Here we go, 42 things you can do to make your computer network a little happier, a little easier to manage and give you a little more control and a better sense of security. Suggestions/enhancements are welcomed.

1. Backup, Backup, Backup

Ensure you have at least three recent backups in case of data failure – preferably stored in different places (at least two away from site). Ensure this has data such as a recent backup (encrypted if it is sensitive) of your DNS data (if you run your own DNS server), essential system state images such as firewall backups and windows system state images, electronic copies of manuals, equipment lists as well as your critical data. If you get a network problem you will need data so prepare it now so you don’t have to waste time finding information during downtime. A simple low cost solution if you have a small amount of data is to use a number of different external USB drives and cycle them. You can read more about how we do this in our post Retrieving data quickly – though this should be done in addition to your standard backup practices (and don’t forget that data encryption in case the disks go astray).

2. Time Synchronisation

Servers, especially domain controllers, don’t like getting out of sync too much and if your time and attendance system is keyed into a server, it is even more important to have a good data source for time. If you can stretch to a good atomic clock (such as those from Galleon http://www.galleon.eu.com/) and NTP (Network Time Protocol) software then that is a bonus but if you can’t then SNTP (Simple Network Time Protocol) can be very handy which allows you to sync to a network based time service. Microsoft has an interesting article on their TechNet Website – the URL is:

http://technet2.microsoft.com/windowsserver/en/library/ef81ebc8-4803-42d7-b72a-be7e9f16d1831033.mspx?mfr=true

Also, NIST have useful information at their website together with a list of time sync providers:

http://tf.nist.gov/service/its.htm

3. SNMP

Simple Network Management Protocol should be your friend, and don’t be put off by those MIB (Management Information Base) references (they are simply data files that tell SNMP how to get useful data out of your devices) but without a good tool to make sense of the data it can be tricky. If you can stretch to it then software like SNMPc from Castlerock can help you but if not then a tool like PacketTrap can monitor SNMP feeds and give you valuable information on the state of your network and receive alerts from devices. Check out my article on PacketTrap Freeing the network with PacketTrap. SNMP devices typically use the idea of “community strings” which are just passwords that may be set at the default of “public” for read-only access. These devices can also allow read/write access using these community strings so it may be best to change the default strings to add another level of protection.

4. Syslog

In addition to SNMP many devices can send activity related output to a Syslog server. This allows regular events and other information to be stored and analysed thus producing trends and monitors. Don’t assume your network is alright just because it hasn’t fallen over. Collect that Syslog traffic and look at it regularly. Some information can be gained from my Blog post Syslog and the need for retaining event information.

Kiwi offer a freeware Syslog program at their website: http://www.kiwisyslog.com/

5. Wireless Channel

Check your wireless channel – if you have left it set at the manufacturer default it may be likely you are colliding with other wireless devices in your area. A simple change of channel may improve your wireless performance. A utility I talked about in Home Wireless called Netstumbler can help identify wireless networks and their associated channel numbers. A quick run using Netstumbler in the area where I live show that four houses around me have their wireless device on the same channel.

6. Cables

There are generally two types of copper based networking cables, solid core cables that are typically used for infrastructure as they aren’t designed to be moved around a lot. The second type are stranded copper cables which can put up with a little more movement and these are often used for fly cables (short distance runs say from a patch panel to a switch or from a network point to a computer). If they are moved around a lot then replace them every few years. Poor cables that haven’t been changed for a long time can have an impact on network performance and be very difficult to identify. All cabling systems start out tidy and as time progresses they tend to get a little tangled and unmanageable so save yourself some time at the outset and label each end of a cable with a unique reference number – I wish someone would have told me this when I started out!

7. Firmware

Check for firmware updates on your network devices. These are often offered free by manufacturers of devices and can add valuable improvements and performance increases – but thoroughly read the documentation that accompanies a firmware update as it can often change something you weren’t expecting! I include a list of links to a number of manufacturer’s firmware pages on my blog at http://www.jasonslater.co.uk. One day someone will release a utility that scan the network, collect all firmware levels and check these against available updates from multiple manufacturers – but until then we have to do it manually!

