Network Services

Friday, May 16, 2014

Standard Operating Procedures


Standard Operating Procedures
Standard operating procedures (SOPs) are part of company policy and typically cover everything from sick-day accrual to how the computer systems are used. In particular, network administrators need to be aware of company policies regarding the following:


  • Internet access
  • Printing
  • Storage allocation
  • E-mail usage
  • User administration

Policies about these issues will be reflected in the network’s naming conventions, protocol standards, and workstation configuration and will affect the location of network devices.


Naming Conventions
Naming conventions specify how network entities are named within the guidelines of the network operating system being used. Each entity name must be unique on the network, including the names you give to the following:
  • Servers
  • Printers
  • User accounts
  • Group accounts
  • Test and service accounts
Naming Servers
In general, you name servers according to their location or function; sometimes it makes sense to use a combination. For example, a server located in Seattle might be named SEATTLE, or a server in the sales department might be named SALES. Or you might name a server that stores data DATA1, a server that stores applications APPS1, a server that stores a database DB1, and so on.
Another common practice is to name file servers FS followed by a number, such as FS1, FS2, FS3, and so on. Unfortunately, this naming convention doesn’t provide the user with any information
about what the server stores. The most common naming convention in use today is a combination of location and function. Using this approach, you might specify that the first four characters of the name identify the server’s location; the next two, the server’s function; and the last two, the server’s rank for
that type of server. For example, the FRGOFS02 server is located in Fargo, it’s a file server, and it is the second server of that type in Fargo.

Naming Printers
As with server names, printer names are often derived from their function, location, or both. Naming a printer after its function or location makes the printer easier to locate for the users.
If, for example, your dot-matrix printer is used to print multiple-part forms, you might name it Forms. If you have more than one forms printer, you might need to use two-word names, such
as Forms-Ship or Forms-Finance. You might name high-quality printers Laser or Laser-Legal, indicating that this printer is always loaded with legal-size paper.

NOTE:
This is not intended to reflect a right or a wrong way to address naming conventions. There is only one right way for any organization—the method it follows.

The X.500 Standard 
As an aside, it may interest you to understand where the directory services that you use today come from. Novell Directory Services (NDS) and Active Directory (included with Windows 2000
Server) are modeled after a standard known as X.500. X.500 is a type of global phone book. The period (.) is the delimiter for NDS, Active Directory, and X.500 entries. Suppose, for example,
a user’s name is Bob. Bob works in the accounts department of the finance division at a company known as YourCo.
 His full address would be Bob.Accounts.Finance.YourCo.

In NDS and Active Directory, each name is known as an
object.
A graphical tree displays each object. Thus, it is efficient to begin at a higher level and administer policies to an entire network,
for example, at YourCo. Furthermore, it is possible to drill down and work on a smaller unit
level. Additional policy information can be applied to the Finance level.

Using periods as the delimiter, NDS and Active Directory look similar to DNS, or the Domain Name Service.

DNS is an Internet standard. This standard is like NDS in that it is based on X.500 and the period is used as a delimiter. But it’s time to put one misconception to rest here and now: Not all Internet
addresses need www. Try http://research.Microsoft.com
to prove this to yourself.

Another point needs to be made about DNS entries. All URLs don’t end with .com , .org , or .edu. Country codes are common final entries in a URL. Here are some of them:


  • .tw (Taiwan)
  • .tz (Tanzania)
  • .ua (Ukraine)
  • .ug (Uganda)
  • .uk (United Kingdom)
  • .um (U.S. Minor Outlying Islands)
  • .us (United States of America)
  • .uy (Uruguay)
  • .uz (Uzbekistan)
  • .va (Vatican City State)
As you use the Internet, NDS, and Active Directory, notice the commonalities between them. When you do, you will see how their common lineage ties them together.

Naming User Accounts
Generally speaking, the simplest username is the user’s first name. This method works well in a company with only a few users and fits the informality often found in a small office. It is fairly insecure, however, because hackers could easily guess a username. It also won’t work in a larger organization that could easily include two people with the same first name. The user-naming convention you use should allow for unique IDs and ensure that there are no
duplicates. Larger firms typically use a first initial followed by part of or the entire last name. For example, Rebecca Messersmitt-Kazlowski would be RMessersmittKazlowski. This is still a long
username and might even cause a problem with maximum character lengths allowed in some operating systems. In this example, Rmesser might be used as a short, yet unique, login name.


Naming Groups
Groups are network entities that logically associate users by function. They are designed to make network administration easier: You can assign rights to a group of users all at once rather
than to each individual. Because the group of users is organized by function, it would stand to reason that groups should be named by function. Additionally, the names should be short, fewer
than 15 characters if possible. For example, if you have a group of users from the sales department that all use the same printer, you might name the group SALES_PRN. On the other hand,
if you just want a general group for security and rights assignment purposes, you might name that group of users SALES.

