Docstoc

IT best Practices

Document Sample
IT best Practices Powered By Docstoc
					IT best Practices
Seminar on

Strategic Information Systems Planning
The current scenario……
 IT has become an integrated and
 indispensable part of business and the
 managers need to be familiar with IT in order
 to gain the right leverage out of it.

 IT also is full of jargons and frightening
 technology terms, which normally keep the
 business managers away from it.
Our Challenge
n   To adopt best practices in IT
n   To make IT a friendly neighborhood
    Because:
    Unless IT is understood by business,
    IT will not be appreciated
n   Top most challenge for a CIO
        IT, an introduction:


The technology to manage/evaluate/use information
to the fullest business advantage
           Why Information?

Updated, precise and timely information can help in
Making quick and correct decisions Reduce operation
cycle time Improve effectiveness Give an edge over
competitors For a customer, Information can bring in
Ease of operation Quality of service Realization of the
right to select the appropriate service
     IT: evolution

EDP
central processing of data for reports ( POST
OPERATION )
MIS
manipulating data for analysis ( POST
OPERATION )
but the results could be used to influence next
operation cycle
IT/IS
online, real time systems with direct influence on
OPERATION
     IS Team

Functions:
1) Operation and maintenance of
     computing facilities
        •Servers
        •Desktops
        •Network
        •Messaging
2) Undertake technology intensive projects
            IS Team

Additional role play in:
n Procurement

n Budgeting

n Training

n Help Desk
       O&M Activities:

n   Server Operations:
    n What is a Server / Purpose of the server

    n Ingredients: Backup device/ OS / RDBMS

    n Infrastructure: Access Control / Power

    n Technology trends

    n Uptime guarantee
Servers: Infrastructure
                     design
n   Server Room
    n Placement / Location / Water Proofing

    n UPS wiring

    n UPS sizing

    n Temperature control

    n Instruction sheets

    n Fire prevention and protection

    n Emergency exit

    n Disaster recovery location
       Server: Infrastructure

n   Concept of Data Center
    n Design based on standard practices

    n Cable routing

    n Rack mounted devices

    n Remote console

    n Outsourced data centers
Server: Operations
                 practices
n   Data Organization
    n OS / Swap / RAID

n   Data Security
    n Logon / Authentication / OS hardening

    n Password policy

    n Backup policy

n   Server Maintenance
    n Vendor contracts / SLA s

    n Spares / Uptime guarantee
       Data Organization

n   OS : Separate disk / Mirrored
    n Media / License key in safe location

n   Swap space: 3 x RAM size
n   RAID for data disks
    n Choice depends on response / economics

    n RAID 1 / RAID 5

    n Hardware RAID / Software RAID
              HDD Interfaces
SCSI-1, 8 bit, single ended   5 mbps
or differential
LVD-low voltage diff.
HVD-high voltage diff.
Fast SCSI                     10 mbps ( narrow )
                              20 mbps ( wide )

Fast-20, Ultra 2              20 mbps


Ultra3 SCSI                   80 mbps


FC-AL                         4 gbps
            RAID LEVELS

Short for Redundant Array of Independent (or
Inexpensive) Disks, a category of disk drives that employ
two or more drives in combination for fault tolerance and
performance.
There are number of different RAID levels.
The three most common are 0, 3, and 5:
Level 0: Provides data striping, but no redundancy.
Level 1: Provides disk mirroring.
Level 3: Same as Level 0, but also reserves one
dedicated disk for error correction data.
Level 5: Provides data striping at the byte level and
also stripe error correction information.
       Data Security
n   Logon / Authentication
     n Single sign-on

     n Unique user level passwords

n   Password policy
     n Change frequently / Store remotely

     n Dummy administrator

     n Log check / Audit trails

n   Shielding system details : IP/ports
        Data Security
n   Backup Policy
    n   Parent – Child – Grand Child Model
    n   Remote storage of backup
    n   Frequent restore checks
    n   Drive cleaning
    n   Media handling
    n   Audit
  Backup devices: DAT /DLT

DAT Drives:
4 mm tapes, DDS-1to 4, upto 40 GB

DLT Drives:
8 mm tapes, upto 220 GB
Backup devices: DAT
2/4 GB     DDS-1, SCSI, 90 m             366 kbps



4/8 GB     DDS-2, SCSI, 120 m            1 mbps



12/24 GB   DDS-3, Ultra-2 SCSI, 125 m     2 mbps
           (reads & writes DDS-1,2 tapes)

