How to perform a detailed Infrastructure IT/OT assessment

1. Purpose and Overview


1.1. Executive Summary


It is a necessity to have a complete as-is situation of site IT/OT infrastructure [A1] components available, including their relationships, ownership and support responsibilities as a pre-requisite to support the current mode of operation and to prepare the transformation towards a new standardized setup.


1.2. Purpose of this Document


This document outlines the setup and handling instructions to be used by the teams that perform IT/OT Infrastructure assessments. The templates used are available and also an example of an actual site assessment exercise has been included.

.


2. Design Decisions


2.1. Design Considerations / Requirements


1. To define working instructions for performing a site assessment

2. To define a questionnaire which needs to be completed during an assessment.

3. To create document based on templates for to Top Down and Bottom up assessments.

4. To create document based on templates for network Site overview, Layer2 and Layer 3 diagrams.

5. To create document based on templates for Compute/Storage/Backup diagrams

6. To create document based on templates for Data racks inventories.

7. To create a default folder structure for organizing files and pictures.

8. To add a method for converting BOT assessment to structured data



3. In Scope and Out of Scope


The following items are in-scope for the site Site Survey assessments project:

· Creation of work instructions.

· Creation of documents based on the provided templates, as-is situation only.

· Setup of a folder structure to store the data

· To perform a few site assessments together with the executor to test the documentation

· To train a new team how to do the assessments in alignment with the customer’s requirements.

· To setup a process of importing the assessment results in the customer’s CMDB

· Describe different steps to convert BOT assessment to structured data


The following items are out-of-scope for this document:

· To execute all site assessments, this will be done by an external company.

· To define ‘to be’ designs

· To import the collected data into the standard CMDB

4. Overall Solution Architecture


4.1. Data structures


4.1.1. Folders


Folder structure


All data of the performed site assessments should be stored in a dedicated Sharepoint site. This sharepoint will have a specific folder per site with the site-id used as naming convention.

Within this folder, the following data structure is created :










Figure 1 Folder Structure Assessments















4.2. Tables and documents


4.2.1. Questionnaire


The purpose of the questionnaire is to collect general information about the site. This includes all data about safety, security, HVAC, computer rooms and racks. This document should not collect detailed information about infrastructure components ( serial number, ip addresses, etc ) – that info is stored in the Bottom-up inventory.

This file exists of the following tabs to be completed :


· Initial Page : General Information about the location

· Revision History : Tracking of changes

· Contact Info : Site local contact info

· Requirements outline : General questionnaire


o Topics covered : Physical Facility, IT Infrastructure Onboarding, Voice & Video conference systems, Printers and Scanners, Asset Management, Monitoring Tools, Security Service, User Onboarding, Data Onboarding, Application Onboarding, Service Desk and ICS/OT

o Column E is used for the general answer.

o Column F will provide extra information related to the answer to be given

o Columns I-M are used for some answers to give more detailed information


4.2.2. Top down template


The ‘Top down’ template is stored in a tab of the “Site Survey” file. The Top Down approach defines component types. These are not necessarily individual assets. For example a component type ‘Virtual Machines’ could in fact involve more than 1 VM ( a SQL server component type can have more SQL server instances defined – for high availability reasons )

The purpose of the Top Down template is to generate an overview of how all component types of a specific solution are supported. Whenever there is a part of the solution not covered properly, the entire solution will be marked with a red status. The document will then point out which component is not covered correctly and on what level of support the problem occurs.

A pivot table is generated to graphically indicate the healthiness of a specific solution in regards of IT support.































The following fields are used :




























4.2.3. Bottom Up template


The ‘Bottom Up’ template is a very detailed ‘per device’ inventory. This table must already be filled with data from the general CMDB before doing the assessment. During the assessment, additional data and information is added. The Service Now CMDB will be updated after the assessment with any new or improved data collected.














The following fields are used :





































4.3. Diagrams


4.3.1. Site Lay-out diagram


This diagram is located in the CC-XXX-Network visio file ( CC = Country, XXX = Site ID ) – in the tab “Site Layout CC-X ( CC = Country, X is full site name ).


- The diagram uses a background of the entire site. Important and network-connected buildings are emphasized by blue building blocks. Important on this diagram is to have an overview of the inter-building connectivity.


- Every connection type is indicated ( Fiber, Copper or Wireless ). The WAN entry point is also indicated. The names of the buildings could be obtained from the site local contact and should clearly identify spots uniquely.






















4.3.2. Layer 2 network diagram


This diagram is located in the CC-XXX-Network visio file ( CC = Country, XXX = Site ID ) – in the tab “Layer 2 CC - X ( CC = Country, X is full site name ). The Template can be copied to start the design easily.


- The purpose is to identify all Layer 2 connectivity and installed devices on each location. All relevant site locations are identified, there is a link to the corresponding pictures. Each area contains a description of devices found. Connectivity is defined ( switches, wireless, access points ) and switch interlink port numbers may be added when available

- Trunks are indicated with a dotted line, a green text indicates which vlans are activated. Also add the estimated length in m. Blue indicates the link is in copper, Orange stands for Fiber MM, Yellow is Fiber SM

- A blue transparent background indicates OT area with OT only managed devices.

