AUUG 2002 - Measure, Monitor, Control

Tutorial Programme

Sunday, 1 September Time Tut No. Tutorial Title and Outline
Half Day Morning Tutorial 9am - 12.30pm S3

Web Services for the Technical Practitioner, by Jan Newmarch

Web services are promoted as the next evolution of the Web, moving from person-oriented consumption of Web information towards machine to machine production and consumption of information. This will move one step closer to the "semantic Web", a goal of many in the Web community. In reality, many aspects of Web services are a poor implementation of twenty year old technology.

This tutorial examines Web services from a hands-on view of someone who has to build and deploy these services, and looks at the programming tools, languages and environments to do this. It will examine both the good and the weak aspects of Web technology, in order to understand the potentials and the limitations of Web services from a technical viewpoint.

The content will cover:

  • Overview and components of Web services
  • SOAP (Simple Object Access Protocol): concepts, scope and limitations
  • Programming language and library support for SOAP
  • Transport mechanisms: HTTP, email, etc
  • WSDL (Web Services Description Language)
  • UDDI
Jan Newmarch is a Professor in the School of Network Computing, Monash University, Australia. He has published extensively in the fields of AI and logic programming, user interfaces and Motif programming, Web technologies, and distributed middleware systems. He has written books on Logic Programming, X Window/Motif Programming and on Jini. He is a regular presenter of tutorials at technically oriented conferences, and has given tutorials at conferences in the US, Australia and Asia.

Half Day Morning Tutorial 9am - 12.30pm S4

SSH tips and tricks, by Damien Miller

This tutorial will introduce SSH to Unix users and administrators, focusing primarily on practical issues.

The tutorial includes a description of the features of the SSH protocols and the discussion of the differences between the two widely deployed versions. Following this will be a discussion of the various implementations available, with a special focus on OpenSSH.

We will cover practical usage of ssh, using OpenSSH in "live" demonstrations. These demonstrations will cover basic usage (remote login), though advanced tips and tricks.

The mode of presentation will be interactive and will largely depend on the will and level of experience of the audience. The following outline will be a rough guide of the areas that would be covered. Any remaining time will be spent in Q&A.

  • What is SSH?
  • History
  • Major user/protocol features
  • Shortcomings of SSH1 protocol
  • The SSH v.2 protocol
  • Unix implementations
  • Windows implementations
  • Other implementations / libraries
  • OpenSSH History
  • Building and installing OpenSSH
  • Initial configuration of OpenSSH
  • Remote log-in
  • File transfer
  • scp (including caveats)
  • sftp (usage & protocol)
  • rsync
  • Public key authentication
  • Restricted public keys & forced commands
  • Example: SSH access to a CVS server for developers
  • Local & Remote port-forwarding
  • Dynamic port forwarding (ssh as a SOCKS4 proxy)
  • Example: Using ssh to "burrow" through a firewall
  • Use of ~/.ssh/ssh_config

Half Day Afternoon Tutorial 1.30pm - 5.00pm S5

An Introduction to Monitoring with Netsaint, by Phil Roy

Netsaint is an open sourced monitoring package written by Ethan Galstad. It will monitor hosts and services on your network. It can be used to send email, page or SMS messages when problems occur or when they are resolved. Netsaint also has a web interface to view the status and history of your monitoring.

This half-day tutorial is an introduction to Netsaint. It is aimed for people who want to start monitoring or learn the basics of a Netsaint configuration. The tutorial will walk through the steps involved to get Netsaint Monitoring up and working with the use of equipment to demonstrate the concepts involved.

  • What is Netsaint
  • System Requirements
  • Netsaint's Home on the Web
  • Mailing Lists and Netsaint support
  • Downloading the software
  • Installing Netsaint
  • Directory structure and file locations
  • Determining availability of hosts
  • Notifications
  • Plugins
  • Service check scheduling
  • State Types
  • Time Periods
  • Configuration Introduction
  • Main configuration file
  • Host configuration file
  • Checking the configuration
  • Starting Netsaint
  • Stopping Netsaint
  • Log files
  • Standard Plugins
  • Service check configuration and examples
  • Host check configuration and examples
  • Installing the web interface
  • CGI Authorisation
  • Exploring the web interface
  • Introduction to Gnokii
  • Installing Gnokii
  • Configuring SMS notifications
  • Redundant Monitoring
  • Distributed Monitoring

Phil Roy now runs a business providing monitoring, measuring and reporting services.

