advanced-ccTLD Wiki

CL Luis Leon Cardenas Graide

Advanced ccTLD Workshop Assessment and Planning Guide

=

This assessment form is to help us determine what topics and direction to taken when we finalize a course outline for upcoming ccTLD workshops. We wish to customize the workshop topics to areas that will be useful to you. The more information you can give us in this assessment document, the better we will be able to do this.

1. SELF-ASSESSMENT


1a. Describe a major challenge that you have faced over the last months or years in operating and developing the registry operation.

Please include:

	* The policy and the technical aspects of the challenge.
	* Interested parties who were involved in the process.
	* Solutions, if any, you have deployed to solve the challenge(s).
	* Tools or training that were included in your planning process.

We need to handle client's payments and match payment-channel's deposits. We need to automate bank account connection to automatically download daily bank reports, so we have up to date information and we can release man-hours. Authentication on the bank account is done by the responsible person of that account, so the password must be known only by him. The problem is that the bank's server is quite slow and both connections and sessions are unstable, so a persistent and resilient daemon bot is needed to re-authenticate and re-download what has been left midways. Caution must be taken because several login failures can lock the account, so the resilient bot must know when to stop retrying in order to avoid account locking, raising alarms for manual intervention. The bank doesn't provide machine-aware information formats, so HTML parsing/stripping was needed. The bot needs to be instructed by the account operator (non technical user) through a web interface, so a web based interface for daemon controlling had be implemented. It need to rememeber the password in RAM memory so no technical user could read the password from a file. We had to coordinate source code cross-validation in order to avoid tampering. RAM volatile storage is still vulnerable to swap on disk without full disk encryption, but internally we consider it already lowers the risk compared to plain file storage. The limitation of this approach is that the non technical user has to launch manually the bot daemon every time the server gets rebooted.

Policy: privacy, resiliency, availability, confidence. Technical: bots, daemons, web interfaces, volatile storage. Parties: software developers, system administrators, finance manager. Solution: daemon bot running asynchronously on the server, triggered periodically and started manually through a web interface on server reboot. Tools: Linux, MySql, Perl, Apache, HTML, Firefox.

1b. Describe the projects on which you are currently working to solve or deploy, and their importance (ranking).

Please include:

	* Interested parties involved in the process.
	* Plans for new hardware or software.
	* Additional skills or training that would support your project.

(1) Related with [1a], developing internal systems to match sales with deposits.

Parties: Finances manager, software developer, system administrator, invoicing operator. Plans: new databases, new MVC software. Skills: accountability, accounting, error-proof development

(2) Developing web based statistics system to aggregate information in order to CEOs can take strategic decisions.

Parties: CEO, software developer, system administrator. Plans: new database, new MVC software. Skills: business view of thechnical information, data visualization techniques.

1c. Describe the major areas where you plan to spend resources (time, money) in the next two years and how important they are to your registry.

Please include:

	* A timeline (within 6 months, within 2 years, ..).
	* Additional requirements (staff, tools, software, etc.).
	* How did these topics make your list.
          (scaling issue, customer demand, value add service etc.)
	* Probability of actual deployment.
          (not very likely, rather likely, very likely, unavoidable).

Those menctioned on [1b], plus my magister tesis studying registry's zone.

Timeline: Statictics system: 6 months Magister tesis: 1 year Accounts matching: 1 year Security aspects review on source code: 6 months Requirements: graphic generation tools, generalized statistics data model, data-mining tools. Probatility: all likely

2. GENERAL TECHNICAL QUESTIONS


These questions are for the individual or individual from your organization who will be attending. Please be sure to answer questions about knowledge of specific items as they pertain to yourself. Please check all boxes that apply to you.

2a. How would you rate yourself in terms of Linux or Unix use?

[__] Never used either

[__] Beginner: Just getting started. Have worked at the command line some.

[__] Intermediate: I've installed Linux or Unix, edited files, installed software, stopped and started services.

[++] Advanced: I use it regularly. Editing files, installing software, configuring services and troubleshooting problems.

2b. What is your experience using DNS?

[++] I understand how DNS works and use tools like dig to query the DNS.

[__] I've installed BIND/NSD/Other, configured zones, etc.

[__] I know about or am interested in DNSSEC, TSIG, DNS with IPv6, etc.

[__] I do all of the above.

[] Other, please describe: ___________________________________

2c. Security

[__] I'm responsible for securing network servers and services at my location.

[__] I'm responsible for securing the network at my location.

[++] I use cryptographic security with services such as ssh, ssl, pgp, dnssec, digital certificates, etc.

[__] I do not need to deal with security issues in my position.

[] Other, please describe: ___________________________________

2d. Network Monitoring

[__] I've installed, configured and use network monitoring software such as Nagios, mrtg, Smokeping, snmp, etc.

[++] Our organization uses network monitoring software which I take advantage of, but do not maintain.

[__] I have not used or installed network monitoring software.

[++] Other, please describe: Self test of network auditing tools in order to learn what are they cappable of and how difficult to use are they.

2e. Tools

Which Operating System are you running on your servers? Linux, FreeBSD, Solaris.

Which Operating System are you running on your Desktop/Laptop? Linux, Kubuntu.

What is your favorite text editor? Vim

List your top 5 most used command line tools: bash, perl file, du, df, ls, sort, date, cp, mv, rm, rmdir, mkdir, touch cat, tail, find, xargs, grep, tar, zip, gzip, rar encfs, ramfuse, achivemount, sshfs, unfs iwconfig, dhclient, lsof, fuser, netstat, tcpdump, tcptrack

List your top five most used applications or programming tools: Firefox (+ lots of extensions) Kopete, Akregator Vim (+ perltidy + perlsupport) Eclipse (+ EPIC plugin + perltidy + Java EE) HTML Validator (Firefox Extension)

3. TOPICS FOR HANDS ON TRAINING:


Looking at your current needs and plans, list five topic areas where you would like additional training for your technical staff.

Possible topics include:

    * DNSSEC
    * Logging
    * Network Monitoring/Management
    * Single to Multiple Registry to Registrar Model (EPP)
    * Service Level Agreements (SLAs)

4. ANYTHING ELSE?

If there is anything else you wish to tell us about your experience or expectations for this workshop please do so below.