IT infrastructure of one state budget educational organization
Hello!
The main purpose of the article is to highlight the issue of the development of the IT infrastructure of one state budget educational organization in the context of budget constraints.
1. share experiences;
2. If possible, get feedback and recommendations.
It's no secret that the driving force for IT development in an organization can be:
A) IT department (or its representatives).
B) business (or its representatives).
')
In any of the two extreme positions - this is bad! The decision to be somewhere in the middle. At the intersection of business and IT representatives - those who make money and those who create the conditions so that you can make money comfortably, safely, securely, steadily, a lot, etc.
To solve any problem it is necessary to take the first step - to recognize its existence (problems). Then systematically do the following:
A) describe it, understand the reasons;
B) set tasks to eliminate the causes and prevent them in the future;
C) to solve tasks and monitor, monitor the state, keeping it in a stable position.
This is all thelyrics theory. We proceed to practice.
The IT problem is a lack of understanding by the IT department, what the business needs right now and what it will need, as well as the lack of priorities in what it is.
The first step is done!
Further reasons:
1. Complete lack of understanding of the IT infrastructure model, development strategy, work rules, work plans;
2. There is no interest in development (there is no incentive) for the entire IT department;
3. There is no understanding of how IT can help a business in its issues (the work is carried out mainly on request, there is no work plan and preventive measures).
Go ahead!
Solutions:
1. To collect information about the IT infrastructure (all its quantitative and qualitative characteristics). Describe the model: network diagrams, addressing tables, equipment distribution and placement, software license lists and where it is installed. Which of the employees, with what he works and what he really needs. All this in electronic circuits and / or on paper, but so that everyone in the IT department would see and take part. Far from the last questions will be “bottlenecks” that will come out as IT risks!
2. To interest the IT department (well, here is the classic “carrot and stick”):
3. To study the main issues of the business:
4. Based on their situations, gradually apply and implement solutions and technologies, not forgetting to report to management on the set and solved tasks (and most importantly on the advantages of solving these tasks for a business).
Take the last step and “step on”!
There are also a lot of letters and points here, as the control needs to be applied in several directions: IT infrastructure, department employees, risks:
1. Implement monitoring of what is critical or a bottleneck (with an eye to monitoring the entire infrastructure).
2. Introduce specific indicators of the quality of work of the IT department (qualitative and / or quantitative). Here a little more:
3. Set priorities for IT development based on the risks and features of the business (all information has already been collected).
4. And the most important thing again: to report to the management about the tasks posed and solved (this is the task of the head of the department)! If the management does not see what you are doing (and you do not sleep at night, develop, optimize), it will consider that you are not doing anything ... The department staff reports to the IT department head, the head reports to the OU leadership. It is important to understand here - the report is not the goal itself, i.e. The job for the report is the time spent on unnecessary paper. The report of the employees should show their level of work, involvement, initiative and benefit, and implies an assessment of the work of the manager, i.e. interest in the work performed.
Are you still here ?! Then we continue ...
The peculiarities of state educational organizations include:
1. Composition and characteristics of users:
There are only two types of users - students and staff.
Students (~ 2,200 people), in turn, can be divided into two types (although in practice they are just students, but still): students of IT specialties, and all the rest.
Employees (~ 150 people) are distinguished as - teachers and administrative staff.
Each user subtype is separately assessed in terms of the hidden threat to IT, the necessary access rights and work places.
2. Employee Activities:
Administrative: tied to the workplace (movements are not frequent), there is a strict set of software and equipment necessary for work (nothing ordinary).
Teaching: the teacher moves from the audience to the audience, works with the main office software and specialized (depending on the discipline taught). Office package standard, specialized software may vary in different offices. Access to educational materials from all PCs in the organization (for students to read). Access to USB modems is blocked.
3. Students (as without them): the activity is aimed at training (measures are needed to adapt to safe and isolated work). Network folders are separate for each office with access for students to write (so that the files do not roam between classrooms), reading materials are only for reading. Access to USB-drives and USB-modems is blocked.
