A good place to begin is with server documentation. If you're not using standard server documentation approaches, now's a good time to start. Standard server documentation also automatically provides you with a server inventory, something you will find useful whenever you need to review what is on your servers.
Server documentation will also be useful in support of your efforts to build a secure network. One of the first principles of security implementations is "Know your servers!" Too many people have servers that are not secure simply because they don't know what is installed on them.
Also, make sure you only install exactly what you need on the server. If a service isn't required by the server's function, then keep it off the server. A service that isn't installed is a lot more secure than a service that is simply turned off. Use the server data sheet to detail every service and its function.
Servers are complex environments that are constantly changing, especially if users are assigned to them. A server data sheet allows you to keep track of all those changes. This sheet should include five vital information sections:
- Basic information
- Physical section
- Configuration section
- Installed utilities and service packs
- All services that are installed
In each of these sections, a lot of information can be detailed. Each is covered in turn.
The basic information section should include:
- Server DNS and NetBIOS name
- Function of the server (identity, application, file and print, etc.)
- Installation type (physical or virtual)
- Installer name, email address, phone or pager number
- Deployment source (image, sysprep, unattended file, etc.)
- Operating system version
- Installation date
The physical section section should include:
- Model and number
- Memory size
- Number of CPUs
- RAID configuration
- Capacity of physical disks
- Capacity of logical disks
- Dynamic volumes
- Number and description of the network interface card
- Backup medium
- Compact disk (DVD, CD, CDRW, DVDRW, USB)
The configuration section should include:
- Server role and kernel version
- Workgroup or domain name
- TCP/IP information: IPv4 address, subnet, DNS, DHCP, Gateway, WINS address, IPv6 address (if used)
- Administrative accounts that are created
The next section should includes all the utilities and service packs installed on the server. For example, if this server is a virtual machine, you will install virtual additions.
The active services section enumerates all the services that are installed by default when you do the installation itself, and all the services that are installed when you add a role or a feature to the server. To make it easier for technicians filling out the data sheet, your documentation should already list all services with checkboxes showing their status.
Quick tip: Windows server operating systems offer the ability to display a service's dependencies. This highly useful feature helps you identify when a service is required simply to support another. To view dependency information, display the properties of any service using the Computer Management Microsoft Management Console (MMC) in Windows 2000/2003 or Server Manager in Longhorn.
In addition, you can export the services list to complete your documentation. This list is exported in comma- or tab-delimited format and can be viewed and manipulated with tools such as Microsoft Excel. It is a good idea to complete your documentation in the server data sheet with the exported service list.
Below is an example of a server data sheet. It includes each one of the items described above. It can be used either on paper or in electronic format. It can also be adapted to database format. Each sheet should provide detailed and up-to-date information.
As you can see, having a documented data sheet can vastly reduce the margin of error when performing any procedure, especially on a server.
About the Authors: Danielle Ruest and Nelson Ruest are IT professionals specializing in systems administration, migration planning, software management and architecture design. They have authored several books, and are currently working on the Definitive Guide to Vista Migration for Realtime Publishers as well as the Complete Reference to Windows Server Codenamed "Longhorn" for McGraw-Hill Osborne. They have extensive experience in systems management and operating system migration projects. They are glad to take comments or questions by email.