Imaging With Partimage

One common task for system administrators is desktop management. When managing multiple desktops a very common practice is to install the desired operating system on a desktop and configure everything on it so it is ready to be used in the environment. Then an "image" is created and saved to a disk or to a file share on the network. Creating these images is done by using a tool such as Norton Ghost. The image can then be restored on additional systems with the same hardware specs.

Most of the commercial products for accomplishing this charge a fee for each system that will either have an image created from it or restored to it. This means that if I have 100 computers systems to manage with the imaging software, and the imaging software costs about $25 per license, totaling $2500 in licensing fees. Granted that $2500 provides a lot of nice features.

For IT shops on a strict budget there is Partimage. Partimage is an open source imaging solution that works with Linux and Windows. According to the official site imaging partitions with NTFS is experimental, but I haven't had any issues yet. Actual experiences may very. In other words, please test this extensively before becoming dependent on it.

I tested Partimage with a Kubuntu installation and a MS Windows installation. Creating the image worked pretty much the same with both. The easiest way to use Partimage is to download the System Rescue CD iso image, burn it to a blank CD, and boot the target system from it. Once booted a few steps need to be completed before actually starting Partimage.

1. Setup the network. By default the System Rescue CD does not initialize the network. To get it going simply run the command "net-setup eth0" and answer the questions. I didn't try a wireless connection because lets face it, no one wants to copy a multiple gigabyte file across a wireless connection.
2. If you want to save the image file to a network share that share must first be mounted. I have a samba share on one of my Ubuntu servers to store the images on. To mount the Samba share I used these commands:
   
   mkdir /mnt/samba
   mount -t smbfs //ubuntuserver/images /mnt/samba

Be sure to replace the server and share names with actual server and share names.

To run partimage simply use the command "partimage". This will launch partimage in interactive mode with a GUI and everything. First select the partition to create the image from or restore the image to. Next type the full path of the image file. The downside here is that there is no browsing so you have to know the full path and filename of the image you want to use. When typing the image path be sure to use /mnt/samba rather than trying a UNC path.

On the next screen there are options to save the image file using no compression, gzip compression, or bzip compression. I opted for gzip compression as I don't want to waste drive space but I also don't want to wait forever for the bzip compression.

Here are the statistics of creating image files for the Xubuntu and Windows installations on the same hardware.

OS	Partition	Raw Data	Image Size	Create Time	Restore Time
Xubuntu	root	1.4 GB	620 MB	8m	1m40s
Xubuntu	home	3.71 GB	3.2 GB	39m	7m 46s
Windows XP	C:	4.4 GB	2.7 GB	28m	11m 22s

When restoring an entire system where the existing partitions don't match you can restore the partition table from one of the images first which will recreate the partitions like they were on the system the images were created from.

Partimage is an imaging utility that provides basic functionality at a price that can't be beat. If using it to manage Windows installations it could be combined with the Microsoft sysprep utility it could be used to create one image file that supports multiple hardware configurations.

Good luck, and let me know how it works for you.

Bandwidth Measurement With Iperf

Every once in a while I have needed to know what kind of bandwidth I have between two systems. Typically the systems are separated by a WAN link, but occasionally I have had to check between systems on the same wired LAN. The Iperf tool runs as a server on one system and as a client on another system. The two send data back and forth and calculate the bandwidth.

For Windows systems download the program from the homepage and save somewhere you can easily get to it from a command prompt. For Linux systems it can most likely be installed from your favorite package manager (apt, yast, yum, etc). First start it up on the system that will act as the server. Simply use the command:

iperf -s

Then start it up as a client on the other machine:

iperf -c <ip.address.of.server>

The server name can be substituted for the IP Address if it resolves through DNS.

By default Iperf sends data in one direction only. By specifying -d on the command line it will perform a simultaneous bi-directional test. Additional options can be specified for determining how much data to send (-n) and how long to run the test (-t).

Let me know if you've used the tool or have a better way to test bandwidth.

Secure Computer Disposal

One of the great things about computers is that they are getting better all the time. Of course, one of the bad things about computers is that they are getting better all the time. This means that computers need to be upgraded or replaced every few years to keep up with the latest operating systems and software. And what do you do with the old computers when they are replaced? Some companies give them to schools, charities, or even employees. Others sell them to recycling companies who dispose of them for them.

But what about the data that is on those hard drives? However the system is disposed of the data is still there for someone to use in whatever way they want. Some may argue that their data isn't valuable, and most of it may not be, but you never know what may have inadvertently made it's way onto that computer you just gave away.

To protect against this all you have to do is simply format your hard drive. That way no one can see the files on it. No - wait! Formatting doesn't actually delete the data off the hard drive - it can still be recovered by people who really want it. To REALLY scrub that hard drive clean I've found a tool called Darik's Boot and Nuke (DBAN). DBAN "is a self-contained boot disk that securely wipes the hard disks of most computers. ...DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis."

