Printer Friendly Version

When we think about all the things that can affect the integrity of an intranet — hardware failures, hard disk crashes, data corruption, viruses, power outages, malicious attacks by outsiders or disgruntled employees, careless misuse, natural disasters — the odds seem stacked against us. How can we possibly keep a system running from day-to-day when there are so many forces working against us? It all begins with proper planning and preparation.

The procedures and mechanisms you put into place to ensure intranet integrity must focus more on prevention than reaction. If you plan for all foreseeable contingencies, your actions will be well-orchestrated. But if you're left scrambling — wondering what to do after a hard disk crash or a virus infecting the heart of your e-mail system — for a solution to the problem, you will end up slapping on as many Band-Aids as you can get your hands on rather than finding a real solution. It will be a race against the clock to get your system back up onto its feet — all the while, your users will be sitting around waiting for the system to return to normal.

In Part 1 of this series on maintaining intranet integrity, I discussed intranet architecture types that can be put into place to support a wide range of intranet priority types — from low to mission critical systems. I also stressed the importance of implementing an architecture that reflects the need for system availability; the higher the intranet priority, the higher the need for data and processor redundancy.

In this article I'll be focusing on some other things that must be in place to ensure the overall integrity of your intranet:

• Implementing a thorough security infrastructure
• Carrying out a regular maintenance schedule
• Maintaining regular data and system backups
• Establishing a disaster recovery plan

Security Infrastructure

Of all the malevolent IT gremlins that negatively impact computer systems around the world, none are highlighted by the media as much as viruses and hackers. Their effects can range from minor annoyances to full-on system corruption. And for those unfortunate enough to have been intimately acquainted with these gremlins without the appropriate contingencies and failsafes in place, premature hair loss can be traced right alongside data loss.

We have all at one point or another felt the impact of viruses or hacking — either directly or indirectly. But the severity of this impact can be greatly influenced by our own response to the incident. If you're caught unaware, even the slightest mishap can cause you to flee the building and seek asylum in a mountaintop monastery. And in these situations it might not even be the virus or hacker that does the most damage, it might very well be your own actions — or over-reactions.

For any one particular system to be secure — be it your intranet, e-mail, or payroll — all systems around it must also be secure. One compromised system may result in a rippling affect and cause others to suffer a similar fate.

The security mechanisms you need to have in place, however, will vary depending on the systems you're running. Certain applications may have proprietary security architectures and maintain its own list of user accounts and access control lists (ACLs). Others may tie directly into your network operating system's security.

But regardless of any proprietary software, internal networks should have these common security components in place to ensure overall system integrity:

• Firewall/proxy server(s) to manage the incoming and outgoing traffic between internal network resources and external Internet resources.

• A multi-tiered anti-virus solution with the latest virus signatures installed at all levels of the network: E-mail gateway server(s), application and data server(s), and every individual client computer.

• The appropriate access controls for employees to access internal network resources.

• Power management resources such as an uninterruptible power supply (UPS) in the case of brownouts or blackouts.

• A virtual private network (VPN) for extranet implementations.

Unfortunately, despite all the technological security mechanisms you put into place to prevent system corruption, they don't stop careless misuse by unwitting, albeit well-meaning, employees. Educating your staff on the usage of their systems and the proper handling of sensitive information is crucial in avoiding accidental mishaps.

Regular Maintenance Schedule

All IT systems need a regular checkup to stay healthy. Preventative maintenance measures — applying system patches, de-fragmenting hard disks, auditing server logs, processor and traffic payload tests — do a lot to keep possible problems at bay. But proper system maintenance also means downtime, something your users may not be able to afford.

Those who have implemented intranet architectures incorporating some form of server redundancy don't need to worry that much about downtime since one server (or a series of servers) can always remain online while they're working on another. Those without redundant resources, on the other hand, need to schedule maintenance so that the effects of downtime on their user community is minimized.

Scheduling maintenance downtime for an intranet with a local user-base is a fairly simple matter: Just do it during off-peak hours, such as in the evening or overnight. This schedule must remain the same so that users will come to expect it and plan their own work accordingly. And if it's necessary to deviate from this schedule, make sure that adequate prior notice is given to the users.

However, with the globalization of the workforce, extranets are becoming increasingly important, allowing a remote office in Sydney, Australia to securely access their intranet located in New York City. Planning a maintenance schedule in these situations may be a little trickier because of time zone differences; your local downtime may very well be another offices primetime. But by reviewing your Web server usage logs, you will be able to find a window of opportunity — a gap where usages is low — in which to perform any required maintenance without too much interruption on your global user community.