Sie sind auf Seite 1von 39

Widgets, Inc.

Network Assessment Report

Prepared by:
Date:

Tech Name, Senior Enterprise Engineer


February 10, 2012

The Network Support Company


7 Kenosia Avenue, Suite 2B
Danbury, CT 06810
(203) 744-2274

Table of Contents
Executive Summary............................................................................................................................................... 3
Vision and Mission ............................................................................................................................................ 3
IT Summary ....................................................................................................................................................... 3
Assessment Goal ............................................................................................................................................... 3
Assessment Summary ....................................................................................................................................... 4
Assessment Detail ................................................................................................................................................. 5
Physical Environment........................................................................................................................................ 5
Network Infrastructure ..................................................................................................................................... 7
Servers ............................................................................................................................................................ 10
Workstations ................................................................................................................................................... 14
Collaboration Tools ......................................................................................................................................... 19
IT Processes & Procedures .............................................................................................................................. 22
IT Remediation Timeline ..................................................................................................................................... 23
Hardware & Software Inventory Reports ........................................................................................................... 24
Executive Summary Report ............................................................................................................................. 24
Hardware Report ............................................................................................................................................ 26
Microsoft License Detail Report...................................................................................................................... 27
Machine Patch Summary Report .................................................................................................................... 28
Detail Report ................................................................................................................................................... 29

Network Assessment Document

2|Page

Executive Summary
Vision and Mission
Widgets, Inc. has over 50 years in providing machining and assembly solutions for function critical, highly
engineered parts, and assemblies. Widgets, Inc. aims to help their customers succeed by understanding their
needs and by providing innovative and cost effective solutions.

IT Summary
The Information Technology (IT) environment which supports this business goal all exists in a single building
and consists of two main Windows servers and a Windows workstation which acts as a server for a
homegrown DNC network for machine control. The Windows servers run various business supporting
applications, central of which being the ManuFACT application but there are dozens of other important
software applications in use for specific functions such as for accounting, design, and tracking. The server
and application environment is supported by four business class network switches, an Internet firewall, and
various other hardware components such as network attached storage for backups. The bulk of the network
infrastructure was acquired by Widgets, Inc. from the previous companies which make up their corporate
history. Only various PCs, printers, servers, and a switch have been upgraded in the last seven years. The
cabling infrastructure, most network switches, and the DNC network have not been essentially modified in at
least 7 years.

Assessment Goal
Widgets, Inc. is currently auditing its IT environment to ensure that it does and can continue to optimally
support its business goals. Widgets, Inc. IT goals include:
Availability IT systems are available for use at all times when required, in a timely manner that
meets the needs of the users.
Security IT systems are accessible only by authorized users because of business need.
Capability IT systems provide users with tools to efficiently and effectively do their jobs with
flexibility to adapt to changing needs.
Competitiveness IT systems provide competitive advantage, or at least minimally provide
competitive parity as it is not an option to be noncompetitive.
The Network Support Company (TNSC) has increasingly found that customers are auditing their IT
infrastructure and practices. Customers can suffer loss due to critical service delivery disruptions and security
breaches. Unfortunately, IT is often the source of these disruptions. An up-to-date IT infrastructure,
properly and proactively maintained following industry best practices, can help Widgets, Inc. to provide
better product and service delivery and thus better compete.

Network Assessment Document

3|Page

Assessment Summary
The Network Support Company (TNSC) therefore offers this Network Assessment in order to provide
suggestions on how the IT environment could be enhanced to better support these business goals.
In general TNSCs Network Assessment found that the current IT infrastructure, support model, processes,
and procedures are basically supportive of the current business needs. Yet much of the infrastructure is
aging to the point where it is becoming increasingly hard to support, the support model is reactive, and most
IT processes and procedures are undocumented.
As with any IT infrastructure, there is always room for improvement. Areas for suggested improvement for
Widgets, Inc. include:
Physical Environment
- especially environment controls and physical security.

Network Infrastructure

- especially Internet security, network management and cabling.

Servers

- especially disk space, data protection, server management, and


supportability.

Workstations

- especially workstation management, application compatibility, and


supportability.
(This section also includes recommendations regarding the DNC
system.)

Collaboration Tools

- especially e-mail and sharing data with customers.

IT Processes & Procedures

- especially documenting the current systems & network, and


support/operation procedures.

The following pages focus on each of these areas listed above and provide detail about specific improvement
needs identified. Rough estimates for the capital, operating, and labor effort required for major
remediations of the identified issues is provided in each section but are highly dependent upon the depth &
scope of the remediation that Widgets, Inc. would desire to undertake. To assist with planning and budget
allocation, major remediation projects are broken out into a multi-year IT Remediation plan.
In addition to identifying these recommended improvements to the IT infrastructure, TNSC is also able to
help remediate many of the issues. However, Widgets, Inc. has the option of using any qualified IT provider
to assist with their IT environment.
The Network Support Company thanks Widgets, Inc. for allowing us to perform this Network Assessment.
We trust that it will be valuable to you as you decide how to ensure that IT supports your business goals.

Network Assessment Document

4|Page

Assessment Detail
The following pages break out each layer of the IT systems and define the identified needs, solutions, and
estimated remediation cost & effort.

Physical Environment
Overview:
The Physical Environment portion of the Network Assessment gauges how well the physical environment is
suited for the optimal running of IT equipment. Several facets are reviewed including heating/cooling,
humidity, power supply, physical space, fire suppression, and physical security.
Identified Needs:
The current locations for shared IT equipment such as the servers, backup equipment, network switches,
firewall, and router are not well suited for their optimum operation. The following are suggestions for
improving the physical environment so that the IT systems can be more available and secure.
-

Environment Alarming There is no monitoring and alarming if the ambient temperature or humidity
exceeds acceptable thresholds. Alarming to administrators is important so that extreme temperature or
humidity variations can be addressed in a timely fashion in order to best protect the investment in IT
equipment which could otherwise be damaged.
o It is recommended that temperature and humidity alarms be implemented via an APC Network
Management card with Environmental Monitoring to be installed in the existing APC Smart-UPS
uninterruptible power supply (UPS).

Automatic Server Shutdown During an extended power outage, the UPS batteries will become
exhausted and eventually stop providing power to the Windows servers causing an abrupt shutdown of
the servers. This sudden disruption of electrical supply to servers may cause information to be lost or
corrupted.
o It is recommended that APC PowerChute Network Shutdown software be installed on both
Windows servers so that they shut down properly before the UPS batteries become exhausted.

Temperature & Humidity Control The servers currently sit underneath large air conditioning vents.
Condensation can form inside these vents and cause equipment shortages. The temperature of the room
in which the servers sit is currently suitable for electronics. If cooling is an issue at other times of the
year, then the following suggestions will help to keep the equipment cooler:
o Routinely ensure that cool air intake vents on the servers are not clogged by dust.
o Ensure that that there is enough space in front of and behind equipment to allow proper airflow.
o At a minimum, provide a sufficiently cool and dry environment for the servers by moving the
servers to a more suitable area such as a wiring closet or the raised floor data center that is being
considered in facility plans. Use of the data center space for server equipment is most highly
recommended.

Uninterruptible Power Supply Health Batteries in UPSs need routine testing, monitoring, and
replacement as they only last for a few years. This is especially important since the buildings electrical
generator is not believed to feed this UPS. Additionally, one of the two fans in the servers UPS is
currently not functional so the UPS may overheat which would cause an ungraceful shutdown of the
serves perhaps causing them to lose information.
o It is recommended that a factory trained APC service engineer repair the Smart-UPSs failed fan.

Network Assessment Document

5|Page

The APC Network Management card installed in the APC SmartUPS should be configured to email administrators if the biweekly battery self-tests are failing and need to be replaced. Replace
batteries as needed.

