“Too many of the older generation of small-business support people feel there exists a memory conspiracy” Some modern thinking rescues a slow network, while a visit to a livery company raises questions about IT’s standing in the world
Last month’s column was left well and truly dangling, describing the process of diagnosis with a client but not yet having fully dived in to the process of a fix. There were good and bad reasons for that: the good was that I thought I could see a relatively easy way out of the disaster; the bad was that some of those ways would require waiting for telecom broadband supply orders to actually come through. In my experience, that’s about the worst nail-biter, progressive-reveal, can’t-motivate-them jobsworth disaster in modern business.
Most of my experience has been in central London, but this client is based in the more civilised environs of the home counties. As a result, rather than the “three months, maybe never” type of service that I’ve been used to working around, I had to wait only ten days before my inbox pinged with the news that a new line was in place and a commissioning data sheet had arrived from the ISP.
The original problem, for those who missed last month’s column, was that the outgoing IT “professional” had opted to run the firm’s firewall and DNS on a pair of Sun Netra servers. These are remarkable for many reasons: they’re old (circa 2000); they run Sun’s flavour of Unix; and in this deployment they have neither keyboard, nor mouse, nor a screen connected. In addition, and here lies the final nail in the coffin, due to the circumstances surrounding this man’s departure, nobody from this business was aware of the passwords to the machines.
To be honest, that came as something of a relief, since my experience with corporate Unix machines from 15 years ago isn’t very high. Certainly, not in the configuration this pair were using, with the two serial ports on the back connected together with a cat’s cradle of crossover wiring. Plus, five live Ethernet connections were plugged into the same LAN switch, all with a variety of roles – some inside the LAN, some on other IP ranges, and at least one set up to talk PPPoE to the low-intelligence BT endpoint device on one of the existing two DSL lines.
To make matters worse, the phrase “used as a DNS” doesn’t do the setup justice. “Used as the global primary DNS for the company’s services and websites, as well as for internal machine name resolution and alias maintenance” is more the full story. Touch the machines or pull out the DSL lines, and the company would vanish from the web. Live services provided to third parties would stutter and die – an especially charming prospect given that the first thing we found was that the stock of patch leads connecting all this kit together was many years past its best. In particular, even a light tap on the lead carrying the PPPoE traffic to the DSL modem would drop the link.
My first attempt at a gentle untangling of the relationships between lines, firewall devices, inside and outside name resolution and cloud versus internal servers was an ignominious failure. This boiled down to one simple issue: some firewalls will treat a request for their “outside” IP address, coming from a machine using their “inside” address as the gateway, as a perfectly legitimate action. Others think it’s a dangerous absurdity, and utterly bar it