How hard is it for a generalist to pickup patching Linux/Unix servers?

N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
We are looking at staffing a technical group 2 resources to patch unix/linux servers.

Is it possible to get a generalist ramped up just to patch these boxes? Sorry for the general question, I am just trying to get a high level answer. I have 2 techs in mind who might be candidates to fill these positions. I could possibly be one if my project manager role doesn't come through or business process manager.

Just wondering what level of knowledge would the techs need to know.

These techs won't be designing systems, just patching the servers.

Any thoughts?

Comments

  • prampram Member Posts: 171
    Just type 'yum upgrade' icon_thumright.gif
  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    pram wrote: »
    Just type 'yum upgrade' icon_thumright.gif

    I ended up googling that. Thanks
  • EveryoneEveryone Member Posts: 1,661
    "Yum upgrade" is only going to work on Red Hat based Linux. Different Linux distributions will have different package managers. Debian based Linux (like Ubuntu) uses "apt-get", Gentoo uses "emerge", Sabayon uses "equo", etc.

    Unix uses "Ports" the command is usually "pkg_add".

    It all seems pretty simple, and a generalist with some *nix knowledge can probably do it, as long as nothing goes wrong. As soon as something goes wrong, a generalist will be screwed.

    I'd say my *nix skills are intermediate at best (I'm an MS guy). I've had my package management get screwed up to the point where it would not install updates. Took me hours of searching to figure out how to fix broken dependencies.

    If you have enough *nix servers, a full time *nix Admin is probably worth it.
  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    Everyone wrote: »
    "Yum upgrade" is only going to work on Red Hat based Linux. Different Linux distributions will have different package managers. Debian based Linux (like Ubuntu) uses "apt-get", Gentoo uses "emerge", Sabayon uses "equo", etc.

    Unix uses "Ports" the command is usually "pkg_add".

    It all seems pretty simple, and a generalist with some *nix knowledge can probably do it, as long as nothing goes wrong. As soon as something goes wrong, a generalist will be screwed.

    I'd say my *nix skills are intermediate at best (I'm an MS guy). I've had my package management get screwed up to the point where it would not install updates. Took me hours of searching to figure out how to fix broken dependencies.

    If you have enough *nix servers, a full time *nix Admin is probably worth it.


    Awesome post +1 rep for sure

    Everyone thanks for taking the time to respond to my original thread. Informative reply!

    Everyone I'd like your opinion here. What about some generalist with minimal Linux experiencing doing the patching over the weekends to give the engineers and admins a break? That way they are on call if something bombs out.

    Thanks
  • lordylordy Member Posts: 632 ■■■■□□□□□□
    I have done a lot of patching on Solaris and Red Hat/CentOS over the last years.

    Generally speaking it's not a really big deal. All the updates you get have been verfified and tested by their vendors so there is rarely anything that breaks. If you use an Enterprise Linux such as Red Hat all you will get is bug fixes and security updates so the functionality of your software should never be impaired.

    My strategy usually works as follows:
    - Figure out the dependencies of your services
    - Remove all software that you don't need (less vulnerabilities, less patching)
    - Install security updates
    - Install bug fixes if necessary
    Working on CCNP: [X] SWITCH --- [ ] ROUTE --- [ ] TSHOOT
    Goal for 2014: RHCA
    Goal for 2015: CCDP
  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    lordy wrote: »
    I have done a lot of patching on Solaris and Red Hat/CentOS over the last years.

    Generally speaking it's not a really big deal. All the updates you get have been verfified and tested by their vendors so there is rarely anything that breaks. If you use an Enterprise Linux such as Red Hat all you will get is bug fixes and security updates so the functionality of your software should never be impaired.

    My strategy usually works as follows:
    - Figure out the dependencies of your services
    - Remove all software that you don't need (less vulnerabilities, less patching)
    - Install security updates
    - Install bug fixes if necessary

    Lordy thanks for the insight I really do appreciate it.

    Thanks again!

    +1 Rep
  • demonfurbiedemonfurbie Member Posts: 1,819 ■■■■■□□□□□
    saw this thought it maybe useful to you

    How to lock down Linux | ZDNet
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    saw this thought it maybe useful to you

    How to lock down Linux | ZDNet

    That was a very informative article!
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    What distros of Linux/Unix are there in the environment ? Is there any patching policy you generally follow ?

    I wouldn't let a generalist patch my servers, because if something goes wrong during or after the patching, he's gonna have to fix it, and that's not an easy job. Proper (verified) backup has to be taken before patching, and HDD mirrors have to be broken before patching to revert back.


    If you have Red Hat or HP-UX or Solaris or AIX, you might think of getting a support contract with patching entitlement, so that the vendor or business partner engineers can do the patching (and fix any possible problems that might happen after), and the generalist can be there with them.

    N2IT wrote: »
    We are looking at staffing a technical group 2 resources to patch unix/linux servers.

