IT Infrastructure Assessment
Prepared for
Table of Contents
Executive Summary ...2 Introduction ...2 Background ...2 Scope of IT Assessment ...2 Findings ...2Detailed Findings for Key Areas Reviewed ...3
Network ...3
Phone System ...3
Circuits ...4
Servers ...4
Storage...5
Backup & Recovery ...5
Endpoint Security ...5
Administration ...6
Key Areas Needing Further Review ...7
Storage...7
License & Maintenance ...7
Server / Endpoint Security ...7
Network / Perimeter Security ...7
Wireless ...7
Level of Effort ...7
Recommended Outsourced Actions & Estimates ...8
High Risk / Immediate Needs ...8
Medium Risk ...8
Low Risk ...9
Executive Summary
Introduction
An initial IT Assessment of ACME Enterprises’ (ACME) Infrastructure was performed 1/10/2014 – 1/18/2014. During this time, JCMR Technology held meetings with the ACME’S management team and performed an onsite as well as remote review of all IT infrastructure documented, discovered and accessible.
We appreciate all of the assistance provided by the ACME team during the course of this assessment.
As of this writing, the assessment is not 100% complete; however, we feel that we have identified a majority of the underpinning issues that present risks to ACME’S business.
Background
The ACME IT environment is a Windows-based network operating Active Directory under Windows Server 2008 R2. While operating under one domain, the network is split into two Segments / VLANs (Date and Voice), with physical separation and redundancy between the Servers, Desktop and Phones. The environment has been partially virtualized, through VMware, reducing its server footprint.
The main server room is based at 1 Marion St., Camden, SC in a secure area of the main building. Two satellite locations are at 2 Richland Ave., Kershaw, SC and 5 King St., Charleston, SC. An additional satellite location is expected to be at 22 Sumter St., Aiken, SC.
The Cisco ASA firewall configuration, alongside Symantec Endpoint Protection, provides two layers of protection from external attack.
Scope of IT Assessment
The objectives of this IT Assessment were to evaluate the infrastructure to identify and document business risks associated with fundamental design and current architecture. Excluded from this audit were review of policies, routine management activities and performance metrics.
Findings
Detailed Findings for Key Areas Reviewed
Network
There are three (3) Internet connections – Administrator did not fully understand the configuration:
4.632 Mbps (3 x 1.544 bonded circuits) – Data
1.544 Mbps – Voice, which was intended to be a backup circuit
1.544 Mbps – Legacy and not in-use
Site-to-site VPN’s are not functioning. While remote firewalls have been reconfigured with the correct IP Address, one or more routing issues must be corrected.
ACME1 firewall configuration needs to be cleaned up to remove old configuration items.
Remote firewalls had no passwords and were accessible from the Internet => REMEDIATED
Network consists of three (3) different switch types.
IP Addressing, Name Resolution Services and Configuration present stability issues, as noted by the following:
DNS was having issues the morning of 1/15/14 – Services were restored after a stop / start of the DNS services on the Domain Controller and restart the EarthLink voice router.
The DNS server is utilizing the Backup (Voice) Internet connection as its default gateway. The DNS server’s default gateway should be the Primary (Data) Internet connection.
DHCP services were intermittent through the day 1/15/14 – Stop/start of the service restored services.
Cable Plant jacks were not labeled, which makes troubleshooting port connectivity difficult – Correction requires unplugging every cable to either tone them out or see where they plug into a switch.
The current Internet bandwidth is insufficient for the present number of users utilizing Cloud Services (O365 Exchange Messaging & SharePoint).
Phone System
The current phone system (Cisco UC560) was announced “End of Life – EOL” on 7/22/2013. Refer to:
Phone System was experiencing a one-way audio problem on 1/15/14 – Resolution was EarthLink configuration change.
Phone System inter-site 4-digit dial does not work – This is a VPN issue.
Circuits
Gathered all contracts and reviewed to determine options. Options will be presented outside the scope of this document.
Servers
Domain Controller is:
Experiencing intermittent authentication issues. Connectivity issues started on or around 12/7/13.
A single point of failure for Active Directory (AD) and the environment as a whole due to interdependencies.
The oldest server in the environment housing the most critical infrastructure services: o DNS (Domain Name Services)
o DHCP (Dynamic Host Control Protocol)
o Security Directory and Access Management (AD)
Almost out of disk space – If this server runs out of space, no one will be able to login.
Has indexing is turned on, which slows server down
Has anti-virus is disabled
Slow to search the Active Directory Management console. Clean up is required.
Is hosting legacy applications. Initial review shows Microsoft SQL 2005 may be removed. vCenter can be virtualized, so that the physical server can be decommissioned. If this action is performed, an upgrade to the VMware license is absolutely necessary to ensure high-availability of this server.
Printer Server is a physical server with no other applications on it.
