Oerlikon Balzers 90 Day Plan Of Action


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Oerlikon Balzers 90 Day Plan Of Action

  1. 1. Proposed Oerlikon Balzers IT Management Version 1.0 Initial (90) Day Plan of Action 05/12/2009 Objective This plan outlines a preliminary (90) day call-to-action based on an initial, brief assessment of Oerlikon Balzers’ IT environment. It by no means, makes assumptions to Oerlikon Balzer’s immediate IT needs whether they are chronic or acute issues. The goal of this plan is to illustrate the potential endeavors and achievements possible for the new IT Manager in their first 3 months. This plan should serve as an outline to begin the work necessary in transforming Oerlikon Balzers’ IT Department into a valuable, high performing business unit. Overview Day 0-30 1. Protect 1.1 Backups. Identify and protect all corporate data. Ensure that all corporate data is being backed up at frequencies acceptable to maintain business continuity. 1.2 Network Security. Do an initial security assessment to identify any unacceptable vulnerability in network security and business processes. Day 0-60 2. Assess / Identify / Organize 2.1 Inventory. Assess and identify all Infrastructure assets. 2.2 Help Desk. Identity standard IT Processes with primary focus of the flow of Help Desk requests. 2.3 Data Center. Re-organize data center equipment and cabling to better facilitate the identification, repair, and replacement of system components. Day 30-60 3. Monitor / Measure 3.1 Network Monitoring. Establish a comprehensive monitoring system (with ipMonitor product) to build a baseline of Infrastructure health, performance, and capacity. 3.2 Metrics. Create automated reports of changes to Infrastructure health, performance, and capacity that occur over time. Day 60-90 4. Report 4.1 Initial Assessment. Deliver to Senior Management a comprehensive report of initial (90) day observations with recommendations of areas that need immediate improvement. 4.2 Strategic Planning. Deliver to Senior Management an outline of a (6-18) month strategic plan for IT. Page 1 of 4
  2. 2. Details Day 0-30 1. Protect Oerlikon Balzers’ most valuable asset is its data and it is the primary responsibility of IT to ensure that it is protected from destruction and unauthorized access or modification. The initial assessment of all data will form the foundation of a comprehensive disaster recovery plan. 1.1 Backups 1.1.1 System Configurations. Identify and configure backup of system configurations from all routers, switches, vpn concentrators, PBXs, etc. Identify and backup system state for all key Windows Systems. These backups will occur every (30) days. 1.1.2 System Data. Identify and configure backup for all system data. This will include all file, SQL, Exchange, IIS data and a full backup will occur every (7) days. Incremental backups will occur everyday. A copy of all full backups are to be taken offsite every (7) days for Disaster Recovery purposes. 1.2 Network Security 1.2.1 Internal Threats. Complete a basic security audit to verify best practices are being followed with regards to access control and authorization. Analyze and make recommendation to any Active Directory Group Policy Objects (GPOs), Organization Unit (OU) structure, or Access Control Lists (ACLs). 1.2.2 External Threats. Complete a vulnerability assessment of all public facing networks and systems. Verify that best practices are being followed with regards to network topology and access control. Remove any unnecessary external access to systems or ports. Work with business units to identify any compliance obligations and verify that they are being met. 1.2.3 Security / Anti Virus management. Review current anti virus controls and management. Ensure that all systems are up to date with regards to critical security patches. Evaluate, recommend, and implement a system for managing security patches and updates for both servers and workstations. Day 0-60 2. Assess / Identify / Organize In order to provide strategic planning and guidance to Oerlikon Balzers the scope of all systems and processes needs to be assessed first. Not only will this provide a comprehensive inventory of all IT assets this course of action will identify any ‘fragile’ or underperforming system or process that needs immediate attention. The initial product of this endeavor could be the foundation for establishing an ITIL (Infrastructure Technology Infrastructure Library) Configuration Management initiative. Configuration Management will serve to provide a consistent and robust template for the setup and maintenance of all equipment and servers across the entire organization. 2.1 Inventory 2.1.1 Initial Assessment. This will focus primarily on all assets and processes housed in the Elgin, IL facilities. All coating centers outside of Illinois will be assessed to the extent as allowed by remote access and any existing documentation. Network Assessment. Identify and document all LANs, VLANs, WANs, and network interconnections (such as site-to-site VPNs). Identify all circuits (voice and data) and service providers. Identify all service agreements, contracts and obligations. Identify and document all switches, routers, (hardware) firewall devices, and VPN concentrators. System Assessment. Identify and document all servers and system at the Elgin, IL Corporate office and Data Center. Establish age and warranty coverage for key systems. Workstation Assessment. Identify and document all workstations located throughout the entire organization. Review warranty and service support contracts for all workstations. Page 2 of 4
