‘Tis the season and all that. I have a short holiday message to all the managers of Networks and Network Security: Give your engineers a Linux box this year, and they will have the merriest of Diwalis, Christmases, Hannukahs, and/or other Winter holidays, as appropriate.
Give this Linux box permission to log on to your network devices, install scripting tools on it, and send your engineers links to websites where there are network configuration scripts for the downloading. They will be responsible and won’t run scripts without testing them first on a switch or three in the lab. But they’ll be ever so happy to have these tools!
The real struggle will be to ensure that the Linux scripting box is under proper management. Secure it so it can only be accessed via a jump host that’s used to access most everything else on your network. That’s easily done. An even bigger struggle may be to introduce a server that’s used almost exclusively by the network and network security teams. This means possible exception documents to file, meetings with the server and/or VM managers about patching and maintenance routines your teams will need to be aware of, and other managerial things of that sort.
After all, isn’t that why managers are called managers? They… manage… resources for the good of the firm. That Linux scripting host is a major IT resource, get on out there and manage away until your charges have one!
There are many Linux distributions out there – ask your engineers which one they’d like if your firm hasn’t yet standardized on a distribution. Once the distribution issue is settled, be ready to fight battles over making sure your engineers have appropriate levels of access and so the Linux box itself will be able to have the access it needs to get its scripting job done.
And what a scripting job it *will* do! Multivendor-aware scripts! Version-aware scripts! Little or no expense on annual licensing! Happy engineers learning how to use scripts to do all their work faster and with fewer errors – and what errors do crop up, what do you want to wager they’ll be fixable via other scripts? I’d wager rather a lot, but it would be at low odds, because that’s how things are done, you know.
I’ve seen Linux scripting boxes do things that proprietary config management utilities have failed to deliver, and that’s a huge deal. Even if you already have a proprietary solution, this Linux scripting host is going to complement that proprietary solution and give you so much more flexibility. The business case is here, I just wrote it: copy and paste and modify as needed, that’s my $HOLIDAY gift to you, O Network Manager!
If you read this article on your own or if you got this forwarded to you by your direct reports, please make this holiday season one of the best your firm has ever seen. Take a look at the image below:
That’s what a network engineer looks like after he’s gotten the paperwork finished that authorizes a Linux scripting host for his team to use. He’s so happy now that he knows that the configurations on those switches and routers and firewalls and all kinds of gear are going to be standardized and, hence, more secure. Why, he could even write a script to parse for unauthorized changes… his joy knows no bounds.
Be that manager this year. Be the person forever remembered as the manager who gave the gift of Linux.