Royal Holloway University

Royal Holloway University LogoSystems Administrator

School of Mathematics & Information Security,
Department of Computer Science

11/09/2006 – 03/02/2017

In 2006 I started as the Systems Administrator at Royal Holloway University of London, one of the UK’s leading research-intensive universities housing 21 academic departments and schools, over 9,000 students and over 1,500 staff.

Royal Holloway - Campus Map

Where as most IT Staff employed by Universities support the entirety of the site, I am (along with two colleagues) tasked with supporting the IT and technical requirements of the School of Mathematics and Information Security, and the Department of Computer Science.

The School of Mathematics and Information Security Group is a world renowned name in the field of Information Security. It’s pioneering cyber security education training is known around the globe as some of the finest in the industry. Recently awarded the EPSRC Centre for Doctoral Training in Cyber Security. The school comprises over 40 staff, 15 researchers, 70 PhD’s / CDT’s and 120 Postgraduate MSc Students. The Department of Computer Science is comprised of over 30 staff, 10 researchers, 30 PhD’s and 300 Undergraduate BSc students, and rank 11th in the UK REF (Research Excellence Framework) 2014.

it-csd-bp-office-teams

Being responsible for the three departments lets me enjoy supporting a wide range of requirements from a diverse and uniquely individual Staff and Student body. Every day brings new challenges in the forms of new research requirements, diverse equipment and software requirements, and a multitude of technical queries and issues ranging from the ordinary to the extraordinary. All of this makes for a dynamic and challenging environment where a high degree of research, learning and implementation is required to support such a broad range of requirements.

Being part of a small team of between 3 and 6, while supporting such a wide and diverse user-base, I was required to have many roles on a single day.

  • First Line
  • Second Line
  • Third Line
  • Systems Administrator
  • Network Administrator
  • IT Platforms Solutions Architect
  • IT Purchasing Manager for Desktop, Server and Infrastructure hardware

Being part of the world famous Royal Holloway Information Security Group comes with a high responsibility. No matter what hat I am wearing, security must always be at the forefront of what we do. The data security and subsequent reputation of the ISG (and associated departments) must always be of chief concern.

Responsibilities

Royal Holloway - Founders Building, South Quad entrance
Royal Holloway – Founders Building, South Quad entrance

My Primary responsibilities focus around providing excellent customer experience to our staff and students, which entails maintaining existing customer systems (Desktops and Laptops) and rolling out new systems in accordance with our Desktop Replacement Program policy. This would involve a full system life-cycle plan:

Initial spec – Finding a system that meets the requirements of the department within the budget. Systems also had to have a long term product road-map available from the manufacturer (typically HP or Dell), with the ability to increase the spec of the system (more RAM / Storage, better CPU, external graphics card, etc), or have the ability to switch between form factors (Micro, Small, Mini, Full, or 12″, 14″, 15″, etc), all while maintaining a single system image. Support for Windows and Ubuntu Linux LTS was also a must. The standard machine would need to fit into our budget for machine replacement across three departments, while higher spec machine costs would be supplemented by additional department funding, research grants or Academic free-spend.

Capturing individual requirements – Prior to any ordering, academics would be communicated with to ensure that their individual requirements are being met. For departments of this size, it is easy to arrange a five-minute chat with each member of staff to discuss their machine options (Desktop, Laptop), OS options (Windows, Linux, Mac), and capture any specific requirements they might have for upcoming research that may generate higher spec variations of the standard build. Some Display Screen Assessment  requirements (Docking station, etc) can also be captured during this stage. All of these requirements are put into a matrix which will form the basis of the final order to the supplier.

Testing & Image Build – Once the system is specified, one or two machines will be ordered ahead of schedule. This allows me to prototype and test a stable build with the latest OS version. This build can then be imaged using in-house imaging software (Symantec Ghost) for in-house deployment, or sent to the hardware supplier for pre-delivery imaging.

Machine Delivery & Provisioning – When the systems are delivered, (either in staggered delivery or in bulk) the machines are either deployed locally in the IT office for imaging or deployed straight to the user’s desk. This will involve arranging a convenient time with the academic to replace their machine. The keyboard / mouse / display are also replaced during this process.

Windows Imaging & Setup – As soon as the machine is deployed to the network it can be booted either from PXE into the Symantec Ghost WinPE Image and specifying the machine name in the Ghost Console, or by installing the Ghost Client straight into Windows allowing the machine name to be specified in Windows or on the Ghost Console. At this point the image can be deployed to the machine. Upon completion of the Ghost image, the Ghost console will kick off one of my Batch files to automatically join the computer to the domain in the correct OU (Organisational Unit) for the relevant department. At this point the user is about to start using their system.

Mac Imaging & Setup – Mac machines will usually be imaged using SuperDuper or Disk Utility (Alternative methods for mac imaging). Once the image was complete the user account would be set up locally on the machine. As most Mac’s purchased were Laptops, using Central Authentication was not considered a requirement at this stage. Backup would be handled using a Time Machine server provided by the department (was in testing stage at the time of my leaving).

Linux Setup – Given the small number of Linux users in the department, Linux OS’s used to be installed by hand using Ubuntu LTS from a memory stick. Installation would take less than 15 minutes and then all packages and changes could either be executed by hand, or via a single Bash script.

