Re-building the IT dept.

dr strangelove

I've recently moved into a new job and i seem to (accidentally) be in charge of the IT Department.

The problem is that the department really needs a shake up - there's a lot of things i'd love to change - better physical and network security, backup solutions, standby servers and that kind of thing. It's a small-ish office (200/300 users) and the IT setup is pretty basic.

I've spoken to my manager and he's more than happy to give me a free hand to improve the department.

So my question is: although i have a few ideas, i am looking for a set of best practices for the whole IT department, sort of like an idiot's guide to setting up an IT department.

Anyone have any ideas?

Hagar

Start by setting up a solid backup system, protect your data.
Everything else can come later.

Tom Dunne

Ouch, that's a very wide-ranging question.

I suppose the first things I would as are:

(1) What is mission critical and what isn't

(2) What SLA's are in place

(3) What expertise do you have in-house

(4) What budget do you have to improve things

seamus

Hagar wrote: »

Start by setting up a solid backup system, protect your data.

I would tend to agree with this.

If you're going for a complete overhaul, you're going to have to do the least fun stuff first.

Get your hands on an ITIL primer and do some research into IT best practice. Assuming that you are now the IT department, then there's no need to go overkill, but if you plan correctly everything else will go smoothly.

parliament

Its not clear from your original post, but I assume you joined the IT department and have been landed with the role of managing it as opposed to joining the company in sales and also been given the responsibility of managing the IT department??

If this is your first IT management role I'd suggest that you take it slow, research everything, it would be very easy to sink 40-100k into a project and be left with systems you don't need or use.

dr strangelove

I mean there's some stuff i need to do like putting the doors back on the server racks (and locking them), temperature sensors in the server rooms, mirroring mission critical servers, finding a secure place for the backup tapes, that kind of stuff, but i'm sure there's loads of things i heven't thought of

dr strangelove

assume you joined the IT department and have been landed with the role of managing

Yeah pretty much.
I'm the only IT guy on this site and my job here has kinda mutated into 'looking after everything to do with computers'.
I've come from a company where everything was a bit more organised, and i want to tidy up the operation here, but am not really that experienced in that side of things

Kali

OK you're new in a job, putting the management side of things aside for one minute you need to put together a few documents (or one large one) detailing the current state of play. Don't rush in and go changing company-wide policies without knowing the impacts, poor decisions are made my rushing a job.

You need to familiarise yourself with everything you can, and draw up brief policy documents (if they don't exist) covering the physical and logical networks (IP scans are a godsend in a new job), Active Directory, mail delivery, AV, backups, Security (AV/Firewalls/Remote-access) as well as any major applications and services the company is running.

Once this is done you'll have a full view of the companys IT infrastructure and you can easily point your managers at the areas that need prioritisation.

Also don't be afraid to get consultants or external companies in once you identify these areas if you lack knowledge... particularly in the areas of storage, network security, mail etc. as with a company that size there's typically a LOT to be done on a day-to-day basis without having to worry about putting design docs together.

Once your priority areas are nailed down and everythings a bit more stable then I'd say start looking at the ITIL processes... your initial findings can come in handy here (for config/asset management for example, some areas will apply more than others in different organisations).

Feelgood

dr strangelove wrote: »

I mean there's some stuff i need to do like putting the doors back on the server racks (and locking them), temperature sensors in the server rooms, mirroring mission critical servers, finding a secure place for the backup tapes, that kind of stuff, but i'm sure there's loads of things i heven't thought of

Depending on your budget,there is also the option of managed services where your servers are hosted, mirrored and monitored in remote location in a Class A data center with controlled air con etc etc.You can also look into backups and disaster recovery as part of the package.

By the sounds of things your not really an I.T. head so this would take all of the technical responsibility off you. While you would still be managing your I.T. infrastructure, you would only have to manage the service between your company and the company thats providing the hosting for you. This is quite common place for a lot of companies.

It means you can focus on business objectives rather than having to worry about whether servers have been backed up or firewall changes etc.

Like I said it really depends on what kind of budget you have, though well worth thinking about.

steve-hosting36

Outsource - yer only man!

Jumpy

steve-hosting36 wrote: »

Outsource - yer only man!

lol.

The worst mistake a company can make.

Start off with the golden rule. No Local Admin Rights.

steve-hosting36

The challenge most small companies face is that they are not IT companies, yet expect to run larg(ish) IT installations and solutions (and worry about data safety, backups, security, etc) often with little or no local expertise - when their core business is about as far removed from IT as is physically possible (like making wheely bins or something).

Outsourcing functions certainly works well in many cases.

seamus

Jumpy wrote: »

Start off with the golden rule. No Local Admin Rights.