    Is it possible to get a generalist ramped up just to patch these boxes? Sorry for the general question, I am just trying to get a high level answer. I have 2 techs in mind who might be candidates to fill these positions. I could possibly be one if my project manager role doesn't come through or business process manager.

    Just wondering what level of knowledge would the techs need to know.

    These techs won't be designing systems, just patching the servers.

    Any thoughts?
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    UnixGuy wrote: »
    What distros of Linux/Unix are there in the environment ? Is there any patching policy you generally follow ?

    I wouldn't let a generalist patch my servers, because if something goes wrong during or after the patching, he's gonna have to fix it, and that's not an easy job. Proper (verified) backup has to be taken before patching, and HDD mirrors have to be broken before patching to revert back.


    If you have Red Hat or HP-UX or Solaris or AIX, you might think of getting a support contract with patching entitlement, so that the vendor or business partner engineers can do the patching (and fix any possible problems that might happen after), and the generalist can be there with them.

    RedHat, HP-UX, Solaris, and AIX are all in the environment.

    The goal is to roll the service into what we already have, so giving away the business is not exactly what we want to do. We are hoping to at least staff aug two resources into the patch role. If the projects we are awaiting for don't come through this could be something for me to do until another project opens up or else I will be making very little money or looking for a new job. We could also be getting 4000 Windows boxes too.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Patching is a sysadmin job, so probably recruiting sysadmins and assign them the patching responsibility along with other responsibility would be a good option..
    N2IT wrote: »
    RedHat, HP-UX, Solaris, and AIX are all in the environment.

    The goal is to roll the service into what we already have, so giving away the business is not exactly what we want to do. We are hoping to at least staff aug two resources into the patch role. If the projects we are awaiting for don't come through this could be something for me to do until another project opens up or else I will be making very little money or looking for a new job. We could also be getting 4000 Windows boxes too.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    UnixGuy wrote: »
    Patching is a sysadmin job, so probably recruiting sysadmins and assign them the patching responsibility along with other responsibility would be a good option..

    Thanks for the expert opinion. I was afraid you would say that, but I respect your word and know it's for the best.

    I am now more on the business side of things so I rely on others to tell me what's best ;)
  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    UnixGuy wrote: »
    Patching is a sysadmin job, so probably recruiting sysadmins and assign them the patching responsibility along with other responsibility would be a good option..

    It looks like I am going into this position. How will my management stint be remembered LOL.

    At least I am employed.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    u will do it, don't worry :) Let us know if you need anything
    N2IT wrote: »
    It looks like I am going into this position. How will my management stint be remembered LOL.

    At least I am employed.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    UnixGuy wrote: »
    u will do it, don't worry :) Let us know if you need anything

    Thanks

    According to the documentation (high level) I will be doing

    This is a small sample of the check list I will be initally working off of. Verify Console Access, Backup, OS versioning, Register Installation Sources, Prepare for OS Imaging etc.

    I have step by step instructions lol. I will be training with some UNIX admins for a few weeks. I am excited to be honest. Myself and a few others will be updating kernal parameters on the SAP servers, and updating firmware on the SAN servers.

    Obviously I am a complete noob so I sound like an idiot, but I am going to give it a go. Should be a good time.

    I'll keep you posted. Funny how one moment I was slated for a PM position and then bam we really need to you focus on the technical side of things. :)

    It's really all about timing, but this may end up being a blessing in disguise.

    Cheers

    PS I am still going to finish my PMP. I worked to hard so far and my boss told me regardless of what IT field I am in the PMP is a great skillset to possess.

    PSPS I sent you bad rep trying to send you good rep. A message has been sent to Webmaster and yourself. I know Webmaster will clear it up immediately. My best regards and apologizes.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Yes we follow a check list too. Each vendor has a check list to follow, so you're doing the right thing here. Read the "release notes" for any possible bugs, and make sure you have a valid backup before you patch :) don't worry about the reps :)

    just finish your PMP as you planned, now you will have both technical and management skills together
    N2IT wrote: »
    Thanks

    According to the documentation (high level) I will be doing

    This is a small sample of the check list I will be initally working off of. Verify Console Access, Backup, OS versioning, Register Installation Sources, Prepare for OS Imaging etc.

    I have step by step instructions lol. I will be training with some UNIX admins for a few weeks. I am excited to be honest. Myself and a few others will be updating kernal parameters on the SAP servers, and updating firmware on the SAN servers.

    Obviously I am a complete noob so I sound like an idiot, but I am going to give it a go. Should be a good time.

    I'll keep you posted. Funny how one moment I was slated for a PM position and then bam we really need to you focus on the technical side of things. :)

    It's really all about timing, but this may end up being a blessing in disguise.

    Cheers

    PS I am still going to finish my PMP. I worked to hard so far and my boss told me regardless of what IT field I am in the PMP is a great skillset to possess.

