doesn't make me right, but it's the kinds of questions someone needs to be asking.

Is this the BOFH, or the legacy people leaving and being replaced with new guys with the wrong skillset?

Re:Running?

[gstoddart]

I kept things together the best I could but eventually realized I was being set up for failure. I was going to be the scapegoat.

The only things you can do in that situation are:

1) run like hell
2) document all of your concerns so they can't blame you when it blows up

But then if it ever comes to having to prove how you told them so, you'll be wondering why you didn't just run like hell in the first place, because at that point you've wasted your time and have been tainted by the project anyway as the ones really at fault continue to deflect when you're not around to defend yourself.

In some cases, the only way to win is not to play. It's important to be able to spot those.

Re:Running?

[FranTaylor]

This sounds like a highly dysfunctional environment

Mechanical-type people are usually pretty horrified by the short lifespans of computers. They are used to dealing with things like turret lathes and drill presses that can handle 50 years of continuous use. It could be a perfectly natural reaction.

Fire them all, would be a good start.

[Narcocide]

Seriously. If this is how they're running their operation to this day, chances are its not just harmless, easily washed-away naivety that is keeping everything so poorly organized and insecure. Chances are you're going to find this out the hard way though, and they'll mysteriously get instantaneously far less apparently incompetent when it comes to finding ways to get you fired first.

Re:Fire them all, would be a good start.

[plopez]

+1

Bring in contractors slowly as in "They will be helping with the migrations, but regular staff will act as backups on weekends and holidays". Anyone that shows a willingness to change should be kept. Anyone who doesn't should either be fired or find an unpleasant job for them. As time continues use contractors to replace any staff that leaves. But you need to deal with personnel issues first and that usually comes down to firing people, getting them to leave, or someone dying.

Re:Fire them all, would be a good start.

[xxxJonBoyxxx]

I think is what management has in mind already. Notice that he's being asked to document the skills people need. He's been told this is because people will be TRAINED to this level, but it's more likely that other people that already have the skills will be HIRED/CONTRACTED with money freed up by letting the deadwood go.

Re:Fire them all, would be a good start.

[Narcocide]

Someone in management who tasked him with this certainly had it in mind, but that person is likely not doing so with the full backing (or even knowledge) of the actual company ownership. Likely this person is just very shrewdly using using him as a pawn to seek out where the actual enemies lie in a much larger game of backstabbing office politics. Likely this person's head is going to be the next one on the chopping block.

Do what they are asking!

[MagickalMyst]

I know it sounds obvious, but I would simply do what they are asking you to do - educate users, etc.

You could mention the fact that their equipment/software is obsolete. From my experience, I would probably mention it but not push it.

The reason is that most companies have their own way of doing things. Even if you have a better way of doing it (and you probably do!), there is nothing wrong with making suggestions. But pushing your suggestions onto management (or whoever) - even if you mean well - won't necessarily be well received.

Most people are afraid of change; and hounding the company to "get up to date" (and spending more money) might not be very well received - especially if it's from the new guy.

That's just my $.02

Re:Do what they are asking!

[ttucker]

You could mention the fact that their equipment/software is obsolete.

Still running XP is much more dire than obsolete.

Re:Do what they are asking!

[__aaclcg7560]

I once got a user to give up his 10-year-old Windows 98 system, cracked open the case and found a grapefruit-sized dust ball inside. O_o

I smell disaster

[PPH]

a large IT department with almost no skills in the technologies on site

No skills? Then what is it that they do all day? I suspect that your IT department has been the dumping ground for employees that can't just be gotten rid of. In other words; politically connected. I've been there and tried to deal with that. And in my opinion, it can't be done by someone without serious seniority.

You could try introducing training programs for the target architecture. And some of the motivated staff will avail themselves of this. But be prepared to run across a few people who refuse and insist on hanging on to their legacy Windows stuff.

some ideas.

Hmm, if there are legacies, i would advise the following.

1. virtualize whatever you can.
2. remove the oses which are no longer supported by the vendor MSFT...2003/xp..because of security issues.
3. get a list from business of all the critical system. There will need to create a roadmap at this stage for migration.
4. in the mean time. start working / training the team on open source, specifically for (1) as a virtual platform.
5. start planning (3), by training people in the direction to be...

Clean it up

Kill everyone. Set fire to the place. Plead insanity. When they see what you were supposed to work with, they'll believe you.

A plan and boss buy-in

[i.r.id10t]

Make a map of what you have, what the main issues are with each piece, and then a plan for replacement/updating/whatever. Try to include some rough (and higher than you really think it will be) cost estimates. Then present to a boss, and get buy-in. If you don't get buy-in, start updating your CV and look for another job.

Re:A plan and boss buy-in

[gstoddart]

My guess is if the boss allowed it to get to the point that your IT department has no relevant skills ... he's going to look at the cost, squeal, and suggest you do it a different way or keep the current stuff running.

In which case it's update your CV and run like hell.

