Mitigating human error in the SP

• Previous message (by thread): Mitigating human error in the SP
• Next message (by thread): Mitigating human error in the SP
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 2, 2010, at 8:36 PM, Suresh Ramasubramanian wrote:

> Never said it was, and never said foolproof either.  Minimizing the
> chance of error is what I'm after - and ssh'ing in + hand typing
> configs isn't the way to go.
> 
> Use a known good template to provision stuff - and automatically
> deploy it, and the chances of human error go down quite a lot. Getting
> it down to zero defect from there is another kettle of fish altogether
> - a much more expensive with dev / test, staging and production
> environments, documented change processes, maintenance windows etc.
> 
Yup.  Or use a database and a template-driven compiler.  See "Configuration management and security", IEEE Journal on Selected Areas in Communications, 27(3):268-274, April 2009, by myself and Randy Bush, http://www.cs.columbia.edu/~smb/papers/config-jsac.pdf (the system described is Randy's work, from many years ago).



		--Steve Bellovin, http://www.cs.columbia.edu/~smb

• Previous message (by thread): Mitigating human error in the SP
• Next message (by thread): Mitigating human error in the SP
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]