Managing Priorities

Railroad Switch

As IT personnel, it’s my job to help business-driven projects.  My support tasks generally take priority over my long term IT projects.  There are techniques to manage the priorities of these projects, and get them done.  Here are some ways to do it:

  1. Say When:
    1. Clarify how much time is needed.
    2. Determine if it can be handled now.   If not, make it known to others.
    3. If it can wait, then suggest an agreeable time.
  2. Learn More:
    1. Do quick impact analysis.
    2. Work with the requester for the results and standards required.
    3. Ask for additional learning material.
  3. Ask for help:
    1. Determine how the support requests fits into the bigger picture.
    2. Agree on roles and responsibilities from the people involved.
    3. Focus on required resources.
    4. Understand the task required.
    5. Get a completion date.  If not clear, then suggest times for status updates.

In every step, it helps to listen carefully, be polite, and be sensitive to the needs of others.

Contrary to popular opinions, IT is not entirely a lonesome job.  It gets easier to handle when I have the help of my colleagues.

Business may have unending projects.  It helps tremendously if I can prioritize them, according to the time and resources at my disposal.  Knowing what, when, and who are the keys to success.   The how will be answered eventually.  Asking why is counter-productive.

Google Data Center Efficiency

Google is leading the way in “Green IT” initiative when they started, in 2005, making their massive data center infrastructure as efficient as possible.  Their approach is definitely radical and unorthodox.  First using 12V batteries for each machine.  Then, using AAA shipping containers to house the numerous servers.  Google is an engineering company so obvioiusly they’re obsessed with making tiny improvements in every little corner of the data center.  It’s awesome.

Google did patent the setup, so it won’t take long before other data centers converts to it.  It’s a win-win situation for everyone.

Intro video:

Google summit videos:

Part 1:

httpvh://www.youtube.com/watch?v=Ho1GEyftpmQ

Part 2:

httpvh://www.youtube.com/watch?v=m03vdyCuWS0

Part 3:

httpvh://www.youtube.com/watch?v=91I_Ftsd-7s

More info on Google’s Blog.

URL Rewrite Examples

Rewrite Right - Flickr PhotoOne of the most common Webmaster task is to use mod_rewrite Apache module.  It’s a flexible and efficient way to redirect URLs.  It is useful to redirect non-functional URLs, moving domain names or renaming directories.

Below is a list of some of the frequently used mod_rewrites.

Note the [R=301] entries for 301 Permanent Redirect directive on the rules.  It’s a popular use to preserve SEO rankings of an older site that has been moved to a new one.

Simple redirect:

RewriteRule ^/sub/dir/home.html$ /sub/dir2/page.html [R=301,L]

Redirect http://domain.com to http://www.domain.com.  This is especially useful for an SSL certificate that’s already registered to www.domain.com name.  Note, the rule captures the query string and redirects with it:

RewriteCond     %{HTTP_HOST}    ^domain.com$      [NC]
RewriteRule     ^(.*)$          http://www.domain.com$1      [R=301,L]

To capture more than one variables in the query string, use the following.

RewriteRule ^([^/]*)/([^/]*)/([^/]*)$  /sub/program.jsp?arg1=$1&arg2=$2&arg3=$3 [L]

For redirects based on the URL’s query string, use QUERY_STRING to capture it for comparison.  Note the destination URL may use spaces if enclosed in quotes.

RewriteCond %{QUERY_STRING} ^id=2234$
RewriteRule ^/sub/dir/product.html$ “/sub/dir3/description.html?prodid=vac pro” [L,R=301]

Redirects can also be conditional.  For example, redirect everything except with a certain keyword.

RewriteCond %{REQUEST_URI} !/sub/dir/important.html$
RewriteRule ^/sub/dir/.*$ /main/dir/home.html [L,R=301]

With the above rule, it’s possible the original URL may have a query string.  To get rid of it, just add “?” to the end of target RewriteRule. For example:

RewriteCond %{REQUEST_URI} !/sub/dir/important.html$
RewriteRule ^/sub/dir/.*$ /main/dir/home.html? [L,R=301]

There are more examples out there.  Writing a comprehensive mod_rewrite guide is a full time job, so this list will continue to grow.  Here are some other useful references:

Photo Credit: Luke Seeley

Custom 404 Page Using JBOSS

Missing PuzzleHaving a custom “page not found”, or 404 page, is an important modification for any website.  It’s used to enhance the user experience by presenting an easy to understand message.