This sounds like a situation created by management. In which case management is likely to be unwilling to do what is actually needed to fix it.

Re:A plan and boss buy-in

[Narcocide]

This sounds like a situation created by management. In which case management is likely to be unwilling to do what is actually needed to fix it.

Sadly, this seems quite common.

Herding cats

https://www.youtube.com/watch?v=Pk7yqlTMvp8

Not enough info brah

[Iamthecheese]

It depends on how much actual authority you have, how conservative the corporate culture is, and whether there are any entrenched ways of doing things. This isn't a technical question but a political one. If you actually (as opposed to officially) have authority to tell them how to do things you need first find out how the system is working now. Maybe they didn't set up passwords because multiple departments need to connect to the same server and there's no secure password control in place. Maybe they're disorganized. Maybe they're inexperienced. These all require different activities to repair the problem.

You mentioned EOL hardware, but you didn't say whether a migration is planned or whether the money is available for one. Obviously new hardware is a great opportunity for user training, but again there are too many unknowns here. How much extra time do the engineers have to train? How much of the existing system setup is invisibly a part of how the users interact with it?

It sound to me like you're standing on a powder keg. The right way to deal with it is to gather information. Make benchmarks. Understand system inter-operations and use. Learn who is doing what and why. Only a fool would start declaring X and Y need to be done without taking a look around first.

Low Hanging Fruit

[AdelieMan]

I would audit everything, Make a matrix of things that need to be addressed easy to hard, least significant to most, and start chipping away at it. It will take time to turn that ship around, but it will be worth it, and you will keep your sanity.

Re:Low Hanging Fruit

[bluefoxlucid]

Hear hear. I would suggest not being shy of technology; I've been interested in Microsoft Project 365 integration with Sharepoint for a while, and you should definitely look at your options for project management whether they come from Microsoft, Oracle, or some no-name company that provides a fantastic and little-known product as an open-source support-contracted service. What you have there is a long program, and I suggest you get RMCProject's CAPM Exam Prep and the PMBOK if you haven't got project management skills, and spend the 3 months getting a basic grasp of all that right out of the gate.

The primary tools you're going to want are risk management and hierarchical decomposition; however, on the scale you're talking about, full project management knowledge is going to be an outright requirement if you want to do anything resembling a competent job. You *won't* want to use the full suite of project management practices--you never want to use the full set of tools outright, but rather the ones you want, for any purpose in any field--but if that place is as big a rat hole as you say, you're going to need some accounting of what's going on.

As the parent poster here says, you definitely need to start here:

Make a matrix of things that need to be addressed easy to hard, least significant to most, and start chipping away at it.

Get a list of discrete, finite, deliverable projects. Things you can put into boxes and say, "This is one thing I want to produce; it's of a nature that I can tell you what work is required, how much time it will take, and what it will cost." You'll start by examining the array of systems, breaking them down into departments and components (what do they support? What do they do for each department?), and deciding what you're replacing. Are you upgrading Windows XP with stitched-together software to Windows Server 2008, or are you transitioning to a new set of systems to solve the same problem in a different way? Get that list down.

Each thing you want to address will be something small, finite, limited, and understood. You're replacing the groupware services--Exchange, for example; the thing that provides e-mail, calendar, and such--with an upgraded, better-implemented, or new product (exchange to Zimbra, Zimbra to Exchange, migration to a SaaS such as Google for Business or Office 365, etc.). Some things break out into phases or multiple projects, e.g.: migrating Exchange to Office 365 may involve a phase 1 of upgrading Exchange to the latest version, a phase 2 of enabling some kind of synchronization and backup that you don't have now, and a phase 3 of migrating to service; while you may find that your Zimbra installation has no back-ups because you need an enterprise backup solution, and so you can't get back-ups in until you get Bacula set up.

Once you have your list, you can start breaking them out by hierarchical decomposition. You'll want to decompose the work: each deliverable (e.g. your project, Bacula backup infrastructure, delivers a working Bacula backup infrastructure as its product) breaks out into a complete set of deliverables (e.g. project management, support services, back-up strategy design, servers, client deployment with Puppet or SCCM or Ansible, etc.), which themselves each break down further. Once your work is broken down, you hit the bottom with sets of work packages--each a deliverable--that you can understand completely; you can turn those into lists of activities and tasks to produce the deliverable.

The same goes for risks. You want to identify everything your experience says can go wrong, and use your experience to do qualitative risk analysis--what risks are important? Then you use a procedure of assessing probability vs severity to do quantitative risk analysis. You work out how to avoid (100%), mitigate (any%), accept (0%), or transfer (buy insurance) the negative risks (threats), and how to exploit (100%), en

Re:Low Hanging Fruit

[Culture20]

If they can't afford upgrades to newer operating systems (even with LAMP?) then they're not going to afford new solutions that require the newer operating systems as a foundation.

