Microsoft's checklist for Infrastructure maturity

This checklist is constructed from this reference on Technet.

Standardized
  • Identity and Access Management
    • Directory Services for Authentication of User
      • Implemented Active Directory directory service for authentication of 80 percent or more of connected users.
  • Desktop, Device and Server Management
    • Automated Patch Distribution to Desktops and Laptops
      • Implemented process and tools to inventory hardware and software assets.
      • Implemented process and tools to scan client computers for software updates.
      • Established a process to automatically identify available patches.
      • Established standard testing for every patch.
      • Implemented patch distribution software.
    • Defined Standard Images for Desktops and Laptops
      • Used tools to capture a standard image.
      • Defined a strategy for standard images.
      • Defined a standard set of disk images (OS and applications) for all hardware types.
      • Established deployment tools for network-based or offline image installation.
    • Centralized Management of Mobile Devices
      • Installed software to discover and track the mobile devices in your organization
      • Implemented password-controlled access.
      • Established centralized data and software synchronization.
      • Ensured that decommissioned devices are free of company information.
    • Identity Validation, Data Protection, and Data Backup of Mobile Devices
      • Established and are enforcing a password-access policy or using public key certificates for user identification.
      • Encrypted all transfers for data distribution to, and data backup from, mobile devices.
      • Implemented device lockout on mobile devices.
      • Ensured that company information can be removed with remote wipe in case a mobile device is lost or stolen.
    • Consolidation of Desktop Images to Two Operating System Versions
      • Implemented an image-consolidation strategy.
      • Reduced the number of production operating systems to no more than two.
  • Security and Networking
    • Antivirus Software for Desktops
      • Installed all operating system and software application security updates.
      • Activated available host-based firewalls.
      • Installed antivirus software on 80 percent or more of your desktop computers.
    • Central Firewall Services
      • Installed a centralized hardware or software firewall.
    • Internally Managed Basic Networking Services (DNS, DHCP, WINS)
      • Implemented DNS services on servers or other devices within your organization.
      • Implemented DHCP services on servers or other devices within your organization.
      • Implemented WINS services for older operating systems on servers or other devices within your organization.
    • Availability Monitoring of Critical Servers
      • Installed availability monitoring software such as Microsoft Operations Manager (MOM).
      • Are monitoring 80 percent of your critical servers for performance, events, and alerts.
  • Data Protection and Recovery
    • Defined Backup and Restore Services for Critical Servers
      • Created a data backup plan and a recovery plan for 80 percent or more of your critical servers.
      • Used drills to test your plans.
  • Security Process
    • Security Policies, Risk Assessment, Incident Response, and Data Security
      • Named a dedicated person for security strategy and policy.
      • Established a risk assessment methodology.
      • Established an incident response plan.
      • Established a process to manage user, device, and service identities
      • Established consistent processes to identify security issues, including all network-connected devices
      • Established consistent security policy compliance on network devices
      • Established a plan to evaluate and test all acquired software for security compliance
      • Established a consistent policy to classify data
  • ITIL/COBIT-Based Management Process
    • Support and Change Management Process
      • Implemented incident management techniques.
      • Implemented problem management techniques.
      • Improved end-user support services.
      • Implemented service definition and configuration management
      • Implemented change management best practices.
Rationalized
  • Identity and Access Management
    • Implemented a directory-based tool to centrally administer configurations and security on 80 percent or more of your desktops
      • Identified which configurations should be monitored or enforced.
      • Selected tools for monitoring and enforcing configuration compliance.
      • Defined Group Policy objects for settings managed through Group Policy.
      • Implemented Group Policy Management Console to manage Group Policy objects.
      • Applied Group Policy to at least 80 percent of your desktops.
  • Desktop, Device and Server Management
    • An automated software distribution solution for operating system deployment
      • Identified tools and technologies required to enable automated operating system deployment.
      • Performed necessary pre-deployment tasks for application compatibility and packaging, infrastructure remediation, imaging, user-state migration, and desktop security.
      • Tested and validated Zero Touch Installation in a lab environment and pilot program.
      • Performed automated OS deployment to end users.
    • Automated tracking of hardware and software assets of 80 percent or more of your desktops
      • Deployed tools and procedures to automate desktop asset inventory.
      • Implemented procedures and technologies to automate application and operating system deployment
      • Implemented tools and procedures to perform and analyze software usage tracking reporting.
      • Implemented best practice automated software update management.
      • Deployed tools and procedures to monitor desktop system status, including product compliance and system status monitoring.
    • Eighty percent or more of your desktops running one of the two most recent operating system versions
      • Inventoried existing production operating systems.
