Skip to main content

Microsoft's checklist for Infrastructure maturity

This checklist is constructed from this reference on Technet.

Standardized
  • Identity and Access Management
    • Directory Services for Authentication of User
      • Implemented Active Directory directory service for authentication of 80 percent or more of connected users.
  • Desktop, Device and Server Management
    • Automated Patch Distribution to Desktops and Laptops
      • Implemented process and tools to inventory hardware and software assets.
      • Implemented process and tools to scan client computers for software updates.
      • Established a process to automatically identify available patches.
      • Established standard testing for every patch.
      • Implemented patch distribution software.
    • Defined Standard Images for Desktops and Laptops
      • Used tools to capture a standard image.
      • Defined a strategy for standard images.
      • Defined a standard set of disk images (OS and applications) for all hardware types.
      • Established deployment tools for network-based or offline image installation.
    • Centralized Management of Mobile Devices
      • Installed software to discover and track the mobile devices in your organization
      • Implemented password-controlled access.
      • Established centralized data and software synchronization.
      • Ensured that decommissioned devices are free of company information.
    • Identity Validation, Data Protection, and Data Backup of Mobile Devices
      • Established and are enforcing a password-access policy or using public key certificates for user identification.
      • Encrypted all transfers for data distribution to, and data backup from, mobile devices.
      • Implemented device lockout on mobile devices.
      • Ensured that company information can be removed with remote wipe in case a mobile device is lost or stolen.
    • Consolidation of Desktop Images to Two Operating System Versions
      • Implemented an image-consolidation strategy.
      • Reduced the number of production operating systems to no more than two.
  • Security and Networking
    • Antivirus Software for Desktops
      • Installed all operating system and software application security updates.
      • Activated available host-based firewalls.
      • Installed antivirus software on 80 percent or more of your desktop computers.
    • Central Firewall Services
      • Installed a centralized hardware or software firewall.
    • Internally Managed Basic Networking Services (DNS, DHCP, WINS)
      • Implemented DNS services on servers or other devices within your organization.
      • Implemented DHCP services on servers or other devices within your organization.
      • Implemented WINS services for older operating systems on servers or other devices within your organization.
    • Availability Monitoring of Critical Servers
      • Installed availability monitoring software such as Microsoft Operations Manager (MOM).
      • Are monitoring 80 percent of your critical servers for performance, events, and alerts.
  • Data Protection and Recovery
    • Defined Backup and Restore Services for Critical Servers
      • Created a data backup plan and a recovery plan for 80 percent or more of your critical servers.
      • Used drills to test your plans.
  • Security Process
    • Security Policies, Risk Assessment, Incident Response, and Data Security
      • Named a dedicated person for security strategy and policy.
      • Established a risk assessment methodology.
      • Established an incident response plan.
      • Established a process to manage user, device, and service identities
      • Established consistent processes to identify security issues, including all network-connected devices
      • Established consistent security policy compliance on network devices
      • Established a plan to evaluate and test all acquired software for security compliance
      • Established a consistent policy to classify data
  • ITIL/COBIT-Based Management Process
    • Support and Change Management Process
      • Implemented incident management techniques.
      • Implemented problem management techniques.
      • Improved end-user support services.
      • Implemented service definition and configuration management
      • Implemented change management best practices.
Rationalized
  • Identity and Access Management
    • Implemented a directory-based tool to centrally administer configurations and security on 80 percent or more of your desktops
      • Identified which configurations should be monitored or enforced.
      • Selected tools for monitoring and enforcing configuration compliance.
      • Defined Group Policy objects for settings managed through Group Policy.
      • Implemented Group Policy Management Console to manage Group Policy objects.
      • Applied Group Policy to at least 80 percent of your desktops.
  • Desktop, Device and Server Management
    • An automated software distribution solution for operating system deployment
      • Identified tools and technologies required to enable automated operating system deployment.
      • Performed necessary pre-deployment tasks for application compatibility and packaging, infrastructure remediation, imaging, user-state migration, and desktop security.
      • Tested and validated Zero Touch Installation in a lab environment and pilot program.
      • Performed automated OS deployment to end users.
    • Automated tracking of hardware and software assets of 80 percent or more of your desktops
      • Deployed tools and procedures to automate desktop asset inventory.
      • Implemented procedures and technologies to automate application and operating system deployment
      • Implemented tools and procedures to perform and analyze software usage tracking reporting.
      • Implemented best practice automated software update management.
      • Deployed tools and procedures to monitor desktop system status, including product compliance and system status monitoring.
    • Eighty percent or more of your desktops running one of the two most recent operating system versions