Physical Security The servers are currently in an area trafficked by non-IT staff and could be easily either
inadvertently or purposeful disrupted. E.g. power buttons could be pressed, hard drives removed,
network switches taken, etc. In general, having servers remain on a countertop in a dusty, trafficked area
with combustibles is less than ideal.
o Widgets, Inc. has ownership of a desirable raised-floor datacenter. Therefore it is an option to
relocate the server equipment to the datacenter. This is highly recommended especially if
Widgets, Inc. hopes to expand either its own business or provide IT services to future building
tenants.

Estimated Investment:
$1,000 capital, 2 hours labor at estimated rate of $130/hr = $260 to install & configure a UPS & environment
monitoring card. This is desirable regardless of the physical location of the servers to satisfy the
monitoring, alarming, and server shutdown needs as listed above.
$4,000 capital, 4 hours labor at estimated rate of $130/hr = $520 to extend the network and move the server
equipment from its current location to the data center. This estimate includes extending networking fiber or
copper cabling to the datacenter from where the servers currently reside, a new network switch for the
datacenter, and a 19 rack in which to place the servers. These estimates do not including any necessary
electrician, HVAC, and/or plumbing fees to light up the datacenter in order to make it ready for production
IT use again.

Network Assessment Document

6|Page

Network Infrastructure
Overview
The network infrastructure consists of the four various business class network switches, a cable modem, an
Internal firewall, and the cables that carry network traffic between workstations, servers, networked printers,
networked CNC machines, and the Internet. A custom built DNC network is also in place that uses an Equinox
Data PBX. Over the years, various types of wiring have been pulled and some subsequently abandoned.

Identified Needs
The network infrastructure equipment is all business class equipment from various common vendors such as
3Com and Cisco. However, because of its age, performance, and lack of abilities, the following suggestions
should be considered:
- Internet Security Although a Cisco SA540 firewall should be protecting Widgets, Inc. from many of the
wiles of the Internet, there is currently no system in place to filter outbound Internet traffic to ensure
that malware and non-business activity is monitored and/or prevented. Implementing an outbound
Internet filtering system helps to reduce the load on the existing Internet connection making it more
responsive for business needs, improves employee productivity by encouraging appropriate use of
business resources, and reduces the risk that malware can negatively affect business operations.
o Administrator access credentials were not available to TNSC to assess the configuration of the
Cisco SA540 firewall to ensure that it is only allowing desirable traffic in from the Internet. If
these credentials can be provided, a thorough review of the configuration should be performed
to ensure it provides the tightest security possible.
o It is recommended that the existing Cisco SA540 firewall be enhanced by purchasing Ciscos
ProtectLink Gateway Security Service annually that blocks spam before it reaches your network,
blocks more than 80 categories of unproductive or inappropriate website types (e.g., adult,
gambling, and social networking), enforces Widgets Incs Internet usage policy, and increases
productivity by reducing bandwidth waste.
-

Network Equipment & Management Spurious workstation performance issues were reported by a high
profile user. No symptoms were observed during this Network Assessment which included a scan of
network traffic which did not reveal any current issues. Unfortunately, no network management tools
are currently in place which could otherwise have monitored internal network traffic usage to ensure
that maximum responsiveness is achieved. Such network management tools can also proactively report
when events occur that may inhibit network availability such as due to a bad cable to a workstation or a
network loop. Additionally, the network switches are aging, e.g. the 3Com SuperStack 4400 SE switch
which forms the important center of the network was last sold 7/4/2006 so will not be supported or
repairable by 3Com after 7/4/2011. Aging electronics are bound to fail and finding exact replacements
will become impossible.
o Since the current switches are both aging & unmanageable (aka dumb), it is recommended to
replace each of the 4 network switches with new, manageable switches that can monitor and
report on network traffic usage. These switches would also provide higher throughput
capabilities allowing users to transfer large files (e.g. MasterCAM drawings) faster if the current
network is the constraint. These switches would be centrally monitored via network
management software. Since no network management is currently in place, it is impossible to
assess whether the current 100Mbps network is at its limit and needs to be replaced with
1000Mbps(1Gbps) network switches. At a minimum the core switch of the network to which the

Network Assessment Document

7|Page

servers connect should be replaced in order to assess network performance and possibly improve
it.
 Replacing the network cabling and switches would be a requirement before a VoIP
phone system could be deployed as is being considered.
-

Wireless Networking There is currently no wireless networking available for mobile employees or
visitors. Wireless networking is not recommended for use on the manufacturing floor because of
ElectroMagnetic Interference (EMI). However, wireless networking could be useful for mobile users in
the office and conference room areas.
o It is recommended to install a wireless access point in the large conference room (which would
also provide wireless access to the small conference room), another wireless access point in the
office area for administrative access, and another wireless access point in the cafeteria for
general access.
o A guest portion of the network should be implemented so that guests only have access to the
Internet unless employees which would have access to the Internet and internal network
resources.
o Note that this wireless would be separate from the wireless network associated with any new
DNC network proposed.

Cabling There are currently no patch panels or equipment racks for proper cable management and
mounting of switches. This can lead to more frequent cabling failures. Most cabling identified is standard
Category 5 cabling which is capable of speeds only up to 100Mbps which will not be sufficient for future
uses. Cabling is also unlabeled which makes it difficult to trace when there are problems and this slows
resolution. Cabling in manufacturing area is installed without proper supports and pathways which can
stress cables over time and make them fail. Most cable terminations use a two part assembly which has
occasionally led to cable failure because the plastic is made brittle by vapors that are a result of the
machining processes.
o It is recommended that a secure main communications equipment room (MCER) be established
in the front office area with at least one intermediate communication equipment room (ICER)
located in the manufacturing area using 50Um fiber to interconnect the two closets.
o It is recommended to install Cat6 cabling to insure 10Gbps capability throughput in all office
areas and shielded Cat6 cabling in the manufacturing areas to safeguard against (EMI) from
overhead crane power and bus bar power.
o MCER rooms should contain 19 X 7 open equipment racks with overhead cable tray and
horizontal cable management on either side. If the ICER room is located on the open
manufacturing floor, then a secure lockable cabinet should house all patch panels and
electronics.
o All cabling would be terminated on standard punch down panels and jacks which use only a
single piece so would eliminate the brittle plastic issue.

Remote Access A remote access Virtual Private Network (VPN) used to be in place for employees to
remote access information from the office systems. Currently that VPN system is not used for technical
or operational reasons.
o It is suggested that the necessity for a VPN be re-evaluated after Widgets, Inc. decides whether it
desires to implement the recommended web-based portal for accessing customer information
and/or the more functional hosted e-mail & collaboration system. Since certain types of
information may be web-based instead of VPN technology, VPN technology may not be required.
However, if VPN technology is still required for access to various types of data or systems, then
TNSC is confident that it could rectify the issues associated with the current implementation.