8. Memory

Increase the memory in your servers – memory is very cheap at the moment so it is a good time to ensure you have sufficient RAM (Random Access Memory). Using SNMP tools and other software mentioned previously can alert you to servers that are short of RAM. Using Virtual Server technology will require additional RAM so add some more to make the best use of it. Also, run memory test software against your machines – even the smallest problem with memory can lead to unexpected behaviour and be the cause of a number of problems including Server Freeze. A good utility for x86 based machines is memtest available from http://www.memtest.org/ and Rightmark Ramtester can test both x64 and x86 machine available from http://cpu.rightmark.org/products/ramtester.shtml.

9. Regular Monitoring

If you can get hold of a spare computer then configure it so that its sole job is monitoring the network using Syslog, SNMP, and other tools like PacketTrap, Servers Alive and Spiceworks. It is often useful to keep the display for this nearby so you can run graphical tools to give you visual indication of potential problems. You could also make use of e-mail or SMS alerting software to warn you of problems in case you are out and about. You can read more about monitoring on my post Monitoring the Network.

10. Environment

Consider an environmental monitoring server such as APC Netbotz to keep an eye on your computer room (or closet!). Air conditioning can sometimes fail so keep an eye on those temperatures, and dampness in case of a water leak. These devices have several sensors that can detect temperature, humidity, dew point, airflow, door access, and audio levels. Some options also include cameras which can take snapshots at critical times (such as a door opening) which can also help identify unauthorised access (though check your HR policies!).

11. Audit

Run regular audits of the devices on your network and especially compile and maintain a list of all the accepted MAC address of devices on your network so you can quickly check for devices that shouldn’t be on the network. Expanding this list to include device name, makes, and model together with associated firmware levels or software can really speed up network troubleshooting.

12. Documentation

You may not always be on site, and someone else may need to help out so at the very least, a list of equipment, support contracts and contact numbers, a LAN diagram, and a WAN diagram should be included and kept up to date. A document outlining the specification and build procedure of each server is the icing on the cake. Documentation takes time and isn’t always the most glamorous job in the world especially when there are other jobs to do but in my opinion documentation is essential.

13. UPS – Uninterruptible Power Supply

Factor the cost of UPS power into as many hardware purchases as you can. Sometimes electricity can fail just for a few seconds and a good UPS can let the device continue as if nothing had happened. If you can – address the UPS situation as a project in itself rather than just adding small ones here and there. Adding a central large UPS collection could prove far more effective than lots of isolated smaller batteries – it will also be easier to manage. If your UPS equipment is a few years old then get the batteries checked as they may need replacing. You don’t want to find this out when the power fails! Also, make use of the software included with most UPS equipment that can alert computers of impending power failure so they can shut down safely.

14. Website Monitoring

If you choose to self host your websites then sign up to an independent website monitoring service to let you know when your website is down. You have probably spent money implementing it so its best to ensure it stays up and even more importantly to let you know when it isn’t.

15. DNS – Domain Name System

If you host your own DNS then ensure it is kept up and running, put in a secondary backup DNS controller if you have only one. Back it up regularly. One of the biggest pains on an internal network can be when the internal DNS server fails. This can be especially frustrating if you don’t have an up to date list of hostnames to IP addresses.

16. Blat

If you use scripts to run things on your machines such as cleanup routines you can use a simple tool like Blat to send email updates via the shell script. Blat describes itself as “Blat is a Win32 command line utility that sends email using SMTP or post to Usenet using NNTP”. Blat can be obtained from its website at http://www.blat.net/.