4. A large number of equipment involved in the educational process: in the ratio of 4: 1. Thus it is necessary to control the head. laboratories (so that they would monitor the condition and warn in time about the problems and malfunctions seen). In addition to standard training PCs, there are also non-standard ones: servers on eComstation (OS / 2) with training software, training PCs with virtual machines (for IT specialties).
5. Features of software licensing. Many software developers have educational discounts and academic licensing programs, for example:
6. The staff of the IT department: 7 people (including the head) 3 of them are not full-time in the IT department, there are no technical specialists in the branches:
7. Organization of the system of technical user support: internal telephone of the IT department, mobile telephone of the IT department, instant messaging system, personal telephone of the head of the department, personal telephone of the department staff.
8. The area of ​​responsibility of the IT department additionally includes: video surveillance systems, access control and management systems, the telephone network of the organization.
9. Business interests (if you can call it that):
10. Financing: financing is divided into two types: regional (municipal), i.e. budget funds and own funds (extrabudgetary). In addition, the state allocates money for various “targeted programs” - this is also public money, but they are spent under strong control, with mandatory checks and reports. Experience shows that:
As a way out of the situation (with a limited budget): to spend% on top of any expenditure (invoice for IT). Those. When buying a PC, it is not necessary to buy an OEM OS license (for a large organization, OEM is hell), but it’s worth considering whether to include it in the general network. This option is no longer called a PC, but an AWP and may include: a PC, peripherals, and the necessary equipment for connecting to the network.
When acquiring licenses (if necessary), it is better to buy with a planned “reserve” (after assessing the entire infrastructure, and monitoring the situation for one to two years, the picture usually becomes clearer as far as is necessary to plan).
When purchasing equipment, it is also planned with a margin: if the area of ​​the room and the building allows supplying a huge amount of network equipment and expanding (and we are planning to expand), it will become more - take a switchboard with a supply of ports. If there is an opportunity to take a reserve (which is not) - we take, it will not be superfluous (called an unloaded reserve)!
Infrastructure:
- computers - 500
- iron servers - 6
- controlled switching equipment (of which wireless equipment) - 9 (1)
- multiple copying equipment (printers, multifunction printers, plotters, etc.) -110
Number of subscribers of the internal telephone network: - 14
City telephone numbers (without branches) - 10
Number of branches - 4
Number of buildings - 3
Internet connection: 30 Mbit / s (main) and 5 Mbit / s (backup)
Historically formed physically separate local area network in accounting, with independent access to the Internet. Please do not ask why you did not include them in the general network. It works stably - let it still work, of course, there are network changes in the plans.
There is another feature: the personnel department connects to the network used in VPN accounting, then goes to the server via RDP and then it works. It uses such pribluda - SoftEther VPN (http://habrahabr.ru/post/208782/). Crutches have their drawbacks: after connecting to your work PC, network resources disappear, there is no access to the Internet.
Affiliate Connections - Renting a VPN Channel
Distributed network with dedicated servers. The network includes about 92% of all PCs. The network is delimited by VLANs. Until full SCS has not yet grown.
Historically, the dedicated server room (there is used and there is planned, now used) is located in the second educational building, where there are almost no administrative PCs and the total number of PCs is 4 times (!!!) less than in the main building. However, it is there that both channels of the Internet come to. The main body is connected with the second optics. There are no servers in the main building. Those. in the event of a break or lack of light there - we sit without a net at all and without everything! It happened so because (no joking):
1. To be a remote technology department.
2. There is a room of 4 sq.m.
3. There was no one to think about infrastructure in general.
Software: there is a large list of licensed software, but since accounting and updating have not previously been conducted, the step of standardizing and legalizing the necessary software has not yet been completed.
1. Email service: Yandex mail for domain (4)
Administrators register / restore and block accounts, Yandex does the rest (for which many thanks to them!).
2. Server operating systems:
2.1. Windows Server 2003 SP2 Standard
2.2. Windows Server 2008 R2 Standard
2.3. CentOS
2.4. Ubuntu server
Different tasks are solved on different platforms. Something is virtualized, something is still on the hardware, but the services and roles are as follows: AD (if possible, everything is logged in with authorization through it), DNS, DHCP, WDS, file server (DFS with network folder masks), Moodle, OS site , accounting software, KCS (6).
