Starting a new role as a sysadmin - things I need to discover
Original Author: https://www.reddit.com/user/Neralet/
Original Source: https://www.reddit.com/r/sysadmin/comments/7vngcp/starting_a_new_role_as_a_sysadmin_things_i_need/
Company information
Site information
number of sites the company operates at, including addresses, google map links, operating hours, access requirements, parking details, number of staff on site, IT presence, network connectivity, operations at site, map or plan of site buildings, site manager name and contact details, key IT assets or systems in use.
Organisational
Org chart for the business, with key stakeholders marked. Key software in use with mapping to users or divisions, show who has pain points and might have quick wins, their perception of IT quality, do they understand IT and the drivers, do they understand the IT triangle (Good, Fast, Cheap – you can only pick two!). Meet with other staff that are users of IT and get their perception of the services – don’t promise anything other than to look / investigate at this stage. Try to establish their level of confidence in your department and peers, the tech the company has, and if it’s a driver or a bottleneck for their workflow.
Business Systems
is there a list of all systems / applications, with business owners, and agreed SLAs, RTO and RPOs, DR/BC plans and risk assessments.
Service / help desk
meet the service desk manager and staff – establish pain points, expectations, team size, introductions into type of characters, aspirations and skill sets of team members. What desktop hardware is in use, anti-virus software, intrusion detection system, data loss prevention, helpdesk system or software? Is BYOD supported and actually used, what is the company mobile policy and hardware, who manages the phones. Desktop patching, build and deployment policy and processes – windows images, SCCM or manual build, or something else?
Success Metrics
establish how you will be scored / rated in the position – system uptime, project delivery, ticket closure, user satisfaction etc. Establish the rating system or who/how will be doing the scoring. How often do you need to justify your position / progress, and to what depth. Look at the political landscape and work out if you save the company money by implementing X or fixing Y if you and your team will get the credit, or will some other smooth talking chump?
Disaster recovery / Business Continuity
is there a DR/BC plan? Who is responsible overall for DR/BC? Is any existing plan feasible? Are there any failover tests done? Has DR/BC ever been invoked? Is DR/BC seen as necessary?
Physical surveys and information
Comms and server room information
list of all rooms used to hold key IT assets, maps of where they are, details on power supplies, HVAC, security, access, build quality, age of equipment, asbestos presence, fire alarm / suppression systems, provision / location of Demarc from Telecoms providers
Infrastructure
get a count of the number of systems that will be managed, and a basic list. Get a baseline quality assessment of each system for further investigation. Check what Firewalls secure the main egress point. Is there remote access provision – VPN, RDP, Citrix etc. What is the backup system / method in use, and are there clear retention policies in place? Have there been recent routine restores? Have there been DR/BC invokes recently? What software is used for monitoring of network and systems? Are there requirements or expectations of OOH support and over what time frame? Are things like patching done OOH? Is there a list of existing contracts, key vendors and projects underway or planned for the near future? Is there a cable colour guide or scheme on site?
Technical information
Licensing
What type of MS licencing is used, what version of Office is use (or Libre or other productivity suite), who manages the licences and how / when is it audited. Is there a list of bespoke industry software in use, and are there contact details for support / maintenance – are there maintenance contracts for the software? What is the budget cost of licencing for the company, and the historical trend? Is there a licence shortfall – is urgent action needed, and who do you need to get signoff from. Make sure there is an email trail for anything here.
Phone system
Make, model, age, technology, Support level, DDI number range, extension plans, Call groups, hunt groups, skill sets, IVR, voicemail, routing, holiday cover, emergency messages. ISDN or SIP. Age of system.
Websites
External hosting provider, data centre standards, design agency, contact details, Hosting costs, plans, monitoring, availability, update cycle, testing plan, DNS providers, SSL certificates, change control, signoff procedure, marketing team contacts, marketing plan, domain expiry and auto-renewal, domain protection
Company Intranet
SharePoint or some other CMS? Use, quality, hosting provision, clutter, speed, monitoring. Auto open homepage on login?
Web filtering
Present or not, on site or as a service. Done by appliance or server. Exception groups, management, over-rides, reporting. Establish if there is a generic vendor provided block list, or industry specific details. How restrictive is the company, or are they generally permissive. Is the blocking of content at the IT departments discretion, or managers of teams. Is filtering reported on? Are there different levels of filtering for execs, managers and general staff, or special teams like Comms and Marketing?
On-premise or cloud. Mail addresses / domains. Average mail flow. If on prem, backup and restore tests, if cloud who has admin access to portals. Retention policy. Mailbox sizes. Archiving policy. Legal / retention hold policy. Spam / AV checks. Max send / receive size.
Active Directory
How many DCs, what patch level, what OS, what schema updates, what extra software installed on the DCs. P or V? Name of domain matches external or not? Sub domains? Domain trusts? Are users in users and computers in computers or is there a custom layout. Are there job roles / functions.
DNS
Internal DNS - microsoft via AD servers? Extra domains? Internal testing?
DHCP
What range is defined, exceptions, reservations, support for weird stuff like WINS, how full is the range. What servers issues DHCP. Are DHCP helpers defined.
Routing topology
Simple or complex, core or distributed. All sites exit via main, or local breakout?
