PIA

Document Sample
PIA Powered By Docstoc
					                            Tech Services Checklist: Creating PIA (new or existing server)




                      st




                                                                                   P
                   xi




                                                                                 ed
                              r
                 /E

                           ne




                                                                                 i
                                                                             rif
               ew


                        w




                                                                            Ve
Component                                     Description                              Comments

                       O
              N


All Servers
                             OS userids, groups (psoft, oracle, linkuser,
                             merkur user, mellon, nagios, sfprod,
                  SA         sfaisftp)
                  SA         ulimits for oracle, psoft
                  SA         Swap space (at least 1.5 times memory)
                  SA         Verify OS level patchsets
                  SA         Verify pre-requisite OS packages
                  SA         Verify backups configured
Database
 Server
                  SA         AIO
                  SA         Verify mount point /RMAN
                  SA         Verify mount point /psoft/psattach
                  SA         Verify mount point /psoft
                  SA         Verify ownership of /psoft
                  SA         Verify ownership of /psoft/psattach

                  SA         Verify ownership of database mount points
                  SA         Verify ownership of oracle software folders
                  SA         Verify kernel parameter minperm%
                  SA         Verify xlC version
                  SA         Verify Cobol Compiler installation
                  SA         Verify /centralprint mount point
                  SA         Verify ftp enabled.
                  SA         Verify ssh, sftp enabled/configured
                  SA         Verify UC4 executor installed
                  SA         Verify nagios client installed, configured
                  SA         Verify backup client installed
                  SA         Verify cron jobs enabled/disabled.
                  DBA        Verify backups set up
                  DBA        Verify archivelog mode
                  DBA        Verify Init parameters
                  DBA        Verify OEM setup and running
                  SA         Verify mail/SMTP
Application
  Server
                  SA         Verify Kernel parameter minperm%
                  SA         Verify nagios client installed, configured
                  DBA        Verify OEM agent configured
                  Infra      Verify App Server configuration
                  Infra      Verify Cache cleared
                  Infra      Verify Verity search configured
                  SA         Verify xlC version
                  SA         Verify Cobol Compiler installation
                  Infra      Create /usr/tmp/xdolog on app servers.
                  SA         Verify mail/SMTP




     UCSF Confidential
     afa88dae-a20b-4e40-b80a-cb74ffe09d8a.xls                      1                              3/17/2010
                            Tech Services Checklist: Creating PIA (new or existing server)




                      st




                                                                               P
                   xi




                                                                             ed
                              r
                 /E

                           ne




                                                                             i
                                                                         rif
               ew


                        w




                                                                        Ve
Component                                   Description                                Comments

                       O
              N

Web Server
                  SA       Verify Solaris Kernel parameters
                  SA       Verify WebLogic configuration parameters
                  SA       Verify forgotten password configuration
                  SA       Verify Apache REN server configuration
                           Verify all app servers are defined in
                  Infra    WebLogic
                  SA/Infra Verify JoltPooling set to false in web.xml
                  SA/Infra Verify Weblogic, Apache patches
   PIA
                  Infra      Verify database security configuration
                  Infra      Verify REN Server configuration
                  Infra      Verify Report Nodes configuration
                  Infra      Verify IB configuration
                  Infra      Verify Punchout configuration
                  Infra      Verify attachment configuration
                  Infra      Verify Merkur configuration
                  Infra      Verify cron jobs enabled/disabled.
                  Infra      Verify process scheduler configuration
                  Infra      Verify ftp
                  Infra      Verify email
                  Infra      Verify journal import
                             Verify XML Publisher (/usr/tmp/xdo
                  Infra      created?)
                  Infra      Verify Verity Search configuration
                  Infra      Verify ftp from/to i6m5 (ft)
                  Infra      Verify forgotten password
                  Infra      Verify EDI
                  Infra      Verify Codeline
                  Infra      Verify SQRs, COBOL refreshed
                  Infra      Verify Weblogic/Tuxedo patches
                  Infra      Verify Receive Timeout in Web Profile
                  Infra      Verify Public Keys between servers.
Windows NT
  Server
                  SA         Disable/enabled Scheduled tasks
                  Infra      Verify Crystal printing




