* Create your FREE website now *

IT Infrastructure guidelines

Tags:  

Here is a shot at defining a set of IT infrastructure guidelines. Goals: replicability, security, stability, maintainability. Wherever possible the users should be able to maintain their own stuff, with IT help as an option.

First, define the minimum offerring from the user's point of view. The base list tries to remain technology agnostic, though I sometimes use Windows terms.

  • Every user gets:
    • A (desktop/laptop) system which can responsively run 3-5 apps simultaneously. Virtualized?
      • Operating system: 
      • Processor: 
      • RAM:
      • Disk size/speed:
      • Network interface:
      • Portable media writer: (eg floppy disk, CD/DVD writer, thumb drive - define here)
      • Portable media reader:
      • Printer:
      • Scanner:
      • Fax:
      • Consider having stations for input/output: scanner/CD/DVD/floppy/printer/fax/etc. So this is relocated to a kiosk, and all such activity can be logged.
    • Operating system rights/privileges
      • Install applications from approved app list: yes/no
      • Install applications outside of approved application list: yes/no
      • Change system time or time zone: yes/no
      • Change desktop layout/settings/etc: yes/no
      • Read/write privs: (list directories)
        • Permission editing: (list directories)
      • Readonly privs: (list directories)
      • No read/write: (list directories)
      • Full local administrator privs: (note that if granted, can be subject to extra policy such as - no support, or IT may wipe at any time. Such access should be granted as a separate account?)
    • Approved applications list. User should/should not be able to install/deinstall at will.
      • Web browser:
        • add-ins: (eg Flash, Java)
      • Office Suite:
        • Email client:
        • PIM (contacts/calendar/tasks):
        • Word Processor:
        • Spreadsheet:
        • Presentation Software:
        • Graphics/drawing package(s):
        • Database tools:
        • Web authoring:
        • Project Management:
        • Internet Messaging client:
      • VOIP:
      • Coding/scripting environment:
      • File viewers: (eg PDF reader)
      • Utility progs
        • Calculator:
        • Text editor:
        • File compression:
        • Password management:
        • Local system management: (eg disk space viewer, defrag, etc)
        • Backup/recovery:
      • Security
        • Antivirus:
        • Firewall:
        • Patch management:
        • Antispyware:
      • Multimedia:
        • Audio/mp3 manager/listener:
        • Video manager/viewer:
      • Other (define)
    • xx gigabytes 'home drive' located on an IT-maintained server. Using Folder Redirection (and Offline Files at the user's request), the user's Documents and Settings and Desktop will be located on this file share.
      • The user will have full ability to set permissions within their home drive; however the user may not remove permissions for the Administrators group. (By automated process the permission would just be re-added daily.)
    • Entry in company directory. Phone number, name, nickname, office location, job title, home/mobile/offsite contact methods, etc - all editable by the user. It is the employee's responsibility to keep all this up to date. Manager's responsibility to ensure this happens.
      • Ability to print business cards, desk/door plaques based on (choosable) subset of this information.
      • Linked building access codes (cardkey).
    • A Sharepoint-like page, linked from company directory.
      • Internal to group SP page vs visible to all company?
    • A web site - redirected to a web directory within their own home drive.
    • xx gigabyte mailbox on server.
    • Remote Access: define here
    • Internet Access: define here
  • Every manager gets (in addition to the above):
    • An xx gigabyte 'group drive' located on an IT maintained server.
      • The manager will have full ability to set permissions within this group drive; however he/she may not remove permissions for the Administrators group. (By automated process the permission would just be re-added daily.)
    • Ability to edit the company directory entries for all direct reports. Notification when subordinates edit their own entries.
    • A Sharepoint-like site for group use, linked from company directory.
      • Ability to publish subordinate's directory info in this site.
      • Internal to group SP page vs visible to all company?
    • A web site, redirected to a web directory in the group drive.
    • Two named Security Groups.
      • Groupname Members (includes the manager's direct reports. also serves as a Distribution Group)
      • Groupname Externals (any external entities the manager would like to name, so that they can be given access to group resources)

 Given the above list, one could implement the following infrastructure as a way of providing these:

  1. Directory: ActiveDirectory
    1. How to let users self-edit their entries? How to notify manager of edits, and allow manager to change entries?
  2. Client OS: Windows Vista Business or Enterprise, via RIS/WDS
    1. User can rebuild own system anytime; since all user specific data is on server
  3. Published applications: publish via AD or wpkg
  4. User/Group home dirs: publish via AD/DFS. Shadow copies used to provide previous versions.
    1. Nightly job to re-add any Administrator privs that were mistakely revoked
  5. User/group sharepoint pages, automatically provisioned.
  6. IIS web, automatically provisioned
  7. PBX: asterisk (how to tie in to AD?)
    1. Users have option of softphone or hardphone

0 Comments
Post a comment


 RSS of this page

Written by:   Written by:   Version:   Last Edited By:   Modified