25-Point Checklist

Thank you for visiting us today to learn more about how we certify a network environment as a Crashproof Solution.

First, let us review the benefits:

  • Everyone is happy
  • You never have to think about your computers
  • Should your office go up in flames, we can always bring you back online in less than a day

Due to lack of space in print media, we had to use technical terms on the checklist you received. Our backup procedures are complex enough to require their own dedicated checklist, which is why they are not included here.

As we are a pro-active managed services company, it is more likely that we will be calling you to notify you of events that we already started to mitigate.

Our services are also available on an hourly basis for those customers who feel an all-inclusive agreement is unnecessary for their needs.

The cost to bring a network to this level varies, but it generally takes a few days to do this right and after that to focus on the needs of staff members rather than on fighting fires. We use off-lease corporate desktops and servers with OEM licenses, which lower your cost and reduce our environmental impact.

A license to upgrade from XP Home to Windows 7 Professional is about $199. It costs us less to provide you with a desktop that is already licensed for Windows XP Professional. Call for details.

Let us now go through and clarify what each of these items really means and why they are on the checklist.

Desired result

All computers, servers, and mobile devices are fully managed and work without problems

  • The term “managed” here means that the systems maintain a feedback loop to our network operations center. Should any system develop a hardware problem or detect a network traffic anomaly, we will be immediately notified and proceed with correcting the problem.
  • More likely than not, we will be calling you to inform you of system failure and how to proceed with mitigation of the event without interfering with your business operations.

Staff members have no obstacles to performing their tasks with optimal efficiency

  • Staff members usually live with one or more annoyances that they learn to put up with on a daily basis. Through a quick series of questions, we will determine what annoyances impede their productivity the most and have our research department develop a solution. We will literally ask your staff members “Please help us make a comprehensive list of how your computer is interfering with your work”

Staff members can call for productivity support at any time without additional charges

  • Staff members often wind up looking through online forums and generally wasting a lot of time trying to find a solution to complete a task they normally do not perform on a daily basis.
  • Our research department is substantially more efficient at performing this type of research. They will identify one or more solutions, test it, and prepare an instructional video explaining how this is done.
  • In some cases, it may simply be more efficient to have us perform the task.
  • Productivity support is different from technical support and will improve profitability of your business.

Failure of one computer does not cause an emergency situation

  • We will provide you with sufficient spare equipment to make the failure of one system a non-event.

It is possible to quickly rebuild a business with no loss after an insurable event

  • We use a triple-layer strategy for protecting your data. No matter what happens, we can always rebuild your entire network on our equipment and have you back in business in less than a day.

Staff computers

Must run a “business” version of Microsoft Windows

  • Some truly small businesses rely on a “home” version of Windows. We will require you to either upgrade to Windows 7 Professional, or to switch to using a computer we provide that is pre-licensed for Windows XP Professional.
  • This is necessary because a business version of Windows allows the computers to be managed without having to keep track of individual staff passwords.
  • We can provide pre-licensed equipment for less than what it costs to upgrade to a business version of Windows.

Must have a tested procedure to rebuild a failed system from a recent backup

  • You do not have a backup until you tested your ability to restore all critical data from the backup set.
  • The backup procedure must be fully automated and any unique data must be copied off-site as well.
  • We typically redirect the storage of all documents to a centralized location and back that up more often than individual computers.
  • Our solution depends on our ability to swap out individual systems, which is not possible if the replacement system cannot be made identical to the failed computer.

Ideally staff should have no administrative rights to prevent malware from causing downtime

  • Malicious software, which you know as “viruses”, “trojans”, “spyware”, “popups”, and other manifestations, requires sufficient rights to do its damage. If you try to purposely run a trojan (which comes from the Trojan Horse story) program without sufficient rights, it will simply fail to do any damage.
  • We have a technology that we deploy on every staff member’s computer to eliminate the need for administrative rights and to reduce opportunities for malicious software to take the system out of service.

Servers

Must run a currently supported Microsoft Windows Server version with at least one domain controller

  • As of 2011, the minimum supported version is Windows Server 2003 in any package
  • We can provide equipment pre-licensed for Windows Server 2003 for a lot less than it would cost to obtain a new license
  • A domain controller simply lets you control your entire network from one location. You no longer need to know individual passwords for your staff members, everything is in one place, and robust backup procedures protect your infrastructure.
  • In some instances, we can configure a MacOS X or a Linux system to emulate the basic features of a domain controller.

Ideally should have a secondary domain controller on identical chassis to facilitate rapid server replacement

  • We normally provide two servers at a nominal cost so that you can simply swap the hard drives from one chassis to another and be back in business in case your primary server decides to have a hardware failure.
  • No matter what happens, you will always be able to swap a few parts without needing any technical skill and be back online while the original failed equipment is picked up by us for repairs.