      • Inventoried existing production operating systems.
      • Determined new computer and refresh strategies in order to phase out older operating systems.
      • Deployed two most recent operating system versions to at least 80 percent of all desktops.
    • Eighty percent or more of your desktops running Microsoft Office 2003 or the 2007 Microsoft Office system
      • Evaluated the latest versions of Office and defined plan to consolidate Office versions on production workstations.
      • Deployed latest versions of Office to desktops.
      • Defined plan for managing Office configurations.
    • Tests and certifies application compatibility on 80 percent of new or updated applications before deploying them to desktops
      • Collected and analyzed the application inventory in your organization to build your application portfolio.
      • Implemented standard testing of your mitigation strategies to create your application mitigation packages.
      • Implemented standard processes to resolve any outstanding compatibility issues to report compatibility mitigation to management.
      • Implemented automated deployment of all compatibility mitigation packages.
    • Patch management solution for 80 percent or more of your servers
      • Implemented process and tools to inventory hardware and software assets.
      • Implemented process and tools to scan servers for software updates.
      • Established a process to automatically identify available patches.
      • Established standard testing for every patch.
      • Implemented patch distribution software.
    • Secured and guaranteed way to verify secure communications between your corporate network and mobile devices
      • Inventoried mobile devices connecting to your network.
      • Determined a communication security strategy appropriate for your needs.
      • Implemented mobile device authentication to all connected devices.
    • Access provided to Web applications via WAP or HTTP for mobile devices
      • Inventoried mobile devices connecting to your network and Web applications currently consumed or potentially consumed by mobile device users.
      • Developed and implemented a strategy to optimize Web applications for mobile device users, update mobile device hardware, or both.
    • Planning for server consolidation with virtualization
      • Inventoried all IT services and LOB applications in your organization, including performance and traffic data.
      • Developed a plan to consolidate server infrastructure by implementing virtual machine technologies.
    • Implemented a layered-image strategy for managing your desktop images
      • Inventoried and rationalized the current set of managed desktop images in your organization.
      • Developed and implemented a strategy to consolidate desktop images by using thin or hybrid layered-imaging for desktop deployment.
  • Security and Networking
    • Policy-managed firewall on 80 percent or more of your servers and desktops
      • Inventoried your desktop and server computers to identify which hardware currently has host-based firewall technologies.
      • Deployed host-based firewall technology to hardware lacking firewall capabilities or updated servers to Windows Server 2003 SP1 or later.
      • Established policy enforcement to ensure host-based firewalls are always enabled and cannot be disabled.
    • Secure remote access to internal resources and line-of-business applications beyond e-mail (that is , VPN and/or Terminal Services)
      • Evaluated remote access requirements for remote clients and branch offices.
      • Designed and implemented secure virtual private network or similar services to remote clients and branch office.
    • Secured and guaranteed way to verify communication between critical servers , such as domain controllers and e-mail servers
      • Assessed the current state of network infrastructure affected by Internet Protocol Security (IPsec).
      • Identified organizational requirements to ensure secured and guaranteed communication between servers, including regulation and compliance impacts.
      • Developed and implemented a plan across the organization using Ipsec to meet defined requirements.
    • Monitoring and service level reporting for 80 percent or more of your servers to ensure a consistent and reliable user experience
      • Defined your organization’s IT services in a service catalog.
      • Determined the baseline or current service levels for defined services.
      • Defined service levels appropriate for your organization and determined a plan for automating service level monitoring.
      • Implemented an automated availability monitoring solution.
    • Providing a secured communication mechanism for presence
      • Assessed any current unmanaged methods used for presence and instant communication.
      • Created a requirements specification for presence and instant messaging, aligning to industry or local regulations and policies.
      • Evaluated presence and instant technology and created a plan to implement your selected solution.
      • Implemented presence at minimum through managed instant messaging and optionally through collaboration and e-mail infrastructure.
    • Deployed a secure wireless network using Active Directory and IAS/RADIUS for authentication and authorization
      • Identified current wireless access and related topologies.
      • Evaluated wireless technologies, protocols, and standards.
      • Developed and implemented plans for secure wireless authentication infrastructure.
    • Centrally managed certificate services infrastructure (PKI)
      • Performed a network discovery to inventory all components.
      • Identified people, process and technology design considerations for the certification authority and public key infrastructure.
      • Created a detailed deployment plan to enable the PKI.
      • Implemented PKI deployment plan.
    • Proactively managing bandwidth to branch offices
      • Identified and documented branch office topology.
      • Created requirement specification based on the needs of all branch office types.