     UCSF Confidential
     afa88dae-a20b-4e40-b80a-cb74ffe09d8a.xls                    2                                3/17/2010
                            Tech Services Checklist: Server - Standard System Install




                     st




                                                                                 P
                  xi




                                                                                ed
                             r
                /E

                          ne




                                                                                i
                                                                            rif
              ew


                        w




                                                                           Ve
Component                                   Description                              Comments


                       O
              N
All Servers
                  SA        Install OS
                            Install latest patches, download from
                  SA        software deport on Hades
                  SA        Install sudo, configure for Operator tasks
                  SA        Install/configure ssh
                  SA        Install third party software
                  SA        Install/configure tripwire
                  SA        Turn off unnecessary services
                  SA        Turn off sendmail relaying
                            Review /etc/password - all id fields should
                  SA        be filled out verify users
                  SA        Add host to password list

                  SA        Add Tripwire pass phrases to password list
                            Submit hostname to manager to have
                  SA        tripwire manager assigned
                  SA        Add host to Nagios
                            Create change ticket for EIS to have host
                  SA        scanned
                  SA        Install Netbackup client and fixpack
                            Close found security violations if possible,
                  SA        document if not possible
                            Create startup/shutdown documentation for
                  SA        host
                  SA        Verify or setup syssave copies
                  SA        Add server to Netbackup schedule
                  SA        Submit router ACL request to ENS
                  SA        Set up monthly reboot schedule
                            Set up automated patching or notify
                  SA        supervisor to assign staff member
   AIX

                  SA        Set up mksysb backup files on NIM master
                  SA        Set up default password expiration
 Windows
                  SA        Install Sygate, Sophos
                  SA        Add host to weekly reboot schedule
                            Configure host for automated Windows
                  SA        updates
PeopleSoft
                            Copy /etc/passwd, /etc/group, /etc/security
                  SA        (various files)
                  SA        Enable async IO
                  SA        Create /var/opt/oracle
                  SA        Install COBOL
                  SA        Create /var/wstmp or link
                  SA        Run root.sh from oracle install directory
                            Set permission on /etc/passwd and
                  SA        etc/group to 644, group security
                            Make sure root vg partitions are large
                  SA        enough (/home, /var, /)
                  SA        Set up adequate paging space
                  SA        Install bos.adt.libm package from IBM
                  SA        chdev -1 sys0 -a maxuproc=1024
            Tech Services Checklist: VMWare Server - Standard System Install




                   st




                                                                      dP
                 xi


                         r




                                                                      ie
               /E

                      ne




                                                                  rif
              ew


                     w




                                                               Ve
Component                                Description                       Comments



                     O
VM Server    N  SA       Select Appropriate Install Template
                SA       Create Virtual Server from Template
                SA       Bring Server on-line
                SA       Patch Server
                SA       Customer Test
              Tech Services Checklist: New Database (new or existing server)




                  st




                                                                             dP
                xi


                        r




                                                                             ie
              /E

                       ne




                                                                         rif
             ew


                      w




                                                                      Ve
Component                               Description                               Comments
                   O
            N


 Database
  Server
              SA        OS userids, groups (oracle, nagios)
              SA        ulimits for oracle
              SA        Swap space (at least 1.5 times memory)
              SA        Verify OS level patchsets
              SA        Verify pre-requisite OS packages
              SA        Verify backups configured
              SA        AIO
              SA        Verify mount point /RMAN

              SA        Verify ownership of database mount points
              SA        Verify ownership of oracle software folders
              SA        Verify kernel parameter minperm%
              SA        Verify xlC version
              SA        Verify ssh, sftp enabled/configured
              SA        Verify nagios client installed, configured
              SA        Verify backup client installed
              DBA       Verify backups set up
              DBA       Verify archivelog mode
              DBA       Verify Init parameters
              DBA       Verify OEM setup and running
              SA        Verify mail/SMTP
              Infra     Verify Public Keys between servers.

				
DOCUMENT INFO