On-Premises Server Administration Responsibilities

Summary

To ensure that on-premises servers comply with enterprise standards and maintain the same level of security, operational integrity, and disaster readiness as servers migrated to Azure.

Body

Objective: To ensure that on-premises servers comply with enterprise standards and maintain the same level of security, operational integrity, and disaster readiness as servers migrated to Azure.

1. Operating System Compliance

  • All on-prem servers must be running a supported operating system version.
  • Regularly verify that the OS is updated with the latest security patches and vendor support requirements.

2. Patching and Update Management

  • Apply critical patches and updates at least monthly to all on-prem servers.
  • Ensure patch management processes align with enterprise standards and are validated by central IT teams.

3. Endpoint Detection and Response (EDR) Compliance – Microsoft Defender

  • MS Defender EDR agents must be installed and configured on all compatible on-prem servers.
  • Regularly check that MS Defender EDR agents are operational and reporting correctly to the central security platform.

4. Physical Security Requirements

  • Servers must be housed in secure, access-controlled environments.
  • Physical access to server rooms must be logged and limited to authorized personnel only.

5. Hardware Maintenance and Warranty

  • Ensure server hardware is under a valid warranty or support contract.
  • Conduct regular hardware health assessments and replace components nearing end of life.

6. Disaster Recovery and Business Continuity (DR/BC) Planning

  • Maintain an updated DR/BC plan that meets the department’s requirements and aligns with the organization’s overall disaster recovery strategy.
  • Test the DR/BC plan annually and document the results for compliance.

7. Monitoring and Incident Response

  • Implement monitoring solutions to detect unusual behavior, performance issues, and potential security threats.
  • SCCM agents must be installed and configured to report system health, patch status, and other monitoring metrics.
  • On-prem servers must be included in the enterprise incident response plan and report to the centralized logging and monitoring systems.

8. Backup and Data Integrity

  • Regular backups of critical data must be performed in line with enterprise policies.
  • Ensure that backups are encrypted, validated, and stored securely, both on-site and off-site, if applicable.

9. Documentation and Reporting

  • Maintain up-to-date documentation on server configurations, dependencies, and processes.
  • Submit regular compliance reports to the central IT/security team to demonstrate adherence to these standards.

All exemptions are subject to annual review and must be renewed and approved by the central IT/security team.

Failure to meet these responsibilities may result in re-evaluation of the exemption status and potential migration to Azure.

Details

Details

Article ID: 678
Created
Thu 8/22/24 2:20 PM
Modified
Thu 8/22/24 2:20 PM