Re:Low Hanging Fruit

[bluefoxlucid]

That's, of course, something you find out while examining all the shit that has to be done and all the requirements. Sometimes the business finds it can't continue; sometimes it finds it has to take certain approaches over other approaches it would prefer; and sometimes it finds budgetary priorities need to shift, when the need is sufficiently great as to interfere with the business's ability to execute its business strategy and maintain its competitive nature in its market. No sense diverting money to such operations as will cease to exist when your business stops doing any business, after all.

Re:Yes, buy lots of new things, money is no object

[TWX]

I think that bot from a few articles down is trying to weigh-in...

Re:Olut with the old, in with the new

[bobbied]

Buy a new system. Power down every system in turn and try to power it up again. If it will not start, replace it.

NEVER power down old hardware on purpose unless you have backup plan for the system... Old hardware has a habit of not coming back when you power off and if it dies, you created an emergency for yourself...

There are going to be enough unforced errors in the process, you needn't go out and look to create them.

Into or out of the frying pan...

[__aaclcg7560]

Although there's big money in cleaning up someone else's mess, you got to recognize a hopeless situation when you see one. Fire everyone and bring in a professional IT team to take over the operations. Or run like hell and hope that the next job isn't as bad or worse as this one.

Lead, Mentor, Grow

[mtippett]

You've been dropped in an environment that is legacy and probably has production problems. Use that to your advantage.

You've been also dropped in a leadership role (not management, leadership).

Your #1 target should be to make yourself redundant (which ironically is likely to get you promoted, it's called succession :).

So look at doing something like identifying #1 problem (Pareto charts help). Ask for volunteers (or volunteer some people), give them the problem to solve, use whiteboards, etc to help them discover the solution. You may facilitate and provide hints to get things done. Empower and guide the people you are helping.

Read up on https://en.wikipedia.org/wiki/..., you are likely in a #2 or #3 combination. You can help lead people to move to a #3 with leadership, with the idea to get to #1 over time (with their help).

Of course there might be some issues that you might need to solve like EOL systems and any budget that may be needed. If the OS is old, then probably the HW is old as well. Budget for that is probably going to be your biggest issue.

Wanted:

[Drewdad]

Wanted: IT Director
Pay-scale: Entry level.

Re:Wanted:

[Tablizer]

...with 20 years of experience in Java 9.

Re:Wanted:

[__aaclcg7560]

I had an interview last summer with a company last year that advertised a PC tech position for $25 per hour. The hiring manager was out when I came in for the interview and his assistant told me that position only paid $15 per hour. So I told him I wasn't interested. Since my name was similar to someone else in the company, the recruiter accidentally emailed me the salary spreadsheet for that location. All the PC techs were paid $10 per hour. If I came back in for a interview, they may have tried to brow beat me into taking a lower salary. It was one of those low-paying shops that always wonder why their turnover rate is so high.

Re:Wanted:

*Expands job listing*

We're offering a chance to participate in a company that has 50 years of business success while still maintaining a start-up mentality.

Job requirements:
8 years COBOL
5 years LOGO
2 years Assembler
6 years experience porting Windows 10 applications to our proprietary BSD-based server.

Fluency in Old Norwegian is a plus, because we're pretty sure that the technical writer who did all the system documentation was mixing his hobby with his work.

Re:Wanted:

[uniquegeek]

I've seen a job like this re-posted several times through a recruiter for the last year. Not surprising. The irony is that by this point, if they had proper attitude, money, and support for the position in the first place, they'd probably be saving money.

Re:Run for your life

[NoNonAlphaCharsHere]

EJECT!! EJECT!!

You'll never ever overcome that much inertia and penny-pinching. Don't spend the next five years being frustrated before you figure this out.

Start with the Printer

1) Start with the printer by printing copies of YOUR resume
2) Distribute broadly
3) Get the hell out before their stench rubs off on you

Seriously mate, you CANNOT fix this. They will drag you down to their level.

Update Resume - Move On

[GrantRobertson]

If the powers that be allowed such a situation to exist, and didn't specifically hire you to change it, along with a guaranteed budget with which to accomplish the task, then it will be almost impossible for you to fix it. The fact that they essentially lied to you about your role does not bode well.

If this is a resume building job for you then dink around the edges on things that won't require much, or any, money or many changes to the status quo. Make big talk about how you are improving things. Take every opportunity to educate YOURSELF on things you can use later in your career. Put in your year, then move on. It doesn't matter what you ACTUALLY accomplish in an environment like that. Only what you can spin things in to for your resume. Cynical, I know, but you gotta think about yourself first. This is a dead end job.

Re:Update Resume - Move On

[ThorGod]

tangential question - in IT is it a year that is considered the minimal amount of time before you can reasonably move on to the next thing?

Re:Update Resume - Move On

[__aaclcg7560]

As an IT support contractor for three or four contracting agencies, I've worked from one day to one year on a given assignment. If a contract goes sour, I wouldn't hesitate to look for a better opportunity. Non-contractors are more concerned about putting in the minimum amount of time at a job to keep their resumes looking good.