NOTE:
We’ll discuss groups in detail in Chapter 8, “Network Access and Security.”

Naming Test and Service Accounts
When you install new services on the network, such as printers, applications, and so on, it is always a good idea to test their functionality first. It is not good practice to do this testing while
logged in using an administrative account because administrative accounts usually have all encompassing rights to the network. Thus, problems related to accessing the service are more likely to occur when an administrative account is not used for testing. It is better to use a user account that is equivalent to one who will be using the service. For this reason, it makes sense to create
test accounts that you can use to test access to and the functionality of new services. Service accounts, on the other hand, give outside network maintenance personnel the ability to perform administrator-level functions on your network. This is necessary whenever you must call in outside personnel. The naming conventions document should also specify naming conventions for these accounts and define their security rights.

Protocol Standards
You have already learned that protocols have different properties. If your firm has nothing but NetWare servers that are either version 3.xor 4.x, using Internet Packet eXchange (IPX) as the standard protocol would make sense. Alternatively, suppose there is a small group called New Product Development. Because of the sensitive nature of this group’s work and because data

should not leave the department, a routable protocol might be forbidden. In this case, NetBIOS Enhanced User Interface (NetBEUI) would be a wise choice because it cannot be routed and
serves a small group without much maintenance. Today, because of its prevalence and to reduce training and operational expenses, a great number of companies are standardizing on Transmission
Control Protocol/Internet Protocol (TCP/IP).
Regardless of the protocol you choose, you must obtain all network addresses before installing or upgrading a network device. This brings its own set of considerations. As you saw in
Chapter 4, “TCP/IP Utilities,” using TCP/IP as an example, each IP address must be unique, and just guessing at one is bound to create havoc. Clearly, you need a well-documented IP address
and associated parameters, such as where the IP address comes from. Your SOPs should specify how network addresses are to be formatted and distributed.

Workstation Configuration

A standardized workstation configuration serves a company well for a couple of reasons:

You can narrow the scope of problems at a client station.

You can more easily troubleshoot if everyone uses the same operating system, network client, and productivity software.
This is not to say that everyone in the office has to have the exact same software. The engineering group would most likely need a computer-aided design (CAD) program, along with the
appropriate horsepower and RAM. Giving everyone in the company a CAD program, however, would waste resources, and it would be difficult for the accounting department to use a CAD
program to create a paycheck for each employee. Therefore, a standard for workstation configuration is usually mandated by a group’s function. However, once an application is chosen,
only that application (preferably the same version) should be used by anyone who requires access to that type of program. Which applications and which versions of each application can
be used on the network should be documented in your SOPs.

TIP:
Some network management applications simplify the process of distributing unique applications to those users who need them while maintaining the same
basic workstation software configuration. Examples of these include Microsoft’s Systems Management Server (SMS) and Novell’s ZENworks.
It is also important to define minimum workstation hardware standards. Typically, the minimum requirement is one or two generations behind what is considered the hottest, fastest new
system. A standards document might specify the following:


  • Type, brand, and speed of CPU
  • Minimum RAM
  • Minimum hard-disk size
  • Type and brand of NIC
  • Minimum monitor size (14˝, 15˝, or 17˝)

Network Device Placement
The network SOP may also specify where network devices are to be placed. Many of these specifications relate to safety—for example, where cables are to be run and where to place network
devices so that they are immune to sources of extreme heat or cold. Also, critical network components (such as servers and routers) should be placed in a room away from “busy fingers.”
You should also consider the needs of users when you are deciding where to place network devices. For example, although placing a printer in the middle of the office might seem logical,
it probably makes more sense to place it near the employees who use it the most.

Real World Scenario 
Network Documentation
I don’t know how many times I’ve gone into a place and asked where their documentation was only to be met with a blank stare. I was recently at a small business that was experiencing network problems. The first question I had was, “Do you have any kind of network documentation?” I got the blank stare. So, we proceeded to search through lots of receipts and other paperwork to try to work out the network layout and figure out exactly what was on the network. As it turns out, they had recently bought a wireless access point and it was having trouble connecting, which was causing the aforementioned problems. However, to solve the problem,
I had to take two hours to answer a fairly simple question that would have taken five minutes had the network documentation been readily available.
Documentation doesn’t have to be anything fancy; it can start with a three-ring binder filled with a simple network map, any receipts for network equipment, and a stack of loose-leaf paper to record services, changes, network addressing assignments, and so on. Just this little bit of documentation can save the owner lots of steps, especially in the critical first few months of a new network install.


0 comments:

Post a Comment