# Papers and Presentations

Over the years I have written some papers and made some presentations. Since some of these are available electronically, it seemed time to make them available via the web. If you have trouble access any of these papers, or would prefer an alternate format (such as PDF), drop me an email (finkej@rpi.edu) and I may be able to assist you.

## Unifying Unified Voice Messaging

Roughly 18 months after installing a unified voice messaging system, we picked it up and merged it into our pre-existing production email domain. This paper deals with both technical aspects deploying a unified messaging system, as well as the cultural shock of merging the very different operational domains of Email support with Telecommunications support into a shared support model. As an added bonus we will discuss the merging two Exchange/Active Directory worlds into one with minimal impact on the existing users of both systems. Lastly, we will discuss some issues of operating a partially unified voice messaging system.
http://www.rpi.edu/~finkej/Papers/LISA2006-UnifiedVoiceMessaging.pdf
The presentation slides and notes in a web format.
http://www.rpi.edu/~finkej/Presentations/LISA2006-UnifiedMessaging.mht
The presentation slides and notes in PDF (for those who have not been assimilated)
http://www.rpi.edu/~finkej/Presentations/LISA2006-UnifiedMessaging-slides.pdf
I also did a short presentation on Identity Management as part of the "Hit The Ground Running" track. Those presentation slides are available at:
http://www.rpi.edu/~finkej/Presentations/LISA2006-HTGR-IdentityManagement.mht
This paper was presented at LISA 2006 in Washington DC, December 2006.

## Manage People, Not Userids

Despite the title, this is not about managing people, but rather managing the enterprise data about the people, especially in defining the relationship between a person and the organisation and controlling functions based on that relationship, or what some people might refer to as identity management.

Single sign-on is an attractive goal for many organisations. When you include parking gates and badge readers on building entrances, the problem gets even more interesting. As we expand our deployment of wireless access points and publically accessible network jacks, the need to require authentication for access to our virtual world grows stronger. With the need for authentication, so grows the demands on the systems that provide authentication and authorisation, especially in the area of managing who gets access and revoking that access at the appropriate time. Concurrently, with the rising interest in physical security of our facilities, the need for authentication and controlling access to our physical world is also growing. This also requires tools and systems to manage the people and their status and privileges.

Both of these issues share many common attributeWhen Worlds Collide, 2: The Two-Side Sword of Technology Integrations and can be well addressed by merging them into a single system to manage people information, and from that, access to the virtual (network) world as well as the physical world. By combining these projects, we are able to take advantage of the mandate (and administrative support) to identify all of the people on our campus to provide physical access control, and so, manage our virtual world. We will also attempt to define a somewhat generic or standard methodology for doing this with our particular business rules and requirements confined to a few limited and specific areas.

While the technical issues are challenging, the more daunting task comes with negotiating the institutional politics and getting adequate ??buy in?? from the appropriate departments to provide the people and resources willing to operate and use the eventual technical solutions. This paper discusses both the social and technical aspects of those solutions.

http://www.rpi.edu/~finkej/Papers/LISA2005-ManagePeople.pdf
The presentation slides and notes in a web format.
http://www.rpi.edu/~finkej/Presentations/LISA2005-ManagePeopleNotUserids.mht
The presentation slides and notes in PDF (for those who have not been assimilated)
http://www.rpi.edu/~finkej/Presentations/ManagePeopleNotUserids-Slides.pdf
I also did a short presentation on Identity Management as part of the "Hit The Ground Running" track. Those presentation slides are available at:
http://www.rpi.edu/~finkej/Presentations/LISA2005-HTGR-IdentityManagement.mht
This paper was presented at LISA 2005 in San Deigo, December 2005.

## When Worlds Collide, 2: The Two-Side Sword of Technology Integration

The technology used to provide telecommunication services has been evolving over the years. This often yields reduced equipment costs, increased flexibility, enhanced functions and other good things. However, this can also drive up the complexity of our systems, increasing - or at least changing - our maintenance and support requirements in addition to requiring expertise outside of our current staff.

