- Identity Jedi Newsletter
- Posts
- The 13th Edition of the Identity Jedi Newsletter
Wednesday 11/30/22 - Identity Jedi Newsletter - Subscribe
Hey {first_name|Jedi}}, welcome to the 13th Edition of the Identity Jedi Newsletter. This week we are doing a mini-special edition, and I'm sharing some horror stories from the IAM community. Special thanks to Rusty and Adrian for sending in their stories!
As we enter the holiday season, make sure to take time reflect and enjoy the moment. We all work hard at what we love to do, but in the grand scheme of things, there are more important things in life. Enjoy those things.
Thank you for your continued support! We continue to gain subscribers every week! Don't forget about the referral program. Stickers, T-shirts, Notebooks, and mugs all can be yours by simply sharing with friends.
Alright, Let's get to the Good Stuff
Horror Stories of Identity
Ok so given that this is the 13th edition of the newsletter, I figured it would be good to share some stories of what it's like to implement identity. As much as I love this field and the work I get to do, there have been a lot of funny, frustrating, and just downright WTF moments in this industry. Why not share the pain?
Resume Updating Event
Kicking off this collection of stories with one of mine. I was about 4 years into doing IAM deployments and had become fairly skilled with Sun Identity Manager. I was working for a small consulting firm doing implementations for the DC area alphabet soup gang. This specific implementation was for a small team struggling to get Sun Identity Manager into production. So I was brought in to do two things: 1) Train the current staff, 2) Deploy to production. It wasn't all that difficult they didn't have any crazy requirements, but their admin was in over his head. Let's say technology wasn't his strong skill. During the project I had to show him things repeatably and he just couldn't pick them up. So I decided to thoroughly document everything as much as I could, so he always had a reference point. One specific thing I pointed out was in loading the configuration for Sun Identity Manager, and making sure you didn't accidentally nuke the admin account. I went through the process with him several times, we documented the process together, and I even showed him how to recover if he did blow away the admin account. Fast forward to the night before go-live, everything is ready to go I'm winding down my time on the project and the project sponsor wants to his admin to be handling everything. I agree with this approach because after all I'ma consultant, I won't be here forever. The admin assures us both he has it, we all feel confident. You can guess what happens next right? I come in the next morning to a frantic co-worker. He's pushed to production and blown away the admin account. I spend the next 30 minutes calming him down, run interference with his boss as we redo the production release the right way. Luckily we were able to get another release window that day, so it wasn't too big of an issue. But let's just say, our favorite admin was updating his resume at the end of the day. - David Lee, Identity Jedi
What is dead may never die
I was working on an IAM modernization effort for a client years ago and they had a physical system in a data center they could not turn off, and any attempts they had to move the physical disk to a VM using VMWare's converters failed. They could not take the disk offline to try more aggressive transfer methods because the physical box was supporting literally millions of dollars an hour in business. The system (and disk) was so old they were terrified if it were powered down, the disk would never get going again. There were no tangible recent backups (See old disk, terrified it would die), and the architecture was an old Solaris setup that was unsupported.
They tried to ask the company I was with at the time to write custom code to interface with the custom app that was mostly undocumented and try to pull the data somewhere safe, and got mad when they were asked where documentation/API information was to even try to begin to talk to this thing.
It was a wild time.
In the end we proposed to write a shim that'd basically just try to do what an existing app was doing because we didn't have documentation, but they didn't want to give us source of the existing app so we could rip out the parts we needed and try to make something and that part of the project stopped being talked about.
I assume the box died at some point and there was a legitimate freefall internally. - Rusy
My dear aunt Pam
The client system admin turned off the power to the newly installed PAM solution vault because its hardened configuration wasn't consistent with their standard server build image. No kidding. Real reason was political, of course - Adrian
If you've got some stories you'd like to share, email them to me @ [email protected]
Good Reads
Podcasts
Last Word
Short and sweet this week Jedi. As we prepare to bring in a new year and start to look ahead, we can see a shift in the tide. Yes, we are moving away from best-of-breed and into complete platforms. Yes, we've been down this road before, but this is the way of things. Yes, we are also entering a down market which means budgets are tighter, and people will be looking for the actual value. GASP! Oh shit, you mean product companies have to actually make products that do stuff, and implementers are going to have to deliver on time. YES!!
If you're a product leader reading this I would implore you to focus on these things: VALUE, VALUE, and uhh...oh yeah VALUE! If your product isn't solving a direct need efficiently, and quickly, you're in for a world of hurt.
Be Kind to each other, Be Good to each other, Love each other.
I'll see ya next week.
-Identity Jedi.
Reply