| I’m a firm believer in
FREE software. I have found many utilities and programs which
can do most of the work in network discovery and maintenance.
I will list these programs as needed and describe how they
can be used in any environment.
The first step in maintaining a computer network is to document
each part of the system (discovery phase). There are many
pieces of information that can be obtained from the equipment
either directly or through the use of some simple tools. This
information should be recorded in a spread sheet and encrypted.
Standard encryption using Excel’s password feature is
not sufficient if this data is placed on a portable medium
such as a USB key. There are free encryption programs as well!
Next you should determine what needs to be done by the internal
staff and what needs to be outsourced (Planning a Schedule).
Simple tasks, like checking that virus definitions are updated
on all PC’s, should be done internally. Difficult tasks,
like updating the firmware (initial boot code) should be outsourced
unless you have a strong internal technical staff.
I typically recommend a 4 to 6 week maintenance schedule.
However, you should apply security patches as they become
available. Some clients turn on windows automatic updating
on their computers to have these security patches installed
as they become available. Automatic updating should not be
turned on for servers or stations that do additional processing
after hours such as backup or day end routines. There are
other security patches for various packages such as Adobe
Acrobat and more vendors are offering automatic notification
and updating similar to the Microsoft updates. These should
not be overlooked. As programs like Acrobat reader become
a standard on each machine, security issues inside these applications
becomes a greater threat.
Performing the actual maintenance is best completed after
hours or on the weekend. Since each station can take from
fifteen minutes to over an hour it is best to run them concurrently.
It is difficult to disturb 5 or more people at once during
a work day to do this process. Working with clients, I have
found that lunch hours also are not practical.
Complete maintenance should be recorded on a station by station
basis. Working with several machines at once, each possibly
running different tasks necessitates the need for a check
off chart. Problems can be listed on this sheet and presented
to the outsourced support for correction.
I will begin summarizing the wish list of documentation. The
first few items are not necessary to maintain your networks
performance but will be helpful in any fail or disruption
you encounter. Disaster recovery is an additional layer on
top of normal maintenance and should periodically be reviewed
whenever a piece of equipment is retired or purchased. Maintaining
good network documentation is an important step in disaster
preparation and should be considered a normal maintenance
function.
Discovery & Documentation:
It is best to document everything. If your system fails, the
first question would probably be – Do you have a network
diagram? Although a pictorial is nice, having all the required
data in a spreadsheet can be a life saver. I will list the
data that I like to collect and briefly describe why.
. Web site
This is not necessary for maintenance but is very useful in
disaster recovery. Some clients host web sites, ftp sites,
email and intranets on external servers. I like to collect
the name of all domains owned by the client, the hosting providers,
the sign on name and password for the primary domain records.
If company email is hosted externally, record the primary
account and password capable of adding and removing users
as well as changing passwords. If the company maintains their
own web site, list the upload location, name and password.
If the site is maintained by a third party, list their contact
information.
. External connections
Although this is also not needed for maintenance, this is
important to know if connectivity issues arise. Typically
I list all connections and the assigned information with each
connection. As an example, you could have a DSL connection,
a Cable modem, a T1 line, a satellite line or a dial up connection.
Many of my clients have more than one connection such as two
cable modems or a cable modem and a T1 line. I like to have
information such as supplier, phone number, support contact
person, account number, primary name on account, primary phone
number on account and of course the technical details such
as Static or Dynamic, Useable IP’s, Mask, Gateway and
DNS servers.
When a client cannot connect to the internet or a remote user
cannot connect to a PC, the problem may require installing
a new router. Without the technical information above this
becomes a very time consuming process. Most DSL and T1 suppliers
support and replace their own routers. Even when there is
a support company maintaining the connection, the above information
is a diagnostic tool to help determine if the problem can
be solved without placing a support call.
. Routers
There can be many routers depending on a company’s external
connections as well as any T1 links between offices. These
routers many or may not be accessible by the technical staff.
As discussed above, routers supplied by another company are
usually locked down and users do not have access to the management
interface.
On routers added by the internal staff or outside support
staff, administrative access should be available. A typical
router added to a cable modem might be a Netgear, Linksys
or DLink router. These routers, like all routers, have a management
interface. They may be still set to the default name and password,
with is also a security risk.
I like to document all names and passwords along with how
to access this management interface. Usually just pointing
an internet browser at the correct address will bring up this
interface. In addition, documentation of all modified pages
in the router is necessary to allow a swift replacement. Documentation
will consist of all addresses (IP setup), open ports (for
remote access), VPN’s (Virtual Private Networks), DMZ
(fully exposed computer to the internet), allowed or blocked
addresses (internal or external), wireless settings (Secure
or insecure) if any and the like.