Re: Update Resume - Move On

[GrantRobertson]

I only said one year IF this is a resume building job. If you already have plenty of skills and experience start looking for a better job NOW. Once you have that better job, just leave the crappy, short-term job off the resume.

Re:Update Resume - Move On

[ThorGod]

That's my question - in full time/regular employment what's the minimal time expected to hold a position in IT?

Re:Update Resume - Move On

[__aaclcg7560]

Between one to three years. Most recruiters and hiring managers would like to see at least three years in each of the last three positions on a resume.

Re:Update Resume - Move On

[HornWumpus]

There is no such thing as permanent employment. Any job held less than a year gets retroactively classified as 'contract work'. Less questions that way.

Any job held less then a month is simply left off the resume.

No idea?

[dhaen]

And you had no idea at interview? Did you ask questions? If you did, and if they told the truth, what WAS your intended strategy?

CYA List

[Tablizer]

Getting out quick is great advice. However, if that's not a realistic option, then level with management that it's a big job, and ask for a priority list from them.

Make a list of things to be done, along with the reason or consequences of not doing them, give your suggested priorities (A, B, C, D, etc.) for each task, and ask management to confirm or reassign priorities.

Often they won't want to assign priorities because that commits them to their decisions. Managers like wiggle room to blame others.

To get around that tendency, state something like, "I have assigned default priorities to the given tasks. I shall use these priorities as a my default working assumption unless and until explicitly given new priorities. I invite your feedback and would be happy to answer any questions about them."

They probably won't like that pressure and explicitness, but better to take your lumps up front rather than have an even bigger meltdown in the future.

And some may even appreciate your documenting of tasks. It might help them justify getting you some help. But that's a secondary reason for the list.

start

[JohnVanVliet]

-- quote--
  Where would you start,....
----------

with the thermonuclear option !

with DEFAULT passwords of "password"
and using XP and MS 2003

the use of DBAN has been authorized

You've been sent on a wild goose chase.

[xxxJonBoyxxx]

>> large IT department with almost no skills in the technologies on site...As a senior techie, I've been tasked with helping bring the skillset of the rest of the staff up

Stop right there and understand that you've been sent on a wild goose chase. You're not really going to train your existing staff - ever. Instead, what you're doing is writing the job descriptions for the outsourced personnel that your management will hire to replace the deadwood in your "large IT department" (because it's no doubt costing them an arm and a leg, and personnel budget is sucking up the money that should be flowing to technology upgrades).

So, what should you do? I'd say complete the assignment with a smile on your face and a suggestion that some of the skills are already available elsewhere in the market. Hopefully management will pat you on the head and let you move on to the next level: interfacing with the outsourcing company that's waiting in the wings.

Step 1: Ask for (and get) a raise or quit

[sirwired]

You were brought on as Linux SysAdmin; you now know that the job is nothing of the sort, and getting things up to speed will require massive investments in technology, personnel, and many sleepless nights on your part, should you choose to perform this task.

If you want to do this at all (and it sounds like you do), you need to demand a raise and quit if you don't get it.

Cheapskates

[scsirob]

They are not open source advocates, they are cheapskates who like the prospect of 'free' anything. No supported equipment, no updates, no training for their staff, they simply don't appreciate the value of their IT.

Let me guess, no decent backups either? No DR plan? Nothing of the sort? If you want to stay there, demand a decent budget ( = commitment) and build greenfield. If you don't get a decent budget, run.

I wonder what you'd think of my Mainframe?

[tekrat]

End of Life? Dude, I'm running Cobol code that probably dates back to before you were born!

If it does the job that's one thing. If it's all patched and up to date security-wise, you are OK. If however, the systems are constantly running at 100%, and you've got latency and throughput issues, then that's a different story.

If nothing's getting backed up because the systems are under huge strain, then in that case you are welcome to start upgrading. In fact, you might be able to keep the same hardware and simply "upgrade" to Linux slowly, which is less resource-intensive than Windows.

And the way to do it is to build a new box that "mirrors" an existing one; once you've tested it to death, and you're confident nothing has been missed, you retire the original box, then use that box for the next build that mirrors another box and so on.

Re:I wonder what you'd think of my Mainframe?

[Blaskowicz]

If it runs XP and 2003 then by definition it's unpatched.
If the servers are ten years old and only do file shares, print server etc. I don't think the CPU is used much. Network may be entirely 100 BaseT.

It might be the right kind of boring, and the useless team of co-workers can be hired to play special Warcraft III maps or something.

Look for another job

[realmolo]

Take the paychecks while you can, but you need to get the hell out of there.

The company obviously doesn't care about IT, and you almost certainly aren't going to change that. Let them rot.

Windows XP "end of life": Conflict of interest

[Futurepower(R)]

Alternative viewpoint: Microsoft Windows XP "end of life": Conflict of interest

"April 8, 2014: Microsoft began charging millions for support of its Windows XP product. "

Re:Windows XP "end of life": Conflict of interest

[ttucker]

"April 8, 2014: Microsoft began charging millions for support of its Windows XP product. "

What is your point though? I doubt the article poster's enterprise has extended enterprise XP support, and neither do most people who need to upgrade from XP.

