If you had to set up a system to track applications in an Enterprise and their Infrastructure Requirements, say like they point to a specific DC or use specific domain IDs or a specific SMTP server or other things like that, what would you use? This would be something that Application owners/specialists could get into and update their application info and admins or others could perform searches to look for specific requirements etc when you know you need to say shut down a server for maintenance or something like that.
I am hoping to see a wide range of solutions people would use or are using. Preferably this would be some sort of modular solution that didn’t have requirements on a bunch of existing infrastructure itself.
I am asking as I had someone ask me. I have never solved this problem though I have heard of it peripherally many many many times. My initial thought has always been to set up some sort of simple PHP Web pages with a very simple MySQL or even folder based data storage method. PHP since it could run on any OS/Platform that may be available (or quickly set up) and MySQL or folder based storage since there is no heavy backend knowledge/requirements.
Thoughts?
joe
Good question! I’m looking forward to read the suggestions on systems one could use for this.
Hi Joe
I have just finished a little app for a very similar purpose for a client. It is C#/ASP.NET and SQL based. It’s AD-centric I guess, so it asks for:
* location of app server(s)
* location of users
* what auth mechanisms they use (NTLMv1/v2/kerberos etc)
* how they connect (DC name/domain/GSLB/DC Locator etc).
* how many/what type of authentications
* how many LDAP searches
* whether they download data from AD (e.g. for caching user/group names in identity management tools)
* a bunch of other stuff
They have like 4000 applications across *NIX/samba and windows, and as well as trying to build up a use profile of AD they are trying to do specific things like weed out NTLMv1 and stop people writing to certain attributes.
The idea is that the application admin enters the info into the site, then the app works out if they are ‘compliant’ with the AD team’s requirements (must use kerberos/NTLMv2 etc) and lets them know. If not, someone from the ops team calls them and tells them to get compliant ASAP 🙂 The app also has an admin page where AD admins can add notes, and classify the apps as compliant/non-compliant/work in progress etc.
I have also been doing some stuff to collect and present LDAP search stats (from 1644 and 1643 events) to further extend knowledge of who is actually querying and using AD.
I am sure I could make this available somewhere if people were interested. All you’d need would be IIS and SQL express.
Dan