How to perform an IT infrastructure audit

Case #

Prior to commencing with any IT infrastructure-related project, you first need to carry out a detailed technical audit of the IT infrastructure you are working on. After you collect all technical information and analyze the audit reports, you then proceed to writing-up an audit report and gap analysis report. In the latter, you enlist all items which are problematic or can be improved, in a prioritized list with associated action items. Following the audit report and gap analysis, you proceed to your project high-level and low-level (detailed) design, which encompasses design considerations for the various components comprising the new solution. Some parts of the project may be related to migration, security or Business Continuity and Disaster Recovery (BCDR). This KB article provides guidance on how to perform an IT infrastructure audit.

A list of relevant design considerations for various Azure-hosted cloud services are available throughout this blog, including but not limited to the following:

• Azure Migration
• Sharepoint Online Migration
• Exchange Online Migration
• Azure App Service Migration (part 1, part 2 and part 3).

This KB article takes a practical approach and provides you with practical action items to perform an IT infrastructure audit. You should use this KB article alongside the free downloadable document templates which can come in handy when performing technical assessments of an IT infrastructure. This article cannot possibly cover all technical audit scenarios and is not exhaustive of possible use cases. It only provides basic information to provide a starting point for reference. It is up to you to expand this baseline to create your own unique technical audit toolkit and procedures.

Solution #

Carry out the following steps.

• Let your customer fill-in an IT technical assessment questionnaire before you visit them on-site, so that you have a good idea of what to expect and how to prepare yourself accordingly.
• Carry out short interviews with all personnel in key positions, so as to understand their application workflows and business processes, as well us get an insight of their primary pain points which you should aim to fix as part of your engagement.
• Upon your first visit, take notes and take photos of all IT infrastructure locations / data rooms / data centers / racks.
• Start from the network design and interconnections. You need to understand at high-level what network traffic flows exist in production (From/To Internet and Cloud providers, From/To private networks outside the company premises, VPN/MPLS traffic and purely internal traffic).
• You need to understand how many and which ISP connections the customer has and what each ISP connection is used for in production. Connection types could be xDSL, 4G/5G or other wireless or satellite technology, cable, FTTH/FTTC, VPN Internet, VPN MPLS or any other type applicable in your scenario. There may be multiple ISP lines active at the same time, either in active/passive or active/active configuration.
• Run an IP scanner tool and network discovery tool to identify all nodes which are active in your IP network. There may more than one IP network segments available. In this case, request for a IP network diagram and take note of all available subnets and VLANs. Work with the networking team to better understand the customer's network. Some notable IP scanner and network discovery tools are the following:
  • Advanced IP scanner
  • Angry IP scanner
  • Auvik
  • Opmantek
  • Device42
  • Qualys SSL labs
  • OpenVAS
  • Pen-test tools
• Based on the aforementioned network discovery, make a list of passive and active networking components. Some examples include the following:
  • Horizontal and vertical cabling
  • Patch panels
  • Network Interface Cards (NIC)
  • Switches
  • Routers
  • Firewalls
  • VPN concentrators
  • Network virtual appliances (NVA), including layer 7 application delivery controllers and SD-WAN devices.
  • Servers
  • Workstations
  • Mobile devices (laptops and phones)
  • Other devices (for example printers, scanners, peripherals, security cameras, alarm systems, etc).

• If there are any non-IP networks in use (e.g. in industrial environments where a lot of Internet Of Things - IoT - devices may be deployed) talk to the networking team to understand integrations of non-IP with IP networks and the capacity and operations of any non-IP networks.
• Run a discovery of VoIP and PBX systems.
• Run a discovery of all storage-related devices.
• Run a discovery of all backup-related devices.
• Create a list of all active Cloud-based applications and systems and document the way there are integrated with the on-premise systems.
• Document the hardware and operating system specifications of all servers and workstations by running the hwinfo or openhardwaremonitor tool.
• If you have a hypervisor, make use of available tools to document the existing hypervisor configuration. You can consult my KB article on how to deploy a Hyper-V cluster using Powershell. This KB article includes useful Powershell cmdlets to use when auditing an existing Hyper-V cluster. A similar script should be created for any additional hypervisor technology, such as VMware VSphere, Citrix Hypervisor, Proxmox, KVM or Nutanix.
• Create an inventory of software applications running on all servers and workstations. In the case of Windows, you can make use of the following Powershell cmdlet to document all installed apps on every Windows system.

Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName
#Get Windows installed apps
$InstalledSoftware = Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall"
foreach($obj in $InstalledSoftware){write-host $obj.GetValue('DisplayName') -NoNewline; write-host " - " -NoNewline; write-host $obj.GetValue('DisplayVersion')}

• Document application traffic flows. This can be a challenging task and will most likely involve speaking with the application Subjet Matter Expert (SME) and/or the application software vendor support team.
• Document your findings and deliver an IT infrastructure audit report and gap analysis, as explained in the "Case" section of this KB article. Creating architecture diagrams with software such as cloudcraft, cloudmaker and draw.io is highly recommended for maximum impact.

In all cases and scenarios, always bear in mind that you should plan first before executing any change in a production environment. Test in a lab, plan sufficiently and evaluate the results of a system-wide change in production. Your preparation and planning time should be 60-70% of your effort and the actual execution should be 30-40%.