17. MTU Size – Maximum Transmission Unit Size

Data gets split up into small packets when transmitted over a network – the MTU size determines this packet size. If you run larger networks such as Gigabit or higher you can achieve performance benefits by increasing this value. The result will be for the network to send fewer but larger packets of data. Wiki have a good introduction to MTU on their website at http://en.wikipedia.org/wiki/Maximum_transmission_unit and IBM has a good outline at their site.

http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21086718

18. Daily Checklist

It is easy to forget or ignore simple obvious checks when you have a zillion other things to do but a few minutes each day spent checking the obvious can help ensure you don’t fall foul of something that could be easily avoided. Build this into your routine so it becomes as second nature as getting a coffee first thing in the morning. Things like disk space checks, memory checks, patch installs, and wide area connections are all quite straightforward to keep a regular eye on. You can read more about this on my post Being IT – Part Two – The Daily Checklist.

19. Store and Forward

If you host your own email server then consider employing a store and forward service in case your system or Internet connection is down for any period of time. A store and forward service simply sits at the next step in your DNS MX priority and attempts to deliver mail on to a predetermined destination. If that destination is inactive then the Store and Forward service holds the mail and retries the send at regular intervals. Wiki have a good introduction to Store and Forward on their site http://en.wikipedia.org/wiki/Store_and_forward.

20. TFTP – Trivial File Transfer Protocol

Trying to get a firmware update onto a device can be tricky as different manufacturers often have different ways of achieving this. It is always useful to have a TFTP (Trivial File Transfer Protocol) Server handy somewhere so it can be quickly activated and files transferred. Many manufacturers provide a TFTP facility on their devices for quickly uploading updates. I have a problem with a switch recently and it required a firmware update – fortunately I had a TFTP server handy so the update took only minutes.

21. Hot Backup

Virtual server hosting can be useful for maintaining uptime but keeping a hot backup (or even a warm backup) of a device such as a firewall can be a life saver. Critical points of failure can affect the whole network so having something ready to go – even in a lesser form such as an older device – can really help get the network going again. Remember to keep the settings on the back up device in line with those on the master device.

22. Thin Client

Network traffic and congestion a problem? Consider thin client technologies to reduce the amount of data flying around the network, thin clients have very low bandwidth requirements and can often keep data out of the way on an infrastructure backbone rather than a client facing network which can improve the end users performance when accessing files over the network. If you have doubts about thin clients read my post on Five Advantages of Thin Clients.

23. Log

Log errors and problems and in particular their solutions. Consider a wiki or blog to collate them into a solution that is searchable – if you have Sharepoint then setup a site just for troubleshooting. If you get a problem chances are you may have got it before – it’s always handy to have a solution nearby. If a problem occurs for the first time then it may happen again so log it down together with all the relevant information to achieve a fix.

24. DHCP – Dynamic Host Control Panel

Dynamic Host Control Protocol – there can be some debate as to whether fixed IP address schemes are better than dynamically assigned address schemes but I think there is no doubt that a DHCP server is very useful. DHCP servers have the ability to pass other information to clients such as default gateway, router, and web redirection address. If you can – then run a secondary DHCP server and remember to keep additional assigned information stored away somewhere safe – years down the line you may not remember it as easily as you do today.

25. Drive Images

Taking drive images can save a lot of time. Restoring data, installing drivers and reconfiguring machines is fine but being able to take an image of a server or device and copy it back exactly as it was prior to a system problem can be a huge timesaver and really help get the network back online quickly. This can also be very useful when changes are made on a machine – especially if the results of the change are not what you were expecting. Restoring a drive to a previous image state can be really helpful.

26. NAC – Network Admission Control

A hot subject at the time of writing, NAC (Network Admission Control) devices such as the Cisco NAC I wrote about in Who is on your Network? can challenge devices upon any attempt to access the network, and authenticate them by their MAC address. A NAC can also check compliance for things like anti-virus software, anti-spam software, VPN software levels as well devices such as printers, thus restricting device traffic until a particular device is authorised.

