Over the years I have written some papers and made some
presentations. Since some of these are available electronically, it
seemed time to make them available via the web. If you have trouble
access any of these papers, or would prefer an alternate format (such
as PDF), drop me an email (finkej@rpi.edu) and I may be able to
assist you.
Roughly 18 months after installing a unified voice messaging system, we picked it up and
merged it into our pre-existing production email domain. This paper deals with both technical
aspects deploying a unified messaging system, as well as the cultural shock of merging the very
different operational domains of Email support with Telecommunications support into a shared
support model. As an added bonus we will discuss the merging two Exchange/Active Directory
worlds into one with minimal impact on the existing users of both systems. Lastly, we will discuss
some issues of operating a partially unified voice messaging system.
- A PDF version of the paper.
- http://www.rpi.edu/~finkej/Papers/LISA2006-UnifiedVoiceMessaging.pdf
- The presentation slides and notes in a web format.
- http://www.rpi.edu/~finkej/Presentations/LISA2006-UnifiedMessaging.mht
- The presentation slides and notes in PDF (for those who have not been assimilated)
- http://www.rpi.edu/~finkej/Presentations/LISA2006-UnifiedMessaging-slides.pdf
- I also did a short presentation on Identity Management as part of the "Hit The Ground Running" track. Those presentation slides are available at:
- http://www.rpi.edu/~finkej/Presentations/LISA2006-HTGR-IdentityManagement.mht
This paper was presented at LISA 2006 in Washington DC, December 2006.
Despite the title, this is not about managing people, but rather managing the enterprise data
about the people, especially in defining the relationship between a person and the organisation and
controlling functions based on that relationship, or what some people might refer to as identity
management.
Single sign-on is an attractive goal for many organisations. When you include parking gates
and badge readers on building entrances, the problem gets even more interesting. As we expand
our deployment of wireless access points and publically accessible network jacks, the need to
require authentication for access to our virtual world grows stronger. With the need for
authentication, so grows the demands on the systems that provide authentication and authorisation,
especially in the area of managing who gets access and revoking that access at the appropriate
time. Concurrently, with the rising interest in physical security of our facilities, the need for
authentication and controlling access to our physical world is also growing. This also requires
tools and systems to manage the people and their status and privileges.
Both of these issues share many common attributeWhen Worlds Collide, 2: The Two-Side Sword of Technology Integrations and can be well addressed by merging
them into a single system to manage people information, and from that, access to the virtual
(network) world as well as the physical world. By combining these projects, we are able to take
advantage of the mandate (and administrative support) to identify all of the people on our campus
to provide physical access control, and so, manage our virtual world. We will also attempt to
define a somewhat generic or standard methodology for doing this with our particular business
rules and requirements confined to a few limited and specific areas.
While the technical issues are challenging, the more daunting task comes with negotiating
the institutional politics and getting adequate ??buy in?? from the appropriate departments to
provide the people and resources willing to operate and use the eventual technical solutions. This
paper discusses both the social and technical aspects of those solutions.
- A PDF version of the paper.
- http://www.rpi.edu/~finkej/Papers/LISA2005-ManagePeople.pdf
- The presentation slides and notes in a web format.
- http://www.rpi.edu/~finkej/Presentations/LISA2005-ManagePeopleNotUserids.mht
- The presentation slides and notes in PDF (for those who have not been assimilated)
- http://www.rpi.edu/~finkej/Presentations/ManagePeopleNotUserids-Slides.pdf
- I also did a short presentation on Identity Management as part of the "Hit The Ground Running" track. Those presentation slides are available at:
- http://www.rpi.edu/~finkej/Presentations/LISA2005-HTGR-IdentityManagement.mht
This paper was presented at LISA 2005 in San Deigo, December 2005.
The technology used to provide telecommunication services has been evolving
over the years. This often yields reduced equipment costs, increased flexibility,
enhanced functions and other good things.
However, this can also drive up the complexity of our systems, increasing - or at least
changing - our maintenance and support requirements in addition to requiring
expertise outside of our current staff.