    PSPS I sent you bad rep trying to send you good rep. A message has been sent to Webmaster and yourself. I know Webmaster will clear it up immediately. My best regards and apologizes.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    UnixGuy wrote: »
    Yes we follow a check list too. Each vendor has a check list to follow, so you're doing the right thing here. Read the "release notes" for any possible bugs, and make sure you have a valid backup before you patch :) don't worry about the reps :)

    just finish your PMP as you planned, now you will have both technical and management skills together

    In your opinion should I focus 100% on the PMP or mix a little Nix in there? I have the Linux + book and Ubuntu on one of my laptops at home. Is there really any value in studying that or just learn on the job and stick with the PMP?

    Either way I am going to study for the PMP, but I wanted to get your expert opinion. Thanks again
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    Patching in general, these days, isn't difficult, depending on the OS. Most of the distro vendors don't make changes to packages that will break currently running software, they save those for versin upgrades. Now operating system upgrades, otoh, can be a royal pain, and should be done by a skilled sysadmin. In particular be careful of distributions that use generic names. For example, if you're running debian, and you have your boxes set to update from the 'stable' repository, when your guys patch, they could be doing a full OS upgrade instead of a general patch run. For that reason, I recommend that debian sources refer to the specific distributions name - that way you don't get any surprises.

    Each distro has it's unique quirks for it's package management system, but all in all, it's not a terribly difficult thing to learn.
  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    Patching in general, these days, isn't difficult, depending on the OS. Most of the distro vendors don't make changes to packages that will break currently running software, they save those for versin upgrades. Now operating system upgrades, otoh, can be a royal pain, and should be done by a skilled sysadmin. In particular be careful of distributions that use generic names. For example, if you're running debian, and you have your boxes set to update from the 'stable' repository, when your guys patch, they could be doing a full OS upgrade instead of a general patch run. For that reason, I recommend that debian sources refer to the specific distributions name - that way you don't get any surprises.

    Each distro has it's unique quirks for it's package management system, but all in all, it's not a terribly difficult thing to learn.


    I consider these write up as support and I really do appreciate it this. Things are still up in the air, but this group has a major problem with patching and needs additional resources. I will gladly help, but I want to make sure this isn't something I am going to blow or struggle with.

    Is there any recommended material or just go with the enterprise training program provided by the Unix team? Like I mentioned early I am full bore on the PMP and hope to sit the exam in mid December.

    Thanks again for all your knowledge and conversation.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I think you should take PMP anyway. So many people who worked for a long time in Linux/UNIX and even Storage, they moved to pre-sales/architect/PM positions that needed their technical skills as well. PMP (and ITIL) is always an asset, you should get it over with.

    Build your *NIX skills as you go with the job. Linux+ is excellent, and will give you a very nice foundation in *NIX in general. The real value comes with experience. Red Hat certs will increase your marketability if you look for linux sysadmin jobs in the future. PMP/management experience will pave the road for architect/Team Lead positions as well. It's all good I guess
    N2IT wrote: »
    In your opinion should I focus 100% on the PMP or mix a little Nix in there? I have the Linux + book and Ubuntu on one of my laptops at home. Is there really any value in studying that or just learn on the job and stick with the PMP?

    Either way I am going to study for the PMP, but I wanted to get your expert opinion. Thanks again
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    UnixGuy wrote: »
    I think you should take PMP anyway. So many people who worked for a long time in Linux/UNIX and even Storage, they moved to pre-sales/architect/PM positions that needed their technical skills as well. PMP (and ITIL) is always an asset, you should get it over with.

    Build your *NIX skills as you go with the job. Linux+ is excellent, and will give you a very nice foundation in *NIX in general. The real value comes with experience. Red Hat certs will increase your marketability if you look for linux sysadmin jobs in the future. PMP/management experience will pave the road for architect/Team Lead positions as well. It's all good I guess


    Sounds like an excellent plan.

    I'm anxious to get my hands on some Linux and Unix boxes. My career path is locked PMP, MBA, etc.

    I don't see myself getting any technicial certificates, but the actual hands on will be there and I am pretty darn excited about it. I just hope this isn't a one off type of role where I am transitioned off after 4 months to get tossed onto a project. I am hoping if I engage in this journey I will get at least 1-2 years experience out of it.

    But hey that is just me, I really don't have a say with where I am at. I deliver and therefore I am leveraged.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I think you can (and you should) get both the PMP/MBA/Management experience and the technical experience if there's an opportunity. Good luck :)
    N2IT wrote: »
    Sounds like an excellent plan.

    I'm anxious to get my hands on some Linux and Unix boxes. My career path is locked PMP, MBA, etc.

    I don't see myself getting any technicial certificates, but the actual hands on will be there and I am pretty darn excited about it. I just hope this isn't a one off type of role where I am transitioned off after 4 months to get tossed onto a project. I am hoping if I engage in this journey I will get at least 1-2 years experience out of it.

    But hey that is just me, I really don't have a say with where I am at. I deliver and therefore I am leveraged.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

Sign In or Register to comment.