## Meta Change Queue: Tracking Changes to People, Places and Things

Managing information flow between different parts of the enterprise information infrastructure can be a daunting task. We have grown too large to send the complete lists around anymore, instead we need to send just the changes of interest to the systems that want them. In addition, we wanted to eliminate "sneaker net" and have the systems communicate directly without human intervention. Some of our applications required real time updates, and for all cases, we needed to respect the "business rules" of the destination systems when entering information. This paper describes a general method for propagating changes of information while respecting the needs of the target systems.
http://www.rpi.edu/~finkej/Papers/LISA2004-MetaChangeQueue.pdf
The presentation slides and notes in a web format.
http://www.rpi.edu/~finkej/Presentations/MetaChangeQueue.mht
This paper was presented at LISA 2004 in Atlanta, November 2004.

## Generation Configuration Files: The Directors Cut

The generation of system configuration files and other documents directly from a database has proven to be a very powerful technique. However, there were some limitations to this approach. With the introduction of Oracle 8i, and more specifically, the addition of support for XML, we have been able to eliminate many of these limitations and take the file generation and maintenance to a new level.

This is a follow on to my paper An Improved Approach to Generating Configuration Files from a Database from the LISA 2000 conference.

http://www.rpi.edu/~finkej/Papers/LISA2003-FileGenDirCut.pdf
The presentation slides and notes in a web format.
http://www.rpi.edu/~finkej/Presentations/FileGen_LISA2003/Config2.htm
This paper was be presented at LISA 2003 in San Deigo, October 2003.

## Process Monitor: Detecting Events That Did Not Happen

The successful operation of a large scale enterprise information system relies, in part, on the regular and successful completion of many different tasks. Some of these tasks may be fully automated, while others are done manually. One of the challenges we face is detecting when one of these tasks fails (often silently) or is forgotten. While you will eventually learn of these omissions, it is much better to have the system detect them rather than your users! This paper discusses how we implemented a system that watches what we do and reminds us when we (or our computers) forgot to do something.
http://www.rpi.edu/~finkej/Papers/LISA2002-Monitor.pdf
The presentation slides and notes in a web format.
http://www.rpi.edu/~finkej/Presentations/DetectingEventsThatDidnt.htm
This paper was be presented at LISA 2002 in Philadelphia, November 2002.

## Embracing and Extending Windows 2000

We were recently presented with the challenge of deploying a large scale Windows 2000 environment, initially for the Administration Division, but eventually including academic and other users. Rather than try to eventually re-integrate independently administered domains, we took this as an opportunity to develop the tools and resources to provide a campus-wide Windows 2000 environment that is well integrated with the existing enterprise information and computing systems, much like we integrated our Unix systems. This would automate many of the mundane administrative functions, yet provide appropriate delegation of control to departmental administrators as needed. This paper describes the systems we developed to make this happen.
http://www.rpi.edu/~finkej/Papers/LISA2002-Embrace.pdf
The presentation slides and notes in a web format.
http://www.rpi.edu/~finkej/Presentations/EmbracingandExtending.htm
This paper will be presented at LISA 2002 in Philadelphia, November 2002.

## An Improved Approach to Generating Configuration Files from a Database

Much of our site configuration information is stored in a relational database, which means we need to extract this information in the appropriate format for servers and daemons. In the past we have done this with lots of little custom C programs and scripts. We have recently changed to a new approach of generating the files within the database itself using PL/SQL packages, and then using a generic file extraction program to handle the details of putting ascii characters into Unix (or other) file systems. This has allowed us to reduce development time of programs to generate new file types, and greatly simplified supporting multiple platforms.
http://www.rpi.edu/~finkej/Papers/LISA2000-FileGen.pdf
An HTML version of the presentation with notes.
http://www.rpi.edu/~finkej/Presentations/FileGen_LISA2000
This paper was presented at LISA 2000 in New Orleans, December 2000.