- A PDF version of this paper.
- http://www.rpi.edu/~finkej/Articles/Login-WhenWorldsCollide.pdf
This article appeared in the June 2005 issue of ";Login:" The USENIX Magazine.
Managing information flow between different parts of the enterprise information
infrastructure can be a daunting task. We have grown too large to send the complete lists around
anymore, instead we need to send just the changes of interest to the systems that want them. In
addition, we wanted to eliminate "sneaker net" and have the systems communicate directly
without human intervention. Some of our applications required real time updates, and for all cases,
we needed to respect the "business rules" of the destination systems when entering information.
This paper describes a general method for propagating changes of information while respecting the
needs of the target systems.
- A PDF version of the paper.
- http://www.rpi.edu/~finkej/Papers/LISA2004-MetaChangeQueue.pdf
- The presentation slides and notes in a web format.
- http://www.rpi.edu/~finkej/Presentations/MetaChangeQueue.mht
This paper was presented at LISA 2004 in Atlanta, November 2004.
The generation of system configuration files and other documents
directly from a database has proven to be a very powerful technique.
However, there were some limitations to this approach. With the
introduction of Oracle 8i, and more specifically, the addition of
support for XML, we have been able to eliminate many of these
limitations and take the file generation and maintenance to a new
level.
This is a follow on to my paper An Improved Approach to Generating Configuration Files from a Database from the LISA 2000 conference.
- A PDF version of the paper.
- http://www.rpi.edu/~finkej/Papers/LISA2003-FileGenDirCut.pdf
- The presentation slides and notes in a web format.
- http://www.rpi.edu/~finkej/Presentations/FileGen_LISA2003/Config2.htm
This paper was be presented at LISA 2003 in San Deigo, October 2003.
The successful operation of a large scale enterprise information
system relies, in part, on the regular and successful completion of many
different tasks. Some of these tasks may be fully automated, while
others are done manually. One of the challenges we face is detecting
when one of these tasks fails (often silently) or is forgotten. While
you will eventually learn of these omissions, it is much better to have
the system detect them rather than your users! This paper discusses
how we implemented a system that watches what we do and reminds us
when we (or our computers) forgot to do something.
- A PDF version of the paper.
- http://www.rpi.edu/~finkej/Papers/LISA2002-Monitor.pdf
- The presentation slides and notes in a web format.
- http://www.rpi.edu/~finkej/Presentations/DetectingEventsThatDidnt.htm
This paper was be presented at LISA 2002 in Philadelphia, November 2002.
We were recently presented with the challenge of deploying a large
scale Windows 2000 environment, initially for the Administration
Division, but eventually including academic and other users. Rather
than try to eventually re-integrate independently administered
domains, we took this as an opportunity to develop the tools and
resources to provide a campus-wide Windows 2000 environment that is
well integrated with the existing enterprise information and computing
systems, much like we integrated our Unix systems. This would automate
many of the mundane administrative functions, yet provide appropriate
delegation of control to departmental administrators as needed. This
paper describes the systems we developed to make this happen.
- A PDF version of the paper.
- http://www.rpi.edu/~finkej/Papers/LISA2002-Embrace.pdf
- The presentation slides and notes in a web format.
- http://www.rpi.edu/~finkej/Presentations/EmbracingandExtending.htm
This paper will be presented at LISA 2002 in Philadelphia, November 2002.
Much of our site configuration information is stored in a relational
database, which means we need to extract this information in the
appropriate format for servers and daemons.
In the past we have done this with lots of
little custom C programs and scripts. We have recently changed to a new
approach of generating the files within the database itself using
PL/SQL packages, and then using
a generic file extraction program to handle the details of putting
ascii characters into Unix (or other) file systems. This has allowed us to reduce
development time of programs to generate new file types, and greatly
simplified supporting multiple platforms.
- A PDF version of the paper.
- http://www.rpi.edu/~finkej/Papers/LISA2000-FileGen.pdf
- An HTML version of the presentation with notes.
