How much do you value your current IT infrastructure?

Really, how critical is your IT infrastructure to your business operations? Chances are, it is essential, and few people have a problem acknowledging that. Much more have trouble admitting the value of IT documentation which, in reality, is nearly just as valuable as the infrastructure itself.

Four reasons why IT documentation is important

The all-too-common situation Commit100 sees in small enterprises: one IT consultant, and no documentation exists. True, the infrastructure is simple enough for one person to be able to keep it inside their head. But what happens when that person is suddenly gone? You are left blind in the dark with respect to your IT. You don’t know the infrastructure, systems, and most critically, the special access credentials and passwords. Even if a new IT consultant comes in, getting a clear picture of the IT situation, restoring all passwords and credentials will take time, and in an IT emergency that time is of prime value. Sadly, lack of documentation is what allows many IT consultants to hold their clients “hostage”, because nobody else knows the system. So knowledge transfer, both with respect to static infrastructure and dynamic ongoing projects, is the single most important reason to document your IT.

Medium-sized enterprises with 50 employees and more will likely have more than one IT consultant/employee. This is when documentation begins to serve another role – standardization and coordination, ensuring that the IT infrastructure is operated consistently and coherently, and the actions of one IT tech don’t conflict with others.

The third reason you want to document your IT is time efficiency. Developing an adequate IT approach or procedure takes time. If a step-by step document already exists, it only needs to be followed, with minimum time spent for thinking and figuring out the right approach.

IT documentation also allows IT itself to have a clear picture of what is going on. With tens if not hundreds of different types of programs and systems interacting in the IT environment, keeping a coherent understanding of what is going on is not always possible without supporting documentation; after all, the human attention span is limited.  

What should be documented?

Some important things you should document, and the list is by no means exhaustive:

• Network and system overview. This gives any IT-savvy individual a general overview of your IT infrastructure. This may be one or more documents, depending on the size and complexity of your infrastructure.
• Administrative credentials and passwords. Needless to say, they should be stored in a secure, preferably encrypted, location, but accessible in case of an emergency and by other IT staff.
• IT policies, reflecting the IT approach to various aspects of managing the infrastructure. This includes
  • Network and Security Policy (what networks and systems exist, for what purpose, who has access, etc),
  • Information policy (privacy, appropriate email use),
  • Internet policy (access to third-party resources like cloud platforms, what content is accessible, what content is blocked),
  • Hardware management policy (how often hardware is replaced, how old hardware is used, etc),
  • Backup and Recovery (when and how recovery is done),
  • …and many more.   
• Information system. All the software that supports business processes and how it interacts between each other.
• Hardware inventory. What hardware you have, where it is, who uses it, and if any spare devices are available if needed.
• Software and license inventory. What software you have, who uses it, and if any spare licenses are available if needed. This will prove invaluable in the case of a licensing audit.
• Project-related documentation. This is especially critical for knowledge transfer if multiple individuals successively work on the same project.

How to keep documentation updated?

First and foremost, work with your IT department or IT consultant to work out an approach to documentation. Make your position in this matter clear, and work out a policy to make sure important documentation exists and is updated, while avoiding excessive time spent on documentation.

It is best to update documentation real-time, as policies and environment change, but that is not always possible. Some documentation should in fact be updated immediately after changes are implemented, like administrative passwords. Commit100 recommends that IT policies and procedures should be revised and updated on a quarterly or semi-annual basis. This will also ensure that outdated and inaccurate documentation does not clutter up document library.

TIPS FOR DOCUMENTING IT INFRASTRUCTURE

Ever get an email from Microsoft saying they want to check your software licenses?

If you’re a medium-sized business, you might. Commit100 has helped enough clients handle Microsoft audits to know that this is a fact of life.

Individuals and small businesses are not typically audited for using legitimate Microsoft software, but large and medium-sized businesses are checked all the time. After all, that is where most of Microsoft’s revenue comes from.

So what do you need to know about a license audit by Microsoft?

First, Microsoft asks you to fill in a “Deployment Summary” (see an older version of this document here), indicating how many instances of Microsoft products you have installed in your environment. This document covers pretty much all Microsoft products that still remain relevant today – desktop and server operating systems, Office products (all the way down to Office XP), SharePoint, products like SQL server and developer tools like Visual studio, and even Dynamics CRM. They specifically ask for “the quantity of each version of software currently installed/in use within your company”. For server-based products, they also ask about CALs (client access licenses).

Does this include the software that is still installed on old computers (no longer in use), but has been installed on new computers under the same license? That is a gray area, so use your best judgement to decide.

How to be prepared for a Microsoft license audit?

It is obviously in your best interests to be prepared for an audit. The best, and priceless, thing it gives you – peace of mind, and may also save you some money.

The information you need to be prepared for a Microsoft audit is:

• How many of their products you have installed, and where.
• All proof of licenses (COA stickers, paper certificates, BIOS keys, etc.) and anything that can act as proof of purchase, preferably in one place (for example, a master license spreadsheet).

How to gather required information?

To do an audit of your environment, you will definitely need a PC audit software. There are many good programs available, including freeware. A very simple and powerful tool that Commit100 has used for its clients is Belarc Advisor – it gives you data about the software installed on the machine, as well as hardware, which is useful information that can be a great basis for a full IT system audit. It will also give you the product keys for most of the software that is installed, but it doesn’t give you the full product keys for Office 2013 and onwards – only the last 5 characters of the key.

To gather the required information about what software is installed and where, run an audit report on the following:

• all desktops and laptops (mobile devices may or may not be relevant);
• all physical servers;
• all virtual machines/virtual servers (note that some individual users may have local virtual machines);
• Servers should have information about the number of CALs they have installed – this information will likely not be given by audit software, but you can check that in the Server Management console under “Licensing”.
• Also take note of the number of clients accessing SQL databases and other server-based products (this will tell you how many CALs you actually need).

Centralize this information in a master document, summarizing all software and keys (yes, every key should be in that document – for you own sake) for every physical and virtual machine.

The next step is to gather information about all the licenses you actually purchased. This includes COAs (stickers that go on the physical box), invoices, paper certificates, etc. Get a clean picture of all the licenses you have proof of purchase for – this should go into the same master document.

The licenses installed vs. licenses purchased should match, but if they do not, you may get an idea as to how much software Microsoft will ask you to pay for.

What then?

After you have completed the deployment summary, send it off to Microsoft. There is typically a deadline established by Microsoft for this, but it’s not a “do or die” deadline, it’s something that can be discussed with Microsoft.

A small piece of advice from our experts at Commit100 – don’t underestimate the time you will need to fill out the deployment summary – the more time, the better. If you use it, of course.

What’s the worst that could happen?

Microsoft will ask you to pay for the licenses that are installed/in use, but which you did not purchase or have no proof of purchase for. If you are compliant, or compliant for the most part, then you should have no problems.

But this is not the end of a Microsoft audit. In future articles, we will discuss what else is involved in the audit after the deployment summary is sent back.

Useful links:

Microsoft Software Asset Management