TroyT 83 Report post Posted May 21 We're moving our servers to bare metal boxes and I'm looking at the best option for giving our admin limited control. We currently use TCAdmin on our dedicated boxes with EoR. My current plan is to buy a Master and Remote license but I'm looking for alternatives that are less expensive but allow for a similar level of control. Any input is appreciated. Share this post Link to post Share on other sites
MGTDB 956 Report post Posted May 21 https://www.firedaemon.com/product/firedaemon-prohttps://www.firedaemon.com/product/firedaemon-fusion 2 Share this post Link to post Share on other sites
TroyT 83 Report post Posted May 21 Cool, I'll take a look. Share this post Link to post Share on other sites
Z80CPU 527 Report post Posted May 21 (edited) Hello @TroyT, As a network admin in real life at times, the REAL question is, if you must go to this length, they should NOT have access to the servers AT ALL. NO REAL business does this. When I was a network admin for the world-wide credit reporting company Equifax, I had to go thru a MAJOR background check for the past 10 years of my life, including such things as a credit check as well as any/all civil actions brought against me, because you see, my HANDS actually TOUCHED THE COMPUTERS HOUSING YOUR CREDIT SCORES. When I was a network admin for a company that handle almost 3000 hospitals and nursing homes in all 50 states in the US, I had to go thru a 7 year background, though unlike Equifax, there could NEVER be any issue of me 'stealing anything' from the hospitals. If you have to 'babysit' these people thru software - DO NOT USE THEM!!!!! THAT is the BEST OPTION! Second would be to limit their access thru Windows Policy Editor, WHICH IS FREE AND WORKS! (by using Remote Desktop or something like TeamViewer/UltraVNC (free and works GREAT). Using 'programs' CAN BE CIRCUMVENTED and are ALL THE TIME! For example, what would stop me from attaching to your server using SOME OTHER PROGRAM??? NOTHING! As long as I had the ARMA server password, that is all that is needed! Due to the number of servers you have, you should ONLY NEED 2 people 'admining' these servers. In my server's case, I NEVER have to 'admin it' EVERYTHING is 'controlled' by batch files/external programs. ARMA Crashes? It restarts. MySQL Crashes? It restarts. Server crashes, machine automatically reboots and ARMA starts automatically. I NEVER have to 'babysit' my server. Also, in the real world, this is ALSO HOW IT IS DONE. LESS HUMANS EQUAL MORE SECURE AND LESS ISSUES! If you have to 'babysit' it, your server is not setup properly. As stated, I NEVER had to do ANYTHING. EVERYTHING is backed up at EVERY BOOT! This includes ALL LOGS too! I would 're-think' how you wish to admin. For IN-GAME admining, now, THAT is a different story and this is the admin I was in real life (though I would build or assist in building new servers). There was NO HARDWARE ADMIN. Even places like where I was a 'hospital admin', ALL we handled was the SW. Our servers sat right next to Google's Data Center (same building) stuff...which ALSO HAD NO HW ADMINS (do note, the link is where they used to be and this was 10+ years ago too)! There is a HW issue, you know due to emails/other types of messages being sent to you. You can look at the attached pic, this is a screenshot from UltraVNC is what I use for my server. You can see all the batch files running at the bottom as wll as all logs and the DB back-ups. It CAN be done! My server is Win7, I REMOVED THE POS known as Win10 for my server! I spend < FIVE SECONDS every day on my server, and I really do not even have to do that! You can even have your server send you email messages about errors. when rebooting, etc. with NO EMAIL PROGRAM AND 100% AUTOMATED!!! (and free to boot!) See: SendMail There are also apps (at least for Android) that will alert you when your server 'goes off line' - FOR FREE! See HERE There are FREE VNC clients that will allow you to 'remote in' and take control of the actual PC like Teamviewer (clunky on Andriod). See: VNC Clients For Android Just install something like UltrAVNC server on the PC and you're ready to go! ALL FOR FREE! By using the above items, I can do ANYTHING to my server from ANYWHERE in the world where I have an internet connection. Also, one OTHER benefit by using UltraVNC, it REQUIRES NO SOFTWARE. You can connect via a VNC client OR via a browser as it has a BUILT-IN JAVA SERVER! @TroyT, I am afraid that you're making a LOT MORE WORK for yourself than is actually needed! For SW admining, use InfiSTAR. The best hands down and you CAN limit access with this program easily. Good luck on your transferring! PS - I did forget one thing. There is ONE thing that is NOT automated on my end, but could be, I elected NOT do it, that being mods/ARMA updates. As my server is about 1m from me, I just copy over any new updates from my PC to the server and I am done. There ARE methods for batch files that