      • Determined new computer and refresh strategies in order to phase out older operating systems.
      • Deployed two most recent operating system versions to at least 80 percent of all desktops.
    • Eighty percent or more of your desktops running Microsoft Office 2003 or the 2007 Microsoft Office system
      • Evaluated the latest versions of Office and defined plan to consolidate Office versions on production workstations.
      • Deployed latest versions of Office to desktops.
      • Defined plan for managing Office configurations.
    • Tests and certifies application compatibility on 80 percent of new or updated applications before deploying them to desktops
      • Collected and analyzed the application inventory in your organization to build your application portfolio.
      • Implemented standard testing of your mitigation strategies to create your application mitigation packages.
      • Implemented standard processes to resolve any outstanding compatibility issues to report compatibility mitigation to management.
      • Implemented automated deployment of all compatibility mitigation packages.
    • Patch management solution for 80 percent or more of your servers
      • Implemented process and tools to inventory hardware and software assets.
      • Implemented process and tools to scan servers for software updates.
      • Established a process to automatically identify available patches.
      • Established standard testing for every patch.
      • Implemented patch distribution software.
    • Secured and guaranteed way to verify secure communications between your corporate network and mobile devices
      • Inventoried mobile devices connecting to your network.
      • Determined a communication security strategy appropriate for your needs.
      • Implemented mobile device authentication to all connected devices.
    • Access provided to Web applications via WAP or HTTP for mobile devices
      • Inventoried mobile devices connecting to your network and Web applications currently consumed or potentially consumed by mobile device users.
      • Developed and implemented a strategy to optimize Web applications for mobile device users, update mobile device hardware, or both.
    • Planning for server consolidation with virtualization
      • Inventoried all IT services and LOB applications in your organization, including performance and traffic data.
      • Developed a plan to consolidate server infrastructure by implementing virtual machine technologies.
    • Implemented a layered-image strategy for managing your desktop images
      • Inventoried and rationalized the current set of managed desktop images in your organization.
      • Developed and implemented a strategy to consolidate desktop images by using thin or hybrid layered-imaging for desktop deployment.
  • Security and Networking
    • Policy-managed firewall on 80 percent or more of your servers and desktops
      • Inventoried your desktop and server computers to identify which hardware currently has host-based firewall technologies.
      • Deployed host-based firewall technology to hardware lacking firewall capabilities or updated servers to Windows Server 2003 SP1 or later.
      • Established policy enforcement to ensure host-based firewalls are always enabled and cannot be disabled.
    • Secure remote access to internal resources and line-of-business applications beyond e-mail (that is , VPN and/or Terminal Services)
      • Evaluated remote access requirements for remote clients and branch offices.
      • Designed and implemented secure virtual private network or similar services to remote clients and branch office.
    • Secured and guaranteed way to verify communication between critical servers , such as domain controllers and e-mail servers
      • Assessed the current state of network infrastructure affected by Internet Protocol Security (IPsec).
      • Identified organizational requirements to ensure secured and guaranteed communication between servers, including regulation and compliance impacts.
      • Developed and implemented a plan across the organization using Ipsec to meet defined requirements.
    • Monitoring and service level reporting for 80 percent or more of your servers to ensure a consistent and reliable user experience
      • Defined your organization’s IT services in a service catalog.
      • Determined the baseline or current service levels for defined services.
      • Defined service levels appropriate for your organization and determined a plan for automating service level monitoring.
      • Implemented an automated availability monitoring solution.
    • Providing a secured communication mechanism for presence
      • Assessed any current unmanaged methods used for presence and instant communication.
      • Created a requirements specification for presence and instant messaging, aligning to industry or local regulations and policies.
      • Evaluated presence and instant technology and created a plan to implement your selected solution.
      • Implemented presence at minimum through managed instant messaging and optionally through collaboration and e-mail infrastructure.
    • Deployed a secure wireless network using Active Directory and IAS/RADIUS for authentication and authorization
      • Identified current wireless access and related topologies.
      • Evaluated wireless technologies, protocols, and standards.
      • Developed and implemented plans for secure wireless authentication infrastructure.
    • Centrally managed certificate services infrastructure (PKI)
      • Performed a network discovery to inventory all components.
      • Identified people, process and technology design considerations for the certification authority and public key infrastructure.
      • Created a detailed deployment plan to enable the PKI.
      • Implemented PKI deployment plan.
    • Proactively managing bandwidth to branch offices
      • Identified and documented branch office topology.
      • Created requirement specification based on the needs of all branch office types.
