Operations Run Book

Operations Run Book

Enter Client’s Name Here

Prepared By: / Managed Services, Champion Solutions Group
Version: / 1.00
Publication Date: / 10/03/05 — 2:05:18 PM

All rights reserved. The information contained in this document is the proprietary information of Champion Solutions Group and may not be used, duplicated, or disclosed except for its intended purpose. All company or product names mentioned are used for identification purposes only, and may be trademarks of their respective owners.

Operations Run Book

10/3/2005 — 2:05:18 PM

DOCUMENT IDENTIFICATION INFORMATION
Document Name: / Operations Run Book for Enter Client’s Name Here
Version: / 1.00
Date Created:
Created By:
Date Published: / October 3, 2005, 2:05 PM
Security Classification: / Restricted for use by IBM/CSG Managed Services Clients
Creation Software: / Microsoft Word 2003
Contributors: / MSOC Team
CHANGE HISTORY
Ver. / Date / Change Description / Approval
0.01 / Initial draft for review by MSOC team
1.00 / Initial version for publication
DOCUMENT REVIEW
Name/Title / Signature / Date

DISTRIBUTION LIST

IBM Managed Services

Champion Managed Services

All IBM/CSG Managed Services Clients

DOCUMENT LOCATION

This document is available via the Champion Portal at https://www.championpulse.com.

Client’s Final: / The Client’s copy is stored on the CMS portal under their specific document area.
Template
(CMS Use Only): / To obtain the internal template from the CMS portal, please click here, or enter the following URL in your Web browser:
https://portal.championpulse.com/C15/MSOCPoliciesNProcedures/Templates/Operations_Run_Book.doc.

Page - 17

Operations Run Book

10/3/2005 — 2:05:18 PM

Table of Contents

Introduction 1

Contact Information 1

Champion 1

IBM 1

Escalation Process 2

Champion Group / IBM Web Portal 3

Champion Group / IBM Phone Support 3

Infrastructure 3

Facility Overview 3

Site restrictions 3

Fire and emergencies 3

Shipping To The Facility 3

Directions 4

Shared Common Areas 4

Hardware Configuration 5

Operating Procedures Overview 6

Introduction 6

Remote Accessibility 7

Purpose 7

Scope 7

General Policy 7

Requirements 7

Enforcement 8

Operating System Permissions 8

Purpose 8

Scope 8

Policy 8

Ownership and Responsibilities 8

General Configuration Guidelines 9

Compliance 9

Server Setup 9

Overview 9

Scope 9

Policy 9

Ownership and Responsibilities 10

Backup Configuration 11

Software 11

Policies 11

Data Restoration Process 12

Purpose 12

Overview 12

Incremental Backups 12

Incremental Restores 12

Database Restores 12

Tape Handling and Retention 12

Retention Policies 12

DRM Tape Handling 12

Responding To Alerts 14

Change Management 14

Types Of Change Requests 14

Severity And Priority 15

Change Request Classifications 15

Scheduled Client Change 16

Scheduled CSG Change 16

Emergency Changes 16

Who Is Authorized To Request A Change? 16

How Is A Request Submitted? 16

Scheduled Maintenance Windows 17

Change Control Board 17

Decision Categories 17

Turnaround Time 17

Problem Management 17

Business Hours 17

Contacting Support (Champion MSOC) 17

Telephone 17

Champion Portal 17

Severity And Priority Levels 17

Trouble Ticket Workflow 20

Monitoring Standards 21

PURPOSE 21

REFERENCE 21

OVERVIEW 21

Thresholds 21

IIS Services 21

SQL Server 2000 23

Storage Area Network Switches 24

Webservers 24

Network Intrusion Detection System 24

Purpose 24

Scope 24

General / Policy 24

Enforcement 24

Operating System Patches / Service Packs 25

Microsoft 25

AIX 25

Linux 25

Disaster Recovery 25

Appendix A — Windows Server Security Checklist 26

Linux Security Checklist 33

Page - 17

Operations Run Book

10/3/2005 — 2:05:18 PM

Introduction

Welcome to the Managed Services Operations Center (MSOC) for Champion Solutions Group (CSG). As an IBM business partner, the MSOC has been established for the purpose of providing managed services for customers. This document serves as a centralized repository for all policies, procedures, and supporting documents that are associated with the day-to-day operations of the MSOC. The administrators and engineers are provided the ability to quickly and easily navigate to documentation needed to perform assigned duties accordingly.