you can use to check for updates. I opted out as they run at every start up and can take 2-3 minutes. I did not want to have this much 'down time', though it is not that long. Making a 'zip file package' of any new mods, ONE admin could update ALL of your servers at ONE TIME . They/you would not even have to log into the server! Now THAT COULD be automated. In the sense you create the 'new update mod zip file', upload it via a batch file to every server, they AUTOMATICALLY see it and run it and update mods/keys as needed. It is not hard to do, actually it is pretty easy with NO ADDED PROGRAMS except your 'unzip' program. Or you upload it to ONE server and IT uploads to the other 5 servers, which would make it easier and MORE SECURE on/for you. Remember the old saying: Work SMARTER, NOT HARDER! Edited May 21 by Z80CPU 1 Share this post Link to post Share on other sites
TroyT 83 Report post Posted May 21 Thanks for the input. I'm actually experienced in building and running my servers but need to share the workload. The need to share limited access comes from my real-world circumstances. I'm ridiculously busy with my business and family. I have a hard time being available for updates, kick starts, or DB tweaks when needed. When one of the last Arma updates hit, I was out of the country and if my admin had no access then the whole thing would have been down for a week. The level of access granted is dependent on how well I know them and what their technical proficiencies are. All of our admins were well established in the community before being invited to join. We use InfiStar and I have several access levels assigned depending on the need. Some of them have limited DB access through TCAdmin and some have full access using whatever MySQL tool they are most familiar with... usually Heidi. A couple of them have FTP access, most don't. I'm not particularly worried about malicious behavior since my servers aren't, and won't be, hosted at home or at my office. If some rogue admin decided to cause havoc it would be contained. Nobody will have access at the OS level except for one admin who I work with on development. If I didn't allow access, it would basically mean pulling the plug on our community and sending everyone packing. At last count, we had logged about 10,000 unique players and have about 700 members on our Discord server. I actually did try to walk away from it once and was working with one of the core admins to transfer power. I couldn't bear to see it whither and ended up keeping with it but in a more back-end capacity. One thing that I had to learn to do in my life was to delegate tasks and allow the delegatee to fail. I've learned to do that in my business and am now much better off for it. I'm applying some of that to more serious pursuits like these game servers and so far, so good. I've actually started recruiting dedicated players to help develop new maps. Want a Weferlingen Winter map? Let's all learn how to create traders and loot positions! It's worked well thus far. I think my coffee kicked in about 10 sentences ago. I've been using TCAdmin for the last 3 years but it was being administered through the GSP. Now I am going to be setting things up differently because I'm sick of dealing with the performance issues that keep plaguing us with the limited access of a managed OS through the GSP. The main features that I like about TCAdmin are the ability for admin to run a Steam update with a single click, or if I've granted them permission, to update mods with the Steam Mod Updater. Restarting the servers is handy, but they usually use ArmAdmin for that. So I guess the gist of my question is about the practical application of TCAdmin and if anyone has any direct experience with using it on the back-end. Or, if there are comparable products, which seems to be a no if I want the features listed above. My coffee has definitely kicked in. I need to stop now or I might just keep on typing... Thanks again for the input. All valid points. Share this post Link to post Share on other sites
Z80CPU 527 Report post Posted May 22 @TroyT, Ok, do note: #1 - I NEVER said you were 'inexperienced' nor hinted at it. #2 - There is an old saying which I am sure you have heard: 'There is ALWAYS someone better than you' #3 - There is a policy called 'IT Best Practices', which you are not using at all. #4 - I have 35+ years in IT, part of that is about 15+ in Server administration. I do this as a profession and a career. #5 - I have about 5 years in ISO 9001 policy creation, ISO Internal Auditor, as well as being a QRB Member (this is like a 'parallel board'. Instead of running the company, we ran the Quality policies and procedures.) The 'formal' definition is defined as: Quality Review Board (QRB): A cross-functional group of process owners and ad hoc representatives deemed by a company to be responsible for deciding the disposition of all defective products and out-of-compliance processes (nonconformances). See HERE Now, this is a FACT, matters not if you like it or not. You did not read what I stated; I NEVER TOUCH MY SERVER PERIOD. Except updates. And EVEN THEN YOU STILL DO NOT NEED TO TOUCH THE SERVER AT ALL!!! Are you not reading or comprehending what I am saying? You can do updates by a batch file which CAN BE started by a SINGLE LINE EMAIL TO YOUR 'MASTER' SERVER! You do not have a CLUE about what I am talking about nor even how to do it, yet you 'discount it'. This is NOT wise in ANY area where someone is providing advice in an area where you possess 'limited knowledge'. The question is WHY do they 'need to touch it'? You REFUSE to answer that question and provide a FIX FOR IT! The answer is because it is NOT set up as best as it could. If mine is 100% 'hands off', SO CAN YOURS TOO! Also, many of the items I stated you SHOULD do; some are mine, and OTHERS ARE NOT. It seems you are not aware of certain 'groups'. These people know 10 times what you and I combined would know. They put together a set of 'things' that you should do and should not do. These are termed IT BEST PRACTICES. And from what you stated, you're not doing ANY OF THEM. This means, more work, a 'sloppy' means of admining, loads of extra work, and LOADS OF TROUBLE. You stating 'you NEED all these admins' shows this. I shall provide you with some info to see what I mean. One other thing you do not know too, is that I am also a programmer for 45+ years. I actually have about 4 programs (EXE's) posted on this site. Guess what my 'expertise' in programming is? AUTOMATION! Guess what my nickname was when I was the Production Supervisor for the world's 3rd largest clone manf years ago? It was 'BATMAN' due to me automating the loading, configuring, installing programs, and then testing computers all via BATCH FILES, some as large as 20k. ZERO HUMAN INTERVENTION except power and network cables. In that job, I took them from 250 people producing 300 computers a day to 40 people producing 600 computers. I KNOW my automation! I eat it 3 times a day! IT Best Practices: https://its.unl.edu/bestpractices/server-administration <-- Notice, this is from the University of Nebraska Main 'page' - https://its.unl.edu/bestpractices/ "Best Practice: The Administrator/root account should normally be locked." - NO ONE HAS ACCESS! "Best Practice: Deny all, then allow for remote administration access only to authorized accounts." https://www.hungerford.tech/2014/12/4-benefits-separate-administrator-accounts/ Protecting Important System Files "By restricting privileges to a knowledgeable system administrator, you prevent inexperienced users from unwittingly removing a system file." - This means, if the person KNOWS WHAT THEY ARE DOING, there are NO ISSUES. You RESTRICT people because they DO NOT KNOW what they are doing - THIS IS THE EXACT OPPOSITE OF WHAT YOU ARE SUPPOSED TO DO. Does this say you can do this if that person has semi-knowledge? NO! YOU NEVER DO IT! Funny, as with most of these listed things, you do JUST THE OPPOSITE! https://blog.devolutions.net/2018/02/system-administrators-10-best-practices-for-career-success-happiness "Being a system administrator is like being Han Solo: you must solve problems left and right, you must be on top of everything at all times, and most importantly: you must ensure that nothing crashes." - Notice what is MISSING FROM THIS??? NO WHERE do you see 'your Jr. Admins'. IT IS ALL YOU!!! And NO ONE ELSE. And there is a TON more stuff you are NOT doing! I would HIGHLY recommend you research this: IT Best Practices These people KNOW 100% of what they are doing. This is no different when you go to a doctor and you IGNORE their advice. 'Bad things' WILL happen. With one server and just you, well, you can do all sorts of crap. With yours? No, you can NOT or it WILL be a disaster in the making. You Need: Standard Folder Layout on EVERY SEVER. Master Backup of the files which can be put on ALL/ANY servers at any time. Individual Master Backup of servers files just for THAT server (such as unique mods that are not on the other servers). Standard policies and practices. An Industry Standard For Quality Control. Sadly, from what I have seen, you have none of these things. There is another saying which is also true: 'If you wished to be seen as a professional; ACT LIKE LIKE A PROFESSIONAL!' Your 'methods' are ineffective, dangerous, and just wrong. Oh yeah, you can 'walk on your hands all the time' or 'drive a car with square wheels'. You CAN do these things...but there IS A PRICE TO PAY IN THE END! Here is a simple 'test' for your admins: You are going out of town for 6 months. Your house has 5 rooms in it. You leave $100,000/100,00 euros on a table in the open, along with a bunch of drugs and alcohol. These are you choices: #1 - You do NOT let 'this person' stay there AT ALL! #2 - You let them stay, but you LOCK FOUR OF THE FIVE ROOMS, with the 'goodies' in one of the locked rooms. #3 - You give them