ACME Enterprises IT Infrastructure Assessment



Similar documents
Active Directory Infrastructure Design Document

MCSE SYLLABUS. Exam : Managing and Maintaining a Microsoft Windows Server 2003:

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

MSP Service Matrix. Servers

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Support Guide Comprehensive Hosting at Nuvolat Datacenter

WHITEPAPER. One Cloud For All Your Critical Business Applications.

City of Coral Gables

Hosted SharePoint: Questions every provider should answer

Kaseya IT Automation Framework

MCSA Objectives. Exam : TS:Exchange Server 2007, Configuring

Interact Intranet Version 7. Technical Requirements. August Interact

MCSA/MCITP: Enterprise Windows Server 2008 Course 9952; 14 Days, Instructor-led

MANAGED SERVICES. Remote Monitoring. Contact US: millenniuminc.com

IT Assessment Report. Prepared by: Date: BRI Works East Main Street, Suite 200 Charlottesville VA

Planning and Administering Windows Server 2008 Servers

Small Business Server Part 2

Seagate NAS OS 4 Reviewers Guide: NAS / NAS Pro / Business Storage Rackmounts

Backup Exec System Recovery Management Solution 2010 FAQ

IT Discovery / Assessment Report Conducted on: DATE (MM/DD/YYY) HERE On-site Discovery By: AOS ENGINEER NAME Assessment Document By: AOS ENGINEER NAME

6445A - Implementing and Administering Windows Small Business Server 2008

NIS s Cloud Server is an enterprise-grade cloud application infrastructure designed specifically for small and mediumsized

How to Configure an Initial Installation of the VMware ESXi Hypervisor

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

PavelComm s Pro-Tech Lite Fact Sheet

Course Venue :- Lab 302, IT Dept., Govt. Polytechnic Mumbai, Bandra (E)

Restricted Document. Pulsant Technical Specification

You need to recommend a monitoring solution to ensure that an administrator can review the availability information of Service1. What should you do?

CITRIX 1Y0-A14 EXAM QUESTIONS & ANSWERS

Upper Perkiomen School District

Thinspace deskcloud. Quick Start Guide

How To Audit Health And Care Professions Council Security Arrangements

Managing and Maintaining Windows Server 2008 Servers (6430) Course length: 5 days

CLOUD SERVICE SCHEDULE

Meraki MX50 Hardware Installation Guide

Planning and Administering Windows Server 2008 Servers

Efficient and easy-to-use network access control and dynamic vlan management. Date: F r e e N A C. n e t Swisscom

SharePoint 2013 on Windows Azure Infrastructure David Aiken & Dan Wesley Version 1.0

Network Computing Architects Inc. (NCA) Network Operations Center (NOC) Services

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Table of Contents. CSC CloudCompute Service Description Summary CSC 1

The 5 Most Commonly Used Disaster Recovery Process

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

FUNCTIONAL OVERVIEW

Backup Exec Private Cloud Services. Planning and Deployment Guide

SMALL BUSINESS OUTSOURCING

Vmware VSphere 6.0 Private Cloud Administration

Mobile Admin Architecture

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

How To Understand Your Potential Customer Opportunity Profile (Cop) From A Profit Share To A Profit Profit (For A Profit)

Guardian365. Managed IT Support Services Suite

MCSE Objectives. Exam : TS:Exchange Server 2007, Configuring

Chapter 15: Advanced Networks

Using Cisco UC320W with Windows Small Business Server

MICROSOFT CERTIFIED SYSTEMS ENGINEER Windows 2003 Track

Advanced Diploma In Hardware, Networking & Server Configuration

VMware vsphere-6.0 Administration Training

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

Storage Sync for Hyper-V. Installation Guide for Microsoft Hyper-V

Information Technology Solutions. Managed IT Services

Installing and Using the vnios Trial

Information Technology Services

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

SmartFiler Backup Appliance User Guide 2.0

PROJECT SUMMARY ROWAN UNIVERSITY REQUIREMENTS

CVE-401/CVA-500 FastTrack

REQUEST FOR PROPOSALS INFORMATION TECHNOLOGY SUPPORT SERVICES. Bid Packets are Due:

MCITP MCITP: Enterprise Administrator on Windows Server 2008 (5 Modules)

CHOOSING A RACKSPACE HOSTING PLATFORM

Client Server Networks

WhatsUpGold. v3.0. WhatsConnected User Guide

Citrix Training. Course: Citrix Training. Duration: 40 hours. Mode of Training: Classroom (Instructor-Led)

NET ACCESS VOICE PRIVATE CLOUD

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

PHD Virtual Backup for Hyper-V

ManageEngine Desktop Central Training

VMware vsphere 5.1 Advanced Administration

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

13 Courses Quick Guide

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE AUSTRALIA

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

REDCENTRIC MANAGED SERVER SERVICE DEFINITION

Prepared For: Sample Customer Prepared by: Matt Klaus, GFI Digital Inc.