Virtual environment is:
Host 1 Usage: CPU <= 20% / Memory = 45%
Host 2 Usage: CPU <= 20% / Memory = 22%
Has a configuration where VM’s are not equally distributed
Housing 14 servers, of which only seven (7) servers are running. The following old VM’s can be deleted to free up storage space:
o Lync Server (ACME-221-Lync) – 128GB o Exchange Server (ACME-221-EX01) – 88GB
Experiencing some Service Status display issues
Not retaining logs long enough. Only two (2) days were available.
Storage
HP AIO – 393GB of disk space is available. Home Directories has a number of old users that can be deleted to free up space.
Dell MD Storage:
Showing some potential performance issues within the VMware console – Storage I/O (input/output) errors.
Unable to open Storage Manager (Dashboard) due to an unknown application error, which prevents a review of storage.
Backup & Recovery
Backup Server is running “Not for Resale” software. The current version is Backup Exec 2010 R3, which was release in 2011. It is missing valuable features available in later releases of 2012.
Backup Policies do not appear to be backing up the entire environment. The following are configured, which completely ignores most of the VMware environment:
Domain Controller
HP AIO
vCenter Server
SCVMM Server
Backups have been failing since 11/15/2013. It appears that a USB Hard drive is not connected, nor the portable Thecus NAS. There has not been a successful backup within the past 60 days.
Backup server has been virtualized. Consideration should be made to move back to a physical dedicated server.
Configured Recovery Point Objective (RPO) = four (4) weeks
Configured Recovery Time Objective (RTO) = one (1) day
Endpoint Security
Symantec Endpoint Protection (SEP) – Some clients are managed and some not.
Administration
Documentation not received before onsite visit. Onsite visit shows that it has not been updated since the move.
Server Monitoring & Alerting are not in place
Server & Desktop Patch Management are not in place
User Training needs to be addressed. Examples from onsite:
User complained the printer was not working because it was in sleep mode.
User complained they could not open documents from SharePoint because of the O365 Web Apps.
Service Desk is not being used:
While onsite, there were drive-bys all day long.
This prevents SLA Management. Passwords:
No password safe is being used as a central repository and the Administrator does not seem to have all of the passwords.
Need to be changed, due to Administrators leaving
Key Areas Needing Further Review
Storage
I/O Errors
Dashboard Application Error
License & Maintenance
IT Assets Report from QuickBooks
Support Agreements
Server / Endpoint Security
Review of Endpoint Security Policies
Deeper review of Virtual infrastructure and OS configurations
Network / Perimeter Security
Review of Switch Configurations
Review of Firewall Configurations
Wireless
Site Survey for Coverage
Level of Effort
Recommended Outsourced Actions & Estimates
This section is intended to detail the items that ACME is not able to remediate with its current staff.
High Risk / Immediate Needs
Reconfigure the Internet Routing to allow Site-to-Site VPN services and Internet failover services.
Expected effort = 4-8 hours Establish Site-to-Site VPN’s.
Expected effort = 1-2 hours
Move Domain Controller services to VMware environment – One DC per Host
Expected effort = 8-12 hours
Perform a more in-depth look at the VMware environment and Storage (I/O errors)
Expected effort = 4-12 hours
Medium Risk
Increase firewall security and upgrade firewall code at ACME1 firewall.
Expected effort = 4 hours
Implement Microsoft WSUS for Microsoft Updates
Expected effort = 8-16 hours – May require working with all endpoints.
Audit Symantec Endpoint Protection Server – Work to have all clients managed and policies updated to align with business requirements.
Expected effort = 8-16 hours – May require working with all endpoints.
Upgrade the VMware environment licensing to Enterprise 5.1, preferably Enterprise Plus and configure High Availability (HA) and Dynamic Resource Scheduling (DRS).
Low Risk
Configure ADFS to connect with Office 365 to enable Single Sign-on
Expected effort = 8-16 hours
Virtualize Print Server and Decommission HP DL365 Server
Expected effort = 2-4 hours
Implement Server Monitoring and Management
Suggest implementing from JCMR Technology’s environment to reduce level of effort.
Expected effort = 8-16 hours Implement Patch Management
Suggest implementing from JCMR Technology’s environment to reduce level of effort.
Recommended In-House Actions
This section is intended to outline the areas that ACME is capable of handling in-house.
Solicit SharePoint User Needs, Determine Training and Roll out
Confirm Static IP Addresses at all remote locations – Contract is unclear
Gather all Active License Agreements – Specifically need the Manufacturer, Product Versions, Purchase Dates and License Keys. JCMR Technology needs these items to perform a licensing and support audit.
Spot check the IT Hardware Asset Inventory within Wasp
Add the IT Software Inventory to Wasp
Label all Network Drops
Update Documentation o Network Diagrams o Rack Layouts o IP Addressing List o Server Application Usage o Administrative Password Vault
Define Log Retention Requirements
Define Data Protection RTO and RPO