Half Day Afternoon Tutorial 1.30pm - 5.00pm S6

Defining a Sensible Security Policy, by Peter Sandilands

To properly select and deploy security technology you must have an idea of what you are protecting and how/why. That is just what a security policy is about. This session will take you through the steps involved in defining a security policy for a business and how to use that as a basis for selecting appropriate technology to secure your environment. The session will be based around current standards, ISO 17799, AS/NZS 4360.
  • What is security?
  • What guidelines are around to use?
  • Who should be involved in the definition process?
  • Steps to follow in building the policy
  • How to get buy-in.
  • Planning for the ineviutable incident.

Note: No prior knowledge is needed for this session

Monday 2 September 2002 Time Tut No. Tutorial Title and Outline
Half Day Morning Tutorial 9am - 12.30pm M3

Open Source Database Systems - An Introduction, by Joel Sing

As the information age continues to grow, so does the need for data storage that facilitates rapid and flexible access to information. We constantly hear about database systems offered by Oracle and Microsoft, but what about open source alternatives? This tutorial will provide an introduction to two of the many open source databases available, along with a brief overview of database fundamentals. Topics to be covered include:

  • The need for databases - why they exist and when would you use one
  • Structured Query Language (SQL) - a brief introduction
  • Details on available open source database systems (PostgreSQL, mySQL, etc)
  • Feature comparison between PostgreSQL and mySQL:
    • Installation and configuration
    • Creation/deletion of a database
    • Table and schema management
    • Securing PostgreSQL (overview)
  • Programmatic interfacing to a database
    • PHP/mySQL
    • Perl/DBI programming
    • C/C++ interfaces
  • Dynamic Web application using a database backend - a real world example

Joel is one of the founders of of Ionix Technology, a Bendigo based company that provides computing solutions (open source whenever possible) to small and medium enterprise. He is a highly skilled software engineer, with many years experience developing complex software systems, including database based and web based applications. Joel is also a sessional lecturer at La Trobe University, Bendigo, having completed his computing honours degree in 2001.

Half Day Morning Tutorial 9am - 12.30pm M8

Building a Broadband Internet Gateway, by Peter Sandilands

With broadband connections to the Internet becoming more common the challenge becomes connecting through them securely and taking advantage of the speed. This tutorial will take you through the steps of building a secure gateway using an old clunker, 486 box and FreeBSD. IPFILTER will provide the firewall and NAT capabilities.
  • Hardware requirements - how little can I get away with?
  • Software requirements - How do I source it?
  • Installing the OS - including headless install
  • Configuring the OS to include IPFILTER
  • Securing the gateway and implementing NAT
  • Setting up remote management
  • Bigpond Cable specifics
  • Optus Cable specifics
  • Telstra DSL specifics

Note: This is not an installation tutorial. You should be comfortable at a shell prompt but definitely do NOT need to be a guru.

Half Day Afternoon Tutorial 1.30pm - 5.00pm M6

Practical IPSEC, by Adrian Close

Networks on the Internet are increasingly turning to firewalls as a means of protecting themselves against external network-based attacks, creating their own small islands of trust.

However, the increasing need for secure, inter-network communications requires extending that trust across the Internet itself - a risky proposition in an increasingly hostile network environment.

Implementing IPSEC is one plausible solution and this tutorial will cover the fundamentals of doing this in the real world.

Practical demonstrations of the technology involved will be given throughout the tutorial, which will include debugging techniques useful for successful deployment and interoperability of various IPSEC implementations.

Topics:
  • Why IPSEC?
  • Basic IPSEC - ESP, AH, SAs and SPIs.
  • Encryption algorithms - choices and availability.
  • The problem of key exchange.
  • ISAKMP overview.
  • ISAKMP authentication using shared secrets and certificates.
  • PKI - myths and realities.
  • Alternatives to ISAKMP.
  • IPSEC implementations and interoperability issues.
  • IPSEC and IPV6 - a vision of the future.

Half Day Afternoon Tutorial 1.30pm - 5pm M7

Mac OS X Server on Xserve, by Joseph Cox, Apple Computer

This session is a demonstration and hands on tutorial giving you the opportunity to explore Apple's Mac OS X Server, and discover what is under the hood of Apple's new server hardware - Xserve.

Numbers will be strictly limited to allow participants hands-on access (via supplied wireless laptop). This session will be repeated Monday Afternoon and Tuesday Morning, to allow the maximum number of people to attend.

Mac OS X Server has the power and openness of UNIX with the simplicity and elegance of Macintosh. It provides a superior architecture for connecting Macintosh, Windows, UNIX and Linux clients to each other, sharing printers, exchanging email, hosting dynamic web sites, deploying flexible and scalable network applications, providing network services, and streaming real-time digital media.

