Normal Forms of Systems Administration
-
Database designers have a well established "denormalized" and "normal forms" of relational databases to help to understand the "level" to which proper relational design has been followed. It is also well understood that under special cases denormalizing can be beneficial, but should only be done when the designer knows the normal forms and knows why they are not using them. System administration needs something similar to understand how systems are administered, especially in regards to system access.
Fully Denormalized: Systems are logged into directly using a GUI, administration is one to one and graphical. This could include remote graphical access via a full terminal transport such as the console view in VMware ESXi.
First Normal Form: "Remote Graphical Access". The same processes and tools as fully denormalized but using remote access tools that can allow for effective access from anywhere but leverages OS level security. Common examples would be RDP and VNC.
Second Normal Form: "Remote Command Line Access". Same as above but using the command line instead of a GUI. Common approaches are SSH and PowerShell. Administration remains one to one.
Third Normal Form: "Remote Scripted Control". A form of "advanced command line" where commands can be used over a wide variety of machines programatically. Same tools as the second normal form, but with the addition of scripting or tasks rather than running individual commands.
Four Normal Form: "Remote API Control". Instead of connecting to a system remotely via a shell and running commands, a management API is leveraged remotely to control systems. A common example is Microsoft's RSAT, or DevOps tools like Ansible or Salt with commands being sent from a command server via API.
Fifth Normal Form: "Fully Described State". No logins and no commands are used but rather all administration is done via a state machine.
Some notes....
- After the second normal form, there is no "logging in" to an interactive shell. Only the first two normal forms involve the concept of being "logged in".
- After the third normal form there is no running of local commands directly at all. What commands are run are the purview of the management mechanisms and not the admin.
- Mixing forms means, just like with databases, that we are at the lowest form that is used.
-
@scottalanmiller So, I believe that I am in the 1st Normal Form. As a SysAdmin, how would I be able to progress to the 2nd Normal Form? For me to learn PS? What if I already have other systems that are still on the GUI and cannot be administered by script?
-
@scottalanmiller : Why Separate Remote GUI and Remote CLI?
-
Also, what are the benefits and costs between these normal forms? Not just directly monetarily, skill and time as well.
-
This conversation reminds me of Freeza
http://m.quickmeme.com/img/56/5690d6123aa690b0ba09382459e2955f56c0c224f281e9180b64bb95142be355.jpg
-
@NerdyDad said in Normal Forms of Systems Administration:
@scottalanmiller So, I believe that I am in the 1st Normal Form. As a SysAdmin, how would I be able to progress to the 2nd Normal Form? For me to learn PS? What if I already have other systems that are still on the GUI and cannot be administered by script?
That's a good question. Moving from GUI tools to PS is definitely the first step.
What about existing servers makes you locked into a GUI?
-
-
@scottalanmiller said in Normal Forms of Systems Administration:
What about existing servers makes you locked into a GUI?
Not particularly looking at the servers themselves, but more of the applications running on the servers. Particularly in a Windows environment.
Totally understand being able to use bash for *nix environments and their different layers, either at the OS layer or at the program layer.
-
@NerdyDad said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
What about existing servers makes you locked into a GUI?
Not particularly looking at the servers themselves, but more of the applications running on the servers. Particularly in a Windows environment.
Totally understand being able to use bash for *nix environments and their different layers, either at the OS layer or at the program layer.
What applications do you find lack options for administration.
-
@scottalanmiller said in Normal Forms of Systems Administration:
Fifth Normal Form: "Fully Described State". No logins and no commands are used but rather all administration is done via a state machine.
an example in real world? I stick to the forth form, and I'm not aware of anything after that!
-
@scottalanmiller said in Normal Forms of Systems Administration:
@NerdyDad said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
What about existing servers makes you locked into a GUI?
Not particularly looking at the servers themselves, but more of the applications running on the servers. Particularly in a Windows environment.
Totally understand being able to use bash for *nix environments and their different layers, either at the OS layer or at the program layer.
What applications do you find lack options for administration.
Example is that we left SW for SolarWinds Web Help Desk for our help desk and asset management. As far as I know, it is totally GUI and none of it is scripted, unless you are using their API. I have not yet gotten that far as to using the API at all unless I can just plug in API keys to get 2 applications to talk to each other.
-
@NerdyDad said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
@NerdyDad said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
What about existing servers makes you locked into a GUI?
Not particularly looking at the servers themselves, but more of the applications running on the servers. Particularly in a Windows environment.
Totally understand being able to use bash for *nix environments and their different layers, either at the OS layer or at the program layer.
What applications do you find lack options for administration.
Example is that we left SW for SolarWinds Web Help Desk for our help desk and asset management. As far as I know, it is totally GUI and none of it is scripted, unless you are using their API. I have not yet gotten that far as to using the API at all unless I can just plug in API keys to get 2 applications to talk to each other.
How is it managed though? Through a GUI app on the server? Or a webpage?