## Oracle Tricks and Techniques in Supporting Systems Administration

Many installations (including this one) use Oracle or other relational database management systems to help manage their user account space, as well as other aspects of their operation. Over the years, we have developed a number of techniques using advanced features of Oracle to assist in this process. Since many of the people who are implementing these systems are systems administrators rather than database application developers, this paper is intended to give them some ideas of how to increase the level of automation, provide better access control and simply just explore some of the neat features and power of Oracle.
http://www.rpi.edu/~finkej/Papers/SANS2000-Tricks.pdf
An HTML version of the presentation with notes.
http://www.rpi.edu/~finkej/Presentations/SANS2000/
This was presented at SANS2000 in Orlando, in March 2000.
The paper that accompanied the presentation was subsequently reprinted in the September 2000 issue of Information Security Bulletin.
A RTF version of the paper.
http://www.rpi.edu/~finkej/Papers/ISB-Sep-2000.rtf
An HTML version of the paper (pretty ugly).
http://www.rpi.edu/~finkej/Papers/ISB-Sep-2000.htm

## ServiceTrak Meets NLOG/NMAP

Network port scanning tools can be helpful in mapping services and exposures, but in large environments, you often get more information than you really want. This paper describes a project to take the output from NMAP/NLOG and merge it with the existing enterprise host management system. This makes it simple for service or platform specific administrators to study the machines in their purview.
http://www.rpi.edu/~finkej/Papers/LISA99-SrvTrkNmap2.pdf
An HTML version of the paper.
http://www.rpi.edu/~finkej/Papers/LISA99-SrvTrakNmap.html
An HTML version of the presentation with notes.
http://www.rpi.edu/~finkej/Presentations/SrvcTrakNMAP
This paper was presented at LISA-99, held in Seattle Washington, November 1999.

## Automation of Site Configuration Management

Although there are countless tools to track and manage the configuration of large numbers of Unix systems, there seems to be a lack of tools to manage the interaction and dependencies between systems. As our site has grown, many machines provide services that are required for the operation of other machines and applications. We have been unable to maintain accurate lists of services and servers, and even routine system upgrades have resulted in unexpected service outages.

To address this problem, we are developing a system to automatically detect many of these service dependencies, and generate up to date server listings. In addition, it provides a general framework for indexing and accessing troubleshooting, operational, installation and a number of other types of documentation. The system also assists in verifying the configuration of systems being installed, and assists with the real time testing of services.

An HTML version of the paper.
<http://www.rpi.edu/~finkej/Papers/LISA97-SiteConf.html>
<http://www.rpi.edu/~finkej/Papers/LISA97-SiteConf.pdf>.
A PostScript copy of the presentation slides
<http://www.rpi.edu/~finkej/FTPPapers/LISA97-SiteConf-slides.ps>
A PostScript copy of presentation slides/author's notes.
<http://www.rpi.edu/~finkej/FTPPapers/LISA97-SiteConf-notes.ps>.
<http://www.rpi.edu/~finkej/FTPPapers/LISA97-SiteConf-slides.pdf>.
This paper was presented at LISA 97, San Diego, CA, October 1997.

## Monitoring Application Use with License Server Logs

One feature of our campus-wide UNIX service is the wide selection of scientific and engineering applications such as AutoCad, Pro/ENGINEER, Maple, etc. We currently have 32 major application packages'' site licensed, representing an annual cost of almost $300,000. A number of the licenses were based on concurrent usage, so around budget time, people started to ask if we had an appropriate number of licenses. By adapting some previously developed software for tracking workstation use, we were able to determine who was using which applications, and concurrent usage information for these products and to reduce the number of concurrent users allowed to reflect actual use (plus some headroom). By applying these figures to just four applications, we were able to obtain a savings of$43,000 without cutting any service to our users.