3. Desktop operating systems:
3.1. Windows XP Professional SP3
3.2. Windows 7 Professional SP1
Everything is actively set up and entered into the domain.
4. OS Backup and Restore: Acronis Backup for Windows Server + Linux Solutions
5. Organization and control of Internet access: Traffic Inspector
6. Anti-Virus to protect users: Kaspersky for Windows Workstation (6 MP4 are currently used)
7. Remote administration and remote PC support:
7.1. RAdmin (administrative)
7.2. Thight VNC (training)
8. Setting and recording the tasks of the IT department: Bitrix24 (free web solution) (6)
9. Software and maintenance inventory: Friendly Pinger (7)
10. Monitoring network and server infrastructure: Zabbix
11. Server Virtualization: Proxmox VE
12. Student knowledge testing system: Moodle + special template for test import (8)
13. Corporate messaging system:
13.1. Openfire Server
13.2. Clients - Pandion (NTLM authentication, but no mailings), Spark (there is a mailing list)
A short list of what is done
1. The software inventory has been completed (all distributions are collected in one place, the list of what is, what should be) is verified, the workplaces are brought in line with the list.
2. Hardware inventory has been completed (including branch offices)
The inventory list shows the location of all equipment, is maintained up to date. The list with the quantitative characteristics of the laboratories (by floors, buildings) has been prepared:
PC count
number of other equipment by type
width, length, height of the room - to calculate the norms SanPin (10)
3. Write-off and disposal of old equipment (about 140 pieces of equipment).
4. A stock of cartridges is organized (i.e., an employee's empty cartridge is replaced immediately, then several empty cartridges are transferred, after they are refilled, they are returned to the reserve).
5. Organized stock of some components (mice, keyboards, power supplies, hard drives), in general, backup arm.
6. Approved regulating the work of the department documents (Regulations on the department), job descriptions revised.
7. In coordination with the management, the following personnel decisions were made:
8. A package of documents on the protection of personal data has been developed and approved - thanks to the information security engineer.
9. A number of laboratories have been networked (including the installation of local networks of the laboratories themselves).
10. Deployed WDS (Windows Deployment Service), the ability to network boot system diagnostics PC.
11. The network equipment of the branches was reconfigured to match the new network topology (branches are not included in the domain).
12. For the first time in 10 years, repairs have been made in the office of the IT department, normal jobs have been organized !!!
13. The premises for the main building’s server room were agreed and allocated (a window opening was laid, a metal door was installed, a room of 9 square meters for two floor cabinets would be enough).
14. The audit of network equipment with the installation of port-device compliance was carried out, the network diagrams were updated.
15. Partially acquired network switching equipment and data storage system.
16. Introduced an instant messaging system.
17. Developed and applied information security policy for administrative and educational PCs.
1. A regulated approach to organizational matters in the IT department (documentation is prepared and processes are described).
2. Putting into operation the main server, with redundant cooling system, fire extinguishing system, backup power source with automatic transfer switch (11).
3. Introduction to the operation of the data storage system (two modular Fujitsu) (12).
4. The inclusion of accounting in a common network (with the transfer of the server accounting in a virtual infrastructure).
5. Complete rebuilding of the network and bringing to the general standards of the SCS. Including the exclusion of intermediate uncontrolled switches in the premises of departments and departments, as well as intermediate switches between these switches and central ones.
6. The inclusion of all PC branches in the local network.
7. Achievement of the 1st new laboratory.
8. Keeping records of refilling cartridges.
9. Full implementation of virtualization (Proxmox).
10. Full legalization of software (including academic programs and using open source software)
11. Centralization of software and maintenance procurement directly through the IT department.
12. Restoration of the performance of two old classes (10 PCs each) for use in terminal mode (without purchasing new equipment).
