The pen is mightier…. Documentation is key
When preparing to support a new customer, I like to read their IT documentation but usually there is none or it is out of date.
In IT, documentation is key. Documentation gives you the knowledge to quickly get up to speed when needed – whether that be during day to day operations or during an emergency. Protect your IT infrastructure, investment, and liability with adequate documentation which may constitute a small investment in time to gather, sort and compile.
Here is a list of some basic documentation that should be on hand, safely stored from damage and secured as company secrets:
Contact Information – Be sure to list contact information for various roles inside the company. Contact information for decision makers, and technical people should be recorded (along with after hours contact info) to make sure that if in the event something major occurs, a decision maker can be reached on the phone. The last thing you want is an emergency to occur, and it not being resolved since an IT person can’t get someone on the phone who can authorize a hardware purchase…
Administrative Credentials – Most importantly, record the main master domain Administrative account (username, password, and domain), and any other administrative accounts. If any users are provided with special administrative privileges, be sure to list them as their access needs to be revoked if they are ever terminated or leave the company. If not, you are leaving a major security hole open. I’ve seen some companies leave administrative full access accounts open for users years after they left the company, this isn’t good!
Server Configuration – Your server configuration should include all types of information (no matter how trivial). This includes networking information, administrative account details, details about Active Directory (ex. Domain name, WINS configuration, DNS Configuration), computer name, and built-in service that may be enabled (ex. DHCP, DNS, WINS, RDP, RRAS, RIS, etc…), even DHCP reservations. This provides the technical picture that shows how things were set up, and what base services are set up and providing your network by your servers. Don’t forget to include information on your server hardware. You should list all information on your server hardware, such as model numbers, serial numbers, warranty information, along with contact information on how to initiate warranty cases. Disk configuration, RAID configuration, firmware info should also be documented. This documentation should allow someone to re-setup your servers from scratch if required.
Firewall Configuration – Firewall setup and configuration should be documented, along with licensing keys, port forwarding configuration, and firmware versions.
Network Documentation – Your networking documentation will provide the reader with how devices are dynamically configured (whether DHCP, BootP), how many devices are on the network, what networks they sit on, who has access to RDP, VPNs, how those services are accessed (IPs, hostnames), and details on how standard network services are delivered throughout your network. This documentation should provide information on how your network functions and how data goes across it. And just like your server, be sure to include models numbers, serial numbers, warranty information, and location of the hardware as well. This will provide the blueprint in the event the network requires repair, or needs to be rebuilt from scratch.
Network Shares – Document Network shares, file system location on the host, permission types, and description of the purpose of the share. It’s best practice to present network shares to a group of users using the same letter network drive, document this as well so it can easily be managed, or re-setup in Group Policy of required (automatic drive network mapping).
Workstations – Your workstations should be somewhat generalized and centrally managed. Most computers should be running the same software, based off similar hardware, and configured in the same generalized fashion. Be sure to document the process for initial configuration, required software, software configuration, and any other special options that certain users may require. It’s always good to record model numbers, serial numbers, and warranty information so it can be found quick when needed.
Users – Be sure to keep an activate list of users, along with group information, department, and types of access they require, e-mail addresses, and e-mail distribution lists they may be a member of. NEVER record users passwords as this is a security concern. Any work ever required by an IT professional should be easily accomplished with the Administrative credentials, even if the administrator is required to sit down with the user.
Printers – Be sure to record all printers, MAC addresses, and DHCP reservations you have configured for your printers. As always with all hardware, record models, serials, and warranty info. It also never hurts to record driver versions you have installed just in case it may assist with troubleshooting.
Vendor Contact Information – Be sure to list contact information of the hardware and software that is under support. The last thing you want during an emergency is to be unable to find the phone number of the firewall vendor because your internet is down.
Licensing Information – Be sure to keep information on any major licensing agreements you have in place. Also be sure to document URLs, usernames and passwords for any licensing systems that are managed online (such as Microsoft eOpen Online Licensing, Symantec, Astaro, etc…). It’s good practice to record all licensed products, keys, and invoice numbers for the purchase of the license. In the event you may get audited, require a license key for re-installation, etc… this information will be invaluable to get it resolved quickly. This document will also clearly let you know how many licenses you have, who is using them, and what versions of software you are running.
A Disaster Recovery document that describes your backup and restore policy, how you back up your systems, how to restore your systems, and what to do in the event of a total failure where a recovery from scratch is required. If you can’t create a document that provides a step-by-step process to completely restore your businesses IT infrastructure then you are in trouble! Either find someone who can create the documentation, or implement a disaster recovery solution that can be properly documented. This documentation also allows you to test your disaster recovery solution, which you should be doing from time to time to make sure you can recovery from a failure, and that the documentation is correct!
DMAC TECHNOLOGY GROUP can provide this for your company. Does your IT company do this for you?