- http://www.rpi.edu/~finkej/Presentations/FileGen_LISA2000
This paper was presented at LISA 2000 in New Orleans, December 2000.
Many installations (including this one) use Oracle or other relational
database management systems to help manage their user account space,
as well as other aspects of their operation. Over the years, we have
developed a number of techniques using advanced features of Oracle to
assist in this process. Since many of the people who are implementing
these systems are systems administrators rather than database
application developers, this paper is intended to give them some ideas
of how to increase the level of automation, provide better access
control and simply just explore some of the neat features and power of
Oracle.
- A PDF version of the paper.
- http://www.rpi.edu/~finkej/Papers/SANS2000-Tricks.pdf
- An HTML version of the presentation with notes.
- http://www.rpi.edu/~finkej/Presentations/SANS2000/
This was presented at SANS2000 in Orlando, in March 2000.
The paper that accompanied the presentation was subsequently reprinted in the September 2000 issue
of Information Security Bulletin.
- A RTF version of the paper.
- http://www.rpi.edu/~finkej/Papers/ISB-Sep-2000.rtf
- An HTML version of the paper (pretty ugly).
- http://www.rpi.edu/~finkej/Papers/ISB-Sep-2000.htm
Network port scanning tools can be helpful in mapping services and
exposures, but in large environments, you often get more information
than you really want. This paper describes a project to take the
output from NMAP/NLOG and merge it with the existing enterprise host
management system. This makes it simple for service or platform
specific administrators to study the machines in their
purview.
- A PDF version of the paper.
- http://www.rpi.edu/~finkej/Papers/LISA99-SrvTrkNmap2.pdf
- An HTML version of the paper.
- http://www.rpi.edu/~finkej/Papers/LISA99-SrvTrakNmap.html
- An HTML version of the presentation with notes.
- http://www.rpi.edu/~finkej/Presentations/SrvcTrakNMAP
This paper was presented at LISA-99, held in Seattle Washington, November 1999.
Although there are countless tools to track and manage the
configuration of large numbers of Unix systems, there seems
to be a lack of tools to manage the interaction and
dependencies between systems. As our site has grown, many
machines provide services that are required for the operation
of other machines and applications. We have been unable to
maintain accurate lists of services and servers, and even
routine system upgrades have resulted in unexpected service
outages.
To address this problem, we are developing a system to
automatically detect many of these service dependencies, and
generate up to date server listings. In addition, it provides a
general framework for indexing and accessing
troubleshooting, operational, installation and a number of
other types of documentation. The system also assists in
verifying the configuration of systems being installed, and
assists with the real time testing of services.
- An HTML version of the paper.
-
<http://www.rpi.edu/~finkej/Papers/LISA97-SiteConf.html>
- A pdf version of the paper.
-
<http://www.rpi.edu/~finkej/Papers/LISA97-SiteConf.pdf>.
- A PostScript copy of the presentation slides
-
<http://www.rpi.edu/~finkej/FTPPapers/LISA97-SiteConf-slides.ps>
- A PostScript copy of presentation slides/author's notes.
-
<http://www.rpi.edu/~finkej/FTPPapers/LISA97-SiteConf-notes.ps>.
- A PDF version of the slides.
-
<http://www.rpi.edu/~finkej/FTPPapers/LISA97-SiteConf-slides.pdf>.
This paper was presented at LISA 97, San Diego, CA, October 1997.
Table of Contents
One feature of our campus-wide UNIX service is the wide
selection of scientific and engineering applications such as
AutoCad, Pro/ENGINEER, Maple, etc. We currently have 32
``major application packages'' site licensed, representing an
annual cost of almost $300,000. A number of the licenses were
based on concurrent usage, so around budget time, people
started to ask if we had an appropriate number of licenses.
By adapting some previously developed software for tracking
workstation use, we were able to determine who was using
which applications, and concurrent usage information for
these products and to reduce the number of concurrent users
allowed to reflect actual use (plus some headroom). By
applying these figures to just four applications, we were able
to obtain a savings of $43,000 without cutting any service to
our users.
