Every now and then (most likely during a FIM Health check at a customer) the same type of discussion gets back on the table again….
It always links back to the massive amount of time and budget cost to copy the development environment to start a production environment.
Oh sorry, it’s the other way around (or not)… 😉
A while ago I got the links below, forwarded by one of my colleagues in security.
My side note to the stuff below:
– FIM Hotfixes DO have an impact on key FIM components, like FIM application, FIM databases hosted on SQL. So be prepared: PLEASE DO run the tests on a DEV/TEST environments, with a similar security setup as production.
– Make sure you have a backup of all critical FIM components. I see to many FIM customers that think a FIM Server snapshot and a FIM DB SQL Backup is enough. IT IS NOT. Don’t forget about single component backup FIM Service and FIM Sync server configuration export, MA config backup , MV config backup, config file export, client software backup and more…
– Carefully test your FIM setup. Gradually, step-by-step, BEFORE you even think “PRODUCTION BIG BANG”.
Dev and Test Domains do not belong in your Production forest!
Source and credits: http://blog.joeware.net/2013/02/20/2674/
Quote: “/../ If you do not have a formal Dev/Test environment, meaning an entirely separate forest or forests, then in actuality, you have no production environment regardless of what you want to call it – you only have a lab environment and well, don’t expect production availability and stability out of a test/lab environment.
For those in the know, they realize I am paraphrasing something said by one of the father’s of Active Directory – Mr. AD – Don Hacherl on the ActiveDir Org list (Friday, February 20, 2009 4:08 PM) /../”
Link to quote of Don Hacherl, see below.
Highly Available Active Directory
Source and credits: http://blog.joeware.net/2009/03/11/1623/
Quote to remember: “We are, I believe, all humans, humans make mistakes, failure to take that into account in the first place is just one more failure to add onto the list of items you are reviewing when performing the failure analysis. These types of mistakes made to the directory will quickly (you wanted low convergence times right?) replicate around your entire domain/forest. You accidently delete all users in an OU and soon they will be gone from all DCs.Good updates going bad… I think many of us, especially those of us have been in this business a long while, have seen this happen. Something worked great in the lab and out in production something goes left instead of right and you are standing there going WTF? And those without a production environment at all… Well they really are likely to have an issue. What do I mean when I say you don’t have a production environment???/../”
“From: ActiveDiremail@example.com [mailto:ActiveDirfirstname.lastname@example.org] On Behalf Of Don Hacherl
Sent: Friday, February 20, 2009 4:08 PM
Subject: RE: [ActiveDir] Newbie QuestionI have to make a comment here, as I’ve heard this too many times. You do, in fact, have a lab environment. What you do not have is a production environment.DonH”
Allow me to post another quote of the century from the same thread, by my well respected friend Jorge de Almeida Pinto.
Don’t know if he likes quoting:
“Sorry, but not having a test environment and not making time for it is BS. “
Rest my case.
(*) Using my blog once again as an external memory assistant.