20/40 GB   DDS-4, Ultra-2 SCSI, 150 m    3 mbps
           ( can not read DDS-1 )
Backup devices: DLT
DLT III      10 GB, 1200’,                 1 mbps
DLT III xt   15/30 GB, 1828’,              1.25 mbps
             SCSI-2
DLT 4        20/40 GB, 1828’,              1.5 mbps
             SCSI-2
DLT7000      35/70 GB, 1828’,F/W/D         5 mbps
DLT8000      40/80 GB, 1828’, SCSI-2 F/W   6 mbps
DLT1         40/80 GB, 1828’, Ultrawide    3 mbps
             SCSI
SDLT220      110/220 GB, 1834’,            11 mbps
             Ultrawide SCSI
       Server Maintenance
n   Vendor Contracts
n   Uptime guarantee
n   Spares
n   Trained resources
n   Fall back arrangements
n   Hi-Tech tools:
     n Cluster, NAS, SAN, Hot Sites, Co-Location
         Internet Data Centers

IDC: Internet Data Centers must be
Available, Scalable, Secure and Manageable
Full fledged computing facilities for IT outsourcing of
   cutting edge web technology
Services Offered:
Co-location
Managed services
Bandwidth sales
ASP hosting
Infrastructure is useless unless it works
   INTELLIGENTLY
DATA CENTRE
Internet Data Centers
Application Service Providers
  ASP Hosting facilityData Storage
                    Offsite
 LAN

  VPN Client
               Firewall/VPN           App. Server



   Internet

                                                    User DB


                              Terminal Server
                              (for thin clients )
HOW TO SELECT SERVICE
          PROVIDER?
n Performance: latest equipment, backup plans
n Support: 24x7

n Scalability: grow as per your pace

n Services: VPN, security, additional tools

The most important point is to make sure the
  service provider would remain in business
  tomorrow or not
check ratings: hostreview.com
        Network Maintenance

n   Network components:
    n   LAN
    n   WAN: Private links
    n   WAN: Shared links
    n   WAN: Internet
       Network maintenance
n   Service contracts for components
n   Link uptime depends on Service Providers
n   Fall-Back links
n   Router: Config backup- tftp
     n Hard Copy printouts

n   LAN: seating plan / I/O numbering plan
     n Cable dressing / labels
       Mail Administration
n   E-Mail is the lifeline of corporate
    communications
n   E-Mail uptime of utmost importance
n   E-Mail servers
     n Inter-connection / SMTP-X.400

     n User admin

     n Internet mail handling

     n Fall-back arrangements

     n Software versions

     n WAN links for mail servers
       Anti-Virus
n   A must for all organizations
n   Select the best
    n Licensing, compatibility

    n Performance

    n Auto-updating

    n Ability to scan e-mail attachments

    n Should remain memory resident

n   Buy one copy of second best software also
n   User education
       Help Desk
n   Single Point of contact
n   Explicit problem ownership
n   Specialized support
n   Skilled resources
n   Medium to measure uptime/ efficiency
n   Rule based escalation
n   Knowledge base / Asset management
     Application Software
Business Applications:
MRP, MRPII, ERP, SCM
Database at core

GUI front-end

Client server or web centric

Applications can be made in-house ( Legacy)

Or Packaged ( ERP Packages )
        Legacy Business
                     Applications

Database: Central, Distributed
          DBMS, RDBMS

Front-end: GUI, VB, VC++, PB

Database connectivity

Client Server, Host Centric and Three Tier
Implementations
         Legacy Business
                  Applications
Advantages:
Can modify as per organization needs
less dependence on external agencies
Local support available

Disadvantages:
Professional integration would require high skills
Loosely coupled owing to flexible nature
Poor documentation
Programmer dependent
             ERP

Advantages:
Standard packages prepared by professionals
Most of the Fortune 100 corps use it
Less development efforts at site
Accumulation of world best practices
Data Integrity
Overcomes the major hiccup of traditional DB
Garbage In- Garbage Out
Very Precise documentation
             ERP


Disadvantages:
Dependency on vendors for version control
Consultant dependent
Long lead times, costly
Exact suitability not possible
Cultural shift, migration of mind-sets
    ERP Success:
      Not just going live
                              System Performance
 End Users well trained       satisfactory
                                              Quality of data
                                              good

