ServePath Blog

Thank you for your interest in the ServePath blog. Please note that all of our most recent content is now on the GoGrid blog. We recommend that you visit that site and subscribe to the GoGrid blog feed. This blog will no longer be updated so we encourage you to read up on GoGrid Cloud and Dedicated Infrastructure hosting on-demand at: http://www.gogrid.com.

So I’ve been thinking lately about the title “System Administrator.” This is our official job title (it says Systems Administrator on our business cards–I guess the extra s is a nod to the fact that we have some 2500 systems in the data center). This is a slightly misleading title, however. I’m not really a system administrator as much as I am a system medic. I only see servers when they’re sick, I do whatever it takes to fix them as fast as possible, and I (hopefully) never see them again.

From what I’ve seen (working for ServePath, but actually far more often on IRC), people tend to think this is what a system administrator does.

It isn’t.

Just because a server is online doesn’t mean it is properly administered. This is akin to saying that if you’re alive, you must be healthy.

There are two very broad areas a server needs to be tuned for after its services have been set up, security and performance.

If you’re a sysadmin for, say, a FreeBSD server, some questions I might have regarding security are

• Do you know what version of SSL/SSH you have installed? Do you know whether you need to upgrade? Do you know how to upgrade these without breaking anything?
• Do you know what ipfw is, and how to use it?
• Do you know what pf is, and how to use it?
• Do you know what termlog is, and do you use it? Why?
• What logs do you keep, and where do you keep them?
• Do you know what a jail is, and should you be using them?

For performance,

• Which processes take up most of your resources, and which resources (disk I/O, network, CPU, etc)?
• At what point is a process taking too many resources?
• Do you know what inodes are? Do you have enough? How would you get more? (I had a client run out of inodes on two different file systems.)
• Do you know why /usr, /, /tmp, and /var are all on separate slices by default? When might you want to change this?
• What would you do if directories are taking a long time to list their contents?
• What network services do you run, and what kind of network performance do you get? How could you adjust your network buffers to get better performance? What about your firewall rules?
• Do you know what RFC1323 is, and when you’d need what it specifies?

Ultimately a server needs rather a lot of attention to be performing well and be secure. If you just turn a server on and plop it online, you’re probably not getting out of it all that you could.

And you’re also probably hosting movies for kids on IRC, even if you don’t know it.