A fire?

[onkelonkel]

Seriously, "accidentally" toss a lighted cigarette into the paper recycling bin in the server room on your way out one night. You'll be able to start fresh with the insurance money.

What you need: project management and a plan

[burni2]

ok, saying PM will fix it is cheap but that's really the core task of project management "to devise a plan"

But a specific plan with goals needs to be based on an analysis of the environment you are actually in and you did the first steps, you tried to describe the environment.

medium-sized enterprise, UK
Ok, you're in the UK and have access to a solid workers pool of skilled IT, also available by contract workers.

Think about getting an aide, nothing is worse than a project manager that looses oversight!

They claimed to be an advocate of open-source.
But everything contradicts that, don't cling onto open source, don't waste energy to educate people that don't understand. It's useless, and open source is only one solution, that can work but also can fail. Especially if you have people with no skill!

The job was advertised as a Linux sys-admin. I've been in the role a short while and the systems right across the business are end-of-life: lots of XP and 2003 servers, a handful of LAMP web servers,

Do you have an overview, are all the systems accounted and cataloged with "Machine Power"/"Electric Power"/IP/MAC/Remoteinstall/config etc.. possiblities.

Because this actually looks like those who hired you did not have such an oversight.

and a large IT department with almost no skills in the technologies on site.

First you don't need a training plan you need a Maintainance&FIXIT plan = nothing is worse than systems failling, when you grab resources for training. because you will be blamed for, your oppinion will lose worth you will lose resources.

Idea: Have a fix-it task force at hand. Only selected few who really can "fix it".
(Think about high skilled contract workers.)

Most boxes have the default password still.

That could be getting fixed by a task force.

As a senior techie, I've been tasked with helping bring the skillset of the rest of the staff up.

Good luck with that.

Where would you start, given that most of the kit is EoL?
Make a plan based on the current equipment(what can still run and what is really dead) and the demand of the market. ("priorities")

Re:Nothing is EoL

[avandesande]

Replaced a system that was running on an old minicomputer that was no longer supported by the vendor and they were cannibalizing old systems to keep running. That is EOL.

oh boy, here we go..

[gr33ngiant112]

You're in for a wild ride..
1. Meeting with senior management
2. powerpoint presentation on just how fucked they really are, complete with flowcharts and LOL gifs
3. preview development plan on getting everything current
4. write number on piece of paper of what it would take to get the job done
5. pass it around, watch them squirm
6. go-pro camera
7. post results
Joking aside, given the current team doesn't understand the current technology, you'll have a much easier time getting them used to the new tech going forward. Good luck.

Those things are still YOUNG!

[nurbles]

XP, LAMP, 2003 servers, all of those things are spiffy new systems to us. Almost all of my job is trying to get old PDP, MODCOMP and DOS systems into the modern era of things like Windows NT or (Jobs forbid!) linux. Sites with truly aging systems are rarely willing to spend anything like what it would cost to really bring what they have up-to-date and they often have good reasons -- how many security issues do you hear about those aged systems vs [recently] modernized ones?

Of course, it also help to keep all user interfaces the same as much as possible instead of forcing people to learn something new (are you listening, Microsoft?) That kind of change for its own sake rarely adds value. I've seen really great looking Windows software used on the operators' console at nuclear power plants -- except -- it is only great looking from a couple feet away. If you get farther away the lines being graphed become invisible and the text is too small to read without 20/10 vision. This stuff probably only changed format because some programmer (and marketeer and purchasing agent) thought it looked pretty in demonstrations in a conference room.

Ahem. Sorry, poor human factors in software "upgrades" is a pet peeve of mine.

Re:let me get this straight

[gr33ngiant112]

You've been hired to fix an IT department where: -the technology is obsolete -the workers don't know how to use it -the people who caused this state of affairs are your superiors and coworkers -they probably aren't going to fire themselves or let you fire them

You need to leave asap. These people obviously have no incentive to improve and they're only going to become hostile once you start trying to make changes.

idk man, I'd take this as an opportunity. Get them in your pocket, show them that YOU are the GOD that can bring them into the new age. Could be a hell of a resume fixture.

Virtualize, then migrate

[ErichTheRed]

Hmmm, if the country weren't incorrect, I'd say you work where I do. :-) I'm in a similar boat -- lots of old stuff, lots of "don't fix what ain't broke," etc. Change does happen, but it's very slow compared to other places. I can give you some advice based on what I've been able to do:

First, for all the EoL hardware -- secure funding for an appropriately sized VMWare or similar cluster, and P2V everything that doesn't absolutely, specifically require physical hardware. (That list is getting shorter and shorter by the year, even major enterprisey software vendors like Oracle have dropped or relaxed the "must be physical kit for support" requirements.) This at least gets you on supportable hardware, and having the servers on VMs makes the next steps easier. The cost can be justified by some of the astronomical prices vendors charge for out of warranty parts and/or the cost of rolling in yet another physical box per application/function.

