The Followings are the few of the System Administration best practices that every System Administrator must look into it.
1. SYSTEM SECURITY
1.1 ADMIN USER PASSWORD
1) Prepared the file which consist of all critical IT infrastructure Password like
a. All AD forest and domain level administrator like domain admin, Enterprise admin, etc.
b. SQL Databases DBA “sa” user.
c. Network devices super user.
d. All UNIX system super user “root”.
e. All System related tool’s administrative users.
f. Third Party Cloud based System Related Apps administrator password.
Also keep a note of some of points as given below
2) Rename the user account which has administrative privilege and keep a note of it in password file.
3) Set the strong administrative users account password as per standard guideline like Password Length, Its complexity, etc.
4) The password file must be “password” protected and stored at central location with necessary access restriction to specific users only.
5) You should change the all admin user password frequently as per organization policy.
6) Set the Audit on you system/devices to check the administrative accounts usage and check the log regularly.
7) Do not share the password over email or chat to anybody.
8) You must follow the other best practices.
1.2 PHYSICAL CHECK
The physical check of your device is necessary to check its physical location, security and other aspect like how the server is connected to other devices like LAN/SAN switches etc.
Again the server’s physical location, Security and cleanliness is always important for a good and stable operation.
This is required in case you are operating the server/devices remotely and you need to guide new onsite team person or third party vendor to work on it. So at that moment onsite team must have its physical location recorded somewhere in the document.
Due to many reasons you may not be able to check physical status of your system every day, but you should set a plan to check it regularly and set process to make sure the checking is being performed as per plan.
1.3 OTHERS
a. Do not keep your session open when you leave your place.
b. Configure your environment to logout the users session automatically when it is ideal for some time say 2-3 minutes.
c. Keep minimum service/applications running on your system, Remove unwanted services/application from your system and you can close the unwanted TCP ports.
d. Never write down password on paper or store in plain text.
e. Educate users and Helpdesk team about system security and its best practices.
f. Do the Security Assessment of your environment regularly.
2. SYSTEM LOGS
1) Configure Auditing on your system/apps as per your requirements.
2) You must go through and review Security and other logs on weekly basis and as and when required.
3) You can also archive the logs if the organization needs it for security compliance.
4) If you come across Operating Systems, Application related issues then you should first refer system/apps logs for further troubleshooting.
5) Do not clear logs without saving it as it may requires you for problem analysis.
3. SYSTEM CHANGES
1) Best practice is self-control and exercising good discipline while handling system admin related tasks.
a. Always think twice if you are exercising any task on the server, review it twice.
b. If you have doubt on what you are doing, first test it in test environment and check the result or take advice from others. Once you are sure then only run the tasks on Production setup.
2) Always test the hotfixes/patches properly and then only update it to production server.
3) For any product/Hotfixes/patches installation, first read the Release note, installation guide, etc. carefully.
4) Identify the single point of failure in your environment and plan how to mitigate it.
5) Do not make any changes to system on Friday end of day or before you are going on holiday or paid leave.
6) Also ask to review the changes to others team members, if require discuss it and then only apply it to production system. Also track the changes in the document regularly.
4. SYSTEM BACKUP
1) Consult your database/application administrator to check the data backup requirement of the server, its frequency and criticality.
2) Once you schedule the backup job as per requirements, you need to check backup job executed properly or not first time and then do it regularly.
3) Verify your backup media for data restoration at least in a quarter.
4) As per requirement you can set the off-site data backup process.
5) Also check the legal requirements of amount of time to keep data backup set.
6) Keep data restore process ready for each server/application.
5. USERS/GROUPS
1) Create separate USER account to use it as Service Account in the OS or in the application configuration. You can put the description in the user account property.
2) Use Domain admin and Enterprise group very carefully. Review its membership regularly.
Use a group to manage the folder/file level access.
3) Do not user system built-in administrative account for daily use. System admin can always use his/her account to do any administrative tasks.
6. SYSTEM DOCUMENTATION
1) Keep records of your each activity and process. How you got the system after a fresh installation and chronologically how changes happened with all details like Hardware changes, OS/Apps configuration and permissions changes should be recorded.
You can manage soft copy as well as hard copy depending on company’s practices. This documentation will help you for better diagnosis of your system in case of any problem.
2) Always keep system inventory up to date.
3) Keep all process documents centrally and understand each process thoroughly.
4) Also keep all important contacts readily available in soft and hard format with you.
7. KNOWLEDGE UPDATE
1) Learn the technology from others if anyone within your team know it so that you can save your time.
2) Whenever you get the free time, refer latest news, white papers, articles and books to update your knowledge on latest technology.
8. GENERALS
1) Don't panic! In all situations.
2) Follow your organization’s policies and procedures.
3) Develop standard installation guidelines for all operating systems and applications used by the organization.
4) Observed the server process, performance and its pattern very carefully by using monitoring system or by login to server.
5) Implement the IT infrastructure monitor system to monitor your IT infrastructure proactively.
6) Specially observed existing server disk space usage and its pattern. You can plan the new disk space as per its past usage pattern. You can plan the server hardware configuration depending on your application requirements. Also consider it for longer terms. In virtualisation you can use thin or thick the disk provision method. You can check overall type of VMs on the Virtual host and other VM Host configuration, so that there will not be any impact on VMs.
7) Use and maintain development/test and production environment differently.
8) Keep your weekly reports visible to all.
9) Test your system DR plan at least once in a year.