                                                      Key Staff
                                                      retention high

                                                  IS Standards
  Go Live “on time,                               developed/tested
  on budget”
                                             Support Infrastructure
                                             well developed
Business Goals delivered
                           “Agility” plan developed
       IS Staffing

n   Basic skills necessary:
    n Project management / Execution

    n Resourceful ( ability to get work done )

n   Core competency in
    n OS admin, DBA

    n Network admin, Router configuration

    n Basic Office automation tools

    n Vendor management
       IS staffing
n   Overlapping job roles
n   Comprehensive rule book / operations
    manual
n   Job rotations, Trainings
n   Cross function audit
n   Team building exercises
n   Account management concept
       Key to success:

n   Stay tuned with the latest
n   Demand for the best / no compromise
n   Network with peers
n   Comply to legal norms
n   Look for best prices
       Top websites for IT
                        Heads
n   www.practicallynetworked.com
n   www.sans.org
n   www.antionline.com
n   www.securityfocus.com
n   www.broadband-guide.com
n   www.oreillynet.com
n   www.routergod.com
n   www.whatis.com
n   www.protocols.com
        Technology forecasts for the
                new millennium

1) Telecom sector would undergo a total revamp with only 4 or 5
major players in race. All others will vanish.
2) The charges for telecom services based on distance and time
would be replaced by new pricing models based on bandwidth, mode
of carrier and flat rates.
3) E-commerce will become the key strategic consideration for many
 enterprises in the next couple of years.
4) Internet will continue its meteoric rise in popularity. It will also
increase the trust in Internet security devices. URLs will assume
status equivalent to toll-free numbers.
5) Multi-media will not pose any threat to TV and entertainment
medium.
6) Distribution of pre-recorded events over Internet would surpass the
penetration of Video conferencing.
       Network Design

n   Understand what is Network
    n Allows number of independent stationary

      devices to communicate directly
    n Provides a skeletal infrastructure for

      collaborative system
    LAN : Design factors

=   Media / Components

=   Topology

=   Technology / Access Methods
          Cabling:

n   Skeleton for the IT infrastructure
n   Typical half life around 5 years
n   Needs to be properly planned
n   Choice of cable decides future growth options
n   Reliability & future-proofing are key concerns
     Cable:

n   Accounts for 70% of network failures
n   Cabling should not be application specific
    or need based
n   High cost of moves, adds and changes
n   Structured cabling for modularity, flexibility
    and future-proofing
n   Trend of pre-wiring
n   Backbone speed depends on number of
    connects and their need for speed
       Network Design: Media
n   Choices for LAN MEDIA
n   Copper
         n   Co-axial : Thin / Thick
         n   TP : UTP / STP
         n   Optical Fiber
              Multi-mode Fiber
              n

            n Single-mode Fiber

n   Media Standards
     UTP categories
n   category 1,2        Voice grade
n   category 3          16 MHz, 10 MBPS
n   category 4          20 MHz, 10 MBPS
n   category 5          100 MHz, >100 MBPS
n   category 5e         200 MHz, 155 MBPS
n   category 6          350 MHz, Gigabit
n   category 7, PowerSum etc. etc.( each core is foiled )
    2.5 times the cost of cat 5
cross talk, attenuation, EMI suppression
MBPS Vs. MHz issues?
n   Category 5 cables are specified to carry
    signals upto 100 MHz, if usable bandwidth
    is say 80 MHz, how can data flow at 155
    MBPS or even 1 GBPS?
      n Answer is encoding techniques,

        compression
    Encoding encapsulates more data into
    packets and hence regeneration at higher
    throughput
n   MBPS is dependent on ACTIVE devices
n   MHz is the game for PASSIVE devices
        Fiber Vs. Copper
Fiber                Copper

10 GBPS, 200 KM      1 GBPS, 2.5 KM
No interference      High interference
High cost, cheap     Low cost,
maintenance          high maintenance
           Trends


Fiber will rule as the backbone for Telecom
Single mode fiber replacing Multi-mode
Copper will have tough competition from Wireless
  WAN for last Mile connectivity
However Copper will continue to be the preferred
  desk-top connectivity medium
                 LAN Issues

=   Distance Coverage
=   Topology
=   Scalability
=   Bandwidth
=   Cost
=   Management
=   Flexibility
     LAN Planning issues:
Various architectures can be selected based
on:
   n Cost

   n Bandwidth

   n Number of stations supported

   n Ease

   n Reliability

   n Throughput

   n Robustness
     LAN Planning issues:

