N10-007 Given a scenario, use appropriate resources to support configuration management

Archives/backups

Even the most fault-tolerant networks can fail, which is an unfortunate fact. When those costly and carefully implemented fault-tolerance strategies fail, you are left with disaster recovery.

Disaster recovery can take many forms. In addition to disasters such as fire, flood, and theft, many other potential business disruptions can fall under the banner of disaster recovery. For example, the failure of the electrical supply to your city block might interrupt the business functions. Such an event, although not a disaster per se, might invoke the disaster recovery methods.

Full Backups

The preferred method of backup is the full backup method, which copies all files and directories from the hard disk to the backup media. There are a few reasons why doing a full backup is not always possible. First among them is likely the time involved in performing a full backup.

Differential Backups

Companies that don’t have enough time to complete a full backup daily can use the differential backup. Differential backups are faster than a full backup because they back up only the data that has changed since the last full backup. This means that if you do a full backup on a Saturday and a differential backup on the following Wednesday, only the data that has changed since Saturday is backed up. Restoring the differential backup requires the last full backup and the latest differential backup.

Incremental Backups

Some companies have a finite amount of time they can allocate to backup procedures. Such organizations are likely to use incremental backups in their backup strategy. Incremental backups save only the files that have changed since the last full or incremental backup. Like differential backups, incremental backups use the archive bit to determine which files have changed since the last full or incremental backup. Unlike differentials, however, incremental backups clear the archive bit, so files that have not changed are not backed up.

NAC

Network Access Control (NAC) is method to restrict access to the network based on identify or posture. This was created by Cisco to enforce privileges and make decisions on a client device based on information gathered from it (such as the vendor and version of the antivirus software running). If the wanted information is not found (such as that the antivirus definitions are a year old), the client can be placed in a quarantine area to keep them from infecting the rest of the network.

A posture assessment is any evaluation of a system’s security based on settings and applications found. In addition to looking at such values as settings in the Registry or dates of files, NACs can also check 802.1x values—the group of networking protocols associated with authentication of devices attempting to connect to the network. 802.1x works with EAP.

Documentation

Quality network documentation does not happen by accident; rather, it requires careful planning. When creating network documentation, you must keep in mind whom you are creating the documentation for and that it is a communication tool. Documentation is used to take technical information and present it in a manner that someone new to the network can understand. When planning network documentation, you must decide what you need to document.

All networks differ and so does the documentation required for each network. However, certain elements are always included in quality documentation:

• Network topology: Networks can be complicated. If someone new is looking over the network, it is critical to document the entire topology.
• This includes both the wired and wireless topologies used on the network. Network topology documentation typically consists of a diagram or diagrams labeling all critical components used to create the network. These diagrams include such components as routers, switches, hubs, gateways, and firewalls.
• Wiring layout: Network wiring can be confusing. Much of it is hidden in walls and ceilings, making it hard to know where the wiring is and what kind is used on the network. This makes it critical to keep documentation on network wiring up to date.
• Server configuration: A single network typically uses multiple servers spread over a large geographic area. Documentation must include schematic drawings of where servers are located on the network and the services each provides. This includes server function, server IP address, operating system (OS), software information, and more. Essentially, you need to document all the information you need to manage or administer the servers.
• Network equipment: The hardware used on a network is configured in a particular way—with protocols, security settings, permissions, and more. Trying to remember these would be a difficult task. Having upto-date documentation would make it easier to recover from a failure.
• Key applications: Documentation also includes information on all the key applications used on the network, such as up-to-date information on their updates, vendors, install dates, and more.
• Detailed account of network services: Network services are a key ingredient in all networks. Services such as Domain Name Service (DNS), Dynamic Host Configuration Protocol (DHCP), Remote Access Service (RAS), and more are an important part of documentation. You should describe in detail which server maintains these services, the backup servers for these services, maintenance schedules, how they are structured, and more.
• Network procedures: Finally, documentation should include information on network policy and procedures. This includes many elements, ranging from who can and cannot access the server room, to network firewalls, protocols, passwords, physical security, and so on.

Asset management

With OnBase solutions for Asset Management, all the content you need to maintain your assets and complete reviews, inspections and other processes is stored in a central document repository. OnBase connects to asset management, permitting and planning solutions like your in-house databases, Azteca Cityworks® and Accela Automation® so your data and documents are finally connected, allowing you to manage things like plan revisions, contracts and CAD drawings from the applications your staff uses every day.

OnBase lets you transform processes with automation, speeding up projects while allowing for simultaneous reviews and improved collaboration. Using OnBase, you safely preserve this content while providing staff with access to these documents in the field using laptops, tablets and smartphones.

With OnBase, you automate processes and provide self-service and online access, allowing constituents to serve themselves so your staff can focus on work and stop answering the phone. OnBase captures and secures documents, connects your databases and speed up processes, all while becoming more mobile and providing better service to your constituents.

Procedures

Network procedures differ from policies in that they describe how tasks are to be performed. For example, each network administrator has backup procedures specifying the time of day backups are done, how often they are done, and where they are stored. A network is full of a number of procedures for practical reasons and, perhaps more important, for security reasons.

Administrators must be aware of several procedures when on the job. The number and exact type of procedures depends on the network. The network’s overall goal is to ensure uniformity and ensure that network tasks follow a framework. Without this procedural framework, different administrators might approach tasks differently, which could lead to confusion on the network.

Configuration Documentation

One other critical form of documentation is configuration documentation. Many administrators feel they could never forget the configuration of a router, server, or switch, but it often happens. Although it’s often a thankless, time-consuming task, documenting the network hardware and software configurations is critical for continued network functionality.

Two primary types of network configuration documentation are required: software documentation and hardware documentation. Both include all configuration information so that should a computer or other hardware fail, both the hardware and software can be replaced and reconfigured as quickly as possible.

The documentation is important because often the administrator who configured the software or hardware is unavailable, and someone else has to re-create the configuration using nothing but the documentation. To be effective in this case, the documentation must be as current as possible. Older configuration information might not help.

Regulations

The terms regulation and policy are often used interchangeably; however, there is a difference. As mentioned, policies are written by an organization for its employees. Regulations are actual legal restrictions with legal consequences. These regulations are set not by the organizations but by applicable laws in the area. Improper use of networks and the Internet can certainly lead to legal violations and consequences. The following is an example of network regulation from an online company:

“Transmission, distribution, uploading, posting or storage of any material in violation of any applicable law or regulation is prohibited. This includes, without limitation, material protected by copyright, trademark, trade secret or other intellectual property right used without proper authorization, material kept in violation of state laws or
industry regulations such as social security numbers or credit card numbers, and material that is obscene, defamatory, libelous, unlawful, harassing, abusive, threatening, harmful, vulgar, constitutes an illegal threat, violates export control laws, hate propaganda, fraudulent material or fraudulent activity, invasive of privacy or publicity rights, profane, indecent or otherwise objectionable material of any kind or nature. You may not transmit, distribute, or store material that contains a virus, ‘Trojan Horse,’ adware or spyware, corrupted data, or any software or information to promote or utilize software or any of Network Solutions services to deliver unsolicited e-mail. You further agree not to transmit any material that encourages conduct that could constitute a criminal offense, gives rise to civil liability or otherwise violates any applicable local, state, national or international law or regulation.”