Infrastructure Health Check

DSP provides individualised health checks to their customers across multiple technology areas to ensure the in-place systems are fit for purpose and optimised to their most effective configuration. This allows customers to derive a greater return on investment from their IT systems and ensures they can concentrate on their core business function.

DSP consultants are given the freedom to deliver.  This means that when performing activities such as health checks, they can use their skills, experience, and initiative to deliver a comprehensive health check that is tuned to the customer’s requirements.

This is done independently of any business development activities, ensuring the consultant is not pressured to deliver a health check that supports sales activities.

DSP consultants are all senior consultants with 20+ years of experience; many have experience as users of the applications they now support. Our consultants have the expertise to perform an in-depth and thorough health check with a high degree of understanding of the demands placed upon the customer's IT systems.

The DSP health check is typically performed by the DSP consultant on-site at the customer offices, although it can, in some instances, be performed remotely. The DSP consultant will discuss the architecture and system configuration with the customer’s IT team to understand them at a high level. The customer IT team is expected to be available throughout the health check to answer additional questions about environmental specifics.

With an understanding of specific pain points and the environment’s history, the consultant will run scripts to capture information from the customer system and, where relevant, investigate specific areas of concern to uncover root causes. This captured information will then be reviewed, and initial findings will be shared with the customer before the consultant leaves the site.

Within a few days, the consultant will write up the findings and report back to the customer with the outcome of the health check. This will detail the checks performed, the issues found and, where relevant, corrective action recommended.  It is then at the discretion of the customer whether those corrective actions are performed.

A review of the versions of operating systems installed will be undertaken to verify this is in date with the software vendor. This ensures that should there be any issues with the software, support will be provided, and where applicable, patches will be delivered.

In some instances, there are valid reasons why support is allowed to lapse. Typically, this is due to legacy software support required for specific business functions. The consultant will recognize and note this.

The consultant will also review the current state of patching on the system to ensure that regular and appropriate patching activity has occurred and to correct bugs discovered by the software vendor.  The consultant will review the status of currently applied patches but will also review the process to apply patches with regards to change and version management and ensure that appropriate dispensation is made for testing prior to releasing patches into production.

A general architectural overview is essential to understanding the nature of the IT system.  This will not be isolated to the system in question but will investigate the contact points with other periphery systems (for example, email, DNS etc.) which may have an operational impact on the smooth running of the system.

At a more technical level, the size and shape of the architecture will be reviewed, covering CPU configuration, memory configuration, and disk configuration, including RAID levels. Any clustering configuration will also be reviewed and verified to ensure it is optimal for the system requirements.

Critical to any IT system is the network providing connectivity to the system for end-users and connectivity to other IT solutions for integration.

The DSP Infrastructure Health check will identify any areas of concern, such as dropped packets, saturated links, latency, etc.  It will also verify whether the TCP stack is optimized effectively for the system workload, e.g. high throughput or low latency.

Note that this configuration is isolated to the server operating systems only. The DSP consultant is not expected to require access to firewalls or other networking peripherals.

Performance is an exceptionally complicated area where commonly an “ideal” performance configuration is impossible given the varied nature of system load with most IT systems.   The goal here is to ensure that the IT system is configured optimally for the load profile applied to it, weighting this configuration towards more time-critical activity and away from those activities where time pressures are not so prevalent.  Inevitably there is a trade-off.

The DSP Infrastructure Health Check investigates the following areas:

• CPU activity
• Memory usage & paging
• IO utilization & throughput
• System wait time
• Log file reviews (e.g. dmesg & /var/log)

In addition, the system is reviewed to investigate configuration such as the IO Schedule type (deadline, CFQ, NOOP etc.) and, if available, longer-term statistics are reviewed to identify any changes in performance & capacity requirements over time.

Like performance, security is a vast area where there are many conflicting opinions as to what constitutes effective systems security. DSP has drawn upon its consultants’ cumulative experience in IT systems management to define some key areas to investigate. These are:

Systems Access

• Software firewall configuration (e.g. iptables)
• PAM (if applicable) password policies etc.
• Ensure no remote root login
• Remove/lock unused accounts
• Ensure leavers/movers process includes locking/removal of user accounts

Intrusion Detection

• Review IDS configuration (passive/active)
• Review auditing configuration
• Log file review to ensure activity is being captured
• Review, if relevant, any FIPS/FIMS configuration

Intrusion Prevention

• Review software firewall configuration
• Review WAF configuration (if relevant)
• Review relevant logs pertaining to intrusion prevention

System Patching

• Ensure a robust patching strategy
• Identify any required patches for security flaws

General Secure Configuration

• SELINUX – can provide a higher level of security for an admin overhead
• Review active services – inactive services should be disabled/uninstalled
• Review encryption strategy to ensure data both in transit and at rest is encrypted where appropriate
• Check configuration security – e.g. password access for kernel boot

The above represents a thorough review of system configuration. However, no two IT systems are alike, and the consultant may review and investigate other areas to augment the Health Check.  

Customers commonly require further reviews of systems regarding Cloud Migration Readiness, including a review of licensing, performance, security, and service requirements. This may support a decision to move to the Cloud or help prepare for a planned move to the Cloud.  

This can be further extended to include specific application requirements, e.g. Oracle Database and e-Business Suite patch levels recommended for Cloud-based solutions.

This will be discussed on-site with the relevant support personnel to identify and agree to these areas.