This paper discusses the methods we used to collect, process,
and display this information, as well as some of the problems
we encountered.
- An HTML version of the paper.
-
<http://www.rpi.edu/~finkej/Papers/LISA97-licensestats.html>
- A pdf version of the paper.
-
<http://www.rpi.edu/~finkej/Papers/LISA97-licensestats.pdf>.
- A PostScript copy of the presentation slides
-
<http://www.rpi.edu/~finkej/FTPPapers/LISA97-licensestats-slides.ps>
- A PostScript copy of presentation slides/author's notes.
-
<http://www.rpi.edu/~finkej/FTPPapers/LISA97-licensestats-notes.ps>.
This paper was presented at LISA 97, San Diego, CA, October 1997.
Table of Contents
I was asked by Jules Jacquin, to give a two hour lecture to the
Accounting Information Systems class on the topic of Information
Security, as well as a discussion of access control in relational
databases. This basically resulted in two distinct lectures, however,
the slides and notes are combined in a single presentation.
- A PostScript copy of the presentation slides
- <http://www.rpi.edu/~finkej/FTPPapers/act_info_sys_apr97-slides.ps>
- A PostScript copy of presentation slides/author's notes.
-
<http://www.rpi.edu/~finkej/FTPPapers/act_info_sys_apr97-notes.ps>.
This lecture was delivered to the Accounting Information Systems(80-4964) class, Rensselear Polytechnic Institute, on 23 April, 1997.
Table of Contents
With the planned departure of our mainframe, we had to find a new way
to maintain and generate our Institute Telephone directory. This gave
us the opportunity to examine every aspect of the directory generation
process, and make changes to improve the accuracy of the data, reduce
the clerical workload in Telecommunications and Human Resources and
eliminate some duplication of data and effort.
Given that we already had an Oracle based system to
automatically create and remove Unix userids for all employees as they
are hired and leave, it seemed that with some minor enhancements, this
same system could also maintain our directory information.
To this end, we added a directory module to our Simon Account
management system that extracts directory information from the Human
Resources database, adds additional non employee information and
generates LaTeX source for the printed phone book, HTML pages for the
web and a raw feed for the {\bf ph} server. In addition, using
techniques developed for some of our system administration tools, we
gave both individual staff members, and their departmental
administrators, the ability to make changes and corrections to their
own directory information, which would not only appear in the
directories, but also be reflected in the official Human Resource
database. This has greatly reduced the delays and paperwork involved
in changing this information, and allows us to have accurate and up
to date directories. As an added bonus, many of our ``traditional''
systems administration tools can now directly query the directory
information and include contact info in the displays automatically.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/LISA10-whitepages.ps>.
- A PDF copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/LISA10-whitepages.pdf>.
- A PostScript copy of the presentation slides
- <http://www.rpi.edu/~finkej/FTPPapers/LISA10-whitepage-slides.ps>
- A PostScript copy of presentation slides/author's notes.
-
<http://www.rpi.edu/~finkej/FTPPapers/LISA10-whitepage-notes.ps>.
This paper was presented at LISA X, Chicago IL, October 1996.
Table of Contents
Managing large numbers of Unix Userids in an enterprise wide system
(such as one might find at a University), can actually be approached
as a problem of managing information about people, which when solved,
can in turn be used to automatically create and expire Unix accounts,
update white pages databases, etc. This talk will look at some of the
problems and opportunities we encountered in implementing Simon (A
management system similar in many ways to MIT's Moira). Rather then
discussing the gritty technical details (which have been covered in
other papers), we will instead look at problems and techniques in
dealing with multiple data feeds (Human Resources, Registrar, and
others), maintaining information security, understanding (and
developing) information policy and some of problems we encountered in
merging this information and transforming it into something we could
use. In addition, we will look at some of the opportunities we
encountered as we expanded the scope of the Simon project beyond the
simple maintenance of Unix Userids.