Planning cycle:
  Evaluation-
  Design –
  Implementation –
  Monitoring
       Network Planning

    Judicious choice:
n   Current & future needs
n   Available & future trends
n   Economic, business issues
     Network need analysis

n   Justification, ( why network ? )
n   Information Flow, ( Source to destination )
n   Direction of future changes,
n   Current setup, AS-IS Vs. TO-BE,
n   Organizational/legal constraints,
n   Physical Conditions
     Evaluation Criteria:

n   Cost,
n   Feasibility,
n   Performance,
n   Modularity,
n   Open concept,
n   Security,
n   Redundancy,
n   Interoperability,
      Network Design
n   Design Issues:
Best Vs. Good Solution

n Best solution:
least cost, complex, sometimes unsolvable
n Good solution:

not the best, reachable, realistic
          Network Design
n  Sources of information:
datapro reports, magazines, vendors, Internet
 n Evaluate Designs, take care of

 Vendor’s credibility and experience
 In-house Vs. RFP
n   Monitor: usage pattern, fine-tune response
    issues, user training
       Cabling Designing
                Guidelines
n   Structured Cabling
n   PDS
n   Horizontal, Vertical wiring
n   Information Outlet, Patch Cord
n   Jack Panel, Patch Panel
n   110 wiring
n   Rack mounted devices
Costs:
Structured v/s Traditional Cabling
Cumulative Cost
                           Conventional



                               Structured




                  Investment

             1-3 years              Time
UNSTRUCTURED
     NETWORK ROOM
Structured Cabling
Networking Racks
NETWORK ROOM
PASSIVE COMPONENTS
               NETWORKING TOOLS




An essential, personal tool to quickly verify
network connectivity and availability
NETWORKING TOOLS
NETWORK MONITORING
            TOOLS
SOLAR WINDS

WHATS UP GOLD

LINK ANALYZER

SNIFFER

WHICKER
       Network Planning
n   Collapsible backbone
n   Rack positioning
n   Information outlet in work area
n   Voice cable separate from data cable
n   Labeling
n   Disaster recovery/ Contingency Planning
n   Alternate routes / dark cores
       Network Installation

n   Site supervision
n   Contractor supervision
n   Factory environment
n   Safety guidelines
n   Provision for conditioned environment
n   Maintenance contract
             WAN options:

Public networks, private networks ( CUG )
n Public network:

n   PSTN lines, leased data circuits, ISDN,
    X.25,I-Net, Internet, service provider’s
    infrastructure
n   Private networks:
n   VSATs, Point to point radio links, fiber
    links,
Data Communication Options

PSTN ( dial-up lines )
 n Leased circuits

 n VSAT

 n Point to Point Radio links

 n ISDN

 n Frame Relay

 n ATM

 n Service Provider’s infrastructure

 n GSM( Global System for Mobile communications )

 n Internet
          VSAT

                                TDMA
      Uplink: 14 GHz                   Antenna size
      Downlink: 11 GHz                 3-15 ft.
      ext. C band

                          TDM


Antenna size
                                        VSAT
15-36 ft


          Earth station
            Radio Link



                      Point to point ( LOS )

modem          mast

           RF cable

  router
  LAN
      ISDN: connectivity      DOT




               NT1Q


         TA


TE2
PC                    TE1
                      ISDN
                      PHONE
          X.25 Network




n   Data terminal equipment (DTE)
n   Data circuit-terminating equipment (DCE)
n   Packet switching exchange (PSE)
n   Packet Switched Networks (PSN)
    Frame Relay Devices

nDTE Terminal, PC, Routers, and Bridge.
nDCE These are packet switches ( Routers or other

devices can be used as DCE ).
    ATM: Design Concept
E               F   Circuit Switching:
                    Dedicated Bandwidth
C               D
                    Synchronous Time
A               B
                    Division Multiplexing
                    Example: T1/E1
E               F
                    Packet Switching:
C               D
                    Shared Bandwidth
                    Asynchronous Transmission
A               B   Example: LANs, X.25
E               F
                    Cell Switching:
C               D
                    Allocated Bandwidth
                    Asynchronous Time Division
A               B
                          Multiplexing
                    Example: ATM
Criterion for selecting WAN
options:
n   Availability
n   Affordability
n   Service provider’s standing
n   Security
n   Response time
n   Upgradeable
Tips on WAN design
n   Plan for fallback
n   Go for reliable , not the latest
n   Judicious choice between Security and
    response time
n   Explore BW shaping tools, Thin client
    technology, Link monitoring tools
n   Insist on measurable SLAs, downtime
Mail software selection
n   Intended use
n   Volume handling
n   Attachment handling
n   Anti-virus support
n   Standard features like mail forwarding/audit
    trails/selective blocking
n   Advanced features like bulletin
    boards/workflow/DB interface
n   Connectors/Protocols used
   FIREWALL
Internet has opened up the world for you But
it has also opened your gates to the world


