Security

Deployment documentation best practices for consultants

Don't deploy a new firewall, VPN, server, SAN, wireless network, or other systems without properly documenting the installation.

It's amazing how often new clients describe an intermittent networking issue and, upon troubleshooting, I discover the client doesn't possess any documentation -- no passwords, IP addresses, architecture data, nothing. When consultants cannot even log in to a problematic device, we're often left with no alternative but to reset the component to default factory settings and start from scratch.

Once my IT consultancy begins documenting the client's setup and preparing a simple network diagram, basic issues typically become evident rather quickly. Maybe there are two DHCP servers on a network, subnets are improperly architected, or MPLS circuits aren't properly bridged. If the original consultant had taken the time to document the project, these issues would have been readily apparent; it's unprofessional to leave a client in such a predicament. Plus, proper documentation is a best business practice, so much so that it's a tested objective on CompTIA's Server+ exam (PDF).

Follow these documentation best practices

  • Note the device, serial number, purchase date, warranty information, LAN and WAN IPs, and similar data for every project.
  • List complete WAN circuit information, port forwarding requirements, VPN settings, and corresponding routing data for all firewall rollouts.
  • List usernames and passwords required to access routers, firewalls, VPN concentrators, managed switches, servers, wireless devices, and other administrative consoles.
  • Save the username and password required to access all devices in a safe location.
  • Record systems information.
  • Draw topology maps for network initiatives, site diagrams and, when required, individual rack diagrams.
  • Draw network diagrams. Even simple network diagrams help identify a surprising number of errors and issues.

Should clients pay extra for documentation?

Clients should not have to pay extra for professionally collected documentation packed in a simple, bound file. You should already be building this documentation to ensure they're properly planning and executing projects. The only remaining steps are to clean up the notes and drawings, print them, and collect them neatly in a binder.

Benefits pay off in the present and the future

Consultants who adopt proper documentation practices will find deployments complete more smoothly. Better yet, any time changes, replacements, or additional systems are required, the process will prove much simpler because you or another consulting firm can refer to the complete original documentation.

Also read on TechRepublic

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

3 comments
bestitdocuments
bestitdocuments

The gap is in corporate contracts, statement of work and project deliverable documents. Not detailed enough project deliverables based on in-sufficient requirements and other supportive documentation details. Regards, Mark

dipshitt1000
dipshitt1000

I agree they shouldn't pay extra for documentation, but it should be part of your billable hours or factored into your quoted proposal to document the implementation. Also what I have done in the past is utilized Dropbox and created shares folders for each client where they can get to their companies encrypted Keepass db file, which houses all their ID's and passwords. Also in this share is their network documentation in electronic format for each doc type (xlsx, docs, vsd, ect). This way changes are made to a single source thereby eliminating outdated printed (or otherwise) client documentation. You can go as far as installing dropbox client on a file server or an employees workstation so the updates are automatically synced and available off-line in the case of a down Internet connection, but in the same breath are located off-site in the case of a disaster. I also install Keepass portable into the clients dropbox folder as well so it's all in one spot. Once concern I have is how I could better maintain security for the other document files. I'm making the assumption that dropbox security isn't good enough, or maybe more accurately the password chosen by the client won't be complex. I don't want to zip and password protect the files as that adds a level of complexity that I'd rather not have. In the end I struggle with the question of does the documentation really need to be more secure. Does it really matter if it's hacked and someone finds out what external IP address the company has or the diagram of the LAN/WLAN. No user ID's and passwords are in the documentation, as the documentation references the Keepass file. I'd be curious to hear other consultants do for storing client documentation while maintaining security and availability.

Erik Eckel
Erik Eckel

That's a good point. So many clients won't sign contracts or even statements of work, though. Often they just want work to get started and a problem to get fixed. That's one of the reasons I at least try to prepare detailed project descriptions up front before work begins. It's saved me several times when a vendor changed their story or other scope changes raised.

Editor's Picks