Network Assessment Document

8|Page

Estimated Investment:
3 hours labor at estimated rate of $130/hr = $390 to analyze the firewalls security configuration and
remediate as necessary.
$500/year operating, 2 hours labor at estimated rate of $130/hr = $260 to implement stronger Internet
security and monitoring.
$4000-8000 capital, 6 hours labor at estimated rate of $130/hr = $780 to replace all network switches
centrally monitored & managed. (Note that at the minimum, the core switch could be replaced for $10002000 capital, 2 hours labor at estimated rate of $130/hr = $260 in order to provide monitoring of at least the
center of the network to which the servers connect which is the most important.) The range of switch prices
given reflect that suitable manageable switches could be provided at different price points each with a
different ability to handle large amounts of data. The switches that cost more are better performing switches
that, although not needed now, would be able to be used for a longer period of time than switches with
more limited performance.
$2000 capital, 4 hours labor at estimated rate of $130/hr = $520 to install & configure a secure wireless
network for employees and visitors.
4 hours labor at estimated rate of $130/hr = $520 to re-implement, test, and deploy a workable VPN solution
(if necessary after other projects).
$13,000-18,000 capital, 160 hours labor at estimated rate of $85/hr = $13,600 to replace all network cabling
to ensure gigabit throughput to approx 50 exiting devices. This includes establishing a MCER and an ICER with
racks, wire management and cable tray. (Note that minimum recommendation would be to establish two
closets for equipment placement and future cabling. This could be implemented for $4000-6000 capital, 62
hours labor at estimated rate of $85/hr = $5,270 in order to provide proper housing and management of
servers, switches, routers misc IT equipment as well as all future cabling.
The pricing given is based upon furnishing and installing dual Cat 6 data to approximately 50 voice / data
locations to ensure gigabit data and VoIP capability.
OPTIONAL:
Internet Service Provider Redundancy - $1200/year operating for a business class DSL line and 2 hours labor
to configure and test the existing Cisco SA5540 firewall to perform ISP failover. This allows the Internet to
continue to be accessed even if the primary cable Internet connection fails.

Network Assessment Document

9|Page

Servers
Overview
There are currently a SuperServer and an IBM server running the Windows Server 2003 operating system.
These servers run both applications and store user data thus are central to Widgets, Inc. IT operations. The
servers seem to be appropriately sized in terms of the amount of processing power and memory.
Identified Needs
- Information Security There are several possible information security issues that should be investigated
and remediated as necessary:
o Backups - A cursory review of the EMC Retrospect backup logs suggests that not all data is being
backed up to the Buffalo Network Attached Storage (NAS) devices and its attached hard drives
and/or is not being written reliably. Not having all application, databases, and data directories
backed up can make it impossible to restore lost data. Additionally, the information that is being
backed up to the Buffalo NAS external drives is not being taken offsite thus all data and their
backups is subject to being lost in the event of a flood, fire, or theft affecting the servers (even if
it were being taken offsite, it is not believed to be encrypted thus information could be stolen if
these offsite drives were stolen). Lastly, one of the four hard drives on the Buffalo NAS is
physically failing and may not be able to hold backup information much longer.
 It is strongly recommended that the entirety of each servers data be backed up by a
system that does so completely, routinely, automatically, is monitored for failures, can
virtually recreate a server in case of server hardware failure, and also automatically
transfers a copy of the data offsite in case there is ever a disaster. Although there may
be alternatives, TNSC offers its StoreIT backup solution which provides all of the desired
features.
 Widgets, Incs current model of disaster recovery is rebuild & restore which indicates
that following a server or site disaster, that replacement server hardware would be
obtained and then the servers would be rebuilt and the data restored. However as
currently implemented, this disaster recovery model would likely keep Widgets, Inc. out
of business for several days as server hardware was procured and configured. And since
no backup data is kept offsite, a site disaster would mean that all meaningful information
would be unrecoverable making effective disaster recovery impossible. By implementing
the backup solution as recommended above, data would be backed up onsite every 15
minutes and would be transferred offsite automatically every day. Thus during a server
disaster, a virtual copy of the server only as old as 15 minutes prior the server disaster
could be virtualized within about 1 hour, restoring service. During a site disaster, the
maximum amount of changed information that Widgets, Inc. would lose after a site
disaster would be 24 hours. The next more sophisticated disaster recovery model (which
is also much more expensive) involves replicating the data offsite more frequently which
can be explored with Widgets, Inc. if they desire to lose less information during a site
level disaster.
o

Passwords The password for the highly privileged Windows Active Directory domain
Administrator and the administrative account on all network infrastructure equipment should
be changed routinely or whenever it is suspected that someone knows these passwords who
should not know these passwords. Additionally, there is apparently no password policy for Active
Directory user accounts as they do not need to be changed.
 It is recommended that a stronger password policy be employed. A sample password
policy that is stronger would be that passwords must be 6 characters or longer, need to
be complex by containing both alphabetic/numeric/special characters, passwords cannot

Network Assessment Document

10 | P a g e

be reused, accounts are locked out for 30 minutes after 5 bad password attempts within
5 minutes, and that passwords are changed at least every 6 months.
o

Permissions Security permissions on shared files control who can access what files and whether
they can modify information. Currently, security permissions seem to be adequate but the
following suggestions are made for efficiency of future administration.


Permissions are currently assigned via share level permissions only which means that all
users who link to a shared drive have the same explicitly defined permissions. Although
acceptable in simple environments, share level permissions dont allow for control of
permissions on individual files and folders as may be required. Therefore, permissions
should be defined in the future via file level permissions rather than share level
permissions.
Permissions can either be assigned to users or to groups of users. It is industry best
practice to assign users to security groups and then assign permissions to those security
groups rather than to individuals. This allows for the assignment of role-based
permissions which is easier to administer.
Windows service accounts should be made as domain accounts rather than local
accounts so that routine password changes can be more easily implemented. This also
aids in central management of service accounts.

Server Management The servers are not currently centrally monitored or managed. Central 24x7
monitoring and management via a service like TNSCs AssistIT service would allow a multitude of
benefits, some of which include:
o Monitoring of hardware and operating system event logs, Windows services, and applications
with proactive notification to administrators about serious errors. Automatic correction of some
issues can also be accomplished. User issues may be corrected before users notice the issues or
the impact is shortened. Currently no server manufacturer management software is installed
therefore physical issues such as hard drive or fan failures may not be noticed before affecting
system availability.
o Automatic patch management to ensure that servers are kept up to date against the latest
information security attacks. Centralized patch management also allows control over what
patches are applied to servers so that patches can be researched prior to deployment.
Conformity with desired patching levels can also be reported on to ensure that the anti-malware
stance is as strong as possible.
o Scripting which can ensure that server configurations are kept consistent.
o Antivirus software is also included with TNSCs AssistIT server management service. In addition
to providing regular anti-virus updates, the health and effectiveness of the anti-virus software is
being constantly monitored to catch any virus outbreaks early. By being included in the AssistIT
service, Widgets, Inc. would not have to pay for Symantec antivirus software license renewals
offsetting some of the cost.
o Server optimization techniques through scheduled file system checks, scheduled reboots if
required, custom cleanup scripts, etc.
o Continuous monitoring of server responsiveness.
o Automatic hardware and software auditing. [Sample reports are provided in the appendices.]
o Remote control of server consoles for ease of server management and troubleshooting.
o Dashboards which summarize the status, performance, and capacity of various IT systems. Some
of these dashboard views are represented in the Reports section at the end of this Network
Assessment.

Network Assessment Document

11 | P a g e

Windows Server Version The two main Windows servers are running Windows Server 2003. Most
implemented versions of Windows Server 2003 reached their end of support by Microsoft in the summer
of 2010. Therefore, continuing to run these products runs the risk of security issues as patches become
less available, the inability to gain support from Microsoft if there is a production issue, and
incompatibility with future desired applications.
o Since there is a large quantity of applications installed directly on both servers that may be
affected by a Windows operating system upgrade, it is recommended that a plan be put in place
to test and upgrade each of the server operating systems to Windows Server 2008. In order to
build a test environment and ultimately make better use of server resources, the use of virtual
server technology is proposed which allows several servers to share a single piece of server
hardware thus avoiding some future capital and operating costs. This is the same virtual server
technology that is being recommended to assist with the disk space issues below.

