Deployment team task checklist

Before you install the pilot deployment, you should prepare a deployment checklist to ensure you have the information you need to successfully complete the deployment. For example, you should review port requirements, verify DNS resolution, and create one or more spreadsheets that describe the user and group accounts to be imported and any special relationships, such as membership in specific groups that need to be preserved or any special configuration you want to implement.

Creating a deployment checklist is optional, but can help you to collect detailed information about each of the computers targeted for deployment.

The following example illustrates information you can collect and record in a deployment team task checklist.

Preparing computers for deployment

 

Operating system, version, and patch level for target computers

 

Host name and IP address for target computers

 

Current disk space for target computers

 

Review the details of the current DNS configuration

For example:

Is the address resolved through a UNIX DNS server, Windows DNS server, or settings in the /etc/hosts and /etc/resolv.conf files?

Is the computer using a DNS server that has SRV records for Active Directory domain controllers?

Are UNIX subnets registered and associated with Sites in Active Directory?

Are you using a disjointed DNS namespace, where a UNIX computer name may be server.company.com but the Active Directory domain name is server.windows.company.com?

Are you using DNS aliases and do they resolve correctly?

Are there multiple network interfaces (NIC) in use?

 

Current network time provider (NTP)

For example, does the computer use a different server to determine the time than the Active Directory domain controller?

 

Current firewall configuration

For example, are there any firewalls blocking required ports between the UNIX computer and the Active Directory domain controllers for the registered sites?

 

Current applications and services

For example, do you have Perl, Samba, or OpenSSH deployed? Are the versions you have compatible with the Centrify Agent or—if a Centrify version is available—to be replaced by versions provided by Centrify?

Do you have existing authentication providers deployed?

Are existing applications and services Kerberos-enabled or PAM-enabled?

Are there other applications that require local users or groups?

 

Current source of user and group information

For example, are the /etc/passwd and /etc/group files the only source of user information for the users who access this computer or other identity stores, such as existing LDAP servers or NIS domains, used?

Are there any specific users or groups that should remain locally defined?

 

Current NSS configuration

For example, have you reviewed the contents of the nsswitch.conf file to check for other sources of user and group information?

 

Connectivity between this computer and the domain controller

For example, is there a reply from the domain controller when you run the ping command?

 

User names and UIDs checked for conflicts across the target group

 

Zone requirements analyzed for the target group

 

Zone identified for this computer

 

Centrify Agent installed and the computer joined to the domain

 

Groups allowed or denied access identified for this computer

 

Existing users and groups for this computer imported into Active Directory

 

Imported user and group profiles mapped to Active Directory accounts

 

Allowed or denied groups configured using parameter values or group policy

If you use a deployment checklist, you can also include additional notes and details about the activities performed. For example, a partially completed checklist might look something like this:

Preparing computers for deployment

 

Operating system: Sun Solaris 10 with all patches applied (17-April-2017)

 

Host name and IP address: aspen, 177.29.10.10

 

Current DNS configuration: Resolved through the enterprise DNS server, spider.ajax.org

 

Current time source is NTP server: ntpd on solstice.ajax.org

Change for deployment: Use SNTP on the Active Directory domain controller

 

Current firewall configuration: No port issues

 

Existing OpenSSH version to be replaced, no other issues found.

 

Current source of user and group information: /etc/passwd, /etc/group, and NIS domain nwest03 have users who access aspen

 

Connectivity with the domain controller: Verified by JR (2-May-2011).

 

User names and UIDs checked for conflicts across the target group: Analyzed by JR and DC (4-May-2017).

 

Zone requirements analyzed for the target group: Zones required for the target group are nwest01, swest02, corp-main, and nwest03 (9 May 2017).

SF to recommend new extended zone descriptions for approval.

 

Zone identified for this computer: nwest03

 

Centrify Agent installed and the computer joined to the Active Directory domain: dc3colorado.ajax.org, OU: US-UNIX-Computers

 

Groups allowed r denied access identified for this computer:

Allowed access group—all_employees, oracle_sys

Denied access—consultants, temps

 

Existing users and groups for this computer imported into Active Directory: Completed by DC (20-May-2017).

 

Imported user and group profiles mapped to Active Directory accounts: Work complete for users and groups that already had matching Active Directory candidates. Work in progress for the remaining profiles without any matching Active Directory candidate.

Target date for completion: 31-May-2017

 

Allowed or denied groups configured using parameter values or group policy: TBD