Please install that patch – but don't you dare actually run it
This is a fine approach if you want great uptime stats. Security? Not so much
On Call As Friday dawns with its promise of rebooting the working week, The Register presses the button to publish another instalment of On Call – our weekly, reader-contributed column that shares real-world tales of being flummoxed by the farces they're asked to fix.
This week, meet "Kane" who shared the story of the time a client asked him to connect a storage cluster to an ESXi host.
"The host had used all its internal storage and the client wanted to add extra drives," Kane told On Call. He countered with a suggestion to instead connect the host to the 40 terabytes of unused storage in a cluster his client already operated, but was mostly ignoring.
Kane hadn't made this sort of connection before, but knew ESXi would happily connect to external storage.
Yet as he tried to make it work, Kane struggled to get the storage cluster to communicate with the host. He eventually learned that the cluster's OS couldn't do the job because it was running very old software that was well and truly past end of life.
Kane therefore sought permission to upgrade the cluster, and requested an outage window in which to make the change.
The request for the upgrade was approved. But he was denied an outage window.
When Kane explained this policy would mean he couldn't perform the task for which he was being paid a healthy hourly rate, he was told his client had a policy not to allow outages.
- Techie climbed a mountain only be told not to touch the kit on top
- Standards-obsessed boss ignored one, and suffered all night for his sin
- While we fire the boss, can you lock him out of the network?
- People power made payroll support in putrid places prodigiously perilous
It was at this point Kane asked about security patches – which more often than not require a reboot before they'll work. Surely the client allowed the brief outages required to ensure they were properly implemented?
It did not.
"You could install security patches and upgrade an OS if you wanted to, but you could not reboot," Kane told On Call. "Even when the security patch required a reboot to take full effect."
The Register feels the org Kane served therefore produced impressive uptime statistics, but shudders to think about the state of its security.
So did Kane. He told us most of the servers there constantly displayed the message "Reboot required."
What's the weirdest IT malpractice you've ever come across? Click here to send your story to On Call as an email and we'll try to add it to a future version of the column. ®