Exchange for example has an app you can install on your remote machine and manage it completely through APIs...
-
@Dashrender said in Normal Forms of Systems Administration:
@NerdyDad said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
@NerdyDad said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
What about existing servers makes you locked into a GUI?
Not particularly looking at the servers themselves, but more of the applications running on the servers. Particularly in a Windows environment.
Totally understand being able to use bash for *nix environments and their different layers, either at the OS layer or at the program layer.
What applications do you find lack options for administration.
Example is that we left SW for SolarWinds Web Help Desk for our help desk and asset management. As far as I know, it is totally GUI and none of it is scripted, unless you are using their API. I have not yet gotten that far as to using the API at all unless I can just plug in API keys to get 2 applications to talk to each other.
How is it managed though? Through a GUI app on the server? Or a webpage?
Exchange for example has an app you can install on your remote machine and manage it completely through APIs...
Through a webpage. I guess I could manage it through the API if I really wanted to hate myself.
-
@NerdyDad said in Normal Forms of Systems Administration:
@Dashrender said in Normal Forms of Systems Administration:
@NerdyDad said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
@NerdyDad said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
What about existing servers makes you locked into a GUI?
Not particularly looking at the servers themselves, but more of the applications running on the servers. Particularly in a Windows environment.
Totally understand being able to use bash for *nix environments and their different layers, either at the OS layer or at the program layer.
What applications do you find lack options for administration.
Example is that we left SW for SolarWinds Web Help Desk for our help desk and asset management. As far as I know, it is totally GUI and none of it is scripted, unless you are using their API. I have not yet gotten that far as to using the API at all unless I can just plug in API keys to get 2 applications to talk to each other.
How is it managed though? Through a GUI app on the server? Or a webpage?
Exchange for example has an app you can install on your remote machine and manage it completely through APIs...
Through a webpage. I guess I could manage it through the API if I really wanted to hate myself.
You don't need the API, you can just use the webpage from your PC. Now you are level 2. I.e. first normal.
-
@matteo-nunziati said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
Fifth Normal Form: "Fully Described State". No logins and no commands are used but rather all administration is done via a state machine.
an example in real world? I stick to the forth form, and I'm not aware of anything after that!
I've worked a few places that were fifth form. Examples would be systems fully defined in state files with something like Ansible or Chef. The admins never run commands on the servers, even remotely through arms length tools like Salt.
The state of systems is fully defined in code that you would expect to track in GIT or Mercurial. The systems are self managing via their state machines and descriptions. Systems totally build themselves.
-
@scottalanmiller said in Normal Forms of Systems Administration:
@matteo-nunziati said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
Fifth Normal Form: "Fully Described State". No logins and no commands are used but rather all administration is done via a state machine.
an example in real world? I stick to the forth form, and I'm not aware of anything after that!
I've worked a few places that were fifth form. Examples would be systems fully defined in state files with something like Ansible or Chef. The admins never run commands on the servers, even remotely through arms length tools like Salt.
The state of systems is fully defined in code that you would expect to track in GIT or Mercurial. The systems are self managing via their state machines and descriptions. Systems totally build themselves.
What size of companies have systems like this? Are these large enterprises with deep pockets or can an SMB do this as well?
-
@NerdyDad said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
@matteo-nunziati said in Normal Forms of Systems Administration:
@scottalanmiller said in Normal Forms of Systems Administration:
Fifth Normal Form: "Fully Described State". No logins and no commands are used but rather all administration is done via a state machine.
an example in real world? I stick to the forth form, and I'm not aware of anything after that!
I've worked a few places that were fifth form. Examples would be systems fully defined in state files with something like Ansible or Chef. The admins never run commands on the servers, even remotely through arms length tools like Salt.
The state of systems is fully defined in code that you would expect to track in GIT or Mercurial. The systems are self managing via their state machines and descriptions. Systems totally build themselves.
What size of companies have systems like this? Are these large enterprises with deep pockets or can an SMB do this as well?
Any size can do it. Companies with only one server probably aren't going to do this. But you don't need much to justify it if it makes sense for your environment and even shops with no servers and only desktops might make sense.
-
Given current market options, one of the interesting things about fifth normal form is that it allows you to shift funds from tooling to staff. You can replace existing tooling with free tools while reducing staff headcount.
With fifth normal form is when we start to see densities change dramatically. It is in fifth normal form that we start to see the ability to manage thousands of systems per admin.
-
@scottalanmiller said in Normal Forms of Systems Administration:
Given current market options, one of the interesting things about fifth normal form is that it allows you to shift funds from tooling to staff. You can replace existing tooling with free tools while reducing staff headcount.
With fifth normal form is when we start to see densities change dramatically. It is in fifth normal form that we start to see the ability to manage thousands of systems per admin.
So would XO be a Fifth normal form?
-
Applying server techniques to desktops, we might make hundreds or thousands of desktops able to be managed by one person.