Next, once the hardware situation is stable, target OS upgrades. Build a test lab (realistically, just use some of the spare VMWare capacity) and work with each application owner to determine whether their app will run, won't run, or will run with tweaks on a more modern operating system. Again, OS upgrade costs can be justified by pointing out the potential cost of staying on an unpatched, unsupported OS.

Finally, once you're on stable infrastructure footing, _then_ you can look at consolidating applications, moving some work from Windows to Linux, etc. Like all the other posters mentioned, inertia will be your enemy, and especially if you come in with a "savior consultant" attitude, the entrenched IT team will never trust you or support anything you're doing. The key is to involve them, even if they're totally wrong, rather than issuing a blanket prescription for what's wrong with their stuff.

Re:Virtualize, then migrate

[rwa2]

Good advice! Another tactic is to propose a "pilot project" to migrate just one of the "low-hanging fruit" servers to a VM... something that's not very business critical that no one important will notice if it's down for a while to work out all of the kinks. After that's done, declare success, hand the procedural documentation over to the "B-team" to complete the rest of the migration, and take a promotion on to greener pastures. Then we can entertain another exciting "How to IT?" Ask Slashdot question from your successor, and respond with the exact same advice, until enough "pilot projects" have gone through to finish the job.

dust off and nuke it from orbit...

[advocate_one]

it's the only way to be sure...

here's what you do in a situation like this...

[Thud457]

First thing you do is sit down and write two letters...

Vulnerabilities, risk outlines, update hitlist

[AndyCater]

Not enough details here to make informed advice try the following for a start:

Questions. Is the company reliant on IT? What is it worth in £million? Do they care about IT enough for you to make a huge fuss and be listened to?

If you are just a Linux admin - and they've lots of Windows admins in a huge company - you are a small cog in a large, crushing machine. If you are supposed to be bringing up their Linux skills and nothing more, do that to the best of your ability and leave.

If your job is to transition some (more) of their estate to Linux AND you have the remit to do it:

Talk to the beancounters about risk management: costs of change vs. vulnerabilities vs costs of remediation
* Make friends with the Windows administrators. Get them to share their main pain points with you: work co-operatively to produce a hitlist of things they want to
see fixed as far as you can
* Bring what Linux machines you have up to date: get patching for these handled correctly.
* Work out where you can usefully expand the Linux estate to fix the Windows admins hitlist.
Then grow out gradually

If you get to talk security posture, hardening, firewalls

Talk to the beancounters about risk management: costs of damage from penetration/loss of data vs. vulnerabilities vs costs of remediation

Re:let me get this straight

[Blaskowicz]

Yes. For one thing show them how a clean Windows 7 32bit looks (Aero Basic or Windows Classic?) and runs on the crappy old desktops, and how to deploy it. Probably with some "magical" network booting set up. "See, the DHCP can be set up to beam an installer or diagnostic tool on the network, if you press F12 on boot up". Have the technicians make "Oooohs" and "Aaaahs" and make feel them empowered ; try to have them do them this task. Tom Sawyer was tasked to paint the wooden fence, and he tricked the other children into wanting to do it.

Give control of DHCPs on network segments that only have desktops and printers then they will like collecting the MACs and entering them etc. and some dumb things like pinging the server or the printer. Wow them with the local DNS : with a cname alias, "printer1" is the same as "HPLSJ5M_ZORGBL" is the same as "192.168.3.81".
Or so I imagine.

Re:engage the pencil pushers

[FranTaylor]

Nom you need the support of the guy who actually signs the checks. The finance department just does what they are told

Make the separate firewall works?

Make sure that the separate firewall works, then go from there. Were your bosses thinking that a Linux admin was a Windows admin with extra skills, that the Windows skills came automatically with the Linux skills?

Don't beat up on the geezers there for having stale skills. They might actually be OK at keeping those obsolete systems running. Some of them might be OK at getting a new system running, unless they're stuck in their ways.

Where to start

[DFDumont]

