SERVERS CHANGES MANAGEMENT

I feel that server changes that affect stakeholders ought to be communicated and written down for future reference. There ought to be a change management policy which should outline the steps involved in suggesting, considering, planning, executing, and documenting any change in the server configuration to keep everyone involved updated. No change should be made without it undergoing this process. The policy should be available at times for consultation when questions arise about making configuration changes.

Service-Level Agreement

Service-level agreements (SLAs) can be made with customers or with departments within the organization. These documents describe the type of service to be provided, in what format, in what time frame, and at what cost. Some SLAs are executed with vendors that provide service to the organization. These documents should be readily available when disagreements arise and clarifications need to be made.

Server Configuration

The exact configuration of every server should be fully recorded and updated any time a change is made. The following is information that should be included:

General

·        Server name

·        Server location

·        Function or purpose of the server

·        Software running on the server, including operating system, programs, and services

Hardware

·        Hardware components, including the make and model of each part of the system

Configuration Information

·        Event logging settings

·        Services that are running

·        Configuration of any security lockdown tool or setting

·        Configuration and settings of software running on the server

Data

·        Types of data stored on the server

·        Owners of the data stored on the server

·        Sensitivity of data stored on the server

·        Data that should be backed up, along with its location

·        Users or groups with access to data stored on the server

·        Administrators, with a list of rights of each

·        Authentication process and protocols for users of data on the server

·        Authentication process and protocols used for authentication

·        Data encryption requirements

·        Authentication encryption requirements

Users

·        Account settings

·        List of users accessing data from remote locations and type of media they access data through, such as the Internet or a private network

·        List of administrators administrating the server from remote locations and type of media they access the server through

Security

·        Intrusion detection and prevention method used on the server

·        Latest patch to operating system and each service running

·        Individuals with physical access to the area the server is in and the type of access, such as key or card access

·        Emergency recovery disk and date of last update

·        Disaster recovery plan and location of backup data

Change management is all about testing changes, documenting changes, and having a way to back out of unsuccessful changes.