Disk Space Currently the data partition on the widgets1file server only has 5GB free which is 4% free
of its total disk space. The operating system partition on this same server is at 4.6GB free which is 15%
free of its total disk space. The data partition on the widgets1mail server at 24GB free which is 18% free
of its total disk space. A server which runs out of disk space can either crash and become not available or
at the minimum not be able to store additional information and possibly corrupt user information.
o It is recommended that the following approach be taken in sequence:
 Delete any information that is no longer needed on the servers.
 If the above step does not yield enough free space, then archive information that is not
frequently needed to an external device for permanent storage.
 If the above steps do not yield enough space, then relocate some information between
the two servers and their partitions so that each partition has sufficient free space.
 If the above steps do not yield enough space, then add (a) physical drive(s) to the
widget1file server so that it has more available drive space.
 If the above steps do not yield enough free space, then purchase a new physical server
with more hard drive space. This server should be equipped with VMware vSphere
software which allows the physical hardware to be shared by multiple virtual servers
such as the widget1file and widget1mail servers which would be copied to this new
physical server. The benefit of virtual server hardware is that it allows multiple servers to
share the available capacity of the hardware which results in less hardware needing to be
purchased. An added benefit of new hardware is that it would be covered by a three
year warranty whereas the current servers would appear to be out of warranty and dont
have a maintenance contract in place therefore current system failures would be more
costly and time consuming.

Name Service Domain Name System (DNS) and Windows Internet Naming Services (WINS) each play a
role in helping users find shared computer resources by name rather than obscure IP addresses. In order
to maximize response time of these services, it is recommended to do the following:
o Remove any unnecessary reference to the BG700 domain from DNS and Active Directory because
it doesnt seem to be currently connected to Widgets, Incs systems.
o Add the WINS service to the widget1file server and make it a replication partner with the
current widget1mail server. This would add WINS service redundancy as well as eliminate some
name service delays since currently both servers are listed as WINS servers in the DHCP response
given to clients, yet the WINS service is only operational on the widget1mail server; therefore
WINS requests to the widget1file server must timeout after several seconds if user PCs query
this server for name resolution.

Estimated Investment:
Network Assessment Document

12 | P a g e

$1,400 capital, $4,800 annual operating to implement TNSCs StoreIT backup/DR solution.
2 hours labor at estimated rate of $130/hr = $260 to implement stronger password policies.
$1,800 annual operating for TNSCs AssistIT service to monitor and maintain the Windows servers.
Minimally 2 hours labor at estimated rate of $130/hr = $260 for disk space cleanup
Optionally $300 capital, 2 hours labor at estimated rate of $130/hr = $260 for an additional hard drive
Optionally up to $5,000 capital, $300 annual operating, 5 days labor at estimated rate of $130/hr = $5,200 to
implement new virtual server hardware, and test & migrate to the latest Windows Server 2008 operating
system.
1 hour labor at estimated rate of $130/hr = $130 to setup WINS server redundancy.

Network Assessment Document

13 | P a g e

Workstations
Overview
Windows desktops and laptops are the predominant end-user device used to run and access applications.
Identified Needs
- Workstation Management The workstations are not currently centrally monitored or managed. Central
24x7 monitoring and management via a service like TNSCs AssistIT service would allow a multitude of
benefits including:
o Monitoring of operating system event logs, Windows services, and applications with proactive
notification to administrators about serious errors. Automatic correction of some issues can also
be accomplished.
o Automatic patch management to ensure that workstations are kept up to date against the latest
information security attacks. Centralized patch management also allows control over what
patches are applied to workstations so that applications can be tested prior to widespread
rollout. Conformity with desired patching levels can also be reported on to ensure that the antimalware stance is as strong as possible. Currently, as an example, TNSCs Workstation
Management tools report that 31 Windows machines have more than 5 security patches that still
need to be applied for maximum security and stability.
o Scripting which can ensure that workstations configurations are consistent.
o Antivirus software is also implemented with The Network Support Companys workstation
management services called AssistIT and SimplifyIT.
o Workstation optimization techniques through scheduled file system checks, scheduled reboots if
required, custom cleanup scripts, etc.
o Continuous monitoring of workstation responsiveness if desired.
o Automatic hardware and software auditing.
o Remote control of workstation desktops in order to provide user assistance.
o Implementation of rollback technology that makes recovering from a virus or other software
issue that was recently introduced to the workstation easy to recover from. The contents of the
workstations hard drive can be reverted to a previous point in time prior to the virus or other
issue being introduced. This drastically reduces the labor and downtime associated with trying to
recover from these types of issues.
 Currently Widgets, Incs mobile laptops are believed attempted to be backed up via EMC
Retrospect software to the Buffalo NAS devices. Rather than users keeping documents
on their local laptop hard drives, it is suggested that this information be kept on the
central servers instead and use the Windows Offline Files feature which makes a local
cache of these files for when the mobile users is not connected to the corporate
network. When the user again connects to the corporate network, any changed files are
automatically synchronized between the laptop and the server thus providing backups of
that information.
o Dashboards which summarize the status, performance, and capacity of various IT systems. Some
of these dashboard views are represented in the Reports section at the end of this Network
Assessment.
Implementing such a workstation management solution would reduce the number of separately
managed applications necessary by integrating administrator remote access (replacing Real VNC and
LogMeIn), replacing the standalone Symantec antivirus, and reducing the need for other malware tools
such as CCleaner and Malwarebytes. It would also reduce the number of hours users lose when
equipment performs poorly or is being repaired and also reduce the required hours to support the
network resulting in significant productivity improvements and reduced support cost.

Network Assessment Document

14 | P a g e

Application Management Currently applications are deployed to PCs on an individual basis. This
method can be time consuming because updates need to be installed by hand on individual machines.
This often leads to PCs in the same department having different versions of the same software leading to
file compatibility or usage issues. Additionally, this application deployment model requires that PCs be
capable of running the applications by having the proper operating system version and sufficient
processor and memory. Currently PCs are either upgraded or replaced as necessary to accommodate
the running of additional or new applications. An alternative to replacing PCs or upgrading individual PC
components is to use technologies that provide applications to users which dont rely as much upon the
performance of the workstations. Some of these alternatives include:
 Windows RemoteApp (formerly Terminal Services) or Citrix XenApp (formerly Metaframe
and Presentation Server). These technologies run the applications for users on central
servers but display them on their workstations as if they were running locally. In addition
to reusing lower performing PCs for end-users, this also makes applications easier to
update since they can be updated centrally on the server and thus updates are
immediately available to all users.
 Citrix ThinApp technology is another product from Citrix that packages the application
with the operating system that it needs to run in. This package is then delivered to the
desktop for running and presentation. But ThinApp has the advantage of not needing to
install the application on each users workstations thus also allowing for central updating.
 Using thin clients instead of PCs as end-user devices. These are best suited for users
who access a fixed set of applications that can be centrally served and dont need to
customize their PC environment a lot.
o PCs can also be more standardized so that all PCs that share the same function have exactly the
same software loaded and are configured the same way. There are several such examples of
application consistency among a group including Office suite and MasterCAM versions. There are
several ways to ensure that PCs have more consistency including:
 Using Windows Active Directorys Group Policy Objects (GPO) which force defined PCs or
users to operate using a consistent group of settings. Some applications and updates can
also be applied using GPOs to groups of PCs to ensure consistency.
 Deploy a common version of Microsoft Office such as Office 2010 across all PCs that
require Office. At the least, 27 PCs should be upgraded from Office 2003 to Office 2007
so that all users are at a minimum of Office 2007 for file format compatibility to ease
sharing. Since Office 2010 licenses could be purchased yet Office 2007 deployed, of cost
of upgrades for 12 PCs could be delayed to Office 2010 for perhaps several more years.
The free Microsoft Office Compatibility Pack also allows users with older version
of Microsoft Office to open documents created with newer versions of Office.
For users that do not require the full set of applications from the Microsoft Office
Standard suite, alternative suites with lower costs can be purchased.
o Regardless of which application deployment method is used, it is especially important in Widgets,
Incs manufacturing environment to test application upgrades prior to full-scale deployment.
This can be accomplished using a bank of test PCs which can often be run on the proposed
virtualize server to save on PC hardware acquisition costs.