      • Created a plan and architecture for branch office service consolidation and identified performance thresholds for reexamination of branch office WAN requirements.
      • Implemented plan to optimize branch office services against WAN link limitations.
  • Data Protection and Recovery
    • Centrally managing data backup for your branch offices
      • Created a centralized data backup plan and a recovery plan for branch offices in your organization.
      • Implemented a backup and recovery plan for centralized control of backup and recovery operations, either via network-centralized tools or operational guidelines for local backup and recovery, with defined service levels.
    • Service level agreement (SLA) for system backup and restore , and defined recovery times for 80 percent of your servers
      • Created a data backup plan and a recovery plan for 80 percent or more of all servers in your organization.
      • Used drills to test your plans and validate defined recovery times.
  • Security and ITIL/COBIT-based Management Process
    • Established security processes for two-factor user authentication , standard security review for new software acquisitions , and data classification
      • Developed and implemented two-factor identity and access management policies.
      • Developed a process to manage security requirement testing on all acquired or developed software.
      • Established a standard and repeatable procedure for classifying sensitive data.
    • Implemented best practices for operating , optimizing , and change processes in your IT organization
      • Implemented service level management across IT operations.
      • Implemented best practice release management.
      • Optimized network and system administration processes.
      • Implemented best practice job scheduling.
Dynamic
  • Identity and Access Management
    • Centralized automated user account provisioning (for example , issuing new accounts, changing passwords , synchronizing permissions , enabling access to business applications) across 80 percent or more of heterogeneous systems.
      • Defined current identity object provisioning workflows in your organization, as well as areas to improve or optimize.
      • Identified technologies used to manage object identity life cycles.
      • Implemented a consolidated solution to automate common user account provisioning workflows.
    • Implemented a federated directory-based tool to enable authenticated access to external customers , service providers , and business partners.
      • Validated need for providing authenticated access to external entities.
      • Determined strategies and policies for providing external access to defined resources.
      • Implemented technologies to ensure secure access for defined external users to defined services.
  • Desktop, Device and Server Management
    • Tools in place to perform automated infrastructure capacity planning for primary IT services (such as e-mail).
      • Identified primary IT service candidates for automated capacity planning.
      • Created capacity models to automate capacity planning or implemented capacity planning tools.
    • Management of mobile devices and access to IT services and applications nearly at parity with managed desktop and laptop computers.
      • Implemented secure technologies to provide access to primary line-of-business applications (for example, LOB apps, CRM, supply chain) via mobile devices.
      • Established defined set of standard basic images for mobile devices.
      • Implemented an automated solution to continuously update configuration settings and/or applications in mobile devices.
      • Deployed an automated quarantine solution for mobile devices.
      • Implemented an automated patch management solution for mobile devices.
      • Implemented an automated asset management solution for mobile devices.
    • Implemented virtualization to dynamically move workloads from server to server based on resource needs or business rules.
      • Deployed a subset of production IT services or applications to virtual machines.
      • Actively managing and optimizing system resources on shared hardware devices.
  • Security and Networking
    • Integrated threat management and mitigation across clients and server edge.
      • Assessed server edge security threats and evaluated threat mitigation solutions.
      • Implemented technology solutions to protect against Internet-based threats across the client and server edge.
    • Model-enabled service level monitoring of desktops , applications , and server infrastructure.
      • Defined desktop, application, and server infrastructure service models.
      • Evaluated technologies for monitoring availability of connections and components across defined services.
      • Implemented automated solution to define and monitor service levels.
    • Automated quarantine solution for unpatched or infected computers.
      • Evaluated technologies to enable network quarantine for remote and on-site users.
      • Implemented VPN quarantine solution for remote users.
  • Data Protection and Recovery
    • Implemented defined backup and restore services with service level agreements for 80 percent or more of desktops.
      • Established goals for the desktop backup and recovery service.
      • Defined and implemented a suitable backup and restore service for desktops in the organization and established SLAs.
  • Security Process
    • Established security processes and technologies to enable advanced two-factor user authentication (such as biometric scans) for highly sensitive data.
      • Developed and implemented advanced two-factor identity and access management policies for highly sensitive data.
  • ITIL/COBIT-based Management Process
    • Implemented best practices for further optimizing your IT organization.
      • Implemented best practice Availability Management.
      • Implemented best practice Financial Management.
      • Implemented best practice Infrastructure Engineering.
      • Implemented best practice IT Service Continuity Management.
      • Implemented best practice Workforce Management.

      https://www.linkedin.com/pulse/my-top-10-posts-pulse-ronald-bartels/

Comments