Cat Herding

In 2000, EDS, a major information technology and business firm took the term “cat herding” and ran with it for this fantastic super bowl commercial, but what does cat herding mean?

The term is used to draw a parallel between cats, who are inherently independent and difficult to control, and IT workers, who are inherently independent and difficult to control. Anyone with a cat of their own probably has a good idea what I’m talking about. In a more broad sense, herding cats refers to getting different people or groups to coordinate on a goal.

Carla Emmons sums it up nicely:

Herding cats implies the futility inherent in a position as an IT manager.

In a modern IT shop it is quite literally impossible for a manager to know everything about their employees’ jobs and I believe that is the main cause of this precieved futility. To try to understand and control everything your employees are doing is just as bound to fail as trying to get your cat to come when you call its name. The good IT managers know it, the best ones embrace it.

So what is an IT manager to do? I think effective cat herding boils down to just these three things…

  1. Hire good people
  2. Get them the resources they need to do their jobs
  3. Protect them from the politics and metawork as much as possible

Remember, cat herding (IT management) isn’t about your own goals or job fulfillment, it’s about allowing your employees to reach their full potential.

funny, comercial, super bowl, it, it management, project management, buzzword, office lingo, language, definition

Getting Started with the Sun Fire T2000

SunFireT2000After receiving my try-and-buy Sun Fire T2000 over a week ago it’s finally up and running. While we have yet to hit it with much of a load, here are some thoughts on the out-of-box experience:

Before even powering up there are a couple interesting observations about the system. The first is the lack of power button, switch, or key. In fact there is only one button on the system and that is an indicator button which just flashes an LED on both the front and back of the system to make it easier to locate (a nice feature, by the way.) You’ll quickly find the hot-swappable dual power supply and fan compartment. The adventurous will find and the big button on top of the system which allows you to gain access to RAM and other non-hot-swappable components.

All of these compartments and components are accessible without the need for tools. The hard drives are on hot-swappable sleds which pop out the front of the box. The hard drives are small (2.5″ I believe) allowing room for 4 bays in the front and still affording enough space for ventilation. I was somewhat surprised to find laptop-style drives in a Sun server, but I guess I can’t come up with any reason not to.

After giving the hardware a good once-over it was time to get the T2000 up and running. I have to say Sun came up a little short on the out-of-box experience at this point. I’m comfortable with, even partial to the absence of on-board video on a server, and Sun has chosen to include serial via RJ-45 on the T2000. Sun was on the right track including two cables appropriately shielded for use with this port, but neglected to include an adapter to go to the 9 pin serial we all have on the back of our PCs.

After rummaging around for the proper adapter to hook the T2000 to an old laptop we plugged it in. The system is surprisingly (read obnoxiously) loud, but hey, it’s a server not a desktop. After a few minutes of the regular hardware diagnostics stuff the system came up to an sc> prompt.

This is where those who are not familiar with Sun’s newer hardware will come to a complete stop. The only documentation included with the system is the Sun Fire T2000 Server Getting Started Guide and that does little more than tell you what the different lights mean and where you can find more documentation online. If you get online and grab the Sun Fire T2000 Server Installation Guide this will walk you through dealing with the SC serial management port. In my opinion Sun should have included this one in hard copy with the system as well.

After a couple more steps things start to feel familiar and the rest of the setup is much like the Solaris 7, 8, and 9 installs I’m used to. With just a few extra steps here you can (and I’d recommend) configure the SC Network Management port which will allow you the same functionality as the SC Serial Management port without the need for the serial cable and adapter. You will need an extra network drop and IP address to use network management, but then you’ll be able to telnet to it for administrative functions. Of course in a production environment you’d want this behind a firewall or on a private subnet.

Other than that the system seems quick. Our next step is to get Oracle on the system and throw some queries at it. I’ll share more as soon as we get some results.

UPDATE: I have now had the chance to test drive some Oracle jobs on this system. Check out my findings here.

database, database administration, database administrator, dba, dbms, rdbms, solaris, sun, sunfire, sysadmin, system administration, systems administration, t2000, try and buy, unix, oracle

Secure Certificate Management in Oracle Application Server

Here’s my cliff notes directions for managing secure certificates using Oracle Wallet Manager. These directions were written for Oracle Application Server 10g(9.0.4) and my not work right with other versions. As always, don’t do it if you don’t understand it.