You have an impossible task. Rejuvenate your CV, and find your next job.
Seriously though, start with a budget. Until you can secure funds you cannot do anything and the budget will tend to direct what you can accomplish next. Once you have cash, find the oldest piece of hardware in operation and start with that one. You will have more failures based on hardware than you will based on unpatched OS's. Disks are your primary concern in this realm.
Second, after you've completed a few of the more horrendous back-end server migrations, the desktops are next. This is a political move. It will endear you to the user community and this will make additional funding possible. If you focus entirely on the back end, you will run out of support and therefore money long before you can complete the task. You may have to do this step by department, so make sure that your most supportive users get their upgrades first. As I said, this step is entirely political in nature. You will not be able to perform all the upgrades in this step, so be picky.
Third, address the network. Given the health of the server architecture you've described, I suspect that even gigabit-Ethernet is foreign to your environment. Make sure you can build in redundancy along the lines of 802.3ad (LACP) etherchannel connections for all things. Redundancy is your top priority in a network refresh. Basically there are two (2) of every component, each of which is connected to two (2) others.
Fourth, take the remaining servers in order of business impact, most first. This will give you the opportunity to introduce the user community to the concept of "maintenance windows". It will also allow you to engage top management in the upgrade process, which should allow you to re-negotiate the budget; which will be woefully inadequate at first.
Assuming you've made it this far (doubtful) go back and finish the user PC upgrades.
Then prepare to do this entire process again in about three (3) years. Perhaps five (5) if you are lucky enough to get the funds needed to buy things which have significant life. Leasing is also a good thing here because it forces the refresh once the lease terms are fulfilled.

WOW!

[DaMattster]

No company could pay me enough money to willingly take on that headache. I'd likely end up in a mental institution ....

Job was advertised as a Linux sys-admin ..

[nickweller]

"As a senior techie, I've been tasked with helping bring the skillset of the rest of the staff up. Where would you start, given that most of the kit is EoL?

Sounds like they expect you to function as an unpaid tutor as well as your duties as sys-admin. Find out why the last fella left and how long he was in the job. Start looking for another job.

Re:How close are you to retirement?

[nickweller]

"I am in this same boat right now. Looking for a shore I can jump to."

Go into teaching, it's a lot less stressful and has a longer job .. er .. longevity. Never-ever do unpaid overtime.

So where did the fella you replaced go?

[moorley]

Sounds like you are a systems admin, and you want to be an engineer. You need to talk to the CIO/CTO. This problem pre-dates your tenure.

It's not the system that determines the solution, it's the vendor. So whatever it is they do you are already off to a bad start.

What budget to they have to replace their solution? Where are they in the market? How can you monetize this solution if they haven't already budgeted for it...

In my not so humble opinion your question (and more importantly how you are asking it) would have barely worked in 2003 or before. You are trying to focus on the platform, not the solution. If you don't have 3-5 vendors for your industry you may need to craft something out of LAMP or Open Source but there are not simple open source solutions anymore.

If they are looking at Open Source they need to have a staff to support it, which I am highly doubtful they want to pay for.

Good luck dude!

Re:Run for your life

[SydShamino]

Or take a shot, tackle it, and find yourself Director of IT in five years with a path to VP. There are some people that can thrive in this sort of environment and ride the train to wealthy.

You need a few quality staffers.

[Beeftopia]

You need to hire a couple-three top people who can migrate the systems. Migration from EOL systems is a headache, requiring plenty of debugging. I've been in those situations, and you need people who can do that task.

What does it DO? Is there budget?

[hughbar]

You've described existing infrastructure, but the important thing for the business is applications. That's the thing they need, every day. I worked in an infrastructure group in a UK investment bank, the only time they notice what you do, is when it snarls up or fails.

For example, there was a recent thread discussing whether Access has an open-source equivalent, IMO it doesn't really. So, if they use a lot of Access that will constrain upgrade path UNLESS they're prepared to take some risks and spend to take it out of the equation. But, mainly, the list of what's delivered to the business via the servers and on the desktop is the thing. No-one cares about infrastructure [except us, boo-hoo] as long as the price is right [including manpower] and it works.

It sounds, to me, like this is Windows desktops and Linux servers [and therefore Samba, LAMP etc. for example] this is not a bad way to live and many companies do so. That would mean that the client upgrades and server upgrades would be reasonably orthogonal, but I don't know all the details, either. To be honest, I'd be inclined to ask this on Server Fault, but unless there were more details, it's likely to be closed as being 'open ended'. Good luck!

I am a career consultant

[Psychotria]

I do this for a living, but I will give you some free advice just this once.

Given your summary, the only thing relevant is probably this:

[...] a large IT department with almost no skills in the technologies on site. [...]

As an experienced career consultant with many years experience I can read between the lines and glean information that every other person who has replied to this thread seems to have missed. Essentially it boils down to this: every single employee in that large IT department started out in your job. Lots of people in your position didn't make it into the IT department because they didn't realise this.

Basically what you have to do is entrench yourself in the corporate culture (lots of parties, arrive at work drunk, do drugs, that sort of stuff) until you're accepted as a functional part of the IT department. Once you are, and at this point you're still in charge, place an advertisement for your replacement. Hire the second (never the first) person who applies for the job, making sure that you have a 35-year contract in place to ensure your continued employment as a support person with no performance reviews and a guaranteed 25% increase in salary per year. Make sure that the new person in the job signs this contract as well as all upper management and the board of directors. Once that is done, play Freecell and become the world champion.