Databases
SQL, Oracle or Postgres/MySQL, or other? Versions, sizes of boxes - Physical or Virtual - backup methods, DBs set to autogrow, is there a DBA, no blank / SA passwords. Maintenance plans
Password management
On prem or cloud. Backup. Master key? Access levels? Quality of record keeping? Password methods? Change cycles?
File servers
One big file servers, or multiple small ones? Mapped as what letter or accessed via UNC? File and folder security? Size of file store, age, docs not accessed for last N? Backups and restores - shadow copies? Data stored on physical PC or mapped LUN on shared storage? Access speed / throughput?
SAN
Make, model, support level, disk size and space, RAID level, network connectivity, management connections, utilisation, max IOPS, parts available, expansion available, age
Asset management
Asset stickers, management system, numbering, depreciation speed, finance considerations, record keeping, estate age, update cycle, OS levels
CMBD
does the company have one, is it used by multiple departments, or just a few. Licences? Perception? Use? Cloud or on-prem?
Restricted / special systems
are there systems subject to PCI/DSS, SOX or other financial or regulatory bodies? Are there special requirements for the data? What proportion of systems are these, what is the split between special / standard data. What are the audit requirements.
Social / soft skills
Budget / finance
what is the current IT budget spend PA. What is the depreciation term set by Finance for capex? Is the company biased towards capex or opex? Is the IT budget proportional to company turnover? What is the refresh cycle on desktop, laptop, server, SAN, switch hardware?
Security
is there a security policy in place already? Does the company have all external sites secured by SSL? Is there external Pen testing? Is there cyber-security awareness from employees? Have there been any data breaches? Is there awareness of GDPR?
Social
get to know the following key people, and make friends – the receptionist who will screen your calls, or look after your visitors. The person who organises stationary, admin supplies or books couriers and can make deliveries happen as if by magic. The M&E engineer who can sort out power, lighting and aircon issues for you, and arrange access through locked doors all over site. The HR person who sorts out timesheets, flexitime, overtime and cover. The payroll person to looks after expenses, petrol claims, invoicing and payroll.
Office politics
You need to be able to describe your work and projects in ways that at least justifies existence and at best terrifies Management so they won't want to cut your budget. Also be able to express the importance of every project in terms of either generating money or risk mitigation to avoid losing money. Business is all about revenue and many managers see IT as an unpleasant expense rather than as an important tool which enables their employees to make money. Asset Management either means ugly stickers that the helpdesk uses instead of actually fixing the computer thingy, or it means a streamlined system of inventory management which enables faster issue resolution, ensuring your colleague is returned to a productive state as soon as possible.
Documentation
how will you record your progress, success, issues and documentation. Is there a wiki or sharepoint site? Do you need a document repository making? Is there documentation in place, and how good is it? Is there a standard to aim for? Does the company recognise the importance of documentation?
Shadow IT
is there any, in what departments, and to what level. How many admin accounts are there, and who has access. Is IT seen as a thing that slows you down and stops you getting stuff done, and thus something that needs to be bypassed? Do people doing / using shadow IT have legitimate issues, or political power that prevents dealing with them directly.
Alongside the information to gather, there’s a list of things I will be trying to get / ensure I have available to ensure I can work well:
Network management equipment
- Dalek for server room / comms rooms, Pegboard with hooks, selection of patch cables in colour / size to match scheme, coloured power cables in various sizes, louvre panel and clip bins, stacking crates or decent shelves / storage for spares and IT equipment – must be somewhere secure for high value kit
- Sturdy toolbox on wheels with pull handle, containing: Needle point pliers, stub nose pliers, side cutters, Stanley knife, krone tool, bag of 8p8c connectors, crimping tool, multi-colours of electrical tape, rolls of gaffa tape, cable tie pack in assorted sizes / colours, ethernet cable tester, disposable gloves, screwdriver set with bits, tape measure marked in Us, cage nut and bolt pack - M6, cage nut remember, Sharpie set, small scissors, Rhino labeller with pvc and fabric labels, hook and loop tape, rechargeable work light, clear plastic bags for cable / bits storage, PoE checker, 8P8C coupler, Imperial + Metric Allen key set, Compressed air can, Jewellers screwdriver set, Ethernet crossover cable, USB to serial adapter, Cisco / HP serial cables, BS1363 4 way extension, C14 > BS1363 cable, Box of waterproof plasters for when you forget to use the cage nut remover tool
- Fireproof safe, or access to one – to store DR/BC documentation, backups of system maps and information, USB keys with backup of key information such as IP lists, licences, configuration information
- Adequate desk space for management workstation with ideally at least 2 X 27“ monitors, with a laptop or surface pro ideally, otherwise desktop and a cheap slate for data gathering / monitoring. A mobile phone with plenty of storage for photos of site systems / infrastructure and torch function for looking down the back of racks / kit.
- The following software/systems: GIMP, Notepad ++, Putty, RDP manager, Cisco or other switch management software, Office including Visio, Treesize Pro, Run a Dell Dpack for 1 week
Timeline
- Week 1 – speak with managers, peers, staff, and other departments. Do intro to business, start gathering data and try to get a brief summary. Establish the Tier 1 triage – what is on fire, what is smouldering, what are rocks that might have creatures underneath them, but can be left alone for now.
- Week 2 – try to visit sites, get floorplans with some information on, start documenting systems, getting network mapped in Visio, establish better idea of critical fixes and state of play. By the end of week 2, try to have at least one minor win – something you have achieved, fixed or replaced with something that now works properly to show some kind of progress.