Audit4 Installation Requirements

Network Configuration Settings

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

How To Use A Vmware View For A Patient Care System

70-685: Enterprise Desktop Support Technician

Xerox Mobile Print Cloud

Request for Information (RFI) for Managed Hosting Service

Bridging the gap between local IT and Cloud services, keeping you in control

1.0 Purpose of Solicitation

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

System Requirements and Server Configuration

Transcription:

Prepared for ACME Enterprises March 25, 2014

Table of Contents Executive Summary...2 Introduction...2 Background...2 Scope of IT Assessment...2 Findings...2 Detailed Findings for Key Areas Reviewed...3 Network...3 Phone System...3 Circuits...4 Servers...4 Storage...5 Backup & Recovery...5 Endpoint Security...5 Administration...6 Key Areas Needing Further Review...7 Storage...7 License & Maintenance...7 Server / Endpoint Security...7 Network / Perimeter Security...7 Wireless...7 Level of Effort...7 Recommended Outsourced Actions & Estimates...8 High Risk / Immediate Needs...8 Medium Risk...8 Low Risk...9 Recommended In-House Actions... 10 1

Executive Summary Introduction An initial IT Assessment of ACME Enterprises (ACME) Infrastructure was performed 1/10/2014 1/18/2014. During this time, held meetings with the ACME S management team and performed an onsite as well as remote review of all IT infrastructure documented, discovered and accessible. We appreciate all of the assistance provided by the ACME team during the course of this assessment. As of this writing, the assessment is not 100% complete; however, we feel that we have identified a majority of the underpinning issues that present risks to ACME S business. Background The ACME IT environment is a Windows-based network operating Active Directory under Windows Server 2008 R2. While operating under one domain, the network is split into two Segments / VLANs (Date and Voice), with physical separation and redundancy between the Servers, Desktop and Phones. The environment has been partially virtualized, through VMware, reducing its server footprint. The main server room is based at 1 Marion St., Camden, SC in a secure area of the main building. Two satellite locations are at 2 Richland Ave., Kershaw, SC and 5 King St., Charleston, SC. An additional satellite location is expected to be at 22 Sumter St., Aiken, SC. The Cisco ASA firewall configuration, alongside Symantec Endpoint Protection, provides two layers of protection from external attack. Scope of IT Assessment The objectives of this IT Assessment were to evaluate the infrastructure to identify and document business risks associated with fundamental design and current architecture. Excluded from this audit were review of policies, routine management activities and performance metrics. Findings While ACME desires to have an Enterprise-level environment, adequate resources and priorities have not been placed in several areas that as a result expose its business to significant risks. Details are provided in the next section. 2

Detailed Findings for Key Areas Reviewed Network There are three (3) Internet connections Administrator did not fully understand the configuration: 4.632 Mbps (3 x 1.544 bonded circuits) Data 1.544 Mbps Voice, which was intended to be a backup circuit 1.544 Mbps Legacy and not in-use Site-to-site VPN s are not functioning. While remote firewalls have been reconfigured with the correct IP Address, one or more routing issues must be corrected. ACME1 firewall configuration needs to be cleaned up to remove old configuration items. Remote firewalls had no passwords and were accessible from the Internet => REMEDIATED Network consists of three (3) different switch types. IP Addressing, Name Resolution Services and Configuration present stability issues, as noted by the following: DNS was having issues the morning of 1/15/14 Services were restored after a stop / start of the DNS services on the Domain Controller and restart the EarthLink voice router. The DNS server is utilizing the Backup (Voice) Internet connection as its default gateway. The DNS server s default gateway should be the Primary (Data) Internet connection. DHCP services were intermittent through the day 1/15/14 Stop/start of the service restored services. Cable Plant jacks were not labeled, which makes troubleshooting port connectivity difficult Correction requires unplugging every cable to either tone them out or see where they plug into a switch. The current Internet bandwidth is insufficient for the present number of users utilizing Cloud Services (O365 Exchange Messaging & SharePoint). Phone System The current phone system (Cisco UC560) was announced End of Life EOL on 7/22/2013. Refer to: http://www.cisco.com/en/us/prod/collateral/voicesw/ps6788/vcallcon/ps7293/end_of_life_notice_ c51-729017_ps7293_products_end-of-life_notice.html 3

Phone System was experiencing a one-way audio problem on 1/15/14 Resolution was EarthLink configuration change. Phone System inter-site 4-digit dial does not work This is a VPN issue. Circuits Gathered all contracts and reviewed to determine options. Options will be presented outside the scope of this document. Servers Domain Controller is: Experiencing intermittent authentication issues. Connectivity issues started on or around 12/7/13. A single point of failure for Active Directory (AD) and the environment as a whole due to interdependencies. The oldest server in the environment housing the most critical infrastructure services: o DNS (Domain Name Services) o DHCP (Dynamic Host Control Protocol) o Security Directory and Access Management (AD) Almost out of disk space If this server runs out of space, no one will be able to login. Has indexing is turned on, which slows server down Has anti-virus is disabled Slow to search the Active Directory Management console. Clean up is required. Is hosting legacy applications. Initial review shows Microsoft SQL 2005 may be removed. vcenter can be virtualized, so that the physical server can be decommissioned. If this action is performed, an upgrade to the VMware license is absolutely necessary to ensure high-availability of this server. Printer Server is a physical server with no other applications on it. Virtual environment is: Host 1 Usage: CPU <= 20% / Memory = 45% Host 2 Usage: CPU <= 20% / Memory = 22% Has a configuration where VM s are not equally distributed Housing 14 servers, of which only seven (7) servers are running. The following old VM s can be deleted to free up storage space: o Lync Server (ACME-221-Lync) 128GB o Exchange Server (ACME-221-EX01) 88GB Licensed at the Essential level, which does not allow for Dynamic Resource Scheduling. This means that a manual process is required to move virtual machines between hosts. 4