Buy a stack of Raspberry Pis, and build a Cluster

[Jeremy+Lee]

OK, so this isn't just an excuse to post "Beowulf Cluster!" on /. one last time, but it probably sounds like it... :-)

What you really want to do is start using cloud services like DigitalOcean or (if you must) AWS. In this day and age you can pull more computing power out of the damn _air_ than currently exists in your building. This isn't "going OSS", this is a space where open source tools like Linux, GIT, Ansible, cassandra and other are simple necessities because nothing else can do the job. Licences are impossible to keep track of in cluster environments, so the only choice is to go GNU.

But cluster computers are just 'virtualizations' of real hardware, and one of the fastest ways to understand something is to build one. A little one. So, you want a little pile of dozens of identical linux machines, cheap enough to write off on the stationary budget as "training manuals", and that can be repurposed as fast as sticking a cartridge in a nintendo. You want a Raspberry Pi, Banana Pi, pick your flavor. Everybody gets one (thanks, spidey!) and that creates common ground. If you're lucky, three months in, everyone will be swapping their favorite games on SD cards. That's how you know you've won.

You show how lots of little computers can function as one large computer using modern tools, and you show how half of it can be sitting on your desk, and the rest can be on another desk, or in the cloud. Hardware is disposable.. it's the software that's immortal.

Once people have some familiarity with a new tool, and been given an opportunity to use it stupidly in private, then the inevitable next stage is that people will want to use their new hammer to hit every nail-like thing in the vicinity, and that's when you need a little careful enthusiasm management. Everything that breaks down or goes dodgy will get replaced with the tools that everyone knows best, the one they've been most recently learning.

You're in the UK. Learn the history of the Acorn BBC Microcomputer... and how it educated a generation... you may have taken it for granted, but it's a great example of what you're trying to do.

Autonomy, mastery, and purpose. That's what people want. Provide those, and the tools to get the job done, and mostly it's a matter of keeping out of their way.

Manager, Sysadmin or Trainer? Or all three?

[Swandu]

From the post I see you're hired as a sysadmin and it sounds like the additional duty of training other IT staff. What you can do will depend on where you are in the chain, if there's an IT manager and/or C position above you then you can only go so far. (Unless they're asking you to do their job.) As a sysadmin you have to focus on the servers and network IMHO. And in that regard I agree with several of the posters about going virtual. Ideally you need to store the VM's on a SAN of some type and plan your load so if some of the physical servers fail you can move the VM's around. I read thru a bunch of comments but did anyone ask if there's a security person on the team? Will you have to plan physical and digital security for this upgrade? Because that's a whole other bag of cats. Because changing from default passwords is one thing but having a plan to update every 6 to 12 months, where will they be recorded, and all the fun of creating access groups. If you have to upgrade the desktop side I'll give you two scenarios from my last 2 jobs. Company A) Purchases 4 years complete care from Dell. Without knowing numbers I know this is expensive but if anything happens I know all my PC's will be back up the next day even if the end user dropped the PC down the stairs. This org. purchased enough PC's to replace 1/4 one year, the following they purchased 2/4 more PC's to replace all that were running out of warranty. Company B) They purchased 3 year standard warranty on all PC's. Now here's the interesting thing. We performed an annual refresh in which we replaced 25% of the employees PC's. The only downside to this plan is we had 4-5 models of PC's and our image ended up having drivers for 10 models when you count desktops, laptops and precision workstations. And if anyone broke their PC between years 3-4 we had to refresh out of band so we had to have PC's on hand in supply. The advantage though is obvious, you balance the cost of the refresh and it runs as a continuous part of the IT budget instead of running the worry of being pushed off because THIS year wasn't so good for business. As far as training goes, well, I'm the tech that has to know WHY something works the way it does. So I usually end up annoying the teacher because I inevitably end up asking questions they cannot answer and then I have to figure out via the google gods (why can't I hard set 'Verbatim'?) I think the biggest problem you'll have with training is if you have techs who like the way the company runs now and don't want the extra work because they're going to fight you every step and/or do stuff half-assed. The best you can do is DOCUMENT. Figure out how things need to be and write the process/details and any tech who cares and wants to be there will be able to follow you. That's my 2 warped cents.

Re:Manager, Sysadmin or Trainer? Or all three?

[Swandu]

PS I guess I need some training, or my browser's screwed up. I had that typed up with paragraphs and breaks...

At least 3 Servers, more as needed.

[billstewart]

You need to have at least three hardware servers, all with lots of memory and disk, so you can have a primary and backup for production use and another for IT infrastructure development. If you're doing both VMware and OpenStack, which is not a bad position to take, you really need 5, two per hypervisor plus a spare.
Otherwise you're going to be spending your time keeping your Shiny New Virtualization Platform up to date, instead of spending it Virtualizing Old Non-Shiny Stuff, which is what you should be doing.

Your team and how they work - most important

[Improv]

I'd focus on the people side - figure out what who you're going to get rid of, who you can work with, and build good habits of working well with them while you hold down the fort - feel out your first few changes to see what kinds of resistance you get from humans (and from technology). How that goes will give you a feel for the possibilities of larger change.