Xserve is designed-from-the-ground-up as a server-class workhorse. The 1U (4.4 cm) rack-mount Xserve comes with a choice of one or two 1GHz PowerPC G4 processors running at speeds of up to 15 gigaflops, 2MB of dedicated L3 cache memory per processor with up to 4GB/s throughput, two full-length 64-bit, 66MHz PCI slots for up to 533MB/s throughput, and up to 2GB of DDR SDRAM. Plus four drive bays holding up to 480GB of internal disk space using hot-plug Apple Drive Modules, dual Gigabit Ethernet, and the complete suite of robust, standards-based network services in Mac OS X Server.

The content will cover:

  • Overview and components of Mac OS X Server
  • Installation and setup of typical services
  • Mac OS X Server's standards-based UNIX underpinnings
  • Overview and components of Xserve hardware
  • Mac OS X Server Administration: GUI and/or CLI (all via wireless laptop)

Joseph Cox is a Systems Engineer with Apple Computer Australia. A keen hobbyist since the first generation of personal computers, like many, he ended up working in IT by default. Conversant in many platforms, (although a long time Mac fan), he is very excited about the Unix and Mac worlds finally meeting. Born on the 1st Jan 1970 (%date -r 0), he was always destined to end up fiddling with Unix in one guise or another.

Tuesday, 3 September 2002 Time Tut No. Tutorial Title and Outline
Full Day Tutorial 9am - 5pm T1

Securing Enterprises with the Solaris Security Toolkit (aka JASS), by Alex Noordergraaf

Never has there been such attention given to the security of systems and environments. While this is a positive in many ways, it has also lead to more and more security related bugs being found, more advanced hacker tools being developed and released, and more patches to install. Managing the security of datacenters and distributed environments has become more and more challenging.

The Solaris Security Toolkit was developed to simplify the creation and maintanence of secure environments. It is an extensive framework of security-related scripts which can be easily customized to any environment's Solaris security requirements. The tutorial will present details on how to install and use the Toolkit to solve the security problems common to most environments. The discussion of how to use the Toolkit will be detailed enough that an administrator totally unfamiliar with it will be able to use the Toolkit in a minimum of steps.

Additionally, this tutorial will discuss specific applications and how their requirements can be implemented through the Toolkit. Applications to be evaluated include Apache and Firewall-1. Recommendations on how to best use the Toolkit to maintain the secure configuration of an environment will also be included. One of the most unique capabilities of the Toolkit is its multi-run undo feature. This capability will be demonstrated and its various options explained in detail. Contents:

  • Introduction
  • Using the Toolkit
    • In Standalone Mode
    • In JumpStart Mode
  • Integrating into Installation Process
  • How the Toolkit Works
  • Customizing the Toolkit
    • Creating Custom Driver
    • Enforcing Secuirty Policies
  • Case Study of Toolkit Use
    • Hardening Legacy Server
    • Building new Secure Server
  • Regular Toolkit use
    • Daily/Weekly/Monthly
    • After Patch Installation
  • Undo'ing Toolkit runs
    • What Multi-run undo is
    • How it Works
  • Extending the Toolkits Capabilities
  • Centralized Reporting with the Toolkit

Alex Noordergraaf has over 10 years experience in the areas of computer and network security. As the Security Architect of the Enterprise Server Products (ESP) group at Sun Microsystems, he is responsible for the security of midframe and high end Sun servers. He is also the co-founder of the very popular freeware Solaris Security Toolkit http://www.sun.com/security/jass and the author of the recently published Enterprise Security - Solaris Operating Environment book.

Before joining ESP, he was a Senior Staff Engineer in the Enterprise Engineering (EE) group of Sun Microsystems, where he developed, documented, and published security best practices through the Sun BluePrints program. Published topics include: SunFire 12K/15K security, Sun Cluster 3.0 security, SunFire midframe security, secure N-tier environments, Solaris OE minimization, Solaris OE network settings, and Solaris OE security which are available at the following URL: http://www.sun.com/security/blueprints. He co-authored Jumpstart Technology-Effective Use in the Solaris Operating Environment.

Prior to his role in EE, he was a Senior Security Architect with Sun Professional Services where he worked with many Fortune 500 companies on projects that included Security Assessments, Architecture Development, Architectural Reviews, and Policy/Procedure review and development. In addition to providing billable services to customers, he developed and delivered an Enterprise Security Assessment methodology and training curriculum to be used worldwide by SunPS. His customers have included major telecommunication firms, financial institutions, ISPs, and ASPs.

