Core Infrastructure

1. Does your AD sit well on Cloud or would it be beneficial to have it on DC or Edge.
2. Is the AD to be deployed a Sub-Domain, an Additional DC or RODC.
3. Dynamic Host Configuration Protocol (DHCP) – How many VLANS to be provisioned, what exclusions to be given, what reservations to be honoured, how to enable IP-protection, how to implement integration to router/Wireless/AD/ Radius/ISE etc.,
4. Email Implementation on Local/Hosted/ Cloud environment. Decide on the kind of Authentication that suits, paired with the type of Integration & security.
5. Authentication- Authorisation and Accounting (AAA) implementation for Application/Cloud/LAN/Wi-Fi etc.
6. Connectivity – Based on the topography of the business, we can set up Multi VLAN/Multi- Routing that could physically be Multi Locational/Multi-storeyed etc.

1. Any upgrade parallel or In-place of core infrastructure of Version/Edition/ Patch/Hardware for AD/ DNS/DHCP.

1. AD/DNS:

   Sub domain migration/creation.

2. Domain merger:

   Especially holds good during company mergers.

3. Hardware movement:

   Core IT assets movement owing to hardware consolidation or decentralisation.

4. Virtualization:

   Movement from one hypervisor to another.

5. Geographic movement:

   Change of premise or a venture in a new country altogether.

6. RODC:

   Migrating a domain controller where AD objects are meant to be read only.

7. DHCP:

   In-place or parallel migration of DHCP.

8. DHCP:

   Standalone to Cluster movement or vice-e-versa.

9. Email:

   Local to cloud(O365) or vice-e-versa.

10. Email:

    Hosted to cloud (3rd party hosted to O365).

11. AAA:

    Moving AAA to New OS or from Radius to ISE.

12. AAA:

    Moving AAA to New Hardware or Appliance.

13. AAA:

    Moving AAA to Virtualization Platforms or Appliance.

14. Core switch:

    Migration using Interoperate or switch over mode taking VLANs, interfaces, routing protocols, & network topology, redundancy protocols (such as VRRP or HSRP) as other factors of consideration.

15. Router:

    Migration of router factoring ACLs, routing tables, throughput, interfaces, routing protocols, IP addressing, NAT (Network Address Translation), and security settings.

16. Firewall:

    Migration of firewall involving porting of firewall rules, objects, traffic flow settings, port mapping, planning VPN requirements, high availability etc.,

17. Access/Edge switch:

    Access/Edge switch migration factoring, their configuration, port assignments, VLANs, port density, throughput, PoE (Power over Ethernet)
    capabilities and network growth projections.

18. Wireless:

    Migration of wireless after considering Hardware compatibility, RF site survey and planning, network segmentation, VLan, Choice of protocol, QOS settings, controller config, AP setting etc.,

19. TOR Switch:

    Migration of TOR Switch after factoring port density, support for new protocols, future scalability needs, redundancy, Support for STP, Link aggregation and routing etc.,

20. Virtualization/Appliance:

    Migration of virtualization platform after factoring Hypervisor compatibility, tool/utilities for migration, VM disk image portability, configuration, snapshots, resource allocation, permission grant, fine tuning for newer
    environment etc.,

21. Segmentation/ VLAN:

    Migrating VLan segmentation after considering Isolation levels, VLan trunking & tagging, Inter VLan routing etc.,

22. VPN:

    Migrating existing VPN to an alternate VPN solution or to MPLS.

23. Branch office Routing:

    Migrating Branch office Routing, after considering the Physical Connectivity,
    Redundancy / Failover, Protocol Selection, Routing Tables, Configuration and Traffic Prioritization etc.,

1. AD Sync issues.
2. PDC emulator issues.
3. Time Sync issues (NTP).
4. Password replication issues.
5. Naming conversion / Stale record / Aging issues.
6. DHCP issuing wrong updates.
7. DHCP misconfiguration /Reverse look up issue.
8. Email Conflict resolution.
9. AD Sync issue to mail sever or O365.
10. Mailbox mapping issues.
11. AAA Policy conflicts (Both policies not working).
12. AAA Policy override (One working while the other one not working).
13. IP Conflicts.
14. Routing issues.
15. Access policy issues.
16. Authentication issues.
17. NAT issues.

1. Baseline configuration correctness.
2. Integration with remaining components (Cloud / Application / API etc.,)
3. Architectural validity.
4. Error log check.
5. Security & Patching Level.

1. Any AD Object addition/modification/Deletion.
2. AD health.
3. AD server performance.
4. AD Backup monitoring.
5. Access monitoring.
6. AD Log monitoring.
7. DNS Object Audit.
8. DNS Health.
9. DNS Sync.
10. DHCP Server health.
11. DHCP IP Pool status/Health.
12. DHCP Conflict monitoring.
13. DHCP Log.
14. Any mailbox addition/modification/deletion.
15. Any Mail rule change.
16. Any Mail/Mailbox permission change.
17. Email/Mailbox Data copy/Access.
18. AAA Server access log.
19. AAA Server/Infrastructure/Appliance Health monitoring.
20. AAA log (Success/Failure/Retry etc.).
21. Internet/LAN/Wi-Fi Connection Health monitoring.
22. Internet/LAN/Wi-Fi Device status and health monitoring.
23. Internet/LAN/Wi-Fi Performance.