Experiencing some Service Status display issues Not retaining logs long enough. Only two (2) days were available. Storage HP AIO 393GB of disk space is available. Home Directories has a number of old users that can be deleted to free up space. Dell MD Storage: Showing some potential performance issues within the VMware console Storage I/O (input/output) errors. Unable to open Storage Manager (Dashboard) due to an unknown application error, which prevents a review of storage. Backup & Recovery Backup Server is running Not for Resale software. The current version is Backup Exec 2010 R3, which was release in 2011. It is missing valuable features available in later releases of 2012. Backup Policies do not appear to be backing up the entire environment. The following are configured, which completely ignores most of the VMware environment: Domain Controller HP AIO vcenter Server SCVMM Server Backups have been failing since 11/15/2013. It appears that a USB Hard drive is not connected, nor the portable Thecus NAS. There has not been a successful backup within the past 60 days. Backup server has been virtualized. Consideration should be made to move back to a physical dedicated server. Configured Recovery Point Objective (RPO) = four (4) weeks Configured Recovery Time Objective (RTO) = one (1) day Endpoint Security Symantec Endpoint Protection (SEP) Some clients are managed and some not. SEP Manager (Administration Console) was unable to be reviewed due to Administrator not knowing login credentials. 5

Administration Documentation not received before onsite visit. Onsite visit shows that it has not been updated since the move. Server Monitoring & Alerting are not in place Server & Desktop Patch Management are not in place User Training needs to be addressed. Examples from onsite: User complained the printer was not working because it was in sleep mode. User complained they could not open documents from SharePoint because of the O365 Web Apps. Service Desk is not being used: While onsite, there were drive-bys all day long. This prevents SLA Management. Passwords: No password safe is being used as a central repository and the Administrator does not seem to have all of the passwords. Need to be changed, due to Administrators leaving Administrator is not qualified to independently manage the entire environment. 6

Key Areas Needing Further Review Storage I/O Errors Dashboard Application Error License & Maintenance IT Assets Report from QuickBooks Support Agreements Server / Endpoint Security Review of Endpoint Security Policies Deeper review of Virtual infrastructure and OS configurations Network / Perimeter Security Review of Switch Configurations Review of Firewall Configurations Wireless Site Survey for Coverage Level of Effort 8 hours 7

Recommended Outsourced Actions & Estimates This section is intended to detail the items that ACME is not able to remediate with its current staff. High Risk / Immediate Needs Reconfigure the Internet Routing to allow Site-to-Site VPN services and Internet failover services. Expected effort = 4-8 hours Establish Site-to-Site VPN s. Expected effort = 1-2 hours Move Domain Controller services to VMware environment One DC per Host Expected effort = 8-12 hours Perform a more in-depth look at the VMware environment and Storage (I/O errors) Expected effort = 4-12 hours Medium Risk Increase firewall security and upgrade firewall code at ACME1 firewall. Expected effort = 4 hours Implement Microsoft WSUS for Microsoft Updates Expected effort = 8-16 hours May require working with all endpoints. Audit Symantec Endpoint Protection Server Work to have all clients managed and policies updated to align with business requirements. Expected effort = 8-16 hours May require working with all endpoints. Upgrade the VMware environment licensing to Enterprise 5.1, preferably Enterprise Plus and configure High Availability (HA) and Dynamic Resource Scheduling (DRS). Expected effort = 8-16 hours May require working with all endpoints. 8

Low Risk Configure ADFS to connect with Office 365 to enable Single Sign-on Expected effort = 8-16 hours Virtualize Print Server and Decommission HP DL365 Server Expected effort = 2-4 hours Implement Server Monitoring and Management Suggest implementing from s environment to reduce level of effort. Expected effort = 8-16 hours Implement Patch Management Suggest implementing from s environment to reduce level of effort. Expected effort = 8-16 hours 9

Recommended In-House Actions This section is intended to outline the areas that ACME is capable of handling in-house. Solicit SharePoint User Needs, Determine Training and Roll out Confirm Static IP Addresses at all remote locations Contract is unclear Gather all Active License Agreements Specifically need the Manufacturer, Product Versions, Purchase Dates and License Keys. needs these items to perform a licensing and support audit. Spot check the IT Hardware Asset Inventory within Wasp Add the IT Software Inventory to Wasp Label all Network Drops Update Documentation o Network Diagrams o Rack Layouts o IP Addressing List o Server Application Usage o Administrative Password Vault Define Log Retention Requirements Define Data Protection RTO and RPO **** End of Document **** 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information