      • Created a plan and architecture for branch office service consolidation and identified performance thresholds for reexamination of branch office WAN requirements.
      • Implemented plan to optimize branch office services against WAN link limitations.
  • Data Protection and Recovery
    • Centrally managing data backup for your branch offices
      • Created a centralized data backup plan and a recovery plan for branch offices in your organization.
      • Implemented a backup and recovery plan for centralized control of backup and recovery operations, either via network-centralized tools or operational guidelines for local backup and recovery, with defined service levels.
    • Service level agreement (SLA) for system backup and restore , and defined recovery times for 80 percent of your servers
      • Created a data backup plan and a recovery plan for 80 percent or more of all servers in your organization.
      • Used drills to test your plans and validate defined recovery times.
  • Security and ITIL/COBIT-based Management Process
    • Established security processes for two-factor user authentication , standard security review for new software acquisitions , and data classification
      • Developed and implemented two-factor identity and access management policies.
      • Developed a process to manage security requirement testing on all acquired or developed software.
      • Established a standard and repeatable procedure for classifying sensitive data.
    • Implemented best practices for operating , optimizing , and change processes in your IT organization
      • Implemented service level management across IT operations.
      • Implemented best practice release management.
      • Optimized network and system administration processes.
      • Implemented best practice job scheduling.
Dynamic
  • Identity and Access Management
    • Centralized automated user account provisioning (for example , issuing new accounts, changing passwords , synchronizing permissions , enabling access to business applications) across 80 percent or more of heterogeneous systems.
      • Defined current identity object provisioning workflows in your organization, as well as areas to improve or optimize.
      • Identified technologies used to manage object identity life cycles.
      • Implemented a consolidated solution to automate common user account provisioning workflows.
    • Implemented a federated directory-based tool to enable authenticated access to external customers , service providers , and business partners.
      • Validated need for providing authenticated access to external entities.
      • Determined strategies and policies for providing external access to defined resources.
      • Implemented technologies to ensure secure access for defined external users to defined services.
  • Desktop, Device and Server Management
    • Tools in place to perform automated infrastructure capacity planning for primary IT services (such as e-mail).
      • Identified primary IT service candidates for automated capacity planning.
      • Created capacity models to automate capacity planning or implemented capacity planning tools.
    • Management of mobile devices and access to IT services and applications nearly at parity with managed desktop and laptop computers.
      • Implemented secure technologies to provide access to primary line-of-business applications (for example, LOB apps, CRM, supply chain) via mobile devices.
      • Established defined set of standard basic images for mobile devices.
      • Implemented an automated solution to continuously update configuration settings and/or applications in mobile devices.
      • Deployed an automated quarantine solution for mobile devices.
      • Implemented an automated patch management solution for mobile devices.
      • Implemented an automated asset management solution for mobile devices.
    • Implemented virtualization to dynamically move workloads from server to server based on resource needs or business rules.
      • Deployed a subset of production IT services or applications to virtual machines.
      • Actively managing and optimizing system resources on shared hardware devices.
  • Security and Networking
    • Integrated threat management and mitigation across clients and server edge.
      • Assessed server edge security threats and evaluated threat mitigation solutions.
      • Implemented technology solutions to protect against Internet-based threats across the client and server edge.
    • Model-enabled service level monitoring of desktops , applications , and server infrastructure.
      • Defined desktop, application, and server infrastructure service models.
      • Evaluated technologies for monitoring availability of connections and components across defined services.
      • Implemented automated solution to define and monitor service levels.
    • Automated quarantine solution for unpatched or infected computers.
      • Evaluated technologies to enable network quarantine for remote and on-site users.
      • Implemented VPN quarantine solution for remote users.
  • Data Protection and Recovery
    • Implemented defined backup and restore services with service level agreements for 80 percent or more of desktops.
      • Established goals for the desktop backup and recovery service.
      • Defined and implemented a suitable backup and restore service for desktops in the organization and established SLAs.
  • Security Process
    • Established security processes and technologies to enable advanced two-factor user authentication (such as biometric scans) for highly sensitive data.
      • Developed and implemented advanced two-factor identity and access management policies for highly sensitive data.
  • ITIL/COBIT-based Management Process
    • Implemented best practices for further optimizing your IT organization.
      • Implemented best practice Availability Management.
      • Implemented best practice Financial Management.
      • Implemented best practice Infrastructure Engineering.
      • Implemented best practice IT Service Continuity Management.
      • Implemented best practice Workforce Management.