Operating System Version All but one of the 35 PCs are running the Windows XP Professional
operating system. Most editions of the Windows XP operating system reached their end of support by
Microsoft in the spring of 2010. Therefore, continuing to run these products runs the risk of security
issues and the inability to gain support from Microsoft if there is a production issue. Additionally,
software vendors will continue to release software for the newer Microsoft operating systems. Desired
software packages or upgrades may not be supported or even run on Windows XP. Fortunately, there
are many technologies that allow the deployment of newer operating systems and applications while still
retaining access to older operating systems and applications.

Network Assessment Document

15 | P a g e

It is recommended that a plan be put in place to assess, test, and upgrade each of the older
desktop operating systems to Windows 7 Professional or alternatively to use virtual desktop
technologies such as thin clients, remote desktops, and/or thin application provisioning.
 Thin clients are devices that are deployed to an end user. Their purpose is simply to
provide remote access to operating systems and applications running on a central server.
They are cheaper to deploy and maintain than physical PCs since they have no moving
parts, do not require antivirus software, consume less electricity, and do not require any
regular maintenance.
 Remote Desktop technology allows an application or an operating system be displayed
on a PC even though that application or operating system is not installed on the users
PC. This could allow newer operating systems or applications to be used by users
without needing to upgrade their workstations.
 Thin Application technology allows an application to be packaged with the older
operating system it may require, and be deployed to a users PC. Since the older
operating system and application is self-contained, the users PC may be upgraded to a
newer operating system. In this way, the user can utilize both newer and legacy
applications.
 In order to properly assess which of these technologies that Widgets, Inc. should employ,
a more detailed review of each application (including its ability and cost to be upgraded)
needs to be performed.

DNC Network - Another important aspect of operating systems upgrades is regarding the DNC network
that controls the CNC machines. Currently there are 5 aging PCs (e.g. running Windows 95/98 with
32MB RAM on 7+ year old Compaq PC hardware) that communicate via a DOS-based async terminal
emulator through an Equinox Data PBX (a.k.a. terminal server) to 38 CNC machines and control most
machining operations..
o Having the DNC network and these PCs remain as they are raises several concerns:
 The equipment is aging, and if fails, will be difficult to replace as current PC hardware
may not be supported to run Windows95/98 and may not come with serial ports which
have become obsolete.
 The Windows95/98 machines are members of the Active Directory domain yet cant be
managed by modern workstation management tools such as recommended above or run
current antivirus software. Thus these machines are difficult to properly manage and are
subject to getting viruses or being disabled by denial of service attacks.
 The Equinox DS-15 Data PBX is terminal server technology that is at least 24 years old.
Since the IT industry has gotten away from terminals & terminal servers in favor of the PC
client/server architecture, finding suitable replacement parts for the Equinox data PBX
and its 4 switches will become difficult to impossible.
 There is currently only one Widgets, Inc. employee who deeply understands the
architecture and provides support for the current system. If this person leaves Widgets,
Incs employ, then this system will be nearly impossible to support for current CNC
machines & grow as new CNC machines are implemented.
 The functional level of the Active Directory domain is currently limited from being
raised because of these old versions of Windows 95/98 computers being members of the
domain. Not being able to raise the functional level of the domain prohibits the
deployment of an in-house Microsoft Exchange 2007 or Exchange 2010 e-mail system, as
well as raising similar future issues for other desired applications that have higher
minimum Active Directory level requirements.
o Although the homegrown DNC network is currently functionality and has been historically very
reliable, it will become harder to operate because of the concerns above. Therefore it is
recommended to investigate a replacement DNC network. Widgets, Inc. has already received a

Network Assessment Document

16 | P a g e

quote from one vendor for a new wireless DNC network that seems appropriate. In addition to
the quote from Southwinds Automation Services, supplemental wiring and additional access
points may be required which are included in the estimate below. Southwinds Automation
Services should also be contracted to ensure that the wireless network they are proposing
properly cover the machine floor and communicate effectively. They should also be questioned
whether a wired DNC network would be a cheaper alternative.
Note that there is a lot of deserved pride in the stability and frugalness of the current
homegrown DNC network. Any change to this DNC environment should try to garner the support
of the currently involved staff. If the cost of a replacement DNC network is too prohibitive at this
time, an interim workaround would be to replace failed Windows95/98 DNC machines with
newer PCs running Windows 7. Although it was previously attempted to run the current DNC
software on the newer Windows XP, it is believed that with proper configuration, this
workaround can work reliably. This testing could be performed on a pilot PC yet still leave the
other DNC PCs in operation so as not to negatively affect machining operations. However,
having a hardware replacement for the PCs does not mitigate the concerns over the data PBX or
the sole support provider. Some of the support risk could be eliminated by cross training another
employee to help support the DNC network. Yet even cross-training still leaves the risk of failure
and difficulty supporting the data PBX equipment.

Performance Although the current PC deployment may be suitable for the current needs of running the
required business applications, the following observations were made about PCs that are currently less
well performing than the average. These PCs may need to be upgraded or replaced as necessary to run
additional applications if applications are continued to be deployed in the current fashion (more on this
in Application Deployment).
o 9 PCs have less than 1GB of RAM memory which is generally considered to be insufficient to run
Windows XP or newer and common applications such as Microsoft Office. More RAM can usually
be cost effectively added to these PCs if they are generally otherwise suitable of running newer
applications. Adding more room, will usually provide better performance for the currently
running applications as well as allow the running of newer applications and/or operating systems
as necessary.
o A PC lifecycle plan should be developed and followed. An equipment lifecycle plan is a multi-year
recommendation of how many and which PCs should be planned to be upgraded or replaced in
certain years. This information feeds the annual capital budgeting process to help maintain PCs
at acceptable performance levels without waiting for them all to age to the point of needing to
be replaced all in a single year which may negatively affect cash flow. Generally, a PC lifecycle
plan looks out 4-5 years. This plan should take into account any planned changes to the
application portfolio, changes in new technology such as virtual desktops as suggested above,
and any application/operating system/hardware compatibility issues that need to be considered.
Three large areas of compatibility concerns include:
 The DNC network which is written about separately in this report.
 Microsoft Office suite compatibility between different versions file formats.
 Engineering applications such as MasterCAM which have specific requirements for
hardware components such as graphic cards as well as interfaces to other systems such
as the DNC network.
-

Multiple Monitors Some users such as the Engineers may also benefit from productivity
improvements by having multiple monitors so that they have more workspace to run multiple
applications side by side such as SolidWorks and MasterCAM.
o It is suggested that dual monitors could be considered for deployment for the expense of the
additional monitors and an extra video card for each workstation.