access to all 5 rooms. Now, if your 'staff' fit #2, which I think will be the case, THEY SHOULD NOT BE ADMINS PERIOD! An admin is someone you can TRUST 100% PERIOD! And this is NOT my 'saying' either! Research above and you WILL SEE THIS! Even though I have been on this site pretty much from the very 1st month, which was a different website, most people know very little about me except that I do IT. For this one time, I am going to 'break my own rule' on this one thing. I KNOW your 'reasons' are FULL OF CRAP. You see, for about 2-3 years, I was the Head Admin on the WORLD'S LARGEST EPOCH SERVER. And you know what? I NEVER HAD TO DO ANYTHING TO THE SERVER OR DB! Nor did the 2 owners either! This server was about 95% of the time #1, and the other 5% of the time, it was #2. This server was 'Epoch Pro'. As a note; I also had a 98% 'satisfaction rating' from hundreds of users taking an 'anonymous survey' discussing the admins and the server itself which results can be provided to you. Why is it that we had 10,000+ players, 2 servers, and NEVER HAD AN ISSUES LIKE YOU DO??? WHY? Better yet, WHY DO YOU HAVE THEM? Your 'methods' are due to having 'children/immature/non-knowledgable' people 'at the helm'. THIS is why you 'have to do what you THINK you have to do'. No, you FIRE the 'ignorant' and get KNOWLEDGEABLE people. Thus, why I said all you NEED ARE TWO PEOPLE! You said "When one of the last Arma updates hit, I was out of the country and if my admin had no access then the whole thing would have been down for a week." This is because you did it YOUR WAY. Notice I said, I can access my server from ANYWHERE IN THE WORLD! You can not! Hmmm...maybe...JUST maybe you should pay HEED to what I am offering you! Also in regards to that past statement "...When one of the last Arma updates hit...", did I NOT SAY, that ALL ARMA UPDATES CAN BE AUTOMATED EASILY??? Yes, I did say such...BEFORE YOU EVEN MENTIONED THEM! Then you offered up these 'golden nuggets': "...kick starts, or DB tweaks..." BOTH of these mean YOUR SERVER(S) ARE NOT SET UP PERIOD! You are SUPPOSED to do all your tweaking BEFORE GOING LIVE! And 'kick start'? Hmmm..I mentioned THAT ONE TOO! Mine is AUTOMATED! See, there is NOTHING you have mentioned that I have not ALREADY MENTIONED AND PROVIDED A SOLUTION FOR. The bottom line is the following: * - They are YOUR servers, you can do what ever you want. Your failure is benefit for me...and others. * - You have been shown thru various ways that your methods are 'antiquated' AT BEST. * - EVERYTHING you mentioned, TO ME, is NOTHING BUT AN EXCUSE! Because, I think EVERY ONE OF THEM, I addressed BEFORE YOU DID! And I said you can do it this way or that way...etc. * - You have not asked for any info on how to IMPROVE things, rather, you INSIST on sticking to 'doing business the old way', which IS YOUR RIGHT. Or saying it in another way, you have DEFENDED 'your way' as being 'the best', though THOUSANDS of professionals who know more than us, say OTHERWISE. * - Explain how I NEVER touch my server, BUT YOU HAVE TO! And your ways DO NOT NEED TO BE UPDATED/CHANGED?!?!?! Really??? Hmmm..I think they DO! * - While I may not be the 'best' at this and I do NOT claim to be, I do KNOW, that my ways ARE BETTER THAN YOURS! There is no shame in this, I KNOW you would put other people to shame as well! Be WISE and LEARN from me as well as from the info I have provided. If I can sit here and say I NEVER have to touch my server, why are you not saying 'I want that too!'? I know one reason why. Is it true in YOUR case? As I do not know you well, I can not say. ONE reason people act this way is because it is a CONTROL ISSUE. "I MUST MICROMANAGE EVERYTHING!" - So says the control freak! "...Micromanaging is one of the most damaging habits an executive can have. Teams get bogged down going through laborious procedures, and worse is the environment it generates..." - FORBES Mag. 6 Big Dangers Of Micromanagement * - And perhaps the MOST important item; EVERYTHING I STATED IS 100% FACTUAL. There should be NO DISCUSSION on ANYTHING if you TRULY wish to 'be your best and BE THE BEST you can be'. As I am a Christian, I shall leave you with some words of wisdom from King Solomon, who has been deemed the wisest man to ever walk the earth; by Godly people as well as UNGODLY people: Proverbs 1:25-26 And you neglected all my counsel And did not want my reproof; I will also laugh at your calamity; I will mock when your dread comes, Proverbs 12:15The way of fools seems right to them, but the wise listen to advice. I am not 'angry' or anything, for it is YOU who will pay the price in the end, not I! So once again, good luck to you and the transfers! And I do truly mean that too! Share this post Link to post Share on other sites
kuplion 1785 Report post Posted May 22 Well I think that well and truly killed this thread so I'm going to lock it now before it inevitably explodes.. 1 Share this post Link to post Share on other sites