      https://www.linkedin.com/pulse/my-top-10-posts-pulse-ronald-bartels/

Comments

Popular posts from this blog

Why Madge Networks, the token-ring company, went titsup

There I was shooting the breeze with an old mate. The conversation turned to why Madge Networks which I wrote about here went titsup. My analysis is that Madge Networks had a solution and decided to go out and find a problem. They deferred to more incorrect strategic technology choices. The truth of the matter is that when something goes titsup, its not because of one reason only, but a myriad of them all contributing to the negative consequence. There are the immediate or visual ones, which are underpinned by intermediate ones and finally after digging right down, there are the root causes. There is never a singular root cause for anything but I'll present my opinion and encourage everyone else to chip in. All of them together are more likely the reason the company went titsup. As far as technology brainfarts go there is no better example than Kodak . They invented the digital camera that killed them. However, they were so focused on milking people in their leg

Flawed "ITIL aligned"​ Incident Management

Many "ITIL aligned" service desk tools have flawed incident management. The reason is that incidents are logged with a time association and some related fields to type in some gobbledygook. The expanded incident life cycle is not enforced and as a result trending and problem management is not possible. Here is a fictitious log of an incident at PFS, a financial services company, which uses CGTSD, an “ITIL-aligned” service desk tool. Here is the log of an incident record from this system: Monday, 12 August: 09:03am (Bob, the service desk guy): Alice (customer in retail banking) phoned in. Logged an issue. Unable to assist over the phone (there goes our FCR), will escalate to second line. 09:04am (Bob, the service desk guy): Escalate the incident to Charles in second line support. 09:05am (Charles, technical support): Open incident. 09:05am (Charles, technical support): Delayed incident by 1 day. Tuesday, 13 August: 10:11am (Charles, technical support): Phoned Alice.

A checklist for troubleshooting network problems (22 things to catch)

  Assumptions! What is really wrong? Is it the network that is being blamed for something else? Fully describe and detail the issue . The mere act of writing it down, often clarifies matters. Kick the tyres and do a visual inspection. With Smartphones being readily available, take pictures. I once went to a factory where there was a problem. Upon inspection, the network equipment was covered in pigeon pooh! The chassis had rusted and the PCB boards were being affected by the stuff. No wonder there was a problem. In another example, which involved radio links. It is difficult with radio links to remotely troubleshoot alignment errors. (I can recall when a heavy storm blew some radio links out of alignment. Until we climbed onto the roof we never realised how strong the wind really was that day!) Cabling. Is the cable actually plugged in? Is it plugged into the correct location. Wear and tear on cabling can also not b