To use DBAN, simply download and burn either floppy disk/USB image or the bootable CD ISO image. Older computers probably have floppy drives but won't boot from USB, and newer computers probably don't have floppy drives but will boot from USB. Otherwise it's a good bet whatever system you want to wipe will boot from CD. Whichever one you go with might take a while to download as the image is whopping 2MB (might take a while if you are on dial-up!).

After booting from the CD you press Enter to get to the DBAN menu or you can type "autonuke" to automatically start the wipe process with the default options.

Assuming you just pressed enter you get to the main screen. Since there is no mouse support the keyboard navigation key is at the bottom of the screen. The default options may be good enough for you, and if not, feel free to set this up any way you want. Your company may have specific requirements for wiping hard drives so you'll want to select the wipe method that meets those requirements. Before starting you need to select which hard drives should be wiped using the space bar. When you are ready to begin hit F10.

The wipe process can take anywhere from a few hours to a full day depending on the speed and size of the hard drive(s) being wiped. So you may not want to sit and watch it. If something happens in the middle of the wipe (like the computer gets unplugged) you will have to start over from scratch.

Hopefully this will help keep your or your company's data safe potential theft due to improper disposal. Drop a comment if this was helpful at all.

Update: Suzen Honeck let me know that this doesn't always work with SATA drives unless the BIOS is set to compatibility mode instead of AHCI. So check that if you have issues.

Admin Daily

Daily system administration can be a huge chore. Administrators can work with Microsoft Windows, Unix/Linux, Mac's, or a combination of the three. Besides all of the desktops there are file servers for centralized file storage and sharing and print servers for sharing and managing printers. Additionally there are usually an assortment of database, web, and application servers. Behind all of these servers and desktops there are the hidden network services that a lot of times are overlooked until they are needed, including backups and security.

The real trick is figuring out how to manage all of these systems as a whole rather than as individual units. Otherwise it would take an army of system administrators rather than just a few. Some admins are better at this then others. Below are some of the skills that separate the mediocre from the wizards.

1. Scripting
   This is one the most important skills a system administrator can have. Yet with all of the administrators and technicians I have worked with it is one of the most rare skills I've seen. Writing a script, whether in VBScript, Perl, Python, or even a good old batch file, is the key to not have to do the really boring parts of a job over and over again. Need to reboot a bunch of servers or desktops routinely? Write a script! Need to push a security patch to all the desktops on the floor? Write a script! Especially since the task will inevitably need to be done again next week or next month. Of course it might take an entire day to write a script to do a task that would have taken an hour or less to do by hand, but not ever having to do that task by hand again is priceless.
   
   
2. Linux
   People who run Microsoft Windows networks typically know Windows and not much else. Many times (not always) they look for software solutions through "Microsoft Goggles." If it's not made by Microsoft, don't bother applying. Linux is not the end-all-be-all solution, but neither is Microsoft. There are tools all over the internet that make daily system administration easier. Some of them are free, some of them are not. Some of them run on Linux, some of them run on Windows. Learning how to install and work with Linux opens up a whole new world of possibilities.
   
   
3. Troubleshooting
   This is an essential skill for any technician but I have seem many instances where it was lacking. Understandably it can be difficult to accurately assess someone's troubleshooting skills in an interview, so the true skill in diagnosing problems isn't found until after a new person has been on the job for a while. I have seen technicians look at a problem and try one or two things they have done before, or have seen done before, then give up and go and ask someone else for help. I think this stems from the desktop support world where if a computer is broken, just get a new freshly imaged one from the shelf and copy the user's data to it. People don't need troubleshooting skills to do that. Unfortunately, things aren't always that easy. Servers, networks, and even desktops require much more skill to maintain properly. Admins need to be able to try different approaches to a problem when they hit dead ends.
   
   
4. Customer Service
   I have heard so many stories about administrators that are so good with computers but can't talk to a person. Understanding the customer, whether internal to the business or external clients, is vital to knowing how they need their systems to work or even what systems they need. If the customers don't feel as though they can approach their administrator it will be that much harder to get vital information from them when problems arise. Establishing a good rapport with the end users goes a long way towards making the job easier.
   
   
5. Googling
   I can't tell you how many times I've received calls from support technicians asking about a problem they're having and a simple Google search has the fix in the first result (I'm feeling lucky!). It's those times I have to resist the temptation to ignore the all important Customer Service and send them a link to justfuckinggoogleit.com. Those are the easy ones. There are of course more in depth issues that require a certain ability in finding the right search terms to come up with the answer but in the end I'm hard pressed to not be able to find a solution to a problem on Google. The answers are out there waiting to be searched for.
   
   
6. Scripting
   Did I mention this one already? Huh. It must be fairly important then. I really can't imagine doing any kind of system administration without being able to script pretty much any repeatable task.

If I missed an important skill or you disagree with me, leave a comment and let me know.