Network Assessment Document

17 | P a g e

Estimated Investment:
$10,500 annual operating for workstation management of (35) PCs and laptops.
A variable amount for workstation lifecycle management which is dependent upon which technologies are
suitable to run the current & desired application suite that Widgets, Inc. desires to run. A basic PC lifecycle
plan that simply replaces aging PCs on a rotating basis without consideration of other technology changes
would identify the following plan:
2012 - 4 PCs with processors slower than 2GHz should be considered for replacement for an
estimated capital cost of $2400 and 4 hours of labor at estimated rate of $130/hr = $520. An additional $450
capital, 8 hours labor at estimated rate of $130/hr = $1,040 to increase memory in 9 workstations.
2013 - 11 PCs with processors slower than 2.8GHz should be considered for replacement for an
estimated capital cost of $6600 and 11 hours of labor at estimated rate of $130/hr = $1,430.
2014 - 16 PCs with processors slower than 3.0GHz should be considered for replacement for an
estimated capital cost of $9600 and 16 hours of labor at estimated rate of $130/hr = $2,080.
Additional capital, operating, and labor would be required for implementing a better application
delivery system which has not yet been defined at this point.
$40,000 capital for a replacement DNC network including additional wireless access points and cabling. An
alternative solution that relies upon wired instead of wireless technology may be cheaper and cost
approximately $28,000 including serial terminal servers. This is conditional upon the software vendors
supporting it so this should be explored with the vendors.
$10,800 capital, 8 hours labor at estimated rate of $130/hr = $1,040 for (27) Microsoft Office Standard 2010
licenses (yet only Office 2007 would be deployed for compatibility) for year 1.
$4,800 capital, 8 hours labor at estimated rate of $130/hr = $1,040 for (12) Microsoft Office Standard 2010
licenses for year 2. The interface on newer versions of MS Office is substantially different than prior versions
and user training should be considered. Training costs are not included here.
($1,200/monitor + $100/video card) * 4 PCs=$5200, 4 hours labor at estimated rate of $130/hr = $520 to add
a graphics card and monitor to each Engineers workstation.
Dual HP 22 Monitors at $200 each + $100/video card) = $500 per unit

Network Assessment Document

18 | P a g e

Collaboration Tools
Overview
Currently e-mail service is provided to users by the Outlook e-mail client pulling e-mail via the POP protocol
from a hosted e-mail only system run by everyone.net. Widgets, Inc. cannot currently easily share
information with customers except via e-mail.

Identified Needs
The current e-mail system is only basically functional but suffers too often from provider outages or poor
response times. The current Outlook/POP system also does not provide any functionality beyond e-mail.
Widgets, Inc. would seem to be able to take great advantage of a collaboration solution that includes e-mail
but also the following features:
- Calendaring whereby each person can maintain and share their personal calendar. This allows people to
review other peoples free & busy times in order to schedule & request meetings. Physical resources
such as conference rooms or shared equipment can also be scheduled in this way.

Contact management so that personal contact information can be accessed from anywhere including via
web access and smartphones as mentioned below. The ACT! contact management system can also be
integrated with the Outlook client for enhanced tracking of communication with customers.

Web Access so that users can access their e-mail, calendar, contacts, tasks, and notes from anywhere on
the Internet via a web browser.

Smartphone synchronization which allows Blackberries, Windows Mobile, iPhones, Droids, etc. to
synchronize not only e-mail but calendar, contacts, tasks, and notes information. Note that there would
be a single view of each of the pieces of data so that, e.g. e-mail were deleted from the phone, it would
also be deleted from the Outlook client and web access view.

Generally, full e-mail/collaboration systems are either implemented in-house (on a server running in your
office) or obtained from a hosted e-mail provider. The advantages/disadvantages of running an e-mail
system in-house vs. hosted are summarized by the following list:
-

Price

Hosted e-mail is generally cheaper for small and simpler e-mail systems. Hosted emails systems are also a monthly operational expense that flexes up/down with your
e-mail user needs as compared to in-house e-mail systems which are a large upfront
cost followed by no or little recurring costs.

Integration

Hosted e-mail systems generally offer sufficient features such as e-mail, calendaring,
contacts, and smartphone synchronization. However, sophisticated users who also
desire to filter outgoing e-mail according to specific policies, have multiple other IT
systems that tie into an e-mail system, or need sophisticated instant messaging &
voice mail integration capabilities will need to implement an in-house e-mail system.

Performance

Users who send e-mails with large attachment to other internal users will generally
have better e-mail delivery times with in-house e-mail systems. This is because large

Network Assessment Document

19 | P a g e

attachments would have to cross Widgets, Incs Internet connection which is slower
than the local area network.
It is currently undecided what direction that Widgets, Inc. desires to take with the DNC network, yet a
modern in-house e-mail system could only be implemented after all DNC Windows 95/98 workstations are
upgraded to at least Windows 2000 Professional. And since the current hosted e-mail performance (not
availability) seems acceptable, and since the complexity of required e-mail integration is low, then it is
recommended that Widgets, Inc. migrate to a more reliable and more feature rich e-mail/collaboration
hosted provider such as Microsofts Business Productivity Online Suite (BPOS) service. Microsofts BPOS
service is a hosted Exchange server that provides the following features:
- Large mailboxes:
Each user gets 25 GB of mailbox storage standard and the ability to send
attachments up to 30 megabytes (MB). These limits will need to be
confirmed by Widgets, Inc. as being sufficient for when large drawings are
sent &
received between customers and employees.
-

Antivirus/anti-spam:

anti-

Microsoft Forefront Online Protection for Exchange is included, providing


multiple filters and virus-scanning engines to help protect your organization
from spam, viruses, and phishing scams. Widgets, Inc. should still maintain
virus software on their servers and workstations.

Web-based access:

For Web-client access, Outlook Web App provides a premium browser-based


experience that matches the look and feel of the full Outlook client.

Mobility:

Mobile access is available from all phones capable of receiving e-mail,


including Windows Phone, the iPhone, Android, Palm, Nokia, and Blackberry
devices.

Shared calendar and contacts: Users can compare calendars to schedule meetings with Exchange
Online and have access to collaboration features like shared calendars,
groups, global address list, external contacts, tasks, conference rooms, and
delegation.

Additional services are also available from Microsoft as Widgets, Inc. requires such as:
- Microsoft Exchange Hosted Archive (EHA) provides a centralized, easily accessible, and multifunctioning e-mail and IM repository to assist organizations manage increasingly complex retention,
compliance, e-discovery, and regulatory requirements.
-

Microsoft Exchange Hosted Encryption provides policy-based encryption from sender to recipient
without the need for end-user training or software installation.

Forefront Online Protection for Exchange consists of layered technologies to actively help protect
businesses' inbound and outbound e-mail from spam, viruses, phishing scams, and e-mail policy
violations.

Network Assessment Document

20 | P a g e

Widgets, Inc. could also benefit by sharing electronic sales, production & scheduling, and other information
with customers more easily than via e-mail. When technology that seems to be suitable would be a web site
that allows customers to access information relating to a project with Widgets, Inc.. Protected by usernames
& passwords, various project folders could be created that contain drawing files, quotes, specifications, etc.
This customer web portal could be accessed by anyone with Internet access. One such tool that seems to fit
the need is Microsoft SharePoint technology. SharePoint provides a single, integrated location where
employees can efficiently collaborate with each other and customers, create/search for/ manage documents,
and create workflows to ensure that all team members have approved or commented on various documents.
SharePoint is easily and widely customizable so TNSC would be pleased to provide a demonstration of some
of its abilities at Widgets, Incs request.
Although Synergistic Systems ManuFACT software does not have a web front-end that could be used by
Widgets, Incs customer to directly access production and scheduling information, ManuFACT can
automatically generate reports for customers and securely store them on Widgets, Incs public web site (or
the proposed SharePoint website) so that customers can view these reports remotely via a web browser.
Widgets, Inc. may investigate whether the information that customers would desire to see remotely can be
included in a ManuFACT report.
Estimated Investment:
$5/mailbox/month * 35 users = $175/month for hosted e-mail services alone plus 40 hours labor at
estimated rate of $130/hr = $5,200.
$5/user/month * 10 users = $50/month of limited SharePoint usage between 7 Widgets, Inc. employees and
3 named customers plus 40 hours labor at estimated rate of $130/hr = $5,200.

