Oerlikon Balzers IT Management Version 1.0
Initial (90) Day Plan of Action 05/12/2009
This plan outlines a preliminary (90) day call-to-action based on an initial, brief assessment of Oerlikon Balzers’ IT
environment. It by no means, makes assumptions to Oerlikon Balzer’s immediate IT needs whether they are chronic or
acute issues. The goal of this plan is to illustrate the potential endeavors and achievements possible for the new IT
Manager in their first 3 months. This plan should serve as an outline to begin the work necessary in transforming
Oerlikon Balzers’ IT Department into a valuable, high performing business unit.
Day 0-30 1. Protect
1.1 Backups. Identify and protect all corporate data. Ensure that all corporate data is being
backed up at frequencies acceptable to maintain business continuity.
1.2 Network Security. Do an initial security assessment to identify any unacceptable vulnerability in
network security and business processes.
Day 0-60 2. Assess / Identify / Organize
2.1 Inventory. Assess and identify all Infrastructure assets.
2.2 Help Desk. Identity standard IT Processes with primary focus of the flow of Help Desk requests.
2.3 Data Center. Re-organize data center equipment and cabling to better facilitate the
identification, repair, and replacement of system components.
Day 30-60 3. Monitor / Measure
3.1 Network Monitoring. Establish a comprehensive monitoring system (with ipMonitor product) to
build a baseline of Infrastructure health, performance, and capacity.
3.2 Metrics. Create automated reports of changes to Infrastructure health, performance, and
capacity that occur over time.
Day 60-90 4. Report
4.1 Initial Assessment. Deliver to Senior Management a comprehensive report of initial (90) day
observations with recommendations of areas that need immediate improvement.
4.2 Strategic Planning. Deliver to Senior Management an outline of a (6-18) month strategic plan
Page 1 of 4
Day 0-30 1. Protect
Oerlikon Balzers’ most valuable asset is its data and it is the primary responsibility of IT to ensure that it is protected
from destruction and unauthorized access or modification. The initial assessment of all data will form the foundation
of a comprehensive disaster recovery plan.
1.1.1 System Configurations. Identify and configure backup of system configurations from all routers, switches,
vpn concentrators, PBXs, etc. Identify and backup system state for all key Windows Systems. These backups
will occur every (30) days.
1.1.2 System Data. Identify and configure backup for all system data. This will include all file, SQL, Exchange, IIS
data and a full backup will occur every (7) days. Incremental backups will occur everyday. A copy of all full
backups are to be taken offsite every (7) days for Disaster Recovery purposes.
1.2 Network Security
1.2.1 Internal Threats. Complete a basic security audit to verify best practices are being followed with regards
to access control and authorization. Analyze and make recommendation to any Active Directory Group
Policy Objects (GPOs), Organization Unit (OU) structure, or Access Control Lists (ACLs).
1.2.2 External Threats. Complete a vulnerability assessment of all public facing networks and systems. Verify
that best practices are being followed with regards to network topology and access control. Remove any
unnecessary external access to systems or ports. Work with business units to identify any compliance
obligations and verify that they are being met.
1.2.3 Security / Anti Virus management. Review current anti virus controls and management. Ensure that all
systems are up to date with regards to critical security patches. Evaluate, recommend, and implement a
system for managing security patches and updates for both servers and workstations.
Day 0-60 2. Assess / Identify / Organize
In order to provide strategic planning and guidance to Oerlikon Balzers the scope of all systems and processes needs
to be assessed first. Not only will this provide a comprehensive inventory of all IT assets this course of action will identify
any ‘fragile’ or underperforming system or process that needs immediate attention. The initial product of this
endeavor could be the foundation for establishing an ITIL (Infrastructure Technology Infrastructure Library)
Configuration Management initiative. Configuration Management will serve to provide a consistent and robust
template for the setup and maintenance of all equipment and servers across the entire organization.
2.1.1 Initial Assessment. This will focus primarily on all assets and processes housed in the Elgin, IL facilities. All
coating centers outside of Illinois will be assessed to the extent as allowed by remote access and any existing
22.214.171.124 Network Assessment. Identify and document all LANs, VLANs, WANs, and network
interconnections (such as site-to-site VPNs). Identify all circuits (voice and data) and service providers.
Identify all service agreements, contracts and obligations. Identify and document all switches, routers,
(hardware) firewall devices, and VPN concentrators.
126.96.36.199 System Assessment. Identify and document all servers and system at the Elgin, IL Corporate
office and Data Center. Establish age and warranty coverage for key systems.
188.8.131.52 Workstation Assessment. Identify and document all workstations located throughout the entire
organization. Review warranty and service support contracts for all workstations.
Page 2 of 4
184.108.40.206 Phone System Assessment. Identify and document all phone system physical assets. Identify all
DIDs and toll free numbers and corresponding service provider. Identify and document numbering
plan and site-to-site tie lines or routes. Review service agreements with all Telco’s and PBX
2.1.2 Extended Assessment. This assessment pertains primarily to facilities located outside of Elgin, IL and mostly
likely performed outside of the initial (90) day timeframe. It is recommended that a site visit be performed
(budget permitting) to all facilities under the responsibility of this group. While much of the systems and assets
can de identified and documented remotely there is no substitute for an on-site assessment to properly
document all physical and environmental conditions. This is also an excellent opportunity to build relationships
between IT resources in Elgin and business stakeholders at the numerous Coating Centers.
