Microsoft Windows Infrastructure Audit Service
Background
The launch of Windows NT from Microsoft in the early
nineties heralded the arrival of the first user-friendly operating system.
The theory was that the system was easy to configure “out of the box”
and therefore required little or no technical expertise to install or
support. The reality was that multi-user operating systems, by their very
nature, are complex systems requiring a clear understanding of the choices
selected during initial deployment.
Microsoft soon recognised this aspect and created a skilled tier of system
centres with the required levels of technical expertise. While acquiring
and maintaining necessary accreditations for each centre posed a
significant overhead, the quality of the systems deployed ensured that the
operating system scaled to tackle the needs of larger operations. The
Windows NT system now supplies the operating environment of the vast
majority of companies worldwide.
In the interim period, Microsoft has invested billions of dollars in
enhancing the technical capabilities of the operating software. This is to
ensure that the platform becomes the system of choice for all companies in
the Internet age. The system is now capable of handling the needs of
companies of all sizes from the small company up to the larger
corporations. In short, in scaling from a micro to a mainframe across a
wide variety of operations, the Windows operating environment has become
the de-facto worldwide operating system of choice. However, the sheer
sophistication and complexity of the new releases of the product have
posed major challenges both in terms of deployment and maintenance of the
system.
In many organisations, the Windows server environment was deployed between
three and seven years ago depending on whether the company was an early
adopter or not. In the interim period, the requirements of such companies
may have changed considerably from the original implementation scope.
Typical changes include the addition of further business applications,
increased user population, the provision of remote access rights, thin
client deployment, Internet access and e-commerce facilities.
In many cases throughout this change process, the core operating
environment may not have been re-engineered to take account of a more
demanding scenario. Invariably, as with all systems whether manual or
computerised, the disciplines deteriorate with age. However, in many
cases, the complete business information of the organisation is dependent
on the continued service provided by the network servers. Clients are
therefore becoming aware that, in the information age, the future
prosperity of the company may depend on the quality and reliability of its
IT systems.
Requirement
Clients wishing to ensure the continuity of service by
its server and workstation investment generated the requirement for an IT
Infrastructure Audit service. This was driven by a number of factors such
as increased downtime incidents, response time concerns, security
breaches, virus infections and escalating levels of investment. These
coupled with the increased complexity of the technology and the reduction
in in-house IT skills made it difficult to assess what facilities were
available and how well they were utilised.
The overall requirement was to have the complete system assessed by
skilled systems engineers against current best practise in the industry.
The idea was to have a stake in the ground on the current health of the IT
infrastructure that delivered the vital business information of the
organisation.
The terms of reference for each audit are specific to the individual
client. However, a typical brief would include the following elements:
- Examine all of the current hardware server builds, define any
potential configuration issues that may impact on performance and
recommend appropriate remedial action.
- Carry out an audit of the current operating system software domain,
compare the software deployment techniques against current best
practice and define any suggested refinements designed to improve
system performance
- Assess the current levels of security in place within the internal
system domain as well as the current security procedures relating to
data back-up, virus protection and potential hacker attack and
recommend appropriate suggested improvements
- Examine the workstation build of at least five representative system
users to assess the current level of workstation build and recommend
any suggested refinements designed to increase user satisfaction.
- Produce a written report of the findings of the audit outlining the
key improvement recommendations together with a project plan and
estimated costs.
The Audit Process
There are three stages involved in the process of
carrying out an infrastructure audit i.e. agreement on the terms of
reference, the audit process and the documentation of the findings. Once
the terms of reference are agreed, the audit process normally involves a
visit to the site or sites by the appointed technical consultant. Once
there, the following checks are carried out:
- Each server is visited and the build attributes of both the hardware
and software noted. The event logs are scrutinised as well as the
loading on each server, IP addresses used, service pack levels
deployed, back up & verification procedures, licence setting,
administrator procedures, virus protection and memory and disk
utilisation.
- The communication infrastructure is examined to detect traffic
bottlenecks, external link utilisation and security procedures.
- Where required, workstation builds are examined and security issues
addressed together with user performance concerns.
Once the audit is complete, the process of documenting
its findings commences. This involves listing all of the attributes of
each of the devices audited, a schematic diagram of the entire system and
a series of recommendations on refining or correcting obvious shortcomings
in the network. In addition, an estimate of the required investment to
rectify any suggested refinements is usually included.
Summary
The requirement for a network audit service by Australian Scientific Software
has assisted a number of clients to maximise their investment in
technology. In a world of increased complexity and rapid change, the
service has enabled companies to define how well this vital asset is
utilised. In addition, it has highlighted a number of serious concerns
where performance and security issues could have had serious commercial
implications.
As many organisations strive for growth in the global marketplace, they
are increasingly seeking to use computer-generated information to leverage
competitive advantage. The audit service facilitates making better use of
existing technology while providing a useful planning tool for future
system enhancements.
For further information on how to benefit from this service or for an
example of a typical audit report contact Don
Grover on (+61 ) 3 9776 0728
|
|