This paper discusses the methods we used to collect, process, and display this information, as well as some of the problems we encountered.

An HTML version of the paper.
A PostScript copy of the presentation slides
A PostScript copy of presentation slides/author's notes.
This paper was presented at LISA 97, San Diego, CA, October 1997.

## Accounting Information Systems Lecture

I was asked by Jules Jacquin, to give a two hour lecture to the Accounting Information Systems class on the topic of Information Security, as well as a discussion of access control in relational databases. This basically resulted in two distinct lectures, however, the slides and notes are combined in a single presentation.
A PostScript copy of the presentation slides
<http://www.rpi.edu/~finkej/FTPPapers/act_info_sys_apr97-slides.ps>
A PostScript copy of presentation slides/author's notes.
<http://www.rpi.edu/~finkej/FTPPapers/act_info_sys_apr97-notes.ps>.
This lecture was delivered to the Accounting Information Systems(80-4964) class, Rensselear Polytechnic Institute, on 23 April, 1997.

## Institute White Pages as a System Administration Problem

With the planned departure of our mainframe, we had to find a new way to maintain and generate our Institute Telephone directory. This gave us the opportunity to examine every aspect of the directory generation process, and make changes to improve the accuracy of the data, reduce the clerical workload in Telecommunications and Human Resources and eliminate some duplication of data and effort. Given that we already had an Oracle based system to automatically create and remove Unix userids for all employees as they are hired and leave, it seemed that with some minor enhancements, this same system could also maintain our directory information.

To this end, we added a directory module to our Simon Account management system that extracts directory information from the Human Resources database, adds additional non employee information and generates LaTeX source for the printed phone book, HTML pages for the web and a raw feed for the {\bf ph} server. In addition, using techniques developed for some of our system administration tools, we gave both individual staff members, and their departmental administrators, the ability to make changes and corrections to their own directory information, which would not only appear in the directories, but also be reflected in the official Human Resource database. This has greatly reduced the delays and paperwork involved in changing this information, and allows us to have accurate and up to date directories. As an added bonus, many of our traditional'' systems administration tools can now directly query the directory information and include contact info in the displays automatically.

A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/LISA10-whitepages.ps>.
A PDF copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/LISA10-whitepages.pdf>.
A PostScript copy of the presentation slides
<http://www.rpi.edu/~finkej/FTPPapers/LISA10-whitepage-slides.ps>
A PostScript copy of presentation slides/author's notes.
<http://www.rpi.edu/~finkej/FTPPapers/LISA10-whitepage-notes.ps>.
This paper was presented at LISA X, Chicago IL, October 1996.

## Manage People, Not Userids

Managing large numbers of Unix Userids in an enterprise wide system (such as one might find at a University), can actually be approached as a problem of managing information about people, which when solved, can in turn be used to automatically create and expire Unix accounts, update white pages databases, etc. This talk will look at some of the problems and opportunities we encountered in implementing Simon (A management system similar in many ways to MIT's Moira). Rather then discussing the gritty technical details (which have been covered in other papers), we will instead look at problems and techniques in dealing with multiple data feeds (Human Resources, Registrar, and others), maintaining information security, understanding (and developing) information policy and some of problems we encountered in merging this information and transforming it into something we could use. In addition, we will look at some of the opportunities we encountered as we expanded the scope of the Simon project beyond the simple maintenance of Unix Userids.
A PostScript copy of the presentation slides
<http://www.rpi.edu/~finkej/FTPPapers/LISA10-ManagePeople-slides.ps>
A PostScript copy of the presentation notes
<http://www.rpi.edu/~finkej/FTPPapers/LISA10-ManagePeople-notes.ps>
This presentation was given as an Invited Talk at LISA X, Chicago IL, October 1996.