Network Assessment Document

21 | P a g e

IT Processes & Procedures


Overview
An additional aspect of IT does not concentrate on the hardware and software that makes up the
environment but instead on the processes and procedures that demonstrate how IT is done.
Identified Needs
- Documentation Documentation of an IT environment should include both system documentation about
what equipment is in place & how it is configured and also procedural documentation about how the IT
environment is run. Currently no such documentation is in place.
o It is recommended that all suggested types of documentation be created including network
diagrams, system documentation, hardware & software inventorying, an application portfolio,
and routine maintenance and support procedures.
 Some system documentation and hardware & software inventory information was
generated as a result of this Network Assessment. This information has been provided as
an appendix to this report.

Estimated Investment: 16-24 hours labor at estimated rate of $130/hr=$2,080 to $3,120

RetainIT
Overview
RetainIT is a labor-only support service arrangement that provides a fixed dollar amount of services to a
client. The annual contracts are billed in 12 monthly installments. This contract provides access to all the
technical expertise TNSC possess on an as-needed basis. RetainIT is often combined with other non-labor
products like AssistIT, StoreIt,and HostIT to enhance these contracts with labor services.
Estimated Investment:
Option 1 192 hour retainer at the Network Engineer base rate of $125 per hour for a total of $24,000
annually. The 12 month installments would be $2,000 per month. Widgets, Inc. may apply up to 50% of
RetainIT for Project labor.

Option 2 96 hour retainer at the Network Engineer base rate of $130 per hour for a total of $12,480
annually. The 12 month installments would be $1,040 per month. Widgets, Inc. may apply up to 33% of
RetainIT for Project labor.

Network Assessment Document

22 | P a g e

IT Remediation Timeline
The following table represents each of the major remediations recommended in the above detail pages. It
summarizes the remediation that should be performed, shows the estimate of capital, operating, and labor
expenditure, the relative priority (highest#=most important), the calendar duration to implement the
remediation, and which resources would or may be primarily be responsible for implementing the fix.
Note that Start and Finish dates are only accurate for the purposes of ordering the tasks but are very likely
not representative of the actual date of implementation.
Widgets, Inc. is welcome to assign more fitting priorities and timelines to align these remediations with other
business needs and goals.
Widgets Inc.
IT Remediation Timeline

Network Assessment Document

23 | P a g e

Hardware & Software Inventory Reports


The following pages show information that was a result of TNSCs temporary deployment of its managed
service agents on Widgets, Incs servers and PCs (excluding the Windows 95/98 PCs running the DNC
network). The purpose of these reports is to show the depth of information collected and how it can be useful
to TNSC and/or Widgets, Inc. for the purposes of IT decision making.

Executive Summary Report


The following Executive Summary Report summarizes important information about all managed servers and
workstations. The Network Health Scope depicts a relative rating of the health of the IT environment based
upon the operating system versions, available disk space, and patch levels across all machines. This report
also shows the % of free disk space that each server and workstation has. Any system that has crossed the
warning or critical high usage threshold should be attended to so that the system does not run out of space as
the widgets1file and widgets1mail servers are showing.

Executive Summary Report


Client Information
Contact Person
IT Manager
Servers Managed
Workstations Managed
Total Systems Managed
System Activity Last 30 Days
Audits Completed
Backups Completed
Disk Space Used

Network Health Score


Patch
Score

2
35
37
37
0

26%

OS Score

100%

Disk Score

94%

Ticket
97%
Score
Event Log
100%
Score
Backup
N/A
Score
Alarm
100%
Score
Srv Uptime
100%
Score
Wrk Uptime
N/A
Score
Security
N/A
Score

*
1/7
*
1/7
*
1/7
*
1/7
*
1/7
*
N/A
*
1/7
*
1/7
*
N/A
*
N/A

Operating Systems

Patch Status

Network Assessment Document

24 | P a g e

88%

109
163

Patch Scans Completed


Patches Installed

License Summary
Servers
Windows
2003

Server Standard Edition Service


Pack 2 Build 3790
Total

2
2

Workstations
Windows 7 Professional x64 Edition Build 7600
Windows
XP

Professional Edition Service Pack 3


34
Build 2600
Total

35

Microsoft Office Licenses


Office 2010

Office 2007

12

Office 2003

27

Office XP

Office 2000

Office 97

Total

Server Uptime
Machine ID

% Uptime

widget1file.root.widgetsinc

100%

widget1mail.root.widgetsinc

100%

Network Assessment Document

25 | P a g e

40

Hardware Report
The following Workstation Hardware Report shows some of the hundreds of data elements collected automatically
about each of Widgets, Incs (newer) workstations. This type of information is often useful to determine a machines
suitability for upgrades while assisting in PC lifecycle management. The same type of information has also been
collected for Widgets, Incs two servers.

Network Assessment Document

26 | P a g e

Microsoft License Detail Report


The following Microsoft License Detail report summarizes the licensed Microsoft products that Widgets, Inc.
currently has deployed. This type of information is useful to assure that Widgets, Inc. maintains proper
licensing for its installed applications as well as assist in upgrade planning.

Network Assessment Document

27 | P a g e

Machine Patch Summary Report


The Machine Patch Summary report displays information about how current each workstations security
patches are. This report for Widgets, Inc. shows that 31 PCs are missing 5 or more security patches.

Network Assessment Document

28 | P a g e

Detail Report
The Detail Report shows many of the hundreds of data elements collected about each managed server and
workstations hardware and software. As an example, the following information was collected about Joe
Users laptop. This automatic hardware & software inventory information is invaluable when planning for PC
replacements, software applications upgrades, and also helps identify PCs that are not configured
consistently which is important to reduce support costs.

System Information for juser.root.widgetsinc


Manufacturer

Dell Computer Corporation

Product Name

Latitude D400

System Version

(none)

System Serial Number

ABCD1234

Chassis Serial Number

000000000123456

Chassis Asset Tag

(none)

External Bus Speed

133 MHz

Max Memory Size

2 GB

Max Memory Slots

Chassis Manufacturer

Dell Computer Corporation

Chassis Type

Docking Station

Chassis Version

(none)

Motherboard Manufacturer

Dell Computer Corporation

Motherboard Product
Motherboard Version
Motherboard Serial Num

ABCD1234

Processor Family

Intel(r) Pentium(r) M processor

Processor Manufacturer

Intel

Processor Version

(none)

CPU Max Speed

1700 MHz

CPU Current Speed

1600 MHz

On Board Devices
Device Type

Description

Sound Enabled
Video - Enabled

Sigmatel 9750
Intel MGM Graphics

Port Connectors
Int Ref

Ext Ref

Con Type

Port Type

IrDA

(none)

Infrared

Other

S-Video

(none)

Mini-DIN

Video Port

Network Assessment Document

29 | P a g e

FireWire

(none)

1394

FireWire (IEEE P1394)

Modem

(none)

RJ-11

Modem Port

MONITOR

(none)

DB-15 pin female

Video Port

SERIAL1

(none)

DB-9 pin male

Serial Port 16550A Compatible

PS/2

(none)

Mini-DIN

Mouse Port

USB

(none)

Access Bus

USB

USB

(none)

Access Bus

USB

Ethernet

(none)

RJ-45

Network Port

Memory Devices
Size
1024
MB
512
MB

Form
Factor
DIMM

Device Loc

DIMM

Bank Loc

Type

Detail

Speed

DIMM_A

Synchronous

266 MHz

DIMM_B

Synchronous

266 MHz

System Slots
Designator

Type

Usage

ID

PCMCIA 0

PC Card (PCMCIA)

Available

Adapter 0, Socket 0

MiniPCI

Other

Available

Computer / Network Information for juser.root.widgetsinc


Computer
Name:
OS:

