I chose Security and Monitoring after Inventory and Disaster Recovery as a natural progression of priorities. You can’t verify security or Setup Monitoring until you know what you have. I chose Disaster recovery second because the first priority is to keep the lights on.
Now I’m going to move into a security audit. I want to close holes in the system that may potentially have the same impact as system failure without disaster recovery. Disabled systems are still not useful regardless of hardware or software failure, or intrusion. We covered hardware and software causes with Disaster Recovery. Now we need to block intrusion with appropriate security implementations. An audit helps find necessary configuration changes and other security implementations necessary to protect the systems.
Now that I am secure in keeping the lights on I can move to optimizing and maintaining the system. The first step to optimizing is to begin monitoring systems in order to establish a baseline. If you were to get a call from one of your system consumers telling you that the system is really slow, how would you know if it is related to servers, network, or even their own computer? Monitoring provides you with a place to look for possible causes.
Monitoring also provides you with the means to begin optimizing your systems. You can review the results of monitoring to find bottlenecks or long running processes in order to determine what changes need to be made. Perhaps you need more memory, faster disk access, increased network speed, more CPU resources, defragmentation, new indexes, optimized indexes, or statistics.
That pretty much fleshes out my first 30 days. Now we can start the whole process over again at a more detailed level. We have the triage completed; now we can heal the whole patient.
That’s my high level approach, and why I address things in the order specified. Share your thoughts by dropping an email to me at btaylor@sswug.org.
Cheers,
Ben