Full Day Tutorial 9am - 5pm T2

Building A Back Office Infrastructure Using Linux, by John Terpstra

This tutorial will provide detailed instruction on Linux fundamentals including:
  • User Interface Tools
  • Networking:
    • Adding an Ethernet driver
    • Configuring the Ethernet interface for TCP/IP
    • Setting up default and static routes
    • Handling non routing situations
    • Name resolution
  • Advanced Networking:
    • DNS
    • DHCP
    • Firewall/VPN discussion
  • Access Controls:
    • File system permissions
    • User and Group Management
    • Pluggable Authentication Modules (PAM/nsswitch)
  • Back Office Services
    • FTP
    • Web
    • Email
    • File and Print (SAMBA)
    • SQL Server (Postgresql)
    • MS Windows Client Configuration for interoperability

On conclusion the delgate will have experienced the installation and configuration of a working alternative to Microsoft Windows 2000 BackOffice server.

Half Day Morning Tutorial 9am - 12.30pm T3

IPv6 here and now, by John Barlow

John Barlow will introduce IPv6 and discuss some of the practical side of connecting to and using IPv6. Inside of 3 hours we will touch on IPv6 headers, tunnels, routing, DNS, and other facets of implementing IPv6. This will include a hands-on section to connect you to the IPv6 Internet cloud (tunneling the traffic in IPv4) - so bring your laptop! You will need a recent unix/linux implementation - freeBSD, redhat 7.2/7.3 (could be 6.2), etc. - you can use XP or 2000, but it is a UNIX group) You will also need a mind for large numbers, as any IPv4 address you have will map to a /48 IPv6 CIDR block, which means each host in the class can hide 65,536 IPv6 networks each containing 18,446,744,073,709,551,616 hosts, not to mention the lattitude/longitude IPv6 address mapping you could also use.

John Barlow works for GrangeNet, a new multi-gigabit backbone network in Australia for research and education use, where he coordinates the newer services such as IPv6 and multicast. See http://www.grangenet.net/ and http://www.aarnet.edu.au/network/design/ipv6/.

Half Day Afternoon Tutorial 1.30pm - 5.00pm T5

Getting Beyond Monitoring, Pretty Damn Quickly!, by Neil Gunther

The theme of this year's conference is "Measure, Monitor, Control". The missing 'M' word is, Model. After you've measured and monitored, you'd like to use that data to forecast requirements to size application servers, for example, as part of future procurement. That's how you gain control in the long run.

Monitoring is akin to watching meter-needles wiggle. But UNIX performance 'meters' only convey the instantaneous state of the system. Such a purely reactive view provides no means for forecasting what lies ahead. Like weather forecasting, you need powerful tools that can take the data and convert it to performance predictions e.g., trends in resource consumption and bottleneck ranking. The classic tools used for predicting performance involve sophisticated queueing models. Afterall, you can't forecast the weather by simply listening to the leaves rustle. The bad news is, you don't have the time to create and validate sophisticated performance models. The good news is, your management doesn't have that kind of time either. Often, they're just looking for a sense of direction---not the actual compass bearing.

In this tutorial, I will present the necessary queueing concepts needed for fast performance prediction in an elementary and palatable style. We shall then throw those concepts at such apparently benign questions as: Does a single 2.4 GHz Pentium PC, a multi-way blade, or a racked cluster have the best performance? Finally, at the application level, we shall size web and middleware servers based on actual load-test measurements. All examples will be demonstrated using the open source queueing analyzer called "Pretty Damn Quick," available for free download from http://www.perfdynamics.com/Tools/PDQcode.html.

Neil J. Gunther, M.Sc., Ph.D. is a leading industry computer performance consultant who founded Performance Dynamics Company (www.perfdynamics.com) in 1994. Prior to that, Dr. Gunther held research and management positions at San Jose State University, JPL/NASA (Voyager and Galileo spacecraft), Xerox PARC research center and Pyramid Technology. His performance and capacity planning classes have been given to such worldwide organizations as Boeing, Fedex, MBNA, Motorola, Stanford University, and Sun Microsystems. He did a 5 city Road Show for AUUG in 1998.

Dr. Gunther is the author of over a hundred papers on computer performance topics, as well as the book THE PRACTICAL PERFORMANCE ANALYST (2nd edition paperback published by iUniverse.com 2000). In 1996 he was awarded Best Technical Paper at CMG, and in 1997 was nominated for the A.A. Michelson Award. Dr. Gunther is a member of the AMS, ACM, CMG, IEEE, SIGMETRICS, SAGE-AU and USENIX.

AUUG2002 Home | AUUG Home | Site Map | Email comment

webmaster@auug.org.au / $Id: tutorial.html,v 1.11 2003/02/25 03:45:32 benjsc Exp $