Suggested Practices
Obviously every network is different, and some of these suggestions may not be practical or even workable for some. They are, however, useful guidelines for making things easier to manage. Many of these changes would be best done in conjunction with one another to save time, so plan out what changes need to be made and how they relate to one another, possibly breaking them up into groups. Keep in mind that even changes that seem very minor can cause major issues so any changes you make should be well thought out to minimize any downtime they may cause.
Physical Asset Control
Physical asset control gets more difficult the larger a network and user base gets. As the number of assets goes up, especially those that are in the hands of users, it becomes increasingly important to keep track of who has what. This is not just for reasons of potential theft and liability but also to help with things on the digital side of the issue such as troubleshooting and even OU management.
Labeling and Inventory
When the list of assets in an organization doesn’t even reach double digits the idea of tagging them with an asset number can seem like overkill. However, the general trend in technology is that that list will not stay in the low digits. Technology is replaced and repurposed and soon the number is in the teens fast approaching the twenty’s. For organizations that already have a couple dozen assets rest assured that number will only go up and it will best to get ahead of the curve.
There is no real standard for labeling assets or “tagging”. Differences in how organizations are setup can create huge variances in how it needs to be done. These differences include but aren’t limited to how many locations there are, the differences in the types of assets, and even differences in the asset’s brands. What this means is that before the tagging of various assets begins there needs to be a standardized way to do so that not only takes into consideration how the organization is setup now, but how it may change in the future. This standardization is essentially what is called a naming convention, and while it doesn’t have to, it will cause less confusion for the physical tags on the asset to be the same as the digital tagging (computer naming for active directory).
A determining factor in this is going to be the current size of the asset pool and the realistic potential size of that pool in the future. If a small organization has as part of its plans to become a much larger organization in the near future, then it’s not out of the question for that list of assets to reach into the hundreds. Having a naming convention that can scale to the potential level is important. To do that, keep several things in mind:
- Are there multiple locations?
- What is the distribution of laptops to desktops?
- How are the assets broken up in Active Directory?
- Are there assets like Tablets that need to be accounted for?
For example, consider an organization that has multiple locations and a few hundred assets. Out of those locations there is one on Maple Street. The computer used by the receptionist is labeled “MAP-CMP013”. Breaking down this label you can see that in order to allow for a more structured growth at each location the assets are broken up first by location; “MAP” for Maple street, followed by “CMP” to designate that is a desktop, and then finally “013” which was simply the next available number in the inventory when the computer was added to the list. Another location on Elm Street would have a laptop with the tag ELM-LAP004.
There will be a temptation to try and put too much information into the tag names. Types, users, and multiple acronyms can turn out to be more confusing than helpful, and will create problems when trying to reassign assets. Keeping the information in an asset tag to three identifiers should give enough information to be useful without being too difficult to understand. This will also allow for an inventory that is broken down by location so the more detailed information is easier to locate.
There may come a point where this system no longer scales well. However, extremely large organizations are not likely to not have this particular issue under control and would be on a completely different organizational level than this document is even attempting to address. In contrast they would likely use a system that relies completely on an inventory database and could have tags that simply a number like 000457. A location or replacement schedule linked letter could be used as a prefix to give at least one other information point i.e. “A000002”. In conjunction with a bar code or some other scan-able tag it can be just as useful. Keep in mind though that this would not likely work as well for smaller organizations in concert with computer names using the same scheme since it would take a bit more work to determine the OU any given machine should be in.
Warranty Considerations
Another consideration when dealing with the physical aspect of assets is how to deal with maintenance of hardware. This is primarily going to be a financial decision by the organization because it is risk mediation. An organization may “self-insure” in this regard by deciding to only buy replacement parts when they are needed and take on more risk. Others may decide to pay for a warranty window that covers parts, repairs, and labor. Most of the major brands have a business line of desktops and laptops that come with better warranties than their consumer line counterparts. Dell for instance has a program called complete care which essentially covers anything, accidental or not. The business level equipment can trend more expensive than the consumer level though so there will be some pressure in smaller organizations to buy the cheaper equipment and hope for the best. If it’s at all affordable, some kind of warranty is a good idea.
Replacement Schedule
The replacement of equipment is rarely as simple as it would seem, especially in smaller organizations. Often computers and laptops are used to the point of obsolescence and even then some establishments are hesitant to spend money on replacements. Obviously there are going to be some that are going to have problems affording new equipment on a regular basis, but not replacing it at all only means that eventually they will be forced to buy everything at once instead of a little at a time. It is fairly reasonable to expect about four years of use out of desktops and laptops without them becoming so obsolete that they can’t run operating systems that are still supported or can’t handle software that the organization may need. A rotation of equipment needs to be established that allows for a smaller amount of new equipment to be purchased every two years as they reach the end of their four years of use. This allows for a smaller amount of the budget to be allocated to buy equipment and the schedule allows it to be a planned purchase and not an emergency one. If there is a large enough pool of equipment that needs to be replaced that it can’t all be afforded at once then a prioritization of users can be made. New equipment can replace equipment that isn’t yet obsolete shifting those to serve as replacements for obsolete equipment. There still may end up being a handful of assets that don’t get replaced but those can possibly be done in the following year outside the normal schedule.
