Have you ever had the experience of teaching someone how to drive? In some respects, your Centrify implementation can follow the same process.
Adjust the seat… Check your mirrors… Buckle your seatbelt… Not too much pressure on the gas pedal… Press the brake a few times to get used to it… You need to get a feel for how much pressure to use… Always use your turn signal so other drivers will know what you plan to do (even if they choose to ignore it)… Always check the street twice before pulling out… Slow down… Speed up… You are following too close…
If any of this sounds familiar, you have either had the privilege of teaching a person to drive, or you remember being on the receiving end of those instructions. I had the privilege of helping to teach three teenagers to drive. There were many times when I wished that I had another steering wheel or brake pedal on my side of the car!
I distinctly remember the Driver’s Ed car that we had to use when I was in school. The dealership had installed a passenger side brake pedal so the instructor could intervene if necessary. More often than not, it was simply used to elicit puzzled looks from the student drivers… something is wrong with the car, it keeps slowing down… come to think of it.. I could have used that a few times with my teens.
But back to my story… all 3 teens learned to drive and at least one of them can still parallel park when needed. In the real estate world, the value of property can generally be summed up in 3 simple words.. location.. location.. location.. Teaching someone to drive can also be summed up in 3 simple words.. patience.. patience.. patience.. If you get nervous, the trainee gets nervous and unpleasant things can happen.
Some of the same fundamental principles that apply to driver training can also be applied to the initial implementation of the Centrify Server Suite.
If you do not understand what you are doing, go back to the manual or ask someone that knows. Following the road signs is simple enough, but driving requires much more than that. You must constantly be looking at and evaluating all of the potential threats as you navigate the highway. Having a teacher that can talk you through all of the various threats can be the difference between not just passing or failing the driver’s exam, but also avoiding accidents in the future. When installing and setting up Centrify, do not ‘wing it’. The security of your servers is far too important to leave to chance. Centrify has a well-written documentation set and multiple online resources and forums where you can find answers to many frequently asked questions. Most customers were also connected to a Sales Team that included a Systems Engineer. Customers with an active support agreement also have access to our Centrify Support Center. There are a number of avenues available to get assistance. Do not hesitate to take advantage of the resources that can help. Not only can they help you with the immediate issue, but can also help you avoid decisions today that can lead to problems in the future.
Learning to drive does not happen by accident, it is a deliberate, planned activity. In most states today, license applicants must submit a driving log that chronicles their driving sessions with a licensed driver. Yes, you could fabricate the information, but not many parents would want their child behind the wheel without knowing that they had the experience need to be successful. I have seen a number of new customers who were deploying Centrify directly into their production environment without providing a ‘test’ environment for the Administrators to test and validate new roles and scripts. A separate test environment is certainly not required, but it does give inexperienced administrators a place, other than the production servers, to learn and hone their Centrify skills. Customers should also develop a realistic plan based on available resources and available time. A project plan to ‘Centrify’ 200 servers every 2 weeks looks great on paper, but if you only have one resource doing the deployment and he is also managing the legacy Unix Accounts on 800 servers and is on the on-call rotation for after hours support, and, and, and… You can toss the project plan out of the window. Be honest with yourself and with your project plan. As Administrators become more comfortable with and more experienced with the Centrify deployment, they will be able to pick up the pace of the installs.
Spend time up front on the deployment plan. Our ‘Best Practices’ are well documented and come from years of experience helping customers like you. Know your servers and what you are up against. Do you have a distinct UID for every user that is used on every server? That will certainly speed up the migration process. If not, the inconsistent UID space will have to be addressed and will likely slow things down. The same scenario goes for groups and GIDs. Some customers also go right after the SUDOER roles from the beginning, while other wait for ‘Phase 2’. The intent is to get the authentication piece implemented first and then come back later to work on the authorization piece. Either way will work, but plan your deployment accordingly and stick to your plan.
One more similarity to consider.. communication. I always tried to make sure my teens knew what we were going to be working on every time we went out driving. Whether it was going to a vacant parking lot to practice parallel parking, or backing, or heading out to the interstate to practice merging and lane changing, I felt like they should know ahead of time so they could mentally prepare for what was ahead.
In your Centrify migration, communication is absolutely critical. Application owners or Departments need to know well in advance so they can make plans and set expectations. Users need to know when to start using their AD credentials to logon to servers, and which servers are affected. Over and over again we see users locking out their AD accounts because they were not aware which servers were affected. Communication is also critical with the Project Manager. They need to be kept aware of the status and any expected changes to the schedule so they can handle setting expectations with the Departments and Application Owners, while you handle the deployment.
Plan your deployment, set realistic goals based on your knowledge of the environment, make use of available resources, keep the communication channels open and you should be on your way to a successful implementation. But beyond that, be patient. Do not rush the project just to meet a deadline. If it takes longer than you planned to get it right, then spend the extra time now and you will see the benefits in the end.