13. Backup administrative jobs that are not transferred to the terminal mode (it is possible that using Veeam Endpoint Backup FREE) (11)
14. Implementation of helpdesk system, for accepting applications in electronic form (the otrs option with the possibility of NTLM authentication is being considered)
15. Transfer to the terminal mode of operation of part of the administrative staff (who do not need high performance).
16. Introduce “IT education day / IT literacy day” - an annual one-day event for students and teachers, where the IT department and some students and teachers share convenient tools for work that they use, give advice on convenient and proper work. for the PC. To increase the overall level of IT education and awareness.
17. Implementation of hybrid telephony for 40 subscribers (analog + IP).
18. Modernization of video surveillance systems.
19. Connection of the third building to the general network using an optical channel.
In conclusion, I note: the work is interesting and I like it. There is a feeling that under your leadership (before this almost in manual mode), something develops and acquires new, more flexible outlines and a strong support. Prior to this experience, the management of the department was not, now I understand that it is very small, but I will strive to ensure that everything goes well and the development continues. After all, any even a small slowdown or stop in development is an inevitable lag behind competitors. Yes, and the obsolescence of technology and equipment occurs very quickly. Thus, during development, it is necessary to be guided not only by short-term “necessities”, but by a strategic plan (that is, the near future and a little bit further).
The whole stream of thoughts was inspired by work andtwo three posts on Habré times (14) and two (15) and three (16)
Looking at the introduction of the Microsoft System Center in its entirety, is it worth it? The product is very monstrous and expensive. Can anyone share feedback on real work with him? Is it worth it?
1. www.dreamspark.ru . [In the Internet]
2. schools.autodesk.com/login . [In the Internet]
3. www.myarchicad.com . [In the Internet]
4. www.smart-soft.ru/price.asp?product=fstec . [In the Internet]
5. pdd.yandex.ru . [In the Internet]
6. www.kaspersky.ru/security-center . [In the Internet]
7. bitrix24.com. [In the Internet]
8. www.kilievich.com/rus/fpinger . [In the Internet]
9. moodle.org/mod/page/view.php?id=7321 . [In the Internet]
10. www.ohranatruda.ru/ot_biblio/normativ/data_normativ/39/39082 . [In the Internet]
11. en.wikipedia.org/wiki/%D0%90%D0%B2%D1%82%D0%BE%D0%BC%D0%B0%D1%82%D0%B8%D1%87% D0%B5 % D1% 81% D0% BA% D0% B8% D0% B9_% D0% B2% D0% B2% D0% BE% D0% B4_% D1% 80% D0% B5% D0% B7% D0% B5% D1 % 80% D0% B2% D0% B0 . [In the Internet]
12. www.fujitsu.com/ru/products/computing/storage/disk/eternus-dx/dx60/dx60-s2.html . [In the Internet]
13. www.veeam.com/en/endpoint-backup-free.html . [In the Internet]
14. habrahabr.ru/post/102057 . [In the Internet]
15. habrahabr.ru/post/132857 . [In the Internet]
16. habrahabr.ru/post/95980 . [In the Internet]
The main purpose of the article is to highlight the issue of the development of the IT infrastructure of one state budget educational organization in the context of budget constraints.
Purpose of publication
1. share experiences;
2. If possible, get feedback and recommendations.
Introduction
It's no secret that the driving force for IT development in an organization can be:
A) IT department (or its representatives).
B) business (or its representatives).
')
In any of the two extreme positions - this is bad! The decision to be somewhere in the middle. At the intersection of business and IT representatives - those who make money and those who create the conditions so that you can make money comfortably, safely, securely, steadily, a lot, etc.
To solve any problem it is necessary to take the first step - to recognize its existence (problems). Then systematically do the following:
A) describe it, understand the reasons;
B) set tasks to eliminate the causes and prevent them in the future;
C) to solve tasks and monitor, monitor the state, keeping it in a stable position.
This is all the
The IT problem is a lack of understanding by the IT department, what the business needs right now and what it will need, as well as the lack of priorities in what it is.
The first step is done!
Further reasons:
1. Complete lack of understanding of the IT infrastructure model, development strategy, work rules, work plans;
2. There is no interest in development (there is no incentive) for the entire IT department;
3. There is no understanding of how IT can help a business in its issues (the work is carried out mainly on request, there is no work plan and preventive measures).