System volume must be a RAID1 “mirror” set of hard drives on hot-swappable hardware to survive disk failure

  • How swappable hardware means you can pull out a part of the system while the system is operating without any interruption. Our equipment always features hot-swappable hard drives and usually features redundant power supplies.
  • In a RAID 1 “mirror“ configuration data is written to two hard drives at once. When one of the drives crashes, which happens more often than you would expect, the system sends us an alert and continues to operate using the other hard drive without any degradation in service.
  • We then have you swap in a working drive from a standby server, ship you a replacement spare drive, and you have just avoided a $2000 bill from a data recovery company.
  • Some of our servers feature a “hot spare”, which handles a disk failure event automatically and only has you ship us the failed drive.

Must have sufficient removable hardware to support a procedure for seamlessly shipping disk volumes off-site

  • We developed a sophisticated proprietary methodology using inexpensive hardware to facilitate seamless and secure shipments of data off-site.
  • Every month, you would receive a drive from us and would return a drive to us.
  • The data on this drive is encrypted to protect it in-transit.

Business continuity plan must be tested every 90 days from “bare metal” state

  • Many plans go out of date. We ensure that we can always rebuild your company by carrying out a mock rebuild every quarter.
  • This also requires us to maintain very accurate and up-to-date documentation of all changes.

Must be on a UPS capable of automatically shutting down the server cleanly with minimum runtime exceeding the measured time it takes to shut down a server if there are outstanding Windows updates

  • The role of an uninterruptible power supply is not to sustain the operations of a server. It is there to ensure that the server can shut down cleanly in the event of power failure.
  • This is critical for database servers and you likely have a database server without even realizing it.
  • We use industry-standard UPS equipment that can inform the server to initiate a shutdown procedure. The challenge comes when the server has outstanding Windows updates. We recommend a minimum runtime sufficient to survive two or three consecutive shutdowns in the event of power fluctuations. 40 minutes tends to be enough.
  • We configure our servers to automatically restart when the power is restored and is available for at least 10 minutes.

Network

Wireless must use password protection at a minimum level of WPA2-Personal

  • There are many wireless security protocols. Many smaller companies setup networks more for convenience purposes and commonly use WEP protocol. The security of that protocol has been broken for over 10 years and it only takes a matter of minutes to bypass a WEP network password. Setting up a substantially more secure wireless network does not require significantly more effort.
  • WPA2-PSK (WPA2-Personal) should be used for low-security networks as it cannot be cracked as easily today and presents more of a challenge to attackers.
  • Should you wish to provide an unsecured network for your guests, we can isolate it from your internal network.

Switches must be managed to facilitate rapid diagnosis of network traffic in the event of malware outbreak

  • A common problem that tends to rack up many billable hours can be described as “there is something wrong with our network and we can’t find its source”.
  • A “managed” switch is an intelligent network device that lets us pinpoint the problem extremely quickly. It also can send us alerts when its internal diagnostics fail.
  • Such switches are very inexpensive these days and can be pre-configured prior to deployment in your company.

WPA2-Enterprise  should be implemented for any environment involving personal data and financial transactions

  • WPA2-Enterprise is a little bit more challenging to implement initially, but it results in a seamless experience for your staff members and no access for unauthorized users.
  • Unlike WPA2-PSK (WPA2-Personal), there is no single password to your network and thus you don’t have to change it when someone on your staff leaves. Your staff members would use their network credentials to connect to the wireless network. This will be seamless. Should any staff member be dismissed, their access will be immediately deactivated when we disable their main account.
  • The equipment for this can often be the same as for WPA2-Personal networks.

Documentation

All non-staff passwords for all devices

  • Staff passwords will be managed centrally, so there is no need to document them
  • All local Administrator passwords will be reset to a known value
  • The challenge is with embedded passwords for printers, copiers, switches, routers etc.

All devices assigned static IP addresses

  • This we can easily obtain by running a network scan.

All Internet-related account details for all named contacts to facilitate calls to Internet providers and other vendors

  • This data is often out of date and creates delays when talking to companies like AT&T

All MAC addresses for DHCP devices with static reservations

  • We usually configure all network devices to automatically configure on every start.
  • A static reservation means we can configure the device to always get the same settings from the network without maintaining them on the actual device.
  • This is not done very commonly in smaller networks but it is a superior way to manage lots of network devices that need to have a very specific IP address.

License keys, update processes, and activation procedures from all vendors

  • Volume license agreements make this easier
  • You cannot legally use software if proof of license is lost
  • Some networks require specific firewall rules to enable software updates

Firewall rules re-printed after addition of each new set of rules

  • It is often vital to have a complete set of firewall rules.
  • This should be updated after each configuration change.
  • This allows us to pre-configure a replacement firewall in the event of failure or upgrade.

All driver and utility downloads for all devices in one location backed up to offsite media

  • This is normally done to an extent.
  • We store copies of complete CDs that come with the equipment because sometimes out of date software works better than updates.
  • We do network-wide driver updates from a central location.

Complete business continuity plan sufficient to enable any competent IT professional to bring the business back online

  • We are not concerned about job security.
  • Our documentation is thorough and provides any competent IT professional with enough information to rebuild your company.
  • We remotely rebuild your business in a test environment every 90 days using just this document and continuously insert additional information

Comments are closed.