Expiring entities
How many times has a service that you look after gone down unexpectedly because a certificate has expired? More than once I'd imagine.
There are all kinds of certs that expire: TLS certs for web encryption, root certificates, SSO certificates, bank certificates.
It's not just certs that expire. User logins to systems often have a start and end date, but the end dates are set way into the future. One day, you're going to find you've worked at a place too long, and that date that was set eons ago has crept up on you out of the blue and bitten you on the arse.
You need your central monitoring system to have a record of these dates and it should raise an incident with a high enough priority to get noticed whenever the expiry date is near. A dashboard to keep track of everything on file wouldn't go amiss either. It'll be hard work trying to find every expiring entity on every system and you will miss some. You'll find them when they expire though and one of the first wash-up activities on your list will be to add the replacement to your monitoring.
I'll talk about Service Acceptance Criteria in a later post but when onboarding a new service, however trivial it may seem at the time, always check for certs, end-dates and anything else that might expire and make your service unusable. That service might become very popular and could stick around for a long time - longer than you expected - and you might too!
- Previous: Alternative theory of constraints
- Next: Security at work