1. Existing license.
2. Existing Usage.
3. Gap analysis.
4. License usage strategy and optimization.
5. ISO Compliance from IT point of View.
6. GDPR Compliance from IT point of view.
7. Corporate/Client/Organizational compliance.

1. Baseline security (MBSA).
2. Antivirus.
3. Patch Management.
4. DLP/IPS/SSL/TLS.
5. Encryption/BitLocker/MBAM.
6. Access Policy.
7. Firewall configuration.
8. VLAN Segmentation/ Micro Segmentation.
9. Remote access.
10. Virtual Private Network (VPN) .
11. Server Hardening.
12. Network Hardening.
13. Group policy.
14. IP Address Management (IPAM).
15. AAA implementation.
16. Firmware Upgrade.
17. Attack Surface Reduction.
18. Multi-Factor Authentication (MFA).
19. Ransomware protection.
20. RBAC.
21. Log management (SIEM).
22. Secure Core/TME/SXG/TPM.
23. VAPT.

1. AD backup/ VM Backup.
2. AD LOG.
3. Automated system recovery.
4. DB.
5. Configuration backup.

Implementing High Availability (HA), Disaster Recovery (DR), and Business Continuity Planning, (BCP) strategies are critical for ensuring system resilience, minimizing downtime, and maintaining business operations in the event of disruptions or disasters. Here is how we implement HA/DR/BCP step by step on indicative lines.

1. Risk Assessment and Business Impact Analysis:

• Identify potential risks, threats, and vulnerabilities that could disrupt business operations.
• Conduct a business impact analysis (BIA) to prioritize critical systems, applications, and processes based on their importance to the organization.

2. Define Objectives and Requirements:

• Set clear objectives for HA, DR, and BCP strategies aligned with business goals and risk mitigation.
• Determine Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for different systems and processes, specifying how quickly data and services need to be restored.

3. High Availability (HA) Implementation:

• Deploy redundant systems, hardware, or components to eliminate single point of failure and ensure continuous availability.
• Use clustering, load balancing, or failover technologies to automatically switch to backup systems in case of hardware or software failures.

4. Disaster Recovery (DR) Planning:

• Choose a suitable DR site or cloud platform that ensures geographic separation from the primary site to safeguard against regional disasters.
• Replicate critical data, applications, and configurations to the DR site in real-time or with scheduled backups.

5. Backup and Replication Strategies:

• Implement robust backup solutions for regular data backups, ensuring that backups are stored securely and can be easily restored.
• Utilize replication technologies to maintain copies of critical data and systems at remote locations for quick recovery in case of failures.

6. Testing and Validation:

• Conduct regular testing and validation of HA/DR /BCP plans to ensure they work as expected.
• Perform simulated disaster scenarios, including failover tests, to evaluate the effectiveness of recovery procedures.

7. Documentation and Procedures:

• Document detailed procedures, step-by-step guides, and contact lists for initiating DR/BCP processes during emergencies.
• Ensure that relevant staff members are trained and aware of their roles and responsibilities in executing the DR/BCP plans.

8. Continuous Improvement and Updates:

• Review and update HA/DR/BCP plans periodically, considering changes in technology, business processes, or regulations.
• Incorporate lessons learned from testing and real incidents to enhance the effectiveness of the plans.

9. Coordination and Communication:

• Establish clear communication channels and escalation procedures for notifying stakeholders, employees, and partners during a disaster or disruption.
• Coordinate efforts across different departments or teams involved in executing DR/BCP plans to ensure a cohesive response.

10. Compliance and Governance:

• Ensure that the implemented HA/DR/BCP strategies comply with industry standards, regulatory requirements, and internal policies. Implementing HA/DR/BCP strategies requires careful planning, investment in technology, regular testing, and continuous improvement efforts to maintain a resilient infrastructure and ensure minimal disruption to business operations during adverse events.

Cloud integration refers to the process of connecting various cloud-based applications, platforms, systems, or data hosted on different cloud environments, enabling seamless communication, data sharing, and interoperability between them. It involves combining multiple cloud services or integrating on-premise systems with cloud-based resources to create a unified and cohesive IT infrastructure.

1. Azure active directory sync (Ex: for O365).
2. Meraki Cloud switch Setup.
3. Cloud DLP protection.
4. Cloud firewall.
5. Cloud application internal connectivity.
6. Cloud to local VPN.
7. Multi cloud connection/setup.

1. Active Directory (AD)

1. Sub-domain Implementation.
2. Additional DC.
3. RODC.

2. Domain Name System (DNS)

1. DNS Implementation.

3. Dynamic Host Configuration Protocol (DHCP, IP Address Management)

1. Vlan Config.
2. Failover or cluster implementation.
3. IPAM Implementation.

4. Authentication/Authorization/Accounting (AAA, RADIUS, ISE Etc.,)

1. Branch office Integration.
2. Log collection service.
3. Radius partial implementation.

5. Connectivity (Internet/LAN/Wi-Fi)

1. Complete branch office LAN setup.
2. LAN/Segmentation/VLAN.
3. Branch office firewall.
4. Wi-Fi Implementation.
5. Routing and access policies for head office.
6. Remote access policy.
7. VPN.
8. Cloud connectivity.
9. End customer connectivity.