JUser

IP Address:

XP Professional Edition Service


Pack 3 Build 2600

Subnet Mask:

CPU:

(1) 589 MHz Intel(R) Pentium(R)


M processor 1.60GHz, Model 13
Stepping 6

RAM:

1534 MB

Default Gateway:

Connection Gateway:

192.168.10.109
255.255.255.0
192.168.10.200

192.168.10.1

DNS Server(s):

192.168.10.31
192.168.10.35

DHCP Server:

192.168.10.31

WINS Server(s):

192.168.10.31
192.168.10.35

Installed PCI Devices for rhall.root.widgetsinc


Device Type

Vendor

Description

Network

Broadcom Corporation

BCM5705M Broadcom NetXtreme Gigabit Ethernet

Network

Broadcom Corporation

BCM5705M Broadcom NetXtreme Gigabit Ethernet

Network Assessment Document

30 | P a g e

Notes

Network

Broadcom Corporation

BCM5705M Broadcom NetXtreme Gigabit Ethernet

Network

Broadcom Corporation

BCM4309 802.11a/b/g Wireless LAN Controller

Network

Broadcom Corporation

BCM4309 802.11a/b/g Wireless LAN Controller

Network

Broadcom Corporation

BCM4309 802.11a/b/g Wireless LAN Controller

Graphics

Intel

852GM/GMV or 82852/82855 GM/GME Integrated


Graphics Device

Graphics

Intel

852GM/GMV or 82852/82855 GM/GME Integrated


Graphics Device

Graphics

Intel

852GM/GMV or 82852/82855 GM/GME Integrated


Graphics Device

Graphics

Intel

852GM/GMV or 82852/82855 GM/GME Integrated


Graphics Device

Graphics

Intel

852GM/GMV or 82852/82855 GM/GME Integrated


Graphics Device

Graphics

Intel

852GM/GMV or 82852/82855 GM/GME Integrated


Graphics Device

Multimedia

Intel

82801DBM SoundMAXController (ICH4-M B0 step)


Realtek AC97 Audio

Multimedia

Intel

82801DBM SoundMAXController (ICH4-M B0 step)


Realtek AC97 Audio

Multimedia

Intel

82801DBM SoundMAXController (ICH4-M B0 step)


Realtek AC97 Audio

Comm Ctl

Intel

82801 / ? AC97 Modem Controller / PCI Modem

Comm Ctl

Intel

82801 / ? AC97 Modem Controller / PCI Modem

Comm Ctl

Intel

82801 / ? AC97 Modem Controller / PCI Modem

System
Peripheral

Texas Instruments

4610, 4515, 4610FM, 7510 PCI 7510/4510 Cardbus


Controller

System
Peripheral
System
Peripheral
System
Peripheral
System
Peripheral
System
Peripheral
System
Peripheral

Intel

852GM/GMV System Memory Controller

Intel

852GM/GMV System Memory Controller

Intel

852GM/GMV System Memory Controller

Intel

852GM Configuration Process

Intel

852GM Configuration Process

Intel

852GM Configuration Process


License Codes on juser.root.widgetsinc

Publisher

Title

Adobe

Acrobat 9

Network Assessment Document

Product Key

License
0000000012345678901234567

31 | P a g e

Version

Date

Adobe
Systems
Brother

Adobe Acrobat 9
Standard
Printer

16

Microsoft

Internet Explorer

WMBK-WWWEDEMO-1234

0000000012345678901234567

Microsoft

Microsoft
Interactive
Training

WMBK-WWWEDEMO-1234

0000000012345678901234567

Microsoft

Microsoft Office
Professional
Edition 2003

WMBK-WWWEDEMO-1234

0000000012345678901234567

Microsoft

Microsoft Office
Project Standard
2003

WMBK-WWWEDEMO-1234

0000000012345678901234567

Microsoft

Windows XP
Professional

WMBK-WWWEDEMO-1234

0000000012345678901234567

Microsoft
Corporation

Microsoft Access
2000 SR-1
Runtime

0000000012345678901234567

9.00.3821

Microsoft
Corporation

WebFldrs XP

0000000012345678901234567

9.50.6513

9-Oct09

Vid_04f9&Pid_01E6

Add/Remove Programs List on juser.root.widgetsinc


Adobe Acrobat 9 Standard
Adobe Acrobat 9.1.3 - CPSID_49522
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader X
Aladdin Monitor 1.4
ALPS Touch Pad Driver
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
Brother MFL-Pro Suite
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Conexant D480 MDC V.92 Modem
Core FTP LE 2.1
Critical Update for Windows Media Player 11 (KB959772)

Network Assessment Document

9.1.3

32 | P a g e

20-Mar04

Defraggler (remove only)


Dell Solution Center
Dell Wireless WLAN Card
Digital Line Detect
DVDSentry
Easy CD Creator 5 Basic
eGames GameButler
FileOpen Client Installer
FileOpen Plug-in for Adobe Acrobat and Adobe Reader
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HTC Driver Installer
HTC Sync
Intel(R) Extreme Graphics 2 Driver
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 6
Japanese Fonts Support For Adobe Reader 8
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 20
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaseya Agent
LiveUpdate 2.6 (Symantec Corporation)
LogMeIn
LogMeIn
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Network Assessment Document

33 | P a g e

Microsoft .NET Framework 1.1


Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Access 2000 SR-1 Runtime
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.4
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Project Standard 2003
Microsoft Office Visio Viewer 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mobile Connection Manager
ModelPress Reader 4.3
Modem Helper
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NetWaiting
Nuance PDF Converter 6
OpenDMIS
OtaniumSuite PKI
OtaniumSuite PKI slb support module
PANTECH PC Card Software
PANTECH UM175 Driver
QuickSet
QuickTime
QuickVPN Client
Retrospect Client 7.6
Sage Software Integration Services
Network Assessment Document

34 | P a g e

ScrewDrivers Client v3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Network Assessment Document

35 | P a g e

Security Update for Windows XP (KB950762)


Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Network Assessment Document

36 | P a g e

Security Update for Windows XP (KB971633)


Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Network Assessment Document

37 | P a g e

Security Update for Windows XP (KB982214)


Security Update for Windows XP (KB982665)
Su Doku Master
Symantec AntiVirus
Time Zone Data Update Tool for Microsoft Office Outlook
TomTom HOME 2.6.4.1641
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB943729)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
VNC 4.0
VZAccess Manager
WeatherBug
WeatherBug Browser Bar - powered by MyWebSearch
WebEx
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Network Assessment Document

38 | P a g e

Windows Internet Explorer 8


Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0 MUI pack
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinZip 11.2

Printers on juser.root.wigetsinc
Printer Name

Port

Model

Adobe PDF

My Documents\*.pdf

Adobe PDF Converter

Brother MFC-7440N Printer

BRN008077086AB2

Brother MFC-7440N Printer

Brother PC-FAX v.2

BRN008077086AB2

Brother PC-FAX v.2

Epson Stylus COLOR 777


ESC/P 2

IP_192.168.2.200

Epson Stylus COLOR 777 ESC/P 2

Fax

SHRFAX:

Microsoft Shared Fax Driver

Microsoft Office Document


Image Writer

Microsoft Document Imaging Writer


Port:

Microsoft Office Document Image


Writer Driver

Microsoft XPS Document


Writer

XPSPort:

Microsoft XPS Document Writer

Logical Disk Volumes on juser.root.widgetsinc


Drive
Letter
A

Volume Label
Removable

Fixed

CDROM

Network Assessment Document

Drive Type

Format

NTFS

39 | P a g e

Free
Space
0 MB
19,176
MB
0 MB

Total Size
0 MB
57,176 MB
0 MB