- A PostScript copy of the presentation slides
- <http://www.rpi.edu/~finkej/FTPPapers/LISA10-ManagePeople-slides.ps>
- A PostScript copy of the presentation notes
- <http://www.rpi.edu/~finkej/FTPPapers/LISA10-ManagePeople-notes.ps>
This presentation was given as an Invited Talk at LISA X, Chicago IL,
October 1996.
Table of Contents
When discussing systems, or network layouts, or security concerns, we
often use the word "trust". Unfortunately, this has led to some
confusion, as in this context, we are not using the word "trust" in
the conventional sense.
- An HTML copy of the paper.
-
<http://www.rpi.edu/~finkej/Trust.html>.
This paper was published in the October 1995 issue of ;login: pp
29-31.
Table of Contents
The ongoing development of our relational database based system
administration package, Simon, requires frequent reference to
documentation that describes the existing database tables. To this
end we have written a program that uses descriptive information stored
in the database itself, to generate a WWW tree that documents each table
in HTML, as well as an index page to tie the whole package together. This has
made looking up table definitions simply a click or two away and has proven
to be very useful. These HTML pages are now also being included in some of
our program documentation of the Simon system.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-LISA9-sql2html.ps>.
- A PostScript copy of presentation slides/author's notes.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-LISA9-sql2html-notes.ps>.
This paper was presented at LISA IX, Monterey CA, September 1995.
Table of Contents
The ability to monitor usage of groups of workstations is quite useful
for planning growth, facility hours, staffing and other issues; but in
our case, both the format of the data (/var/adm/wtmp) and the
fact that the data was spread over hundreds of different workstations
made any analysis difficult at best.
In this paper we explore the use of a relational database to collect
all the raw data, convert it to a standard form, and then provide
selection tools to extract data sets. We also examine some ways to
process session data to provide more meaningful reports and charts.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-LISA8-wtmp.ps>.
- A Postscript copy of the presentation slides.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-LISA8-wtmp-slides.ps>
This paper was presented at LISA VIII, San Diego CA, Fall 1994.
Table of Contents
Maintaining the printing configuration files (/etc/printcap) for a
large site (400 machines, 60 public printers, 40 private printers, 30
print spoolers) can be a major job. At RPI, we developed a system
that will automatically generate the printer configuration file for
any machine, depending on what printers are driven by that machine.
It also allows us to only have a printer appear only on a subset of
machines, rather than on all machines.
This paper describes the design
and deployment of the system. We use a relational database to manage
the printer information, printer type attributes, host grouping and to
track hosts using the system. All sources and related information are
available for anonymous FTP.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-LISA8-pcap.ps>
- A Postscript copy of the presentation slides.
- <http://www.rpi.edu/~finkej/FTPPapers/simon-LISA8-pcap-slides.ps>
This paper was presented at LISA VIII, San Diego CA, Fall 1994.
Table of Contents
A discussion of the RPI SIMON system, a set of programs based on a
relational database that automate many aspects of Unix system
administration. Ever growing, Simon currently manages automatic Unix
userid mangement based on data feeds from Human Resources, the
Registrar and Alumni development. This starts with userid creation,
expiration, deadfiling and restoration, along with Unix group file
management, and user maintainable email forwarding and mailing lists.
In addition, Simon now manages disk accounting and billing, and
provides tools for managing the host tables and DNS RR files. Future
development will include printer management, accounting and billing,
along with increased automation of system configuration. The combined
user and host databases will provide a base for an integrated campus
wide trouble reporting database.
- A PostScript copy of the presentation slides.
- <http://www.rpi.edu/~finkej/FTPPapers/simon-sug-east93.ps>
This was an invited talk for the
SUG-EAST SUMMER 1993 TECHNICAL CONFERENCE
July 27-29, 1993. No paper is available.