Managing and maintain servers running Ubuntu, SUSE and Windows operating systems across four distinct networks, with a focus on minimising user impact or affecting outward-facing visibility (i.e: Web Server downtime).

Virtual Infrastructure management is also key, with more emphasis being placed on this infrastructure as we continue to migrate our Physical machines to Virtual machines (P2V). User VM management is also becoming more centric – as our customers move more toward laptops as their daily computer, the requests for dedicated user VM’s for longer term / high load computation increases.

Throughout all of this is the requirement to operate within policies governing the provisioning, life-cycle and use of all physical and virtual machines. Part of my work involves the constant fine-tuning and setting of such policies in conjunction with the team.

In addition to this, I frequently liaises with the central IT Service Department of the university to deliver larger projects to departments, or to the wider University.

The department’s client-side infrastructure consists of over 130 desktop computers, 35 thin clients and 40 laptops, while the server-side infrastructure contains over 15 servers (both physical and virtual), 6 network appliances and 10 network switches.This infrastructure is split between five racks in three buildings, across two physical campuses. Communication between the different areas are handled through 10GB and 1GB Multimode Fibre links

My responsibilities includes supporting the department in its day-to-day IT requirements, server and network maintenance, equipment deployment and recycling, documentation and the creation of new services. My role includes various decision making requirements, along with the creation of policies & procedures, procurement of new hardware, software and services, client computer deployment and planning, server life-cycle management and deployment, software deployment, fulfillment of specialist IT requirements, project management, and virtual server provisioning, management and maintenance.

Royal Holloway - Founders Building, Night
Royal Holloway – Founders Building, Night

During my time at Royal Holloway, I has supervised the deployment of new streamlined machine installs, assisted in the teaching of various practical units, handled staff training, taught part of the Symantec SGS (Symantec Gateway Security) Appliance Course to the MSc students over 4 days, and setup (including continued management) of the department’s new Security laboratory. I have also created streamlined Lab Environment installs for use during the externally taught courses by KPMG and Foundstone (Mcafee).

I have attended a large portion of the MSc Information Security course (including the Computer Law modules) to help develop my security skills, and to better support the students and the infrastructure for the needs of the course. He has completed the Foundstone ‘Ultimate Web Hacking’ course, the KPMG ‘Hacker Bootcamp’ course, and the Symantec ‘Firewall Appliance’ course, all three of which he annually assist with the teaching of.

While at Royal Holloway, I began a support contract for VOME , A year before its close, the group was integrated into the scope of the departments IT support policy.

Notable Achievements and Projects

  • ETISS (European Trusted Infrastructure Summer School) 2010 technical setup, support and logistics
  • Creation and ongoing management of the System Management & Imaging infrastructure
  • Implementation of a Server Health / Monitoring solution, Opsview (based on Nagios)
  • Implementation of a CCTV Security monitoring solution
  • Creation of high stream-lined OS’ installs which allowed an extra two years of use from existing hardware.
  • Various work-flow streamlining innovations such as central server change tracking
  • Creation and management of the graduate Penetration Testing Laboratory
  • Regular implementation of specialist lab software to external companies specifications for specialist courses.
  • Management of refurbishment for two rooms including Full Audio Visual Specification & Replacement (Projectors)
  • Management of the VOME Group IT Infrastructure , including re-integration into the departments IT infrastructure
  • Teaching of Induction labs (Linux Conenction GuideIntroduction to Linux), course material, and specialist labs (including Symantec Firewall course, KPMG Hacker Bootcamp, and Foundstone Security course).
  • Identification and implementation of new technologies, platforms and systems; including desktops, laptops, servers, components, software etc.
  • Constant monitoring and research into the latest security threats and technologies, including implementing preventative measures.
  • Testing, Creation and Deployment of WordPress Networks (MU) to augment the Departments web-presence by replacing the personal sites of all staff members, and allow for the creation of project and group sites in a scalable and manageable platform.
    • Platform authenticated against Active Directory
    • Tight control of plugins and themes
    • Ability to test and deploy Premium Themes to individual sites
    • Over 40 sites running spanning mulitple departments and groups across the university
    • Over 100 users supported
  • Implementation and Integration of Apple laptops into a previously windows-centric environment
  • Deployment of iPhone / iPad / iPod (iOS) in a corporate / education environment using iPhone Configuration Utility
  • Implementation and Testing of Distributed UPS Redundancy system with inter-server communication and UPS Sharing through Network UPS Tools (NUT) over Windows, Linux and Appliances
  • Co-Creator and moderator of Unix discussion forums
    • Designed to aid users of Unix, Linux and MacOS
  • Experience with deploying large numbers of workstations to replace older hardware – Full Workstation life-cycle management experience.
  • Design and implementation of a building-wide network infrastructure
    • Redundancy built in between core switches
    • considerations for future expansion and integration with other departments
  • Administrator of the Social Network presences for the Department of Mathematics and Information Security Group.
  • Operating System replacement with latest versions, involving OS Image builds and deployment Hardware specification / Lifecycle / compatibility
    • Migration from Windows XP to Windows 7
    • Migration from Windows 7 to Windows 10
  • Windows Group Policy
    • Creation / migration of new/existing group policies
    • Folder redirection
    • Software installation / updating
    • Printer deployment
    • Pros/Cons of Roaming Profiles
  • 4-yearly cycle hardware replacement for all staff Desktops and Laptops
  • Yubikey deployment & documentation