Keycloak, most likely. We have experience with it.
Fastmail’s calendar invitation support is solid in my experience. And they support access via standard protocols. That is very quickly disappearing with Microsoft 365.
We never used Teams. Once we had the option to switch to non-Teams 365 licenses we did that almost immediately. We used to use Slack, but saw the writing on the wall when Salesforce acquired it, moved to Mattermost in Kubernetes, then Mattermost Cloud’s paid tier when it launched. When Mattermost evicted non-enterprise licenses from their cloud service we never replaced it. Turns out, we don’t really need an internal chat/conferencing app. We’re a few guys within a half hour of each other. If we need to, we hop on a call, send an email, or send a text to schedule a in-person meeting.
- Responsible for .nz tld are staffed by 4 technical employees doing 24x7 on call support
- Engagement surveys captured staff feeling fatigued and under resources at entire org level
- Hard to hire for roles due to specialisation
- Team moving away from BAU work to projects
- Issues raised by external partner but team had other immediate work pressures
- Had to contact ex-employee that use to worked there to help resolve
- Once a year critical take just done by one team member
- Many IT operations tasks have sufficient external dependencies that it is impossible to tell – for certain that the task will be successful in production without doing the task in the production environment. - We've all been there.
Sounds like InternetNZ should actually outsource all of this to an external party and just focus on governance work.
> - Engagement surveys captured staff feeling fatigued and under resources at entire org level
This smells like an organizational failure. First, the survey doesn't tell if the tech staff suffered fatigue, because it was organization-wide. Second, the Executive Leadership Team has 5 people. Just the executive leadership. The Council itself has 9 members. I shudder to think how many (indirect) managers the 4 tech staff has to report to. Third, if there is a problem in your organization, you won't find it with a bloody survey. Those just exist to satisfy KPIs. Fourth, if there is a problem in a small team, that is fairly easy to locate. but if their manager doesn't know, or can't change it, something is wrong in the organization. Fifth, if there is a problem in a critical team, the organization as a whole has failed.
This won't be solved by outsourcing. If anything, placing critical employees at a distance creates more problems than it solves.
Agreed. Over the past few years I've encountered more and more organisations with a ratio of management:developer/designer of >1, ie for every developer or designer, there is more than 1 "manager" (PM, EM, etc) involved. These organisations tend to have appalling velocity and very low developer morale.
Conversely some of the most efficient organisations I've seen have virtually no "management". Usually a lead developer who still works on the product managing tickets, taking requirements from a CEO or similar. These teams can deliver a mind boggling amount of work in comparison.
Good summary! Not sure about that conclusion. I don't imagine there are roving bands of these specialized DNS network architects to whom you can magically outsource the operations.
The whole thing just strikes me as the continued under-valuing of this kind of maintenance work. It's not glamorous, you often work for a government/non-profit that pays less, on-call is brutal, and the chronic short-staffing is a pain multiplier. Not exactly the best foundation for an entire country's internet infrastructure to sit atop.
> This DNSSEC Practice Statement (“DPS”) is a statement of security practices and provisions made by the Canadian Internet Registration Authority (CIRA). These practices and provisions are applied in conjunction with DNS Security Extensions (DNSSEC) in the Canadian country-code Top Level Domain (ccTLD), .CA.
> This DPS conforms to the template included in RFC 6841 . The approach described here is modelled closely on the corresponding procedures published in a corresponding DNSSEC Policy and Practice Statement published by .SE (The Internet Infrastructure Foundation) for the Swedish top-level domain, whose pioneering work in DNSSEC deployment is acknowledged.
To provide a means for stakeholders to evaluate the strength and
security of the DNSSEC chain of trust, an entity operating a DNSSEC-
enabled zone may publish a DNSSEC Practice Statement (DPS),
comprising statements describing critical security controls and
procedures relevant for scrutinizing the trustworthiness of the
system. The DPS may also identify any of the DNSSEC Policies (DPs)
it supports, explaining how it meets their requirements.
Google really annoyed early adopters of Google Apps (now workspace) with the legacy to paid migration, then oh no you don't have to pay here's 300 free user licences nonsense.
I can totally see how CIOs and other tech savvy leaders in business really look at anything they use Google related and wonder to themselves if it might be wise to look at alternatives.
I agree with lot of comments in that Twitter thread.
Support is very poor, rackspace level at the moment.
CloudFlare will be abused even more. It’s IP ranges blocked and that will be the only enterprise difference- premium IP pool.