| cept of a Server Change and Configuration | | | | 3. Virtualization — when virtualising servers |
| Management Policy is simple - define what 'good' | | | | in order to facilitate datacentre moves, service |
| IT service looks like, then maintain your Server | | | | continuity provision and to reduce running costs, |
| estate in this state. | | | | remember that you are also introducing another |
| It is vitally important to keep in check all relevant | | | | layer of configuration management at the VM |
| servers configuration settings, performance | | | | Host level that must equally be audited to ensure |
| metrics and application response times that | | | | it is compliant with corporate governance policies |
| together govern the quality and consistency of | | | | 4. Compare 'one server to many' and pinpoint all |
| delivered IT service levels to the business. | | | | differences between a 'policy compliant' (i.e. |
| However, while it is obvious that governing the | | | | 'working') server and those that aren't -all key |
| performance and health of your servers is | | | | changes and deviations will be instantly identified |
| important, the need to ensure your servers are | | | | and reported |
| compliant with security and external corporate | | | | 5. Software Inventory Management — A |
| governance legislations is now equally necessary. | | | | Configuration Management solution should cover |
| Corporate Governance policies such as Sarbanes | | | | Server inventory management, server asset |
| Oxley (SOX), GLBA, NERC, PCI DSS, HIPAA, | | | | management, server performance management |
| MiFID, SAS 70, and Basel II have all been | | | | and server configuration management |
| introduced to ensure minimum levels of security | | | | 6. Server Security Management — Best |
| and integrity are maintained for company financial | | | | practise is to limit the User Accounts to the |
| information and any stored personal details of | | | | minimum and restrict access to Administrator |
| customers. | | | | accounts with Admin privileges but you also need |
| Your Servicedesk or Helpdesk system has a role | | | | to regularly check that Server User Accounts |
| to play, typically playing an integral role in any ITIL | | | | have not been modified, added or changed |
| Change and Configuration Management Process, | | | | 7. Server File system Management — a |
| providing reconciliation data for any planned | | | | key aspect of PCI DSS and other corporate |
| changes to any configuration item, including | | | | governance policies is that core filesystem |
| servers. | | | | attributes have their integrity maintained, for |
| The Top Ten of Server Configuration | | | | instance, the Win32 folder should not be changed |
| Management | | | | or modified and it is vital to regularly check this |
| 1. Server Performance Management - Measure | | | | 8. Registry Settings — as the core |
| and control all parameters affecting IT Service | | | | repository of Server Configuration Settings, any |
| Delivery, including configuration settings, server | | | | Registry changes must be logged and analysed |
| health and user experience | | | | 9. Running Processes and Services/Service States |
| 2. Server Compliance Audits — Take steps | | | | — build a whitelist and blacklist of |
| to automate the audit of your server estate in | | | | authorised/unauthorized process and services, |
| order to provide auditors with accurate details of | | | | together with any mandatory must |
| all security and access controls for compliance | | | | run’ or illegal never run’ |
| with all Corporate Governance legislations, such as | | | | processes and services |
| PCI DSS, SOX, GLBA, NERC, HIPAA, MiFID, SAS | | | | 10. |
| 70, Basel II | | | | |