I am creating a development network/environment for development of web applications, and software applications. I am looking to have a system administrator involved with implementation, so I'm creating a rough overview of what kinds of functions should be available, as well as what things the system administrator should do.
The following is a first attempt at what I've thought of. I'd appreciate any additional thoughts/comments that I may have missed!
Notes for a system administrator for the network
Inventory of the network
decide static/dynamic for assigning IP addresses
-don't forget wireless connected laptops..handle the security for the network
decide what functions are required for the development/test/production systems
decide what processes/functions on each serverkeep records/notes on all of this
-eventually keep the notes in the wiki for the system administrator
-restrict the read/usage of this wikihandle all backup processes
establish restore polices for backup procedures
establish network/system wide backup procedure/policy for the different servers/functions
establish policy for user access to the various services/machines
should have a central/master location to handle the login/accessprocesses
-possible implememt sudo policies for system/services
establish reverse proxy for web sites
establish router port forwarding policies
establish tunneling processes (if required)
establish single point of router access, which then gets forwarded to other servers as a secure approach... (or devise a different/better approach)
create network diagram with servers/functions/IP addresses
create central images for the different types of servers that we'll need/have
create central rpm/repository for the rpms/net/PXE install..
create process to perform PXE installs...
define server for Apache test
define server for DNS/shcp/Nagios/iptables/security/NFS
define server for MySQL/database
define server for porj mgmt app
define test servers for crawler clients
define server for managing the distributed crawler/app
define mail server
define backup server(s)
define redundant strategy for backup/restore data policies
-
I would span the
handle the security for the network
function at least into the following sub-functions:- Establishing the hardening baseline for servers (operating systems and software)
- Periodic vulnerability analysis
- Software alerts monitoring and patching where appropriate
- (In a similar fashion) upgrading and/or maintaining upgrade servers (WSUS, apt-dater...)
- Log analysis and centralization (and managing the log repository, with Splunk or a similar software)
- Intrusion detection (maybe centralization of intrusion detection on a platform like OSSIM)
- Network: snort
- Host: OSSEC
From chmeee -
You need to bring backup and restore more forward. Look at adding stuff like performing and confirming test restores, defining an offsite strategy, defining and implementing recovery point and recovery time objectives, and so forth.
From mh
0 comments:
Post a Comment