Go ahead!
Solutions:
1. To collect information about the IT infrastructure (all its quantitative and qualitative characteristics). Describe the model: network diagrams, addressing tables, equipment distribution and placement, software license lists and where it is installed. Which of the employees, with what he works and what he really needs. All this in electronic circuits and / or on paper, but so that everyone in the IT department would see and take part. Far from the last questions will be “bottlenecks” that will come out as IT risks!
2. To interest the IT department (well, here is the classic “carrot and stick”):
- a. fire completely lazy and burnt out, for the rest of the rest;
- b. introduce a system of bonuses and penalties for those who show signs of life and enthusiasm (reprimands, comments, time off, quarterly bonuses, the right to adjust the time for vacation, etc.).
3. To study the main issues of the business:
- a. a meeting with the presence of department heads and a director to get information from the business;
- b. analysis of previously collected information on IT.
4. Based on their situations, gradually apply and implement solutions and technologies, not forgetting to report to management on the set and solved tasks (and most importantly on the advantages of solving these tasks for a business).
Take the last step and “step on”!
There are also a lot of letters and points here, as the control needs to be applied in several directions: IT infrastructure, department employees, risks:
1. Implement monitoring of what is critical or a bottleneck (with an eye to monitoring the entire infrastructure).
2. Introduce specific indicators of the quality of work of the IT department (qualitative and / or quantitative). Here a little more:
- a. Matrix of responsibility indicating replacement for the time of leave / sick leave;
- b. Indicators within the scope of their work front and total: the number of completed requests (the more the better), the number of incidents arising from the failure of the infrastructure (the less the better), the number of completed projects (some large-scale work), completed planning tasks, late arrivals / passes (without good reason).
3. Set priorities for IT development based on the risks and features of the business (all information has already been collected).
4. And the most important thing again: to report to the management about the tasks posed and solved (this is the task of the head of the department)! If the management does not see what you are doing (and you do not sleep at night, develop, optimize), it will consider that you are not doing anything ... The department staff reports to the IT department head, the head reports to the OU leadership. It is important to understand here - the report is not the goal itself, i.e. The job for the report is the time spent on unnecessary paper. The report of the employees should show their level of work, involvement, initiative and benefit, and implies an assessment of the work of the manager, i.e. interest in the work performed.
Description of the subject area (organization)
Are you still here ?! Then we continue ...
The peculiarities of state educational organizations include:
1. Composition and characteristics of users:
There are only two types of users - students and staff.
Students (~ 2,200 people), in turn, can be divided into two types (although in practice they are just students, but still): students of IT specialties, and all the rest.
Employees (~ 150 people) are distinguished as - teachers and administrative staff.
Each user subtype is separately assessed in terms of the hidden threat to IT, the necessary access rights and work places.
2. Employee Activities:
Administrative: tied to the workplace (movements are not frequent), there is a strict set of software and equipment necessary for work (nothing ordinary).
Teaching: the teacher moves from the audience to the audience, works with the main office software and specialized (depending on the discipline taught). Office package standard, specialized software may vary in different offices. Access to educational materials from all PCs in the organization (for students to read). Access to USB modems is blocked.
3. Students (as without them): the activity is aimed at training (measures are needed to adapt to safe and isolated work). Network folders are separate for each office with access for students to write (so that the files do not roam between classrooms), reading materials are only for reading. Access to USB-drives and USB-modems is blocked.
4. A large number of equipment involved in the educational process: in the ratio of 4: 1. Thus it is necessary to control the head. laboratories (so that they would monitor the condition and warn in time about the problems and malfunctions seen). In addition to standard training PCs, there are also non-standard ones: servers on eComstation (OS / 2) with training software, training PCs with virtual machines (for IT specialties).
5. Features of software licensing. Many software developers have educational discounts and academic licensing programs, for example:
- a. Microsoft Dreamspark Premium / Standard (1)
- b. AutoDesk Academic Resource Center (2)
- c. MyArchiCAD (3)
- d. Smart-soft (Traffic Inspector) (4)
- e. etc.