- Different components can be chosen from the Legend window, extra components can be added when required.

- All devices should be identified as good as possible ; if no name is present, use brand, type, …

- Do NOT put Ip address information, routing protocols/information, subnets etc as this info belongs to the Layer 3 diagram.


















4.3.3. Layer 3 network diagram


This diagram is located in the CC-XXX-Network visio file ( CC = Country, XXX = Site ID ) – in the tab “Layer 3 CC - X ( CC = Country, X is full site name ). The Template can be copied to start the design easily. The purpose is to identify all Layer 3 components and the way how they are communicating with each other.


- SVI’s ( Layer 3 vlans ) are the main items. Devices or device groups linked to this SVI are indicated. Devices can be grouped by type/purpose. Layer 3 network components ( L3 switch interfaces, routers, firewalls ) need to be defined separately. The last octet of their ip address should be mentioned.

- Trunks are indicated with a dotted line.

- A blue transparent background indicates OT area with OT only managed devices.

- Different components can be chosen from the Legend window, extra components can be added when required.

- Layer 3 information regarding subnets, routing must be inserted in a separate table. Do NOT put Layer 2 information in this diagram ( vlan id, interface names, etc )

- The WAN demarcation is clearly indicated, all information from the provider is not to be assessed.




















4.3.4. Compute and storage diagram


This diagram is located in the CC-XXX-Network visio file ( CC = Country, XXX = Site ID ) – in the tab “Compute_Storage - CC - X ( CC = Country, X is full site name ). The Template can be copied to start the design easily. The purpose is to identify all Compute, Storage and backup data and the way how they are communicating with each other.


- Hypervisors, Virtual machines and bare metal machines belong to the core of the computing activities. These activities also use data which is stored on cloud storage or local storage like NAS, SAN, or other type of storage environments. The actual data is also being safeguarded by a backup system.

- All these devices and activities are recorded into this diagram.

- This document contains 2 major parts :

o A design showing all included devices and how they are interconnected

o 3 excel tables ( Compute, Storage & Backup ) to enter specific information.

- Different components can be chosen from the Legend window, extra components can be added when required.





















4.3.5. Rack Layout diagram


This diagram is located in the CC-XXX-Network visio file ( CC = Country, XXX = Site ID ) – in the tab “Rack Layout - CC - X ( CC = Country, X is full site name ). The Template can be copied to start the design easily. The purpose is to indicate the physical location of all the racked infrastructure components.


- The main purpose is to be aware of the amount of space free in each rack. Therefore it is mandatory that each device is put on the exact Unit location with the exact height defined.

- 6 racks of each 52 U are by default on the drawing. This sizes can be changed accordingly. If more racks are in place, a copy of this tab can be created

- Different components can be chosen from the Legend window, extra components can be added when required. The components are rack-aware, so they fit and can be resized if needed ; the exact Units will be displayed automatically






















4.4. Working instructions for executing an assessment


4.4.1. Scope


The table below shows the various steps to be taken in order to fulfill a site assessment. Details of each steps are explained further in this document.




















4.4.2. Assessment initiation


During the preparation phase, all the necessary documents are created and copied from the templates. Also preloading of these documents with existing data is essential.












4.4.3. Kick-off meeting


The kick-off meeting is organized for all involved parties to be acquainted with the scope of work, the goals and what needs to be done to complete the assessment. It is important to get the site local contacts involved.





















4.4.4. Prepare site assessment


One or more meetings should be organized with the site local contact to execute preliminary data assessment and prepare the site visits. This will save time during the actual visit. The following tasks should be done
























4.4.5. Execution assessment on site


During the site visit, most of the time will be spent on walking around, identifying devices, getting extra information of the local contact, writing down information and taking pictures.















4.4.6. Post site visit tasks and completion


After the site visit, all documents need to be verified and completed before hand-over.











5. Appendices


5.1. Conversion of Bottom Up sheet to structured data


5.1.1. Problem description


The data captured in the Bottom Up sheet is not optimal organized for database processing. The problem is that 1 particular device record has a relationship with 1 or more different services/solutions. The additional problem is that this relationship is marked with an ‘X’ value.

It is possible to convert this sheet to structured data, meaning that device records belonging to more services will be copied for each service.

This example will clarify :


o This is the unstructured data captured










o FOS-003 belongs to the Weighbridge Service and the Fuel Management Service

o This should be converted to structured data


o All the different solutions are now 1 column

o In case a device belongs to more solutions ( FOS-003 ) ; the record is copied for each solution


5.1.2. Migration steps


o Select a cell in the main data table of the bottom up sheet














o Select ‘Data’ à ‘From Other Sources’ à ‘From Table/Range’





















o Power query will open

o Replace all ‘X’ values in the Solution columns with their appropriate values


o Select all columns with Solutions/Services and then select ‘Transform’ à ‘Unpivot Columns’


You will see that the services are now in 1 column and that records are duplicated for each service


o Selecting ‘Home’ à ‘Close & Load’ will put the new data back in Excel


0 views

© 2019 Intram Services BV

All trademarks and logos are the property of their respective owners

  • LinkedIn