Setting up a user friendly error page is simple enough using Apache web server.  Just modify the line in httpd.conf and point it to a static HTML document:

ErrorDocument 404 /the404_page.html

With JBOSS (or Tomcat-like Java container) application server, it’s slightly trickier.  It has to be handled per web application basis.  The change is done on the web.xml file, with these entries:

<web-app>

<error-page>
<error-code>404</error-code>
<location>/the404_page.html</location>
</error-page>

</web-app>

For the root directory, modify the web.xml in the ./deploy/jboss-web.deployer/ROOT.war/WEB-INF directory.

Testing this setup in Firefox and Opera, the custom 404 page will automatically show up properly.

However, with Internet Explorer, a “The Webpage Cannot Be Found” message comes up instead.  This is a feature of IE to show Microsoft’s version of a “friendlier error message”.  In this case, we want to disable it, so the custom 404 page will show up.  It can be done via Internet Options -> Advanced tab :

Option in IE to Supress Custom 404 Error Page

Update: Microsoft Help & Support site states if the 404 error page is greater than 512 bytes, then IE will not show the friendly message.  So the page size must be a bigger one, not just a simple one liner.

Now that the applications are setup to serve up custom error page, here are some examples of beautiful 404 page designs to improve the user experience.

Proper Support Tips

Customer ServiceThroughout my years of doing tech support, I learned a few things about doing the job, without driving myself (or the customer) crazy.  Here are a few action plans:

  1. Always stay calm.
  2. Be helpful to customers.  Ninety-nine percent of the time, customers are nicer when they are given options to solve their problems.
  3. Document the issues in an electronic log (such as customer service knowledge base) that are search-able, for future reference.
  4. Stay up-to-date with the company’s products.
  5. Stay current with technology advances and industry standards.
  6. Get along with the other tech support peers.  Hang out with them, share your stories, and vent some frustration with each other.  Group therapy is good therapy. Most importantly, laugh it up together.
  7. Don’t stay at Level 1 tech support too long.  Make it a goal to move up, and handle more challenging questions to keep the job more interesting.

Finally, keep a sense of humor.   At the end of the day, it’s only a job, and life goes on.

Dilbert Comic on Tech Support

Green IT

computer_green-s2There is a big push by every company to go “green”.  The initiative started with the rising energy prices.  Another reason for the effort is to reduce pollution and waste.  Nowadays, it looks like the overall purpose for this push is to improve public relation and corporate image.

IT is certainly the first (and best) place to start for going green.  The savings are easily measurable and the latest technology allows the reduction in expense.

Shared Services

This model works best when a company has divisions around the globe.  A centralized data center, with excellent resources, needs to be chosen to handle the IT needs of the regional offices.   The consolidation includes servers and experienced IT teams.  With one data center, IT will save money by cutting the expenses of maintaining multiple sites.

Professional Open Source

Much of the open source products out there are excellent.  The support of the community made them a valuable source of technology.  The cost of open source software is free to begin with, so comparatively, building a professional version of it will be much less than a proprietary one.  The value in professional open source is in the tech support, which is the main reason a company purchases an Enterprise product.

Virtualization

With increasing CPU power, and decreasing prices for memory and hard drives, building a powerful server is easy and affordable.  Hardware capabilities have now outpaced the software requirements.  Modern operating systems are now able to “virtualize“, or carve out sub-sections, within the same hardware, to multiple software applications.  In a data center environment, the reduction in server hardware will be apparent by cutting power, rack space, and licensing requirements.

SaaS

Software as a Service (SaaS) is valuable when IT resource is severely limited.  One example is outsourcing a company that does e-mail newsletters.  For a company to run an in-house mail server, it will require a lot of resources.  Running bulk mailing lists through it will burden the infrastructure even more, possibly running the risk of an outage.  Outsourcing the software will also off-load the hardware, as well as the man power to maintain it.