Networking
Networks are as unique as fingerprints from organization to organization. They are shaped and molded over time to meet needs of the moment and often never re-evaluated. Often temporary fixes become permanent fixtures and eventually even the reasons for the fix are forgotten over time. Of course the smaller the network, the less complicated it should be with it becoming more complex the larger it grows. However, there are some standard practices that can go a long way to keeping some sense of order to a growing network.
Choose a Model
There are two general models that get used in networks that started out small and worked their way larger over time. Most small networks start out as a hub and spoke. A centralized “core” that consists of the modem, router and switch the workstations and other equipment connected to it through the “spokes” of Ethernet cables. As it grows though it often then creates offshoots to other areas for reasons of simplicity. Instead of running individual lines to the new office space with several new computers a switch is simply added and the equipment plugged up to it. Eventually it can become an issue as those at the end of the line have to make several hops to get to the original “core” and deal with poor performance. It may be that this has to be done out of a lack of options either due to cost or other factors. As a general rule, the fewer hops the better, but in the end choose a particular model (hub or hops) and stick with it tailoring the network to best work with either one.
Domain or Not
Whether or not to use a domain is essentially all based on the size of the network. The question really should be, “is this network too small to warrant a domain?” In situations where there are only a handful of people and there is not going to be a regular maintenance of the network and a domain controller then not going to a domain structure is at least advisable. There has to be at least some technical expertise to keep it working, and there is some cost involved. Once a network reaches a certain size, such as when the number of workstations and users reaches close to double digits, it becomes almost an essential that there is some central administration of the network. Efficiency drops off quickly as more workstations that have to be managed individually are added. Having a domain managed network does not automatically mean that the organization has to start hosting its own website, handling its own internal email, and serving as the Windows Update server for its workstations. Those things can be added as the needs change. What it does mean is that the usernames, passwords, and security of workstations can be centrally managed better and more efficiently.
Equipment Standardization
Early in an organization’s development, equipment like workstations and networking devices are almost always purchased on an Ad-Hoc basis with cost being the major factor. This means that whatever was on sale at the time was what was used and there is probably no other rhyme or reason than that. As the network grows having so many different types and brands of networking equipment can cause problems with both compatibility and troubleshooting. Certain features that are offered in one brand of equipment my not only not work when paired with other equipment but it may even cause problems with basic functions. Often those problems are going to be hard to track down. Secondly having so many different pieces of equipment will require knowledge of each of them to troubleshoot them. This plays out with consumer and professional products alike. For larger organizations that are already using professional equipment it is wise to continue to use that brand to cut down on those types of issues unless it is causing a lot of problems and is going to be replaced all at once. When planning for the future growth of the organization take into consideration how the network is going to function as it grows. Is it going to be using VLANs? Will there be multiple sites? Will there be a DMZ? Picking the right equipment ahead of time can save headache later when those needs come up.
Naming Conventions
This was discussed earlier in the context of tagging physical assets and tying those tags to the computer names that are used with active directory. Naming conventions only serve as an organizing tool for the network administrator; it really is their only purpose. Different administrators are going to approach these things with varying attitudes. Some won’t bother while others will make them so complex that even they barely understand them. The same suggestion is made here that was made about physically tagging assets. Keep it fairly simple, only conveying up to three points of information in the name. If possible make the computer name the same as the asset tag just to cut down on confusion. There are a few things to consider delineating in the names to help in troubleshooting and general organization.
- Server Equipment: Being able to quickly distinguish (and remember) the names of server level equipment can speed up problem solving. (Example: OAK-SVR001 )
- Macs: Not solely for vanity’s sake, but it helps to know going in which OS one is dealing with. (Example: OAK-MAC001)
- Desktops and Laptops: This one may not be as necessary unless there are enough of them that they need to be split up into their own subgroups. (Example: OAK-LAP001 vs. OAK-CMP001)
- Network Equipment: Switches, routers, access points and other networking equipment need to be easily identifiable for quicker troubleshooting. (Example: OAK-WAP001)
- Peripheral Equipment: Network accessible equipment like copiers, printers and tablets may warrant their own delineation. (Example: OAK-PRN001)
There are some cases where you can’t do both, such as showing that one is both a mac and a laptop without breaking the three point rule. However, choosing the most important factor of those two is just going to be whatever suits the administrator’s purposes.
Virtual Maps
Maps are an often overlooked organizational tool. Since many devices such as laptops, tablets and phones are mobile it means that something so static can’t be as accurate as one would like. Mapping though isn’t so much to know where a certain desktop is, but rather what port on the patch panel is connected to what network jack and in turn what switch port that patch panel port is connected to. This is especially helpful in situations where VLAN’s are in use and also when the security precaution of turning off unused networks jacks is taken, enabling the administrator to turn on a port virtually through the switch internal control panel rather than physically having to connect or disconnect patch cables. There is also the added benefit to at least knowing what desks are assigned to whom which can help when troubleshooting that person’s computer, regardless of whether or not it is a laptop using an access point or a stationary desktop. There is a bit more work involved in keeping this up to date. In an extremely large organization it could become completely unworkable in terms of keeping up with who is where but the switch, patch panel, and network jack information shouldn’t change nearly as often. There are a number of different applications that could be used for this; Microsoft Visio is one that may be easier to work with.