Router documentation is best completed by a qualified support
person. It is important to have this information especially
if remote users or home users are connecting to your network.
Routers do fail and you may be able to get your internet surfing
up without documentation, but remote users and remote services
will not function without the proper ports open.
. Switches
Switches vary greatly and many switches do not have to be
documented. There is the possibility that a switch has a management
interface. This allows configuration of such items as port
priority & speed. Documentation of a smart switch is not
usually critical to a disaster recovery.
. Remote Users
Documentation of remote users is important if the server or
workstation hosting the user fails. There are many ways to
connect remote users and each way may have several different
scenarios. As an example, an SBS (Small Business Systems)
server has a built in menu driven web base remote desktop
connection manager. This is not true with Server standard
edition.
Connecting to your office can be a simple as a paid program
like ‘GoToMyPC’. Other common methods are PC Anywhere,
VNC (Virtual Network Client) and remote desktop. Although
‘GoToMyPC’ requires no router configuration, it
is a costly solution when free alternatives exist. It has
become popular, despite its cost; due to the fact the no technical
knowledge is necessary to implement this remote solution.
The most common free method is remote desktop. With an SBS
server, it is fairly easily to reconstruct the ports after
a router or server fails. This is usually not true when remote
desktop is used on PCs attached to Server Standard edition.
This is because remote desktop on Server standard along with
all PCs use the same port to talk. Since most companies have
more than one remote user and Server Standard has no traffic
director like the SBS server, this requires a manual modification
of the port number on every PC being used remotely. This port
change made to the PCs or Server must also be reflected in
a change to the router (firewall). This change, if undocumented,
can cause a delay for the remote users when recovering from
a failure.
Secure VPN’s (Virtual Private Networks) allow a single
PC or multiple users (office to office) to connect to server
resources. This link can be from the router to router, router
to server, PC to server or PC to router. This documentation
is more difficult and hence much longer to recreate in a disaster.
. Servers
Many clients believe having a tape backup which is periodically
taken offsite is sufficient to protect their company. This
is only true if the original server can be used to restore
the tape. If the original server is not available, then the
mirror configuration on the tape cannot be loaded. This is
due to the tape backup containing specific software information
on how to drive the hardware. If that hardware is different,
then only the data can be restored, not the operating system.
If you load a new server with data from a tape, it will be
missing critical items like user names, passwords, email address,
distribution lists and access levels. Although this may not
be too difficult to recreate, it is more difficult to know
exactly which folders were shared and what the share names
were. In addition, shared printers and their addresses would
need to be manually created. Lastly, software loaded on the
server will not be recovered from the tape - just data. This
can be as simple as missing battery backup software or as
complex as the custom configuration of an exchange server.
In the maintenance schedule, user names and passwords will
be listed, but the remaining server information should be
recorded for a disaster recovery of your server.
. Printers
Every printer connected to the network is either accessed
by all stations directly or is installed on the server and
shared. Sometimes, a locally installed printer on a desktop
can be shared as well. Information about this printer can
be as simple as an IP address, Mask and Gateway, or can be
multiple screens. Units that print, scan, copy and possibly
fax like Sharp, Kyrocia, Cannon and Hp usually have a web
interface. This allows entry of information such as users,
email addresses, fax numbers, scan destination, server authorizations
and many more parameters. This information can take several
hours to recreate if not documented.
Paul T. Norris Biography
Silicon Valley Products was founded
by Paul Norris. He began in 1985 with the help of Digital
Microsystems. As the eastern region technical support
person for the original CPM based local area networks,
he was offered a contract to support clients in the US
while the company moved overseas. This gave him the opportunity
and financial backing to look for and find a market niche.
In 1986, the Department of Motor Vehicles moved from a
call in system to a computer dial up base. Paul Norris
was the only person to create an automated batch file
program for the PC to retrieve MVR abstracts. This began
his introduction to the Long Island insurance agents.
Local Area Networks in today’s market may be as
small as a shared workstation or grow to multiple servers
such as an Email sever, Fax server, Browser server, Image
server, Internet / Intranet server and Data base servers
to name a few. Over the years, He specialized in installation
and support of these insurance based networks. Like any
industry, there are major players and he became familiar
with many. He supports Sagitta, Applied, Prime, AFW and
Doris with the primary focus on keeping the clients local
area networks running smoothly.
|