NOTE: When you generate a certificate request within a wallet you must then import the certificate into the EXACT SAME WALLET! So it is important to not forget the path, or password to the wallet, but also a copy can be made of the wallet by copying the ewallet.p12 and cwallet.sso files from the path where you saved the wallet to another directory.

Generate a certificate request:

  1. On the system you want to display the wallet manager on run
    xhost +serverhostname.
  2. ssh to the system the cert is for.
  3. Export the display to somewhere you can view it
    DISPLAY=localhostname:0.0; export DISPLAY
  4. Start Oracle Wallet Manager from $ORACLE_HOME/bin (should be in the path)
  5. Select New from the Wallet menu.
  6. Answer No to creating the default location.
  7. Give the wallet a secure password and select OK.
  8. Answer Yes to create a certificate request.
  9. Enter the following information to generate the request. If you’re not sure about some of this info, check with someone at your site who has done cert requests before. It is important that it is all accurate.

  10. Common Name: The fully qualified domain name (e.g.
    Organizational Unit: Typically a department name (e.g. Information Technology Services)
    Organization Name: Your organizations official name (e.g. Plymouth State University)
    Locality/City: Plymouth
    State/Provence: New Hampshire
    Country: United States
    Key Size: (1024 is OK, 2048 is better)

  11. Click OK once these values are all correct.
  12. Click OK in the “Please submit” dialogue.
  13. Select Auto Login from the Wallet menu.
  14. Select Save from the Wallet menu and save the wallet to a safe, non-public directory on your server (being careful not to overwrite another wallet.)
  15. Click on the certificate request in the wallet tree then select Export Certificate Request from the Operations menu and export the request to a file.
  16. Send the certificate request file to the certificate authority to obtain a user certificate.

Importing a Certificate:

  1. Follow the instructions above to connect to the server and export the display.
  2. Transfer the certificate you received from your certificate authority to the server.
  3. Open Oracle Wallet Manager and open the wallet the cert request was created from.
  4. Select Import User Certificate from the Operations menu. DO NOT import the certificate as a trusted certificate.
  5. Select Import Certificate From File and then select the file containing the certificate.
  6. If you are prompted to import the CA certificate, select Yes and follow these steps to get the CA cert:
    1. On a Windows box, rename the certificate to have a .cer extention (which should change the icon.)
    2. Double click on the certificate and select the Certification Path tab.
    3. Select the highest level of the certification path (e.g. Thawte Premium Server CA) and click View Certificate.
    4. Select the Details tab and click Copy to File…
    5. Follow the directions on screen to export the CA certificate as a Base-64 Certificate.
    6. Once exported, copy the CA certificate to the host the wallet is on.
    7. In the Import Trusted Certificate dialogue box, choose Select a file that contains the certificate and click OK.
    8. Select the CA Cert file you have just uploaded and click OK.
  7. The certificate should now have the word Ready next to it. That indicates the certificate is ready to use.
  8. Confirm that Auto Login is checked in the Wallet menu.
  9. Save the wallet by choosing Save from the Wallet menu.
  10. Exit the wallet manager.

From here you’ll have to follow the instructions in the Oracle HTTP Server Administration Guide to complete the SSL setup.

Importing a Renewed Certificate

These directions are for when your certificate authority has renewed your cert based on your previous request.

  1. Follow the instructions above to connect to the server and export the display.
  2. Transfer the certificate you received from your certificate authority to the server.
  3. Open Oracle Wallet Manager and open the wallet the cert request was created from.
  4. Click on the existing certificate, select Remove User Certificate from the Operations menu and click Yes to confirm.
  5. Click on the certificate (now in [Requested] status) from the wallet and select Import User Certificate from the Operations menu.
  6. Select Import Certificate From File and then select the file containing the certificate.
  7. The certificate should now have the word Ready next to it. That indicates the certificate is ready to use.
  8. Confirm that Auto Login is checked in the Wallet menu.
  9. Save the wallet by choosing Save from the Wallet menu.
  10. Exit the wallet manager.

oracle, oracle application server, oas, application administration, system administration, sysadmin

Management By Walking Around

I’m not sure when I was first introduced to the term “management by walking around” (or MBWA) but I experienced it in practice while working for Bob Bean at WebCT. It was hugely successful there and while appearing almost effortless, Bob managed to build a tight knit team out of a group of disparate IT workers.

The idea is in order to stay in touch with what the people who report directly to you simply walk around, talk to them, share with them, observe them, and don’t be critical. If you do this with all your employees on a regular basis, you will quickly identify where they are succeeding, where they are struggling, and where they need help.

