The 5-Step Network Management Checklist

At a time when many colleges and universities are stressed financially, the demand for computing resources and services among faculty, students and staff has never been greater. Today's IT departments are asked to deliver 24x7 uptime, wireless networking and self-service web applications on increasingly limited budgets.

The best strategy for IT managers is to automate as much as possible so that the bulk of precious help-desk staff time is spent working closely with students and faculty as opposed to handling repetitive, manual tasks. Here are some best practices for getting the most out of your IT and network resources.

Know your network and servers. Don't wait until you have a problem with an application, server or security. Get a baseline of important benchmarks for all your hardware and software components and use a software tool such as Quest Software's Big Brother to automate the monitoring of baseline and threshold information.

In terms of benchmarks, with servers you will want to keep track of how much CPU and disk space is available on the network. If your systems normally run at 50 percent but suddenly they jump to 80 percent, you need processes in place to alert you to what's changed.

For network switches, find out how many packets a single switch port processes in five minutes. If your switches go from 100 to 1,000 during that benchmark period, that's a significant jump, and you might have to add more capacity. This will put you in a proactive position – instead of waiting for users to complain about slow network response times, you'll know the network has slowed down way ahead of time and be able to make adjustments.

Automate and integrate your ERP systems. Anything you can automate, you should automate. Start by putting your ERP, Windows and Unix people in a room and have them work out their technical and philosophical differences so they can write the interfaces that will integrate your systems. You want a system that lets the departments and colleges authorize and create computer accounts and services automatically within your defined constraints.

Instead of setting up separate accounts on each system a new employee or student uses, let the admissions and HR systems build one account that the person will use during his or her time at the university. Accounts should be set to close automatically when a student graduates.

The goal is to build a system that lets each department add individuals onto the system and issue access rights without having to go through central IT. From the user's perspective, you want people to have a single account name, not multiple names and passwords for the Windows or the Unix system. If you cannot offer a true single sign-on system, you can at least provide uniformity and a single place for users to change their passwords.

If you permit guests or others to connect wireless personal devices to your network, automate this process as well. With so many wireless devices being brought to college campuses today, it makes no sense to assign rights to the wireless network manually. Without automation, you'll have hundreds of people lining up outside your door to get web access, a process that, at the beginning of the school year, can take up to three weeks to complete manually.

The registration process has to be easy so that the student, faculty or staff member can register multiple machines or guest machines over a web interface. Our system acquires the MAC address so it can be integrated into the DHCP tables. We monitor the network and, if necessary, can find out within minutes where any user is on the network.

Be zealous about security. Set a limit and record the number of messages sent and received by each e-mail account. If you don't do this, how will you be able to detect an e-mail bot? Can you, in real time, quickly identify who has connected what device at what location on your network?

Use centralized logging of all network logins, key services and network components. Then, for key services, scan the logs for abnormalities and set up a system for either taking direct action or notifying the appropriate personnel when something irregular takes place. Synchronize all network components and servers to Network Time Protocol so that you have a uniform, accurate time stamp in your logs across all systems.

It's also important to make sure basic antivirus security software is running on your servers and is doing what it's supposed to do.

Again, it's essential to have baseline network information. If you receive 1,000 hits a day on your firewall and the count suddenly jumps to 10,000, you will be in a position to address an issue before it becomes a problem.

Consolidate physical servers with virtualization. Virtualizing your servers immediately helps in two important ways: First, it will make your organization greener by reducing power and cooling costs. Second, by collocating your server rooms, you can provide redundancy and have disaster recovery options you might not otherwise be able to afford.

Although the upfront costs of virtualization can run several thousand dollars, depending on your requirements, the payback in disaster recovery preparedness and efficient use of resources is worth the expense. The main cost is the licensing for the virtualization software and the SAN hardware.