27. External Web Hosting

Websites are public facing and essential to business these days. They are also points of entry that can, if compromised, lead to problems with the internal network. It may be more efficient to get an external web host provider to host your website. This will also keep many spammers away from your own network. Mail can still be redirected to your site using DNS MX records.

28. Virtual Server

Virtual computing takes a number of different forms from Virtual Private Networks that allow private network data to transfer over public networks, to thin clients to full blown Virtual Servers like Microsoft Virtual Server or VMware. Often a server can have a very low utilisation so to get the best value out of it – it can be configured to run a number of different servers virtually. These virtual images can be backed up and moved to another virtual server in times of trouble. If you need to test an application then you can use tools like VMware or Virtual Server to install and test the application without worrying it may leave residual files or registry entries lying around on your host server.

29. NAS – Network Attached Storage

Keeping data on different servers versus keeping data in one place. If data is in one place then it can be easily cached, utilise hardware that is designed for the purpose of serving data regularly and data doesn’t have to fly around the network when users decide to tidy up their file systems. Mirroring and backing up data also becomes a lot simpler and more straightforward when data is in one central place. It is also worth keeping a secondary drive with large storage available for times when the NAS may be down (it does happen!) so you can at least get some users back up and running with their critical data quickly whilst you fix the problem.

30. E-mail archiving

Do your users still use PST files (local email storage)? Do your users like to keep every email they have ever sent? Do your user emails probably have lots of large attachments? The likelihood is that these files and archives are on file servers somewhere taking up valuable resources and take time to manage and backup. There are also a number of legal issues associated with keeping e-mails you may need to be aware of which I will cover in a later article. Implement a mail archiving solution like GFI Mailarchiver and give users access to that for retrieving their older emails. You can read more about GFI Mailarchiver on their site at http://www.gfi.com/mailarchiver/.

31. Sendspace.com and Yousendit.com

You can use sendspace.com, yousendit.com or a similar service for transmitting large files instead of emailing them. Sending large files over email can cause all sorts of headaches as often users may have sending limits, receiving limits or storage limits. These large emails can also end up flying around the network several times from different servers, e.g. client to email server to mail checker to mail sender and back again if it fails delivery. Now sites exist such as Sendspace which allow users to upload a file and simply send small email communications to destinations.

http://www.sendspace.com

http://www.yousendit.com

32. Profile Manager

User data storage space is often managed with preset limits. However it easy for user profiles to grow out of all proportion if left unchecked. This can become a real pain if user profiles are set to roaming so they are uploaded and downloaded to and from a server each time a user logs on or off. Instead make users aware of their profile usage by activating profile manager on the server. This can quickly and easily tell the user how much data they are putting on the network. You can activate this in Windows by setting a user profile size under the GPO, then the user will get an icon in their toolbar which, when clicked, will inform them of their profile size.

33. Utility Thumb drive – or CD

Get your useful utilities in one place and keep them handy – a USB thumb/pen drive is ideal for this but a CD will work just as well. I have a list of essential applications on my Blog at Jasonslater.co.uk essential application list. These applications include most of the free applications mentioned in this list together with some other essential and handy tools such portableapps, openoffice, firefox and mac to pc conversion utilities. You can also read this post http://www.jasonslater.co.uk/index.php/2007/04/13/useful-tools-usb/.

34. Penetration Testing

You may think you are safe and secure only to find out you may have missed something after the horse has bolted so to speak – so be pro-active and use an established network security company to perform periodic tests on your network to ensure it is secure.

35. Port Scan

Port scanning tools are very useful for detecting open ports on computers. These ports may be being used for things you weren’t aware of such as Instant Messaging software or questionable software that is accessing the Internet. However, use these kinds of tools with care as in the wrong hands they could expose information about your network. Advanced Port Scanner 1.3 is a port scanning tool that can run from Windows and describes itself as “a small, fast, robust and easy-to-use port scanner for Win32 platform. It uses a multithread technique, so on fast machines you can scan ports very fast. Also, it contains descriptions for common ports, and can perform scans on predefined port ranges”. Symantec offer an Internet based tool that can test your firewall from outside. Their website is at http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym.