As a natural byproduct of this technique a trust relationship builds up between employees and manager. The employees will feel like their manager knows what they’re doing and the manager will have a better rapport to address issues, both good and bad, with their employees.

While I could not find any clear origin for either the practice or the term of management by walking around, I did find some great information on it.

In this article from the author outlines 12 guidelines for MBWA:

  1. Do it to everyone.
    You may remain in such close contact with your direct reports that MBWA is redundant with them. The real power of the technique lies in the time you spend with those in lower levels of your area of responsibility. Get around to see those who work for your direct reports and any others whose work is important to you.
  2. Do it as often as you can.
    MBWA sends positive messages to employees. It reveals your interest in them and in their work, and it says you don’t consider yourself “too good” to spend time with them. MBWA also enables you to stay in touch with what is going on in your department, section or unit. Put aside at least thirty minutes a week to spend with all employees. Aim for once a quarter to see those you must travel long distances to visit.
  3. Go by yourself.
    MBWA is more meaningful when you visit with employees alone, and one-on-one. It encourages more honest dialogue and speaks loudly of your personal commitment to the idea.
  4. Don’t circumvent subordinate managers.
    Some employees may take advantage of your presence to complain about a supervisor who is your subordinate. Counsel them to discuss the issue fully with their supervisor first. If you have cause to question the supervisor’s judgement, don’t indicate so to the employee, but follow up privately with the supervisor.
  5. Ask questions.
    MBWA is a great opportunity to observe those “moments of truth” when your employees interact with your clients. Ask them to tell you a little bit about the files, projects or duties they are working on. Take care to sound inquisitive rather than intrusive.
  6. Watch and listen.
    Take in everything. Listen to the words and tone of employees as they speak to you and to each other. You’ll learn a lot about their motivation and their levels of satisfaction. In the words of Yogi Berra, “You can observe a lot just by watching.”
  7. Share your dreams with them.
    As a Yukon Dog Team handler used to say, “The view only changes for the lead dog.” MBWA is a solid opportunity to make sure that when you lead the sled in a new direction, the employees behind you won’t trip over themselves trying to follow. Tell them about the organization’s vision for the future, and where your vision for the department / unit/ section fits in with the “big picture.” Reveal the goals and objectives that you want them to help you fulfill together as a team. Ask them for their vision, and hold an open discussion.
  8. Try out their work.
    Plop down in front of the computer; get behind the wheel; pick up the telephone; review a project file. Experience what they endure. Sample their job just enough to show your interest in it, and to understand how it goes. Think of great ways to reconnect with your front line workers, and gain a current understanding of exactly what they are dealing with during a typical work day.
  9. Bring good news.
    Walk around armed with information about recent successes or positive initiatives. Give them the good news. Increase their confidence and brighten their outlook. So often employees are fed only gloom and doom. Neutralize pessimism with your own optimism, without being non-credible.
  10. Have fun.
    This is a chance to lighten up, joke around, and show your softer side without being disrespectful or clowning around. Show employees that work should be fun and that you enjoy it too.
  11. Catch them in the act of doing something right.
    Look for victories rather than failures. When you find one, applaud it. When you run into one of the many unsung heroes in your job site, thank them on the spot, being careful not to embarrass them in front of peers or to leave out other deserving employees.
  12. Don’t be critical.
    When you witness a performance gone wrong, don’t criticize the performer. Correct on the spot anything that must be redone, but wait to speak to the wrongdoer’s supervisor to bring about corrective action.

I also turned up this testament to MBWA where a manager discusses his success with the technique.

If the twelve guidelines above seem overwhelming try these five:

  1. Visit everyone
  2. Stay positive
  3. Be genuine
  4. Make sure it’s not all business
  5. Don’t expect results right away

Carla Emmons, who manages a successful IT team of 9 had this to say about MBWA:

I believe in team collaboration through walking around […]. If the team doesn’t have unstructured time to shoot the shit, the team loses out on the brilliance that comes from random tangents, but it must be genuine. If someone is not humble when he or she takes the walk, the effort is just not going to work.

management, mbwa, management by walking around, it management, it, information technology, project management

IT Worker’s Oath

It’s hard to believe Mother Teresa didn’t have tech work in mind when she coined this wholly applicable quote.

We, the unwilling, led by the unknowing, are doing the impossible for the ungrateful. We have done so much, for so long, with so little, we are now qualified to do anything with nothing.

Thanks to Jon Graton for getting this stuck in my head quite a while ago.

it, information technology, quotes