IT Infrastructure Audit - How to Be a Newbie

Hi% username%! I bet that sooner or later, all system administrators of relatively small companies face such a magical task from management as the drafting of a development project for the company's IT infrastructure. Especially if you were offered a position and immediately asked to draw up a plan for development and budgeting. So I once set such a task. About all the pitfalls that can be encountered, I will write. Anyone who is interested under the cat!

Immediately I will explain that you will not find here tips on what equipment to choose for certain decisions, which software products to choose, open source or paid software, which integrators to communicate with, and which ones to not. This is all completely individual and will directly depend on you and what you ultimately want - to patch the holes in the current trough or build the IT infrastructure so that any task comes down to pressing the “MAKE GOOD” button (yes, I'm lazy).

This article is more aimed at those who work very little in this area and demand everything at once from it. I think the young sysadmins of small companies will be useful.

Here is a sample list of problems that can be encountered when conducting an audit of the IT infrastructure:

1. The absence of those who can at least ask something - this is exactly the problem that confronted me when the management commissioned an audit to improve the infrastructure as a whole. At that time, I was the oldest employee of the company department and there was simply no one to ask me. For this reason, the time spent on picking and trying to understand “what kind of fucking is this done” was spent quite a lot, because while I was a simple sysadmin I was almost not devoted to the intricacies of organizing IT infrastructure.

2. The absence of a clear set of female siders from the management side - I think everyone will agree with the fact that we, the IT people, on duty have to be a bit psychic, because quite a lot has to be thought out and understood, based on the context of the task. In my case, I had to think out the options for the direction of business development in general.

3. Lack of a clear (documented) description of the current infrastructure - alas ( ! ) This has never happened before. No one has ever made a banal map of the office network. I did not describe how the connection between branches was organized (of which there are more than 10 throughout the country). I'm not talking about the banal labeling of cables on routers.

4. Complete lack of documentation - in general! Absolutely no documentation was ever conducted in the department. And it is absolutely sad. After all, banal copies of contracts (for telephony, Internet, 1C service, hosting rent, etc.) should be at least in the department in electronic form. And this is one of the prerequisites, because any employee of the IT department should know who to contact if the Internet fell in another region (where time is +3 to Moscow).

5. The lack of a common password database - all passwords were different and varied from time to time. All this heap had to be remembered, because “All that is written down once - can be read.” In order to give a new employee a certain access, it is necessary to rewrite all logins and passwords in the mail (or on a piece of paper) and transfer them personally to him. And if you have not yet correctly remembered the password ... Horror!

6. The lack of information on how everything is organized in the regions - there was information only about how many people there are, who is the leader and ... everything! Those. there was simply an abstraction called “Regional representation in the city of Muhosransk, where 15 people are sitting”. No one has ever wondered how the network is arranged there, what are its weaknesses, how does the office’s staff access the Internet, how is the employees ’access to the central office’s network resources.

And this is not a complete list, because such jambs just a huge amount. And they all met on my way. One of the hardest moments I can call the fact that I did it for the first time and didn’t want to hit the face.

Understanding a bit of psychology as a whole, and considering that a large part of us - IT people - are introverts, when drawing up such an audit, in most cases they will be afraid to turn to company management with trivial questions. And I was scared. But nevertheless, I was forced to step over my fears and ask those banal questions that the management can answer me.

And now more about how I would advise to overcome all difficulties.

I will not remind that it is necessary to make an inventory in order to understand what you are working with, what is obsolete, what can be replaced with a more productive one. This is a mandatory event. But about the fact that after the census of all the equipment, everything must be divided into categories (active network, workstaion, bussiness-critical servers and service). If you have access to the administrative panel, make configuration backups, describe “what”, “why” and “what for” are configured in a specific piece of hardware, rewrite all network addresses of servers, managed hardware (forgive me gentlemen networkers), network storages, printers and everything that has access to the network (well, except for workstations).

The next step is to try to make an approximate scheme of how the network is arranged on the floor plan-scheme in order to understand where there may be a bottleneck. In my case, there was a problem in that the network of the floor was divided into two parts and there were problems with the network far away from the server part, but it turned out that everything was trivial - the unshielded twisted pair lay together with the power line of the 220 and 380 volt business center floor - what the hell network guys . After that, you can begin to analyze the iron.

The analysis of the iron component is one of the important events. You need to understand how relevant the current hardware is at the current time (both network and server, and user PCs). Usually at this stage it turns out (with support from the accounting department, as well as from commercial departments) that all bussiness-critical information is stored as Excell documents on a server that has hard drives running for the third warranty period ( ! ) And everyone is surprised that “Files over the network are slowly opening up” and the server itself is noisy with disks like a sick psychiatry is knocking with a spoon on the pan. And the network glands are discontinued a year before they were bought into the company and, according to reviews, they are terrible. Or, for example, wi-fi in the office is raised on access points, which, according to all reviews, are considered to be such rubbish that the enemy does not want.

Next, you need to evaluate the current server capacity

It is necessary to evaluate the server capacity. Those. You need to evaluate the performance of current servers (physical and virtual, if virtualization is present in your organization) and assess how resources are used. It may be worth some servers (or servers?) To eliminate altogether, because the need for them disappeared long ago, and they were afraid to remove them. Some services may be more convenient to combine, and some on the contrary divided, because they are incompatible on one machine and overload the system.

Virtualize everything!

When the park of your servers and services reaches critical mass and you have to go to the server to watch what kind of system it is or to poke around KVM looking for the right server, then you obviously need virtualization. All systems that can be run on a virtual machine must be transferred to a virtual environment (all sorts of access control systems, corporate portal server, corporate cloud, etc). Modern, and most importantly, convenient tools for this abound (VMware, Proxmox, Xen, Hyper-V). Just decide what you need / like / can buy and start to work.

Virtualization in the furnace! Give only hardware!

Do not virtualize critical things - such as gateways, routers, VPN servers used for emergency access to the network, 1C server (here you can go to rotten tomatoes). It is important to sensibly assess all the factors that guide you in deciding what to drive into a virtual environment and what does not. There are no perfect solutions.

Networking between branches

The question is quite extensive and has many solutions. From the simplest - to provide each remote employee a login and password for a VPN, expensive - to rent an L2 network from one provider and to insane - to instruct the most diverse network hardware from different vendors, with the help of which to organize access to the network locally and access to network resources within the company (network storage, etc.). Evaluate all the pros and cons and make the right and best decision for your particular case. For simplicity and understanding of “what to do” and “how to do”, feel free to invite system integrators and consult with them. For demand they will not give it in the neck, but they will make it clear how to solve the same problem in different ways (cheap and expensive). After a couple of such meetings, you will be able to more accurately and more clearly describe for yourself all your wishes and possible ways to solve them.

After all the above works, you can begin to draw up an approximate budget. To select specific models of equipment, please contact the specialized chat rooms (he used the telegrams himself, as there are always people there and there are more chances to get a quick response; you can google the list). All the equipment that you choose, count with a margin on the future and growth needs of your direct clients - employees of the company. Communicate more with management on the future business development of the company. Perhaps they themselves will tell you the answer to something you did not know the answer to.

Instead of conclusion

Properly organize the work of your department, especially when you are in the department more than two people. Never create a situation in which some things are tied to one person. This is your point of failure!

Try as much as possible to document all your actions on the servers in the process of changing service configurations. This will help you in the future, and your colleagues who will work with you (or instead of you, when you go to a promotion / other job / vacation).

And remember two things:

1. There is no perfect instruction!
2. There is no perfect protection!

PS: That's all. Waiting for your comments and sensible criticism.