#1.
Buy good hardware.
Buy computers with fast buses, a
lot of cache, and main memory. BENCHMARK the resulting hardware and system
build. A mistake in a driver selection, a configuration file, or CMOS
setting can negate the fastest components. Also, be sure your disks are
mirrored for fault-tolerance. This does not cost much and greatly
increases survival in the event a disk fails. (ALL disks fail eventually.)
Be certain that the RAID configuration you end up with will automatically
re-sync after a failure. (Many don’t!) Hardware RAID will be faster, and
if you pick the right one, it will be the simplest to live with. Software
RAID as provided by MS does not re-sync in the (common) event a spared bad
block.
#2.
Reboot
the system every night.
It may not be obvious that this
needs to be done, but it solves a number of ongoing MS issues. If the goal
is to have many months go by totally
trouble-free, you will discover this will help. (And reduce
user frustrations a lot.)
#3. DO NOT ALLOW WEB ACCESS to the Application Server! EVER!
The science of ‘security’ and
the science of ‘hacking’ are running about even just now. The absolute
way to avoid Virus or Malware contamination is to lock down the Server IN
THE EXTREME. This means that the only protocol that can be allowed is the
one used by Terminal Services.
#4.
Get the ‘User Accounts’ right.
The administrator needs to have a
way to provide ‘read only’ content to the users. The users must be
‘boxed in’ to some extent, while giving them access to the folders
they need to get their work done.
#5. Create all the Necessary accounts.
You will need accounts for
training, testing, and outside access.
#6. Be PARANOID
on email settings and use!
In general, it is only necessary
to let users SEND email from within the SA environment.
#7.Provide for
the ‘All the Other Things’ that make the user experience fully
productive.
This means the ability to
seamlessly integrate other 3rd party software.
#8.
Configure SQL Server Properly!
-
SQL Server 2005 has improved
performance and security
-
Dedicate specific SQL disks for
tables and indexes for optimum performance
-
Optimize SQL disks with ideal
cluster sizes for maximum throughput
-
Run referential Integrity Checks
nightly
-
Run SQL Server on a dedicated
Server if the level of performance warrants it
-
Keep a separate disk for logging.
The combination of the mirrored drives and a separate log disk makes
recovery very quick and easy.
-
Be prepared to dedicate an entire
Server to SQL if the user counts get large.
Hardware
Summary
-
Benchmark Servers for
‘actual’ performance
-
Use Tested and well chosen server
components
-
Use Dual core processors and up
to 4GB of RAM
-
Use advanced controllers for
disks that implement NCQ (Native Command Queue)
-
Use High speed Quality of Service
(QOS) network to ensure fast user response times
-
Use ‘Continuous Quality
Improvement System’ for trouble free operation over many months of
continuous use
-
Use software and Hardware based
firewalls
-
Use Malware and virus protection
on the router (packet level) and on the server
Account
Summary
-
Build-in staff, administrator,
and training users
-
Staff users can only access their
folders
-
Staff users can only send email
-
All user Logons must be
restricted by RDP encryption
-
Staff users need built-in READ
ONLY folders for company manuals and templates
-
There must be staff level
security for files by location or office
-
Staff users can only be allowed
to save files to there folder that have built-in permissions
-
The Admin user needs to be able
to ‘shadow’ or remote control other staff users for training or
support
-
The Admin user must be able to
always see who is logged onto the server and from where
-
The Admin user needs the ability
to upload and download files to their server within internet explorer
-
The Admin user needs a special
admin desktop with admin-only features for access to SQL manager and
protected file storage
-
Admin user must be able to
password protect sensitive documents
-
Every system needs a Training
User with a ‘demo’ database so new employees can familiarize
themselves with the application features
-
Passwords must be able to be
changed at a moments notice, should an employee quit or get fired
-
Administrators need to be able to
specify that staff users can only login to there server at particular
times of day (e.g., 9:00 a.m.-5:00 p.m.)
-
An Optional online backup is
necessary that can be checked via the internet by admin user anytime
for added peace of mind
Of
course if you don’t want to do any of these things, but still want to
‘Get the Full Effect of your software investment,’ then you can
subscribe to COATS!
|
Pre-Setup
|
|
|
|
Network security
|
|
|
Server and hardware
|
|
|
File sharing security
|
|
|
User security
|
|
|
Microsoft Office security
|
|
|
Total office environment
|
|
|
Online resume service
|
|
|
Time and attendance service
|
|
|
Remote printing
|
|
|
Multi-location security
|
|
|
Any place, any time access
|
About …
Sarach Technologies, LLC. was
established in 1995 and provides staffing software for industrial,
clerical, technical, professional, medical, financial, legal, hospitality
and other industry specialties.
4560 South Blvd., Suite 298, Virginia Beach, VA
23452, Phone: 800-888-5894.
IntelliPath specializes in allowing users to access their
COATS system via the web from satellite offices or onsite locations. Our most effective sales
tool is our customer base. Call us today for more information on how we
can benefit your firm at 866-774-1027.
|