6. The staff of the IT department: 7 people (including the head) 3 of them are not full-time in the IT department, there are no technical specialists in the branches:
- a. system administrators - 2
- b. engineers - 2
- c. technicians - 1
- d. security engineers - 1
7. Organization of the system of technical user support: internal telephone of the IT department, mobile telephone of the IT department, instant messaging system, personal telephone of the head of the department, personal telephone of the department staff.
8. The area of ​​responsibility of the IT department additionally includes: video surveillance systems, access control and management systems, the telephone network of the organization.
9. Business interests (if you can call it that):
- a. Are common
i. Maintenance of the entire fleet of PC and SVT.
ii. Optimizing and reducing the cost of maintaining the work: performing routine maintenance (preventive measures), simplifying maintenance (thus maintaining the same department staff while increasing infrastructure), reducing the risk of data loss and downtime, selecting the optimal configurations and the composition of the purchased equipment , extending the life of old PCs, for example, as terminal clients.
iii. Ensuring information security, including the protection of information from loss, leakage.
iv. Maintain the use of IT in the legal field (compliance with SanPin, Federal Law, etc.). - b. Educational
i. The introduction of modern software demanded for the relevant educational specialties (if possible with the replacement of the ACT).
ii. Consultations of teachers on the use of open source software analogues of commercial software. - c. Administrative
i. Priority support for some administrative processes.
10. Financing: financing is divided into two types: regional (municipal), i.e. budget funds and own funds (extrabudgetary). In addition, the state allocates money for various “targeted programs” - this is also public money, but they are spent under strong control, with mandatory checks and reports. Experience shows that:
- a. budget money is usually spent on utility costs (including telephone and Internet) and not so much.
- b. own - for maintenance (repair, purchase of components for replacement of failed, refilling cartridges), employees' workplaces, with great difficulty are issued for compulsory software (renewal of subscriptions, renewal of licenses for antivirus software), recently with more difficulty on infrastructure upgrades.
- c. target - everything is simple and difficult here: if it fits the target, then “impose more, carry it faster”, if not, then no.
As a way out of the situation (with a limited budget): to spend% on top of any expenditure (invoice for IT). Those. When buying a PC, it is not necessary to buy an OEM OS license (for a large organization, OEM is hell), but it’s worth considering whether to include it in the general network. This option is no longer called a PC, but an AWP and may include: a PC, peripherals, and the necessary equipment for connecting to the network.
When acquiring licenses (if necessary), it is better to buy with a planned “reserve” (after assessing the entire infrastructure, and monitoring the situation for one to two years, the picture usually becomes clearer as far as is necessary to plan).
When purchasing equipment, it is also planned with a margin: if the area of ​​the room and the building allows supplying a huge amount of network equipment and expanding (and we are planning to expand), it will become more - take a switchboard with a supply of ports. If there is an opportunity to take a reserve (which is not) - we take, it will not be superfluous (called an unloaded reserve)!
Description of the organization's infrastructure
Infrastructure:
- computers - 500
- iron servers - 6
- controlled switching equipment (of which wireless equipment) - 9 (1)
- multiple copying equipment (printers, multifunction printers, plotters, etc.) -110
Number of subscribers of the internal telephone network: - 14
City telephone numbers (without branches) - 10
Number of branches - 4
Number of buildings - 3
Internet connection: 30 Mbit / s (main) and 5 Mbit / s (backup)
Historically formed physically separate local area network in accounting, with independent access to the Internet. Please do not ask why you did not include them in the general network. It works stably - let it still work, of course, there are network changes in the plans.
There is another feature: the personnel department connects to the network used in VPN accounting, then goes to the server via RDP and then it works. It uses such pribluda - SoftEther VPN (http://habrahabr.ru/post/208782/). Crutches have their drawbacks: after connecting to your work PC, network resources disappear, there is no access to the Internet.
Affiliate Connections - Renting a VPN Channel
Distributed network with dedicated servers. The network includes about 92% of all PCs. The network is delimited by VLANs. Until full SCS has not yet grown.