2.1.3 Asset Management. Evaluate, recommend, and implement a system for managing all IT assets both
physical fixed assets and software licenses.
2.2 Help Desk
2.2.1 Help Desk Requests. Evaluate current IT service request process from initial request to problem resolution.
Evaluate current (if present) Help Desk ticketing system. Identify recurring problems and look for quick
improvements that represent real value to customers.
2.2.2 Help Desk Model. Reshape IT operations into a services model by spelling out service levels and detailed
processes for delivering, managing and supporting technology. A service level agreement (SLA) is a key
component and is necessary in setting expectations. It quantifies acceptable service levels and outlines
when, what, and how services will be delivered.
2.2.3 Service Desk Portal. Evaluate the potential creation of a Service Desk Portal. This would be a single point
of contact for all IT related requests. This system would track the progress of all requests as well as providing
periodic updates to the service requestor. Data collected would measure and monitor the effectiveness of
service request processes.
2.2.4 Change Management. Document IT activities in detail, as well as spelling out the steps and processes
used to manage IT-related events and changes to systems.
2.2.5 Training. Evaluate current training offerings and make recommendations for possible improvement.
2.3 Data Center
2.3.1 Organize Physical Components. In order to more effectively service and maintain all data center servers
the current equipment racks need to be better organized. All network, power, and kvm cables are to be
uniquely labeled to be quickly identified. Wire management will be installed and all cables properly groomed
to provide segregation and strain relief. All equipment to be labeled with their appropriate Fully Qualified
Domain Name (FQDN) for quick identification.
2.3.2 Disaster Recovery. Identify critical systems and work with business stakeholders to establish a business
continuity plan. Initial backup plan will move full backups offsite every (7) days exposing the DR plan to a
Recovery Point Objective (RPO) as large as one week. Evaluate software, technologies, and service providers
that will shorten the RPO to a point acceptable to meet Business Continuity requirements.
2.3.3 Redundancy. Ensure that all systems with available redundant components are installed correctly to
facilitate proper failover. If redundant Internet connections do not exist, prepare plan to have this setup and
Day 30-60 3. Monitor / Measure
Gone are the days of IT Departments simply requesting the monies for a new server or to increase the bandwidth of a
WAN circuit. Any responsible CIO or CFO will ask ‘why’ to justify any significant capital or operational expense. This
Page 3 of 4
‘why’ is answered by a measured report or metric of degraded performance or capacity. Considering the current
economic environment it is paramount that mid-sized IT organizations like that at Oerlikon do more with less. Oerlikon
needs to proactively monitor system performance and capacity to better plan for future expenditures to support their
By quickly establishing network monitoring the IT Services group will be able to proactively respond to service outages
and degradations before they have a chance to become serious interruption to business activities.
3.1 Network Monitoring.
3.1.1 ipMonitor. Quickly install and setup Solarwinds’ ipMonitor network monitoring software. This is the critics’
choice, hands down for effective and manageable, budget-priced network management software. This will
be installed under a 21-day evaluation which will allow for Senior Management to see the immense benefits
prior to purchasing a license at the cost of $1,995. Not only does ipMonitor provide basic up/down monitoring
of all systems and services it can simulate end-user experience for web based and other applications.
3.2.1 ipMonitor Reports. ipMonitor reports will be setup to provide a baseline measurement of the capacity
and performance of all systems and applications. These reports will include disk space utilization and free
space, server performance as well site-to-site WAN links and Quality of Service (QOS) measurements to gauge
the health of voice traffic across the network.
3.2.2 Help Desk Reports. Ideally, the implementation of a Service Desk Portal will provide automated reporting
of the flow of service requests that traverse the IT group. In lieu of a Service Portal a more qualitative analysis
of service requests will be written and reported to Senior Management on a regular basis.
Day 60-90 4. Report
This plan is designed to provide a specific methodology to enable the new System Engineer to quickly and efficiently
set about a course of work to submerge themselves into the day-to-day IT operations at Oerlikon and quickly come
up to speed. This initial (90) day period will be extremely intense and an eye opening opportunity that will allow for a
studious engineer to formulate numerous remedies and recommendations to greatly improve the IT operations at
Oerlikon. The product of this initial work will be in the form of (2) deliverables:
4.1 Initial Assessment
4.1.1 (90) Day SWOT Analysis. 60-90 days of direct support, operation, and maintenance of Oerlikon Balzers’ IT
operations should be ample time for the new System Engineer to formulate specific recommendations as to
improving the quality and timely delivery of IT services across the organization. Observations of deficiencies
will also be commented on. This report will be in the form of a basic SWOT analysis presenting strengths,
weaknesses, opportunities, and threats to the IT group at Oerlikon.
4.2 Strategic Planning
4.2.1 (6-18) Month Strategic Plan Outline. IT organizations need to stop operating by the seat-of-their-pants
and set about in a methodical and ordered approach to their overall operations. The foundation to this
ordered approach is a strategic plan that will be an off shoot of the (90) Day SWOT Analysis. Strategic
planning is an organization's process of defining its strategy, or direction, and making decisions on allocating
its resources to pursue this strategy, including its capital and people. It is imperative that Oerlikon Balzers
begins the process of creating this plan if they want to make their IT operations into a highly successful unit
and a key contributor to the continued success of the organization.
Page 4 of 4