When going in to a new potential customer one of the biggest problems we always run in to, is that the customer has absolutely no documentation for their IT environment, no disaster recovery plan or policy, and no documents explaining licensing (licenses, licensing agreements, details, etc…).
In a healthy IT environment, one of the most important things you can have is documentation. Documentation provides the people who need to know with the information they require to operate, maintain, support, deliver, and protect your IT infrastructure and investment. This also allows anyone with proper skills/knowledge to perform those services in the event your usual provider may either be unavailable, terminated, switched or for some other reason can’t service you.
And No! We aren’t talking about listing usernames and passwords and calling it a day, we are talking about real documentation and a small investment in time. Below is a list of some fundamentals you should have documented:
Please Note: ALWAYS protect your documentation as it is a key to access your entire network. Very few copies should exist, however the ones that do exist should be located in separate locations which are SECURE, and only protected by someone who has a vested interest in the companies well being and future.
Administrative Credentials – Most importantly, record the main master domain Administrative account (username, password, and domain), and any other administrative accounts. If any users are provided with special administrative privileges, be sure to list them as their access needs to be revoked if they are ever terminated or leave the company. If not, you are leaving a major security hole open. I’ve seen some companies leave administrative full access accounts open for users years after they left the company, this isn’t good!
Contact Information – Be sure to list contact information for various roles inside the company. Contact information for decision makers, and technical people should be recorded (along with after hours contact info) to make sure that if in the event something major occurs, a decision maker can be reached on the phone. The last thing you want is an emergency to occur, and it not being resolved since an IT person can’t get someone on the phone who can authorize a hardware purchase…
Server Configuration – Your server configuration should include all types of information (no matter how trivial). This includes networking information, administrative account details, details about Active Directory (ex. Domain name, WINS configuration, DNS Configuration), computer name, and built-in service that may be enabled (ex. DHCP, DNS, WINS, RDP, RRAS, RIS, etc…), even DHCP reservations. This provides the technical picture that shows how things were set up, and what base services are set up and providing your network by your servers. Don’t forget to include information on your server hardware. You should list all information on your server hardware, such as model numbers, serial numbers, warranty information, along with contact information on how to initiate warranty cases. Disk configuration, RAID configuration, firmware info should also be documented. This documentation should allow someone to re-setup your servers from scratch if required.
Network Documentation – Your networking documentation will provide the reader with how devices are dynamically configured (whether DHCP, BootP), how many devices are on the network, what networks they sit on, who has access to RDP, VPNs, how those services are accessed (IPs, hostnames), and details on how standard network services are delivered throughout your network. This documentation should provide information on how your network functions and how data goes across it. And just like your server, be sure to include models numbers, serial numbers, warranty information, and location of the hardware as well. This will provide the blueprint in the event the network requires repair, or needs to be rebuilt from scratch.
Network Shares – Document Network shares, file system location on the host, permission types, and description of the purpose of the share. It’s best practice to present network shares to a group of users using the same letter network drive, document this as well so it can easily be managed, or re-setup in Group Policy of required (automatic drive network mapping).
Workstations – Your workstations should be somewhat generalized and centrally managed. Most computers should be running the same software, based off similar hardware, and configured in the same generalized fashion. Be sure to document the process for initial configuration, required software, software configuration, and any other special options that certain users may require. It’s always good to record model numbers, serial numbers, and warranty information so it can be found quick when needed.
Users – Be sure to keep an activate list of users, along with group information, department, and types of access they require, e-mail addresses, and e-mail distribution lists they may be a member of. NEVER record users passwords as this is a security concern. Any work ever required by an IT professional should be easily accomplished with the Administrative credentials, even if the administrator is required to sit down with the user.
Printers – Be sure to record all printers, MAC addresses, and DHCP reservations you have configured for your printers. As always with all hardware, record models, serials, and warranty info. It also never hurts to record driver versions you have installed just in case it may assist with troubleshooting.
Licensing Information – Be sure to keep information on any major licensing agreements you have in place. Also be sure to document URLs, usernames and passwords for any licensing systems that are managed online (such as Microsoft eOpen Online Licensing, Symantec, Astaro, etc…). It’s good practice to record all licensed products, keys, and invoice numbers for the purchase of the license. In the event you may get audited, require a license key for re-installation, etc… this information will be invaluable to get it resolved quickly. This document will also clearly let you know how many licenses you have, who is using them, and what versions of software you are running.
Firewall Configuration – Firewall setup and configuration should be documented, along with licensing keys, port forwarding configuration, and firmware versions.
A separate document that should exist is your documentation for “Disaster Recovery”. This documentation goes in to detail as to what your backup and restore policy is, how you back up your systems, how to restore your systems, and what to do in the event of a total failure where a recovery from scratch is required. If you can’t create a document that provides a step-by-step process to completely restore your businesses IT infrastructure then you are in trouble! Either find someone who can create the documentation, or implement a disaster recovery solution that can be properly documented. This documentation also allows you to test your disaster recovery solution, which you should be doing from time to time to make sure you can recovery from a failure, and that the documentation is correct!
While everything above is a good starting point for small businesses, feel free to add any other information you feel could benefit your documentation. All information is good information as long as it is organized and easily readable! Happy documenting!