Q: Which group handles what stuff?

Started by deanwebb, October 10, 2017, 12:24:02 PM

Previous topic - Next topic

deanwebb

Where you work now, where you used to work, where friends of yours have worked... How are divisions between group responsibilities determined and why?

Obviously, for tiny companies, one guy does all the IT, or has a guy that works mostly at (x) to help every now and then. Medium companies, maybe there's a operations group, a helpdesk group, and an engineering team with little vertical division between the horizontal levels. I'm interested in the larger companies on up... what's in those towers and how did it get there?

Example: marketing is in charge of external DNS, because it is customer- and public-facing. Datacenter guys see only switches and racks in major datacenters; switching and WAN stuff goes to the LAN/WAN team. All firewalls are under network security except for the firewalls managed by operations in the segmented environs... stuff like that.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Nerm

What is your definition for a "larger" company? 10,000+ employees/50,000+ employees/etc?

deanwebb

Some larger companies are only 1000 employees, if they build out those tower walls... not a hard and fast rule on company size, I'm more interested in how IT culture develops and what some driving factors are in that process.

As a guy working for $VENDOR, I'm going to be looking into a lot of environments, each with its own twists and turns. Knowing more about how things become the way they are seems like something that would be good to know.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Nerm

We have helpdesk teams per region (eg. North America, South America, Asia, etc). Then we have "LAN/PC Tech" teams per location (they handle local racking of equipment, local firewalls, VLAN management, cable runs, etc). And then we have a global "Infrastructure" team (my team) that handles the WAN, datacenter operations, external DNS, cloud (Azure/O365/etc), AD root, and anything else that would basically affect/touch all regions and locations.

deanwebb

Quote from: Nerm on October 12, 2017, 08:32:40 AM
We have helpdesk teams per region (eg. North America, South America, Asia, etc). Then we have "LAN/PC Tech" teams per location (they handle local racking of equipment, local firewalls, VLAN management, cable runs, etc). And then we have a global "Infrastructure" team (my team) that handles the WAN, datacenter operations, external DNS, cloud (Azure/O365/etc), AD root, and anything else that would basically affect/touch all regions and locations.

So do the helpdesk teams integrate with the LAN/PC Tech teams?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Nerm

Quote from: deanwebb on October 12, 2017, 10:13:04 AM
Quote from: Nerm on October 12, 2017, 08:32:40 AM
We have helpdesk teams per region (eg. North America, South America, Asia, etc). Then we have "LAN/PC Tech" teams per location (they handle local racking of equipment, local firewalls, VLAN management, cable runs, etc). And then we have a global "Infrastructure" team (my team) that handles the WAN, datacenter operations, external DNS, cloud (Azure/O365/etc), AD root, and anything else that would basically affect/touch all regions and locations.

So do the helpdesk teams integrate with the LAN/PC Tech teams?

Yes, in fact most of the time they are the same people pulling double duty.

deanwebb

Over to the infra team, do you guys get compartmentalized in certain techs, or are you supposed to be able to pretty much handle any infrastructure IT concerns?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Nerm

There isn't any compartmentalized aspect of the infrastructure team.

deanwebb

Quote from: Nerm on October 12, 2017, 05:32:39 PM
There isn't any compartmentalized aspect of the infrastructure team.

So you gotta do everything. Or do you get to at least emphasize something?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

For us the rule of thumb is if a packet goes through a device it belongs to infrastructure. If it terminates on a device it belongs to a systems team. So infrastructure gets firewalls, switches, routers, load balancers, proxies, email gateways, packet brokers (gigamon/ixia), etc. The team is too small to specialize so we all do it all. We also typically get the data center stuff like PDUs, CRAC, UPS, etc. Oh, and don't forget we maintain VoIP as well.

-Otanx

deanwebb

Quote from: Otanx on October 13, 2017, 09:33:58 AM
For us the rule of thumb is if a packet goes through a device it belongs to infrastructure. If it terminates on a device it belongs to a systems team. So infrastructure gets firewalls, switches, routers, load balancers, proxies, email gateways, packet brokers (gigamon/ixia), etc. The team is too small to specialize so we all do it all. We also typically get the data center stuff like PDUs, CRAC, UPS, etc. Oh, and don't forget we maintain VoIP as well.

-Otanx


Do also mange server-side network functions like DHCP, DNS, NTP?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

Nope, those are all handled by the systems teams. We do have a few network servers like RANCID, Cacti, etc. but even then the systems team maintains the server, we just maintain the application.

-Otanx

deanwebb

Quote from: Otanx on October 16, 2017, 09:46:44 AM
Nope, those are all handled by the systems teams. We do have a few network servers like RANCID, Cacti, etc. but even then the systems team maintains the server, we just maintain the application.

-Otanx


But in the cases I mentioned above, the systems team is also in charge of DHCP and DNS, as you say. How good is cooperation between teams?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

Pretty good in our case. My team has rights to DNS to add/remove our items. If we need something done we can't then a quick call, and ticket gets it taken care of (unless it is of change board interest). We automated the infrastructure DNS changes so while I still have rights to do it by hand, but only have to do that if the script breaks. Removing entries is actually a help desk task as part of decommissioning a host. So while I can do it if I am in a hurry that isn't something we do very much of. I am pretty sure the next rights review by cyber will have our DNS rights removed.

None of our gear uses DHCP. We just need to know the address for adding the helper commands, and that is just part of building a new VLAN.

Looking at our original post again I see you specified public DNS. That would be the poor cooperation side. That is "out sourced" to our parent company. We submit a ticket, and 3 or 4 weeks later they will have implemented the wrong thing. Then another 2 weeks, and it will be done. I don't even know a name of someone on the DNS team, or even the city they physically sit. Luckily we don't do much public facing stuff.

-Otanx

deanwebb

Does a technical team handle external DNS, or is that in the hands of a non-technical team?
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.