|
Connecting to the Network
|
bet | 5/8 | Sana | 21.03.2017 | Hajmi | 75 Kb. | | #597 |
-
No server should be connected to the ITD network unless it has adhered to the ‘Installation and Patching’ guidelines outlined above.
-
Every server should have an appropriate name and a fixed IP address.
-
The appropriate VLAN is assigned
-
Define the inter-VLAN access that is required.
-
Only those services necessary to accomplish the task assigned to a server should be enabled. In practice this will mean disabling many services which are enabled by default. The specifics of any particular server are left to the Server Manager to determine.
-
No servers are allowed to run LDAP, DNS, DHCP, NIS+ or a Windows Domain Controller without prior coordination with Commnet.
-
Those services that are enabled should have been patched fully and secured properly before being enabled. Consult the vendor's documentation for proper security procedures for the application in question.
-
If the OS provides a stateful firewall (such as ipchains, iptables, ipfw, etc.), it should be enabled where possible, and only those ports necessary to allow the server to function should be open. If the OS does not provide a stateful firewall, consider purchasing one.
-
Services which should be restricted, such as ssh, should also have tcpwrappers or a similar program enabled to limit access to authorized personnel only.
-
ALL default passwords should be changed immediately. The Server Manager should be thoroughly familiar with the OS and all applications and what the password parameters are for each of them. Consult vendor documentation for the details.
-
Passwords should not be written down anywhere.
-
Access to administrator passwords should be limited to the smallest number of people necessary to properly maintain the server and access it in case of emergencies. Post Installation Checklist
Once server is deployed by Technology Solutions, the Application Manager must:
-
Install, configure and test the application software.
-
If data is to be backed up by Commvault:
-
Identify the data (folders, files) that need to be backed up (these are specified in the Contents of the Sub-client for the server in the Commcell Console)
-
Decide on the frequency (weekly, monthly, or quarterly – to disk or tape) of the backup (the frequency determines which Storage Policy is assigned to the Sub-client of the server in the Commcell Console).
-
Install the Commvault client on the server using this information either directly or by logging an RMS call to the Data Centre Officer, Technology Solutions. If logging an RMS call, specify the server name, the data to be backed up (list of folders, files), the required frequency of the backup (weekly, monthly, or quarterly – to disk or tape).
|
| |