Historically, the dedicated server room (there is used and there is planned, now used) is located in the second educational building, where there are almost no administrative PCs and the total number of PCs is 4 times (!!!) less than in the main building. However, it is there that both channels of the Internet come to. The main body is connected with the second optics. There are no servers in the main building. Those. in the event of a break or lack of light there - we sit without a net at all and without everything! It happened so because (no joking):
1. To be a remote technology department.
2. There is a room of 4 sq.m.
3. There was no one to think about infrastructure in general.
Software: there is a large list of licensed software, but since accounting and updating have not previously been conducted, the step of standardizing and legalizing the necessary software has not yet been completed.
Main directions
1. Email service: Yandex mail for domain (4)
Administrators register / restore and block accounts, Yandex does the rest (for which many thanks to them!).
2. Server operating systems:
2.1. Windows Server 2003 SP2 Standard
2.2. Windows Server 2008 R2 Standard
2.3. CentOS
2.4. Ubuntu server
Different tasks are solved on different platforms. Something is virtualized, something is still on the hardware, but the services and roles are as follows: AD (if possible, everything is logged in with authorization through it), DNS, DHCP, WDS, file server (DFS with network folder masks), Moodle, OS site , accounting software, KCS (6).
3. Desktop operating systems:
3.1. Windows XP Professional SP3
3.2. Windows 7 Professional SP1
Everything is actively set up and entered into the domain.
4. OS Backup and Restore: Acronis Backup for Windows Server + Linux Solutions
5. Organization and control of Internet access: Traffic Inspector
6. Anti-Virus to protect users: Kaspersky for Windows Workstation (6 MP4 are currently used)
7. Remote administration and remote PC support:
7.1. RAdmin (administrative)
7.2. Thight VNC (training)
8. Setting and recording the tasks of the IT department: Bitrix24 (free web solution) (6)
9. Software and maintenance inventory: Friendly Pinger (7)
10. Monitoring network and server infrastructure: Zabbix
11. Server Virtualization: Proxmox VE
12. Student knowledge testing system: Moodle + special template for test import (8)
13. Corporate messaging system:
13.1. Openfire Server
13.2. Clients - Pandion (NTLM authentication, but no mailings), Spark (there is a mailing list)
Completed in the last two years
A short list of what is done
1. The software inventory has been completed (all distributions are collected in one place, the list of what is, what should be) is verified, the workplaces are brought in line with the list.
2. Hardware inventory has been completed (including branch offices)
The inventory list shows the location of all equipment, is maintained up to date. The list with the quantitative characteristics of the laboratories (by floors, buildings) has been prepared:
PC count
number of other equipment by type
width, length, height of the room - to calculate the norms SanPin (10)
3. Write-off and disposal of old equipment (about 140 pieces of equipment).
4. A stock of cartridges is organized (i.e., an employee's empty cartridge is replaced immediately, then several empty cartridges are transferred, after they are refilled, they are returned to the reserve).
5. Organized stock of some components (mice, keyboards, power supplies, hard drives), in general, backup arm.
6. Approved regulating the work of the department documents (Regulations on the department), job descriptions revised.
7. In coordination with the management, the following personnel decisions were made:
- a. admitted to the state engineer for inf. security (+1 unit);
- b. admitted to the state a new system administrator with the dismissal of the old.
8. A package of documents on the protection of personal data has been developed and approved - thanks to the information security engineer.
9. A number of laboratories have been networked (including the installation of local networks of the laboratories themselves).
10. Deployed WDS (Windows Deployment Service), the ability to network boot system diagnostics PC.
11. The network equipment of the branches was reconfigured to match the new network topology (branches are not included in the domain).
12. For the first time in 10 years, repairs have been made in the office of the IT department, normal jobs have been organized !!!
13. The premises for the main building’s server room were agreed and allocated (a window opening was laid, a metal door was installed, a room of 9 square meters for two floor cabinets would be enough).
14. The audit of network equipment with the installation of port-device compliance was carried out, the network diagrams were updated.
15. Partially acquired network switching equipment and data storage system.
16. Introduced an instant messaging system.
17. Developed and applied information security policy for administrative and educational PCs.
Plans for the near future
1. A regulated approach to organizational matters in the IT department (documentation is prepared and processes are described).