Contact Information

Champion

Managed Services Operations Center (To submit a request for service)
Telephone: / (888) 997-7789
Web Portal / https://www.championpulse.com

IBM

Name & Title / Telephone / E-mail
Enter PM Name Here / Enter PM’s Phone # Here / Enter PM’s E-mail Here

Escalation Process

The escalation process describes the information flow in case of non-compliance with minimum service levels. This escalation process applies to severity 1 calls only.

The following escalation sequence is to be utilized if a service is not delivered in a specific timeframe.

ESCALATION

15 Minutes — MSOC Call Center
888-997-7789
30 Minutes — MSOC Supervisor,
Eric Schneider
561-251-6240 / AND / IBM Project Manager,
Enter PM Name Here
Enter PM’s Phone # Here
Enter PM’s E-mail Here
45 Minutes — MSOC Manager,
Jay Kobert
954-646-2784
1 Hour — President, Managed Services
Ian Sutcliffe
561-997-2900, XT 262 / AND / IBM Project Executive,
Enter PE’s Name Here
Enter PE’s Phone Here
Enter PE’s E-mail Here

Champion Group / IBM Web Portal

Champion Managed Services has designed a web portal called ‘The Pulse’, for our customers intended to provide various types of information, such as but not limited to:

1) Customer Infrastructure Documentation

2) Procedures/Processes

3) System Monitor Tools

4) On-line Service Requests

Champion Managed Services Portal URL:

https://www.championpulse.com

Champion Group / IBM Phone Support

Customer’s can directly contact the Managed Services Operations Center directly via the telephone by dialing:

(888) 997-7789

Infrastructure

Facility Overview

The customer’s environment is maintained in the Champion Managed Services facility located in the IBM Atlanta BellSouth eBHC (eBusiness). For the purpose of this document, we will refer to eBHC as the “facility”.

The facility maintains several security features for your protection. Security technology may include biometric readers, cyberlocks, and interior and exterior motion-activated video surveillance cameras in selected areas.

Site restrictions

Smoking is not allowed in the facility. Unauthorized recording devices, including cameras and video recorders, are not permitted.

Fire and emergencies

The center maintains a fire suppression system. Emergency announcements are made by the facility manager. During a fire emergency, all visitors must report to the front parking lot and wait for the Onsite Operations staff to give a fire status. Emergencies should be reported promptly to the Onsite Operations staff.

Shipping To The Facility

Any request for shipments must be submitted through the Champion Managed Services Operations Center (MSOC). The details for requesting service (submitting a ticket) are located in the procedure titled “Creating A Request For Service” on Champion Managed Service’s portal (https://www.championpulse.com).

Be prepared to provide the following shipping information to the MSOC when scheduling the delivery:

· Name of carrier

· Way bill number

· Expected date and approximate time of arrival

· Number of packages

· Approximate weight and dimensions

· Specific handling instructions

If the shipment is going to be delayed, contact the MSOC to modify the shipping information.

All carriers must be instructed that all deliveries must indicate Inside Delivery.

Shipments must be addressed to:

BellSouth® c/o IBM Site Manager

Customer name/identifier

BellSouth® Trouble Ticket Number

675 W. Peachtree Street NW

Atlanta, GA 30308-1989

Directions

The address is:

675 W. Peachtree Street NW
Atlanta, GA 30308-1989

From Atlanta Hartsfield Airport

1. Follow the airport exit signs to Camp Creek Parkway.

2. Merge onto I-85 N toward I-75 N/ATLANTA.

3. Take the US-19/SPRING STREET exit (exit number 249D) toward US-29/W. PEACHTREE STREET.

4. Take the ramp toward US-19/US-29 N/US-78/W. PEACHTREE STREET.

5. Turn SLIGHTLY RIGHT onto LINDEN AVENUE NW.

6. Turn LEFT onto W. PEACHTREE STREET NW.

Shared Common Areas

The facility has a common area located past the mantrap. The common area is shared by all customers of the IBM e-business Hosting Center and has the following amenities:

· Eating area

· Vending machines

· Coffee machine

· Restrooms

· Conference room

Hardware Configuration

Part No. / Qty. / Description / Server Name / Operating System /

Operating Procedures Overview

Introduction

Please note that the procedural content of this section is presented on a general, high-level basis. Please refer to the Champion Managed Services portal (https://www.championpulse.com) for the detailed, step=by-step procedures.