Table of Contents
One of the goals of the Simon project, is to automate many
aspects of Unix system management. In addition, we also have
to manage the host name space and IP address space of much of
the Rensselaer campus. The obvious next step was to put the
RPI host table management into Simon. This will assist in the
day to day management of the name and address space, as well
as providing a critical building block for future parts of
Simon such as system configuration mangement, printer
management and a trouble reporting database to name a few
examples.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-hostmaster.ps>
This paper was presented at Community Workshop 93, hosted
by Simon Fraser University, June 6-11, 1993, Burnaby, BC Canada.
Table of Contents
Effective use of different features of Oracle and the SQL language
have been critical in providing users with access to display and
update information about them, while maintaining security and data
integrity. Some of the problems and techniques are discussed here.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-oracle.ps>
This paper was presented at Community Workshop 93, hosted
by Simon Fraser University, June 6-11, 1993, Burnaby, BC Canada.
Table of Contents
There is an increasing demand from users to provide some sort of
mailing list service. Presently this is handled by sending requests to
postmaster@rpi.edu who then manually edits a Unix alias file. We
want to both provide better tools to the Postmaster, and ideally turn
over at least part of the administration to the users.
There is also a desire to allow users to set up mail aliases for
themselves. In this way, mail to Don_Porter@rpi.edu will work as
well as the less obvious ported2@rpi.edu form.
These two objectives are combined into the Simon Postmaster project.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-postmaster.ps>
This paper was presented at Community Workshop 93, hosted
by Simon Fraser University, June 6-11, 1993, Burnaby, BC Canada.
Table of Contents
The Student Information System (SIS) allows students to
access different aspects of the Registrar's and Bursar`s offices
from any RCS system, at any time of the day or night. This
has enabled students to handle many of the tasks that would
normally require a visit to the administration building during
normal business hours, to instead be able to handle it at
their own convenience, from the comfort of their favorite
computer lab, or even their own dorm room.
- A PostScript copy of the paper.
- <http://www.rpi.edu/~finkej/FTPPapers/sis.ps>
This paper was presented at Community Workshop 93, hosted
by Simon Fraser University, June 6-11, 1993, Burnaby, BC Canada.
Table of Contents
One of the requirements of the RCS project, was the need to
charge for disk use beyond the default allocation. This was
implemented using Oracle as part of the Simon Management System.
The implementation is described in this paper.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/afs-disk-charging.ps>
This paper was presented at Community Workshop 92, hosted
by Rensselaer Polytechnic Institute, June 13-19, 1992, Troy, NY.
Table of Contents
Our goal for printing is to allow users to print to any printer
from any system. In addition, we need to be able to manage all of
these printers and systems, as well as account and bill for usage.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/printing_management.ps>
This paper was presented at Community Workshop 92, hosted
by Rensselaer Polytechnic Institute, June 13-19, 1992, Troy, NY.
Table of Contents
A critical part of the operation of the Simon management system is the
controlled propagation of changes from one Oracle table to the next.
When a particular row in a table changes, we only want to have that
change propagated, and not require every entry in each table to be
re-evaluated.
This can be managed via an Oracle table and some simple subroutines.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-propogation.ps>
This paper was presented at Community Workshop 92, hosted
by Rensselaer Polytechnic Institute, June 13-19, 1992, Troy, NY.
Table of Contents
The development of the Simon Management System has also resulted in the
development of a number of tools and routines. These tools have been quite
useful in working with the oracle database and documenting the
results.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-tools.ps>
This paper was presented at Community Workshop 92, hosted
by Rensselaer Polytechnic Institute, June 13-19, 1992, Troy, NY.
Table of Contents
One of the objectives of the Simon userid management system was to
automatically manage userids for all students, faculty and staff at
Rensselaer. The resulting system takes input for students from the
Registrar, and for faculty and staff from Payroll. These two feeds are
merged with some special cases and result in a mostly automated system
that create and expire RCS userids as people change their status at
Rensselaer.
- A PostScript copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-userids.ps>
- A PDF copy of the paper.
-
<http://www.rpi.edu/~finkej/FTPPapers/simon-userids.pdf>
This paper was presented at Community Workshop 92, hosted
by Rensselaer Polytechnic Institute, June 13-19, 1992, Troy, NY.
Table of Contents