36. Spiceworks

Obtaining clear, well organised information about the devices attached to your network is no easy task. Fortunately tools exist to make this task easier. One example of this is Spiceworks which initially, then at regular intervals, get an inventory of your network. You can also set monitors and alerts against devices. You can read more about Spiceworks in my post Spicing up Network Management with Spiceworks.

You can also visit their website at http://www.spiceworks.com.

37. SSO – Single Sign On and Two Factor Authentication

Passwords are very important which I wrote about in a post Passwords but single sign-on is a utopia for users. Being able to put in your credentials in one place instead of having lots of different user names and passwords can be a real benefit – lets face it that many passwords are difficult to remember. Two factor authentication can also be used with SSO to further secure the network whilst placing less emphasis on the need to remember passwords. For more information on Two factor authentication read Remote Access Two-Factor Authentication.

38. Mirroring

Mirror data and Mirrored Servers can be a real life saver especially if they act in a hot backup role. Modern systems may also offer a distributed access role so users can access the first available or least loaded server. Mirroring can be setup either direct from machine to machine or over a network switch to keep overall network bandwidth down – it may be worth implementing additional network cards to handle the extra traffic and isolate mirroring traffic from other traffic.

39. MRTG – Multi Router Traffic Grapher

Obtaining information about the throughput of your routers can be tricky especially if your service providers won’t give you direct access to the router. As long as you can access a device using SNMP then you can use a tool like MRTG. The MRTG explains its role as “It will monitor SNMP network devices and draw pretty pictures showing how much traffic has passed through each interface.”. Traffic analysis on your network can be made a lot easier by using a utility like MRTG which takes a lot of information and translates it into a visual form. It’s not the simplest of things to set up but as long as you follow the clear instructions you should be fine plus there is plenty of support available via the web.

Visit the MRTG website at http://oss.oetiker.ch/mrtg/.

40. Secondary or Tertiary Internet Provider

Install a backup Internet connection. A leased line if you can get one, failing that Broadband access is a good choice. When the WAN falls over then make sure you have a firewall/WAN controller that can detect this and switch to using the secondary Internet provider (changing its DNS references and Gateway addresses) using an active/passive scenario. Many firewalls these days use the idea of zones to which specific interface addresses are assigned thereby allowing access even if an Internet line condition changes. Better still some firewalls may offer an active/active scenario so you can route specific traffic (such as outgoing email) over a preferred connection whilst maintaining more bandwidth for your primary connection.

41. Certificate

Consider a SSL certificate to give peace of mind to outside users that your public server is really yours. These days you can also get wildcard certificates (for multiple sub-domains) and UCC (Unified Communications Certificate) for servers that may have multiples roles (such as Exchange Server which can run Outlook Web Access as well as being a Unified Communications Hub). Certificates can be obtained from many sources these days but established providers like Verisign and Entrust are good choices as many devices have these root certificate providers built-in.

42. Education

Technical Support is as much about education as it fixing problems. Users don’t always realise that the 10MB+ file they are sending can, with a few short steps, be made much smaller. Sending files via SMTP can often increase file size due to the way data is sent. Zipping up, using the reduce file size option in Acrobat Professional or Compress Images option in Microsoft Word, or simply copying and pasting bits of data can keep data files down in size. These files appear in numerous places on the network and have to be transmitted to get there taking up valuable space and bandwidth.

If you are interested in ways of bullet proofing your IT Infrastructure then head over to Terinea for their post 21 Ways to Bullet Proof your IT infrastructure

Technorati Tags: network management, enhance, improve, tips, it management, technical support

Related

• Re-engineering the network continued
• Monitoring the Network
• Who is on your Network?
• Network Management Station
• Re-Engineering the Network