## What we Mean by Trust

When discussing systems, or network layouts, or security concerns, we often use the word "trust". Unfortunately, this has led to some confusion, as in this context, we are not using the word "trust" in the conventional sense.
An HTML copy of the paper.
<http://www.rpi.edu/~finkej/Trust.html>.
This paper was published in the October 1995 issue of ;login: pp 29-31.

## SQL_2_HTML: Automatic Generation of HTML Database Schemas

The ongoing development of our relational database based system administration package, Simon, requires frequent reference to documentation that describes the existing database tables. To this end we have written a program that uses descriptive information stored in the database itself, to generate a WWW tree that documents each table in HTML, as well as an index page to tie the whole package together. This has made looking up table definitions simply a click or two away and has proven to be very useful. These HTML pages are now also being included in some of our program documentation of the Simon system.
A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/simon-LISA9-sql2html.ps>.
A PostScript copy of presentation slides/author's notes.
<http://www.rpi.edu/~finkej/FTPPapers/simon-LISA9-sql2html-notes.ps>.
This paper was presented at LISA IX, Monterey CA, September 1995.

## Monitoring Usage of Workstations with a Relational Database

The ability to monitor usage of groups of workstations is quite useful for planning growth, facility hours, staffing and other issues; but in our case, both the format of the data (/var/adm/wtmp) and the fact that the data was spread over hundreds of different workstations made any analysis difficult at best.

In this paper we explore the use of a relational database to collect all the raw data, convert it to a standard form, and then provide selection tools to extract data sets. We also examine some ways to process session data to provide more meaningful reports and charts.

A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/simon-LISA8-wtmp.ps>.
A Postscript copy of the presentation slides.
<http://www.rpi.edu/~finkej/FTPPapers/simon-LISA8-wtmp-slides.ps>
This paper was presented at LISA VIII, San Diego CA, Fall 1994.

## Automating Printing Configuration

Maintaining the printing configuration files (/etc/printcap) for a large site (400 machines, 60 public printers, 40 private printers, 30 print spoolers) can be a major job. At RPI, we developed a system that will automatically generate the printer configuration file for any machine, depending on what printers are driven by that machine. It also allows us to only have a printer appear only on a subset of machines, rather than on all machines.

This paper describes the design and deployment of the system. We use a relational database to manage the printer information, printer type attributes, host grouping and to track hosts using the system. All sources and related information are available for anonymous FTP.

A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/simon-LISA8-pcap.ps>
A Postscript copy of the presentation slides.
<http://www.rpi.edu/~finkej/FTPPapers/simon-LISA8-pcap-slides.ps>
This paper was presented at LISA VIII, San Diego CA, Fall 1994.

## Relational Database + Automated SysAdmin = SIMON

A discussion of the RPI SIMON system, a set of programs based on a relational database that automate many aspects of Unix system administration. Ever growing, Simon currently manages automatic Unix userid mangement based on data feeds from Human Resources, the Registrar and Alumni development. This starts with userid creation, expiration, deadfiling and restoration, along with Unix group file management, and user maintainable email forwarding and mailing lists. In addition, Simon now manages disk accounting and billing, and provides tools for managing the host tables and DNS RR files. Future development will include printer management, accounting and billing, along with increased automation of system configuration. The combined user and host databases will provide a base for an integrated campus wide trouble reporting database.
A PostScript copy of the presentation slides.
<http://www.rpi.edu/~finkej/FTPPapers/simon-sug-east93.ps>
This was an invited talk for the SUG-EAST SUMMER 1993 TECHNICAL CONFERENCE July 27-29, 1993. No paper is available.

## Simon System Management: Hostmaster and beyond

One of the goals of the Simon project, is to automate many aspects of Unix system management. In addition, we also have to manage the host name space and IP address space of much of the Rensselaer campus. The obvious next step was to put the RPI host table management into Simon. This will assist in the day to day management of the name and address space, as well as providing a critical building block for future parts of Simon such as system configuration mangement, printer management and a trouble reporting database to name a few examples.
A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/simon-hostmaster.ps>
This paper was presented at Community Workshop 93, hosted by Simon Fraser University, June 6-11, 1993, Burnaby, BC Canada.