The following serves as an overview of policies, procedures, and supporting documents that are associated with the day-to-day operations of the Managed Services Operations Center (MSOC). It is made available to the administrators and engineers, and provides them with the ability to quickly and easily navigate to the documentation that is needed to perform assigned duties accordingly.

Each procedure is structured to lead the engineer and management through steps to ensure the rapid and efficient completion of a particular task. In addition to the steps, general overviews are provided for clarity. After having completed a specific procedure several times, and have become familiar with its background, you will be able to use the document as a reference guide and proceed directly to the steps required.

Remote Accessibility

Purpose

The purpose of this policy is to define standards for connecting to Champion Managed Service's network and any hosted network environment that Champion manages from any host. These standards are designed to minimize the potential exposure to Champion Managed Services, and managed network infrastructures, from damages which may result from unauthorized use, out-dated / insecure encryption methods, and unsupported methods of connection to Champion Managed Service’s resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, infrastructure device and/or Operating system configurations, and damage to critical Champion Managed Service’s internal systems.

Scope

This policy applies to all Champion Managed Service customers, customer clients, employees, contractors, vendors and agents that require connection to the Champion Managed Service network and customer-hosted network environments. Remote access implementations that are covered by this policy include, but are not limited to, dedicated internet circuits, dial-in modems, frame relay, ISDN, DSL, VPN, SSH, and cable modems, etc.

General Policy

The following policies outline details about different methods of accessing network resources via remote access methods, and acceptable use of Champion Managed Service's managed networks:
Acceptable Encryption Policy

1) ESP-3DES

2) Hash / ESP Authentication = MD5, SHA, AES-128, AES-192, AES-256

3) D-H group = 2

Virtual Private Network (VPN) Policy

1) Site to Site = IPSEC

2) Remote Access VPN = PPTP (Microsoft Client)

Based on business and application requirements for administration; the following additional methods are acceptable once a secure tunnel has been established or requests from the customer with acknowledgement of their insecurities can be established.

A. Microsoft Terminal Services / Remote Desktop Protocol
B. Secure Shell / D. PCAnywhere
C. Telnet / E. RealVNC / VNC

Requirements

Secure remote access must be strictly controlled. Control will be enforced via submission of a change request through the MSOC from authorized personnel from the customer.
At no time should anyone provide their login or email password to anyone.
Customers must submit all encryption details with the specific source to destination for the customer network. Details include the following: Peer IP Address, Pre-Shared Key, Specific host / network to Specific host / network destination.
Firewall change requests must be submitted to the MSOC. No firewall change requests will be completed without the completion of a Firewall Rule Request Form.
Frame Relay must meet minimum authentication requirements of DLCI standards.
Non-standard hardware configurations and security configurations must be approved by Champion Managed Services MSOC.
All hosts that are connected to Champion Managed Services managed environments and networks via remote access technologies must use the most up-to-date anti-virus software. This includes personal computers. Third party connections must comply with requirements.
Customer personal equipment that is used to connect to Champion Managed Service's managed networks is not supported.

Enforcement

If any of the above requirements are not met, Champion Managed Services will be responsible for damages that may be caused from the misuse of remote access policies. Service requests that do not comply with the policies in this run book may be subject to rejection by Champion Managed Services.

Operating System Permissions

Purpose

The purpose of this policy is to establish standards for the base configuration of server equipment that is supported by Champion Managed Services. Effective implementation of this policy will minimize unauthorized access to customer’s proprietary information.

Scope

This policy applies to server equipment supported by Champion Managed Services.

Policy

Champion Managed Services recommends the utilization of the server security best practices (see Appendix A). All server security considerations for application management will be defined by the customer, which may or may not affect SLA availability credits.

Ownership and Responsibilities

· All servers supported by Champion Managed Services are owned by the MSOC. The MSOC is divided into technical verticals to ensure efficient problem resolution. The technical verticals include:

o Network

o Server

o Storage

o Data Management

· Servers are registered within Champion’s enterprise management system. At a minimum, the following information is required to positively identify a given system:

o Server contact(s) and location, and a backup contact

o Hardware and Operating System/Version

o Primary functions and applications

· Information in the enterprise management system is kept up-to-date.

· Configuration changes for production servers follow the appropriate change management procedures.

General Configuration Guidelines