The real benefits are to cut costs, reduce duplications, and streamline processes.    These should be standard operating procedure for every company.  Whether or not these steps are considered “green” is a matter of opinion, but everyone needs a renewed purpose to refocus on saving money.  It’s especially relevant in this slumping economy.  Going green is a great idea – only if it’s implemented efficiently, without much bureaucracy, paperwork, and politics.

SSL From Java Client

java_sslI’ve described a way to install a self-signing SSL certificate using OpenSSL for testing purposes.  When connecting to a web server using a web browser client, it is straight forward to add the “fake” certificate (just follow the instructions on the browser screen).  However, in a Java application, it’s a little bit more work.

The procedure is the following:

  • Obtain the SSL certificate from the website administrator.  Alternatively, use the browser:
  1. Browse the URL, for example:  https://www.testmachine.com
  2. When the security window popup appears, just click ‘continue’.
  3. The browser has an option to view the certificate.  With Internet Explorer 7, next to the Address Bar there’s a “Certificate Error” button.  Press that and view certificate.  With Firefox, click on the yellow lock at the bottom of the screen.
  4. Go to the Details tab.
  5. Click on “Copy to File”.  In Firefox, click on the “Export” button.
  6. Save the file as “website.cert”
  • Copy the Cert file to where the Java client is going to be executed.
  • Go to the JRE (Java Run Time) library under lib/security, for example: /usr/local/jdk_1.4.3/jre/lib/security/
  • The certs are stored in a file called “cacerts”.
  • Run the keytool app to import the “website.cert” file that was exported earlier from a web browser:

keytool -import -alias websiteAlias -keystore cacerts -file website.cert

  • Enter the default password: changeit
  • Check the content of the new “cacerts” file using:

keytool -list -keystore cacerts

  • Test it.   If it’s a web container (i.e. Tomcat), restart the JVM.

Webapper site has a short Java client test code, and a quick procedure to compile/run a client to test it.

IT Outsourcing Is a Bad Move

The Long Road HomeThe whole idea of outsourcing is to cut cost while staying competitive.  This is especially true with offshore outsourcing, where labor is cheap.  I suppose there are a lot of reasons to blame the domestic American labor force, such as the worker’s union, high standard of living, or high medical and legal costs.  While this might be true for blue collar jobs,  outsourcing the ones that require more specialized skills (like Information Technology) doesn’t make sense.

American IT workers are specialized and skilled workers.  They’re smart and creative people.  They’re also hard working.  They are extremely loyal if the companies treat them right.

But is all that worth sacrificing for the sake of cutting expenses?

Let’s take an example an offshore IT worker being paid $20/hour.  He does a good job.  Problem is, he’s now a hot commodity, so he won’t work for less anymore.  He’ll move on to the highest bidder.

So, let’s hire another offshore IT worker being paid $20/hour.  Now, the company has to waste time while he’s learning the ropes (or “ramping up”).  It’ll cost additional money in delayed projects, missed deadlines, high stress, and low morale.  Does he even have the same quality as the first one?

If yes, then we’re back to the guy looking for greener pastures.

If no, then we’re in a sink hole.  A company then needs to hire another candidate (or two) to help complete  the project.

Offshore turnover rate for IT workers is bad.  It also applies to non-IT workers.

Some companies have thought about offshoring to other countries with “emerging” skilled workers, such as China and Vietnam.  But those places are not any better, since China and Vietnam lack in communication skills, mainly with English language.

They’re also not up-to-date with technology due to export controls and lack of relevant education.  They’re trying to catch up with educating recent graduates with emerging technologies.  But it might be too late.  The market is being flooded with new graduates in the same field.  Also, now the job market in a slump due to the worldwide recession.

So what’s the best move now?

Stay home. In-source.  On-shore.

Nowadays, a lot of people are out of work, and they include skilled IT workers.  This is a great time to hire them at a competitive rate — possibly even cut rate!  Local IT workers are willing to work, and ready for the long term commitment.   Companies just need to step up and keep America working again!