Firewall is a data packet filter that selectively
routes packets between trusted and untrusted
networks
     FIREWALL
A piece of hardware and software Isolates
private network from Internet
Policy and rule based filtering
Selective access to outsiders/Insiders
Firewall PRODUCTS:
Altavista, borderware, Conclave, Cyberguard,
checkpoint,Gauntlet, Watchguard, Raptor
               FIREWALL: Types
Packet Filter :
   The packet having right address and port number is filtered
   through, others are dropped

Application Proxy :
   Software applications, called proxy used to isolate trusted and
   untrusted networks

Packet Inspection :
   extension of packet filter, contents of packets also considered
   before accepting
Real life firewalls are almost always a hybrid of the different
types of firewall.
    FIREWALL: Types
Dual-homed gateway : one firewall
                                    Internet


                    Firewall
  LAN
   FIREWALL: Types
Demilitarized Zone                                    Internet
                           Firewall
                                        A
                     B
LAN




                                                       Web server
                         Demilitarized Zone
                                      Intrusion detection
       FIREWALL:
  WHERE THE FIREWALLS ARE NOT ENOUGH…..?
  Computer Security is not just about keeping hacker and
  industrial spies at bay. It is also about safeguarding the
  organization’s information assets.


Social Engineering
Virus, Trojans
Physical security of data
Hardware malfunction
Trusted users
In short, don’t place your bets on your firewall.
            PROXY

n   Gateway for LAN users to Internet
n   Allows multiple users to use same connection
n   Can act as a firewall
      PROXY
USAGE Monitoring
   As a gateway to the Internet it can maintain
     statistics on the
   Internet usage.
Caching ability:
Low on resource requirement
Low price
Security

Products: MS Proxy, WIN Proxy, Wingate, Squid etc.
     WEB Server: Co-hosted
Customers to take care of the following points:
  n Number of sites hosted on server( <200 is
    ideal )
  n Policy on hosting of pornography/Games sites

  n Link/Location to Internet

  n Free e-mail accounts, auto responders

  n Server OS, Software supported

  n Compatibility issues

  n Disk Space allotted and committed

  n Administrative contact / Technical Contact

  n Withdrawal flexibility
           What is Security?
•State or feeling of safety
•Freedom from worry about possible loss
•Something giving assurance
•Safety
•Precautions to maintain safety
   Why is IT security essential?

•Most of the organizations heavily rely on electronically
storing the
data and hence its loss could affect the business operations.
•Customer information or accounting data could be
disclosed, affecting credibility.
•Market strategies could be used by competitors to launch
more effective and counter-active campaigns.
•More and more computers being linked increase the
likelihood of unwanted data exchange and hence security is
essential.
•Vested interests might smuggle your software licensing
details and would proliferate illegal use of software and
increase piracy.
      What does Security
                  Mean?

n What has been secured?
n From whom has it been secured?
n What has it been secured against?
n For how long is it secure?
n How intense attach can it resist?


Security is meaningless without context
            Security Building:




                                              Integrity
                 Privacy
                                                          Non-repudiation
authentication                Authorization


                           Products              technology
                           Policy              management
               Security Policy

n A unifiedwritten policy for everyone to comply with
n Defines the what and the why, but not the how
n Outlines who is responsible for what
n States the requirements of Authentication,
Resource Protection, Availability, Security Analysis
and Contingency Plans.
            Security Policy
nSecurity policy must be updated continuously
nMost typical reasons for changes are:
   nChanges in technologies, e.g. Wireless LAN
   nNewly discovered vulnerabilities
   nSecurity breaches experienced internally
nThose affected by security policy should
participate in development of policy
nDefine who maintains the policy, who designs
solutions, who implements it and who enforces it

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:72
posted:7/6/2011
language:English
pages:97