What makes that the Golden rule?
Give local admin rights. Don't support data on machines. Install apps using network/admin deploy so even local admins can't change them. If someone breaks their machine, wipe it and give them two fingers.

DublinWriter

dr strangelove wrote: »

Anyone have any ideas?

Plenty.

Without sounding like I'm touting for business, I've worked as a consultant for the past 10 years and have just spend 2 years part time in TCD doing a Masters Degree in I.T. Management.

It would be hard for me to distill all that I've learned into a quick 'how-to' reply, there are various frameworks and models you can use, but I can't stress to you how important it is for you to get the Operational end of things under control, in particular Risk Management.

Basically under Risk Management, number 1 priority is to pull your arse out of the fire and ensure that you have a Business Continuity Plan in place (i.e. data backup stragegy & provision for operational back up servers). Basically it's a plan for all the various worse-case scenarios and the actions to be taken.

After that you need to have an acceptable use policy in place for your employees so that you minimise your organisation's legal exposure should an employ use the Internet to browse porn, disclose company secrets, etc, etc.

These are the two most basic of basic items you need to ensure are present and correctly documented right now.

Best of luck!

Hagar

Check your software licence position.
You need to audit every PC and every server.
You probably have a lot of un-licensed software installed and now it's your neck on the block.

dr strangelove

Thanks for the replies, to clear up a few points:

The backup system is fairly comprehensive, a mix of on-site, tape, and over the net to our HQ in Belguim.

TBH, it's not really a bad set up, but coming from level 2.5 position (more than level 2, but not really a level 3) in a larger computer services company to take total control over the whole department there's some things i've seen that i think should be changed. I'm not

To be honest part of it is to impress the boss, part of it is to make it easier for me to administer, part of it is to prove to myself i can do the job, and part of it is to start to make some headway into the paper storm that's about to happen - the rest of the business is very well organised and documented, and the IT department isn't. I'm expecting one day someone to turn round and say something like "hang on a sec, we've got good documentation procedures in place for every part of the company. except IT........"

The ITIL stuff looks promising, but it also looks expensive.

SouperComputer

The methologies and strategies if ITIL are definatly worth looking into. Never mind impressing your current boss, ITIL is the way things are going for better or for worse, and if you can say you implemented it effectively that is somthing worth putting on your CV.

Its a lot of work at first to get all the polices into action, but once most of it is implemented you will see your resolution time drop like a stone. As well as your costs.

Not sure by what you mean about it being expensive though?

trellheim

1. stop using Microsoft software.
2. vmware everything you can
3. outsource helpdesk but not tech support.

Cryos

Jumpy wrote: »

lol.

The worst mistake a company can make.

Start off with the golden rule. No Local Admin Rights.

Outsourcing ??

Look how good a partnership BOI and HPh ave

Jumpy

Outsourcing.
Dont do it kids.

Jumpy

seamus wrote: »

What makes that the Golden rule?
Give local admin rights. Don't support data on machines. Install apps using network/admin deploy so even local admins can't change them. If someone breaks their machine, wipe it and give them two fingers.

Im not worried about the software we give them, Im worried about what they put on it afterwards.

dr strangelove

Outsourcing's baad, m'kay?

They have an an outsourced helpdesk, where the users phone up and try to get assistance in the first instance.

Although, in real life the users phone up the helpdesk who either can't help them or can't understand the problem, and then the helpdesk refers it to the on-site technician (Me), but it's OK, because in the mean-time the user has gotten on to their manager, bitched and moaned, and the manager has approached me directly, and by the time i get the call assigned to me, normally i've already fixed the problem.

I sometimes wonder how much that outsourcing deal costs the company.

TonyM.

trellheim wrote: »

1. stop using Microsoft software.
2. vmware everything you can
3. outsource helpdesk but not tech support.

Nobody ever got fired for buying Microsoft .
If you need new hardware go with HP.

ps .I asked for some help here when i was setting up a new network and the tread was closed on me.

JustSomeone

seamus wrote: »

What makes that the Golden rule?
Give local admin rights. Don't support data on machines. Install apps using network/admin deploy so even local admins can't change them. If someone breaks their machine, wipe it and give them two fingers.

This works fine if you have simple profiles for your users, and just want to be able to roll out new virus checkers and Office, but I've worked in a number of environments where it doesn't fit.

Take a group of software developers who need a suite of tools on their PC's but need to be able to configure them on the fly - for instance to point to different test environments. That won't work if the software is installed as a network deployed package which is inspected daily and "restored" back to an arbitrary initial configuration.

Like any tool, use network deploy with caution and only where appropriate.