2. Putting into operation the main server, with redundant cooling system, fire extinguishing system, backup power source with automatic transfer switch (11).
3. Introduction to the operation of the data storage system (two modular Fujitsu) (12).
4. The inclusion of accounting in a common network (with the transfer of the server accounting in a virtual infrastructure).
5. Complete rebuilding of the network and bringing to the general standards of the SCS. Including the exclusion of intermediate uncontrolled switches in the premises of departments and departments, as well as intermediate switches between these switches and central ones.
6. The inclusion of all PC branches in the local network.
7. Achievement of the 1st new laboratory.
8. Keeping records of refilling cartridges.
9. Full implementation of virtualization (Proxmox).
10. Full legalization of software (including academic programs and using open source software)
11. Centralization of software and maintenance procurement directly through the IT department.
12. Restoration of the performance of two old classes (10 PCs each) for use in terminal mode (without purchasing new equipment).
13. Backup administrative jobs that are not transferred to the terminal mode (it is possible that using Veeam Endpoint Backup FREE) (11)
14. Implementation of helpdesk system, for accepting applications in electronic form (the otrs option with the possibility of NTLM authentication is being considered)
15. Transfer to the terminal mode of operation of part of the administrative staff (who do not need high performance).
16. Introduce “IT education day / IT literacy day” - an annual one-day event for students and teachers, where the IT department and some students and teachers share convenient tools for work that they use, give advice on convenient and proper work. for the PC. To increase the overall level of IT education and awareness.
17. Implementation of hybrid telephony for 40 subscribers (analog + IP).
18. Modernization of video surveillance systems.
19. Connection of the third building to the general network using an optical channel.
Conclusion
In conclusion, I note: the work is interesting and I like it. There is a feeling that under your leadership (before this almost in manual mode), something develops and acquires new, more flexible outlines and a strong support. Prior to this experience, the management of the department was not, now I understand that it is very small, but I will strive to ensure that everything goes well and the development continues. After all, any even a small slowdown or stop in development is an inevitable lag behind competitors. Yes, and the obsolescence of technology and equipment occurs very quickly. Thus, during development, it is necessary to be guided not only by short-term “necessities”, but by a strategic plan (that is, the near future and a little bit further).
The whole stream of thoughts was inspired by work and
Looking at the introduction of the Microsoft System Center in its entirety, is it worth it? The product is very monstrous and expensive. Can anyone share feedback on real work with him? Is it worth it?
A list of what is in the article
1. www.dreamspark.ru . [In the Internet]
2. schools.autodesk.com/login . [In the Internet]
3. www.myarchicad.com . [In the Internet]
4. www.smart-soft.ru/price.asp?product=fstec . [In the Internet]
5. pdd.yandex.ru . [In the Internet]
6. www.kaspersky.ru/security-center . [In the Internet]
7. bitrix24.com. [In the Internet]
8. www.kilievich.com/rus/fpinger . [In the Internet]
9. moodle.org/mod/page/view.php?id=7321 . [In the Internet]
10. www.ohranatruda.ru/ot_biblio/normativ/data_normativ/39/39082 . [In the Internet]
11. en.wikipedia.org/wiki/%D0%90%D0%B2%D1%82%D0%BE%D0%BC%D0%B0%D1%82%D0%B8%D1%87% D0%B5 % D1% 81% D0% BA% D0% B8% D0% B9_% D0% B2% D0% B2% D0% BE% D0% B4_% D1% 80% D0% B5% D0% B7% D0% B5% D1 % 80% D0% B2% D0% B0 . [In the Internet]
12. www.fujitsu.com/ru/products/computing/storage/disk/eternus-dx/dx60/dx60-s2.html . [In the Internet]
13. www.veeam.com/en/endpoint-backup-free.html . [In the Internet]
14. habrahabr.ru/post/102057 . [In the Internet]
15. habrahabr.ru/post/132857 . [In the Internet]
16. habrahabr.ru/post/95980 . [In the Internet]
Source: https://habr.com/ru/post/262149/
All Articles