## Simon and Oracle:Strengths and weakness in using Oracle

Effective use of different features of Oracle and the SQL language have been critical in providing users with access to display and update information about them, while maintaining security and data integrity. Some of the problems and techniques are discussed here.
A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/simon-oracle.ps>
This paper was presented at Community Workshop 93, hosted by Simon Fraser University, June 6-11, 1993, Burnaby, BC Canada.

## Simon Postmaster: A user interface for mail aliases and mailing lists

There is an increasing demand from users to provide some sort of mailing list service. Presently this is handled by sending requests to postmaster@rpi.edu who then manually edits a Unix alias file. We want to both provide better tools to the Postmaster, and ideally turn over at least part of the administration to the users.

There is also a desire to allow users to set up mail aliases for themselves. In this way, mail to Don_Porter@rpi.edu will work as well as the less obvious ported2@rpi.edu form.

These two objectives are combined into the Simon Postmaster project.

A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/simon-postmaster.ps>
This paper was presented at Community Workshop 93, hosted by Simon Fraser University, June 6-11, 1993, Burnaby, BC Canada.

## Student Information Services: Putting RPI admin online for the students

The Student Information System (SIS) allows students to access different aspects of the Registrar's and Bursar`s offices from any RCS system, at any time of the day or night. This has enabled students to handle many of the tasks that would normally require a visit to the administration building during normal business hours, to instead be able to handle it at their own convenience, from the comfort of their favorite computer lab, or even their own dorm room.
A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/sis.ps>
This paper was presented at Community Workshop 93, hosted by Simon Fraser University, June 6-11, 1993, Burnaby, BC Canada.

## Disk Charging in AFS

One of the requirements of the RCS project, was the need to charge for disk use beyond the default allocation. This was implemented using Oracle as part of the Simon Management System. The implementation is described in this paper.
A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/afs-disk-charging.ps>
This paper was presented at Community Workshop 92, hosted by Rensselaer Polytechnic Institute, June 13-19, 1992, Troy, NY.

## Distributed Printing at RPI

Our goal for printing is to allow users to print to any printer from any system. In addition, we need to be able to manage all of these printers and systems, as well as account and bill for usage.
A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/printing_management.ps>
This paper was presented at Community Workshop 92, hosted by Rensselaer Polytechnic Institute, June 13-19, 1992, Troy, NY.

## Data Propagation between Oracle Tables

A critical part of the operation of the Simon management system is the controlled propagation of changes from one Oracle table to the next. When a particular row in a table changes, we only want to have that change propagated, and not require every entry in each table to be re-evaluated. This can be managed via an Oracle table and some simple subroutines.
A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/simon-propogation.ps>
This paper was presented at Community Workshop 92, hosted by Rensselaer Polytechnic Institute, June 13-19, 1992, Troy, NY.

## Oracle Tools

The development of the Simon Management System has also resulted in the development of a number of tools and routines. These tools have been quite useful in working with the oracle database and documenting the results.
A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/simon-tools.ps>
This paper was presented at Community Workshop 92, hosted by Rensselaer Polytechnic Institute, June 13-19, 1992, Troy, NY.

## Automated Userid Management

One of the objectives of the Simon userid management system was to automatically manage userids for all students, faculty and staff at Rensselaer. The resulting system takes input for students from the Registrar, and for faculty and staff from Payroll. These two feeds are merged with some special cases and result in a mostly automated system that create and expire RCS userids as people change their status at Rensselaer.
A PostScript copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/simon-userids.ps>
A PDF copy of the paper.
<http://www.rpi.edu/~finkej/FTPPapers/simon-userids.pdf>
This paper was presented at Community Workshop 92, hosted by Rensselaer Polytechnic Institute, June 13-19, 1992, Troy, NY.