  3. 3. Phone System Assessment. Identify and document all phone system physical assets. Identify all DIDs and toll free numbers and corresponding service provider. Identify and document numbering plan and site-to-site tie lines or routes. Review service agreements with all Telco’s and PBX maintenance providers. 2.1.2 Extended Assessment. This assessment pertains primarily to facilities located outside of Elgin, IL and mostly likely performed outside of the initial (90) day timeframe. It is recommended that a site visit be performed (budget permitting) to all facilities under the responsibility of this group. While much of the systems and assets can de identified and documented remotely there is no substitute for an on-site assessment to properly document all physical and environmental conditions. This is also an excellent opportunity to build relationships between IT resources in Elgin and business stakeholders at the numerous Coating Centers. 2.1.3 Asset Management. Evaluate, recommend, and implement a system for managing all IT assets both physical fixed assets and software licenses. 2.2 Help Desk 2.2.1 Help Desk Requests. Evaluate current IT service request process from initial request to problem resolution. Evaluate current (if present) Help Desk ticketing system. Identify recurring problems and look for quick improvements that represent real value to customers. 2.2.2 Help Desk Model. Reshape IT operations into a services model by spelling out service levels and detailed processes for delivering, managing and supporting technology. A service level agreement (SLA) is a key component and is necessary in setting expectations. It quantifies acceptable service levels and outlines when, what, and how services will be delivered. 2.2.3 Service Desk Portal. Evaluate the potential creation of a Service Desk Portal. This would be a single point of contact for all IT related requests. This system would track the progress of all requests as well as providing periodic updates to the service requestor. Data collected would measure and monitor the effectiveness of service request processes. 2.2.4 Change Management. Document IT activities in detail, as well as spelling out the steps and processes used to manage IT-related events and changes to systems. 2.2.5 Training. Evaluate current training offerings and make recommendations for possible improvement. 2.3 Data Center 2.3.1 Organize Physical Components. In order to more effectively service and maintain all data center servers the current equipment racks need to be better organized. All network, power, and kvm cables are to be uniquely labeled to be quickly identified. Wire management will be installed and all cables properly groomed to provide segregation and strain relief. All equipment to be labeled with their appropriate Fully Qualified Domain Name (FQDN) for quick identification. 2.3.2 Disaster Recovery. Identify critical systems and work with business stakeholders to establish a business continuity plan. Initial backup plan will move full backups offsite every (7) days exposing the DR plan to a Recovery Point Objective (RPO) as large as one week. Evaluate software, technologies, and service providers that will shorten the RPO to a point acceptable to meet Business Continuity requirements. 2.3.3 Redundancy. Ensure that all systems with available redundant components are installed correctly to facilitate proper failover. If redundant Internet connections do not exist, prepare plan to have this setup and installed. Day 30-60 3. Monitor / Measure Gone are the days of IT Departments simply requesting the monies for a new server or to increase the bandwidth of a WAN circuit. Any responsible CIO or CFO will ask ‘why’ to justify any significant capital or operational expense. This Page 3 of 4
  4. 4. ‘why’ is answered by a measured report or metric of degraded performance or capacity. Considering the current economic environment it is paramount that mid-sized IT organizations like that at Oerlikon do more with less. Oerlikon needs to proactively monitor system performance and capacity to better plan for future expenditures to support their growing environment. By quickly establishing network monitoring the IT Services group will be able to proactively respond to service outages and degradations before they have a chance to become serious interruption to business activities. 3.1 Network Monitoring. 3.1.1 ipMonitor. Quickly install and setup Solarwinds’ ipMonitor network monitoring software. This is the critics’ choice, hands down for effective and manageable, budget-priced network management software. This will be installed under a 21-day evaluation which will allow for Senior Management to see the immense benefits prior to purchasing a license at the cost of $1,995. Not only does ipMonitor provide basic up/down monitoring of all systems and services it can simulate end-user experience for web based and other applications. 3.2 Metrics 3.2.1 ipMonitor Reports. ipMonitor reports will be setup to provide a baseline measurement of the capacity and performance of all systems and applications. These reports will include disk space utilization and free space, server performance as well site-to-site WAN links and Quality of Service (QOS) measurements to gauge the health of voice traffic across the network. 3.2.2 Help Desk Reports. Ideally, the implementation of a Service Desk Portal will provide automated reporting of the flow of service requests that traverse the IT group. In lieu of a Service Portal a more qualitative analysis of service requests will be written and reported to Senior Management on a regular basis. Day 60-90 4. Report This plan is designed to provide a specific methodology to enable the new System Engineer to quickly and efficiently set about a course of work to submerge themselves into the day-to-day IT operations at Oerlikon and quickly come up to speed. This initial (90) day period will be extremely intense and an eye opening opportunity that will allow for a studious engineer to formulate numerous remedies and recommendations to greatly improve the IT operations at Oerlikon. The product of this initial work will be in the form of (2) deliverables: 4.1 Initial Assessment 4.1.1 (90) Day SWOT Analysis. 60-90 days of direct support, operation, and maintenance of Oerlikon Balzers’ IT operations should be ample time for the new System Engineer to formulate specific recommendations as to improving the quality and timely delivery of IT services across the organization. Observations of deficiencies will also be commented on. This report will be in the form of a basic SWOT analysis presenting strengths, weaknesses, opportunities, and threats to the IT group at Oerlikon. 4.2 Strategic Planning 4.2.1 (6-18) Month Strategic Plan Outline. IT organizations need to stop operating by the seat-of-their-pants and set about in a methodical and ordered approach to their overall operations. The foundation to this ordered approach is a strategic plan that will be an off shoot of the (90) Day SWOT Analysis. Strategic planning is an organization's process of defining its strategy, or direction, and making decisions on allocating its resources to pursue this strategy, including its capital and people. It is imperative that Oerlikon Balzers begins the process of creating this plan if they want to make their IT operations into a highly successful unit and a key contributor to the continued success of the organization. Page 4 of 4