Photo Credit: Tobi 2008

Setting Up Apache Web Server With Secure HTTP

Incorporating the use of Secure Socket Layer (SSL) library is straight forward with Apache web server.  This is the library I always use for all of my Apache web servers installations.  From one robust open source software to another, they’re a perfect fit.  They make deployment quick and easy.  Here’s are the steps for Apache HTTP and OpenSSL:

Compilation

Assuming the OpenSSL installation in /usr/local/ssl, the Apache web server source code compilation will require the configure option:

–enable-ssl –with-ssl=/usr/local/ssl

I use the following:

./configure –prefix=/usr/local/apache2 -enable-ssl –with-ssl=/usr/local/ssl

Then just run:

make install

On Unix platforms like Solaris and Linux, the configure and compilation should work without a hitch.

Configuration

Go to the configuration directory and edit the httpd.conf file (in my example /usr/local/apache2/conf) and uncomment this line:

include conf/extra/httpd-ssl.conf

Then proceed to the /usr/local/apache2/conf/extra directory and edit the httpd-ssl.conf:

  1. Specify the machine’s IP address to “listen” on port 443.  Specifying an IP address is useful if the machine has multi-homed (multiple IPs configured).
  2. Ensure the Signed SSL Certificate is on this machine.  Store it in /usr/local/apache2/conf/www.website.com.cert pathname.  It can be anywhere that’s accessible from the web server level.
  3. The SSL key for the host needs to be available also, and stored in the same /usr/local/apache2/conf directory.
  4. For the <VirtualHost> tags, edit the _default_ with the IP address, and may look something like this:

<VirtualHost IPAddressNum:443>

ServerName www.website.com

SSLEngine On

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile “/usr/local/apache2/conf/www.website.com.cert”
SSLCertificateKeyFile “/usr/local/apache2/conf/www.website.com.key”

<FilesMatch “\.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>

<Directory “/usr/local/apache2/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>

BrowserMatch “.*MSIE.*” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog “/usr/local/apache2/logs/ssl_request_log” “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

</VirtualHost>

References

Further options and settings for SSL are available from the Apache.org site:

Creating SSL Certificates for Secure HTTP

ssl_padlockThe use of Secure HTTP (or HTTPS) is essential to avoid getting my browser communication hijacked, or hacked.  For savvy web users, browsing a site with HTTPS is a must to protect login and other private information.  As a Web Application administrator, the way to accomplish this is to use the Secure Socket Layer (SSL) library in combination with an Apache web server.

The widely used SSL library is by OpenSSL.  It’s constantly updated, and it’s freely available.  I use it because it also compiles well on Linux and Solaris operating systems.   The source code is portable and has been tested in many flavors of Unix.  Windows install is available also.  Compiling the source code is as straight forward as running the “configure” script and run “make”.  The default install for OpenSSL is usually in /usr/local/ssl directory.

Once installed, the first step is to create a Key Pair:

/usr/local/ssl/bin/openssl genrsa -des3 -rand <anyfile1>:<anyfile2>:<anyfile3> -out www.website.com.key 1024

  • The anyfile1, anyfile2, or anyfile3 can be any file in the system.  There has to be at least one file specified.
  • Specifying a pass phrase is required in this case.  But for convenience, I might opt to do it without specifying a password.  To disable the password prompt, remove the “-des3” option.

Next create a Certificate Signing Request:

/usr/local/ssl/bin/openssl req -new -sha256 -key www.website.com.key -out www.website.com.csr

Fill in the requested information.  At the end of the questionnaire, a “challenge password” is usually not required.

Updated September 10, 2014: Due to SHA-1 weakness, it’s imperative to let the intermediate cert provider generate a cert without SHA-1 encryption.  Hence the -sha256 option when generating the CSR.

Submit the CSR to a CA such as Thawte or Verisign.  After payment is processed, they will send an email with directions how to get the certificate file.  It might require cut and paste of the cert code into a file, usually with  a .crt or .cert suffix (such as www.website.com.crt).

For development or QA environments, where a valid signed certificate is not required, I can create a self-signing one.  To create a “fake” (aka Snake Oil) certificate, use the following:

/usr/local/ssl/bin/openssl x509 -req -days 999 -in www.website.com.csr -signkey www.website.com.key -out www.website.com.cert

Both the cert and key files are required for the web server.  I’ll cover Apache web server installation in the next post.