cleanup
This commit is contained in:
18
Processes/2fa.md
Normal file
18
Processes/2fa.md
Normal file
@@ -0,0 +1,18 @@
|
||||
# TSYS Group - IT Documentation - Processes - 2fa
|
||||
|
||||
- [TSYS Group - IT Documentation - Processes - 2fa](#tsys-group-it-documentation-processes-2fa)
|
||||
- [Introduction](#introduction)
|
||||
- [Applications](#applications)
|
||||
|
||||
## Introduction
|
||||
|
||||
This section is to document 2fa at TSYS.
|
||||
|
||||
|
||||
## Applications
|
||||
|
||||
| Application | 2fa supported | 2fa enforced | 2fa documentation from vendor | 2fa enable page |
|
||||
| ----------- | ------------- | ------------ | ----------------------------- | --------------- |
|
||||
| Discourse | Yes | No | tbd | tbd |
|
||||
| Bitwarden | Yes | Yes | tbd | tbd |
|
||||
| Opnsense | Yes | Yes | tbd | tbd |
|
||||
1
Processes/MoveToProduction.md
Normal file
1
Processes/MoveToProduction.md
Normal file
@@ -0,0 +1 @@
|
||||
# Processes - Move To Production
|
||||
81
Processes/NewTeamMemberOnboarding.md
Normal file
81
Processes/NewTeamMemberOnboarding.md
Normal file
@@ -0,0 +1,81 @@
|
||||
# TSYS Group - IT Documentation - Processes - New Team Member Onboarding
|
||||
|
||||
- [TSYS Group - IT Documentation - Processes - New Team Member Onboarding](#tsys-group-it-documentation-processes-new-team-member-onboarding)
|
||||
- [Introduction](#introduction)
|
||||
- [Proces Overview](#proces-overview)
|
||||
- [All users](#all-users)
|
||||
- [R&D users](#r-d-users)
|
||||
- [HR tasks](#hr-tasks)
|
||||
- [Invite user to Discord](#invite-user-to-discord)
|
||||
- [Inform TSYS point of contact of persons real name and Discord handle](#inform-tsys-point-of-contact-of-persons-real-name-and-discord-handle)
|
||||
- [IT tasks](#it-tasks)
|
||||
- [Application Access](#application-access)
|
||||
- [System Access](#system-access)
|
||||
- [Facillites Access](#facillites-access)
|
||||
- [R&D access](#r-d-access)
|
||||
- [Other tasks](#other-tasks)
|
||||
|
||||
- [Introduction](#introduction)
|
||||
- [IT tasks](#it-tasks)
|
||||
- [Application Access](#application-access)
|
||||
- [System Access](#system-access)
|
||||
- [Facillites Access](#facillites-access)
|
||||
- [R&D access](#r-d-access)
|
||||
- [HR tasks](#hr-tasks)
|
||||
- [Other tasks](#other-tasks)# TSYS Group - IT Documentation - Processes - New Team Member Onboarding
|
||||
|
||||
## Introduction
|
||||
|
||||
On-boarding is an often overlooked and under documented aspect at companies ranging from startups to established multi national corporations.
|
||||
|
||||
We are starting things off right and are in the process of establishing a streamlined on-boarding process. More to come soon, as we work out the
|
||||
final bugs!
|
||||
|
||||
|
||||
## Proces Overview
|
||||
|
||||
### All users
|
||||
|
||||
* Invite user to Discord
|
||||
* Create user account in UCS
|
||||
* Send initial UCS username/ppassword via discord DM
|
||||
* Have user change password at https://accounts.knownelement.com
|
||||
* Once user has changed password, add them to appropriate UCS groups
|
||||
|
||||
### R&D users
|
||||
|
||||
* Create wireguard config with algo for any user systems
|
||||
* Send user a discord DM with the algo config / QR
|
||||
* Have user import TSYS Root CA certificate
|
||||
|
||||
|
||||
## HR tasks
|
||||
|
||||
### Invite user to Discord
|
||||
|
||||
* Document process
|
||||
|
||||
### Inform TSYS point of contact of persons real name and Discord handle
|
||||
|
||||
* Document process (erpnext workflow)
|
||||
|
||||
|
||||
## IT tasks
|
||||
|
||||
### Application Access
|
||||
|
||||
- LDAP Groups
|
||||
- Application ACLs
|
||||
|
||||
### System Access
|
||||
|
||||
- Wireguard
|
||||
- SSH key management
|
||||
|
||||
|
||||
### Facillites Access
|
||||
|
||||
### R&D access
|
||||
|
||||
|
||||
## Other tasks
|
||||
125
Processes/PFVRunbook.md
Normal file
125
Processes/PFVRunbook.md
Normal file
@@ -0,0 +1,125 @@
|
||||
# TSYS Group - HQ data center documentation - runbook
|
||||
|
||||
- [TSYS Group - HQ data center documentation - runbook](#tsys-group-hq-data-center-documentation-runbook)
|
||||
- [Introduction](#introduction)
|
||||
- [Prerequisites and requirements](#prerequisites-and-requirements)
|
||||
- [Scenarios](#scenarios)
|
||||
- [Power lost and internet access isn't working after power is restored](#power-lost-and-internet-access-isn-t-working-after-power-is-restored)
|
||||
- [UPS battery fails](#ups-battery-fails)
|
||||
- [Air conditioning fails (E5 error)](#air-conditioning-fails-e5-error)
|
||||
|
||||
## Introduction
|
||||
|
||||
This book covers recovery scenarios for PFV. It is meant to be executed inside the PFV server room.
|
||||
|
||||
|
||||
## Prerequisites and requirements
|
||||
|
||||
* Be in the PFV server room
|
||||
* Have a headlamp so your hands are free
|
||||
* Go slow and easyo
|
||||
* Ask for help
|
||||
* Lift up the cardboard on rack3 (bottom rack of the two half racks next to rack 5), so you can press buttons on the Keyboard/Video/Mouse (KVM) switcher
|
||||
|
||||
|
||||
## Scenarios
|
||||
|
||||
|
||||
### Power lost and internet access isn't working after power is restored
|
||||
|
||||
The Virtual machines are set to automatically start on boot of the virtual server hosts. However the virtual server hosts boot faster than the storage hosts.
|
||||
So a manual intervention is needed to restore service.
|
||||
|
||||
Procedure:
|
||||
|
||||
Step 1)
|
||||
|
||||
Ensure that storage enclosures are at the login prompt. You'll be confirming two systems:
|
||||
|
||||
* pfv-stor1
|
||||
* pfv-stor2
|
||||
|
||||
The buttons on the KVM switcher with the label
|
||||
|
||||
* s1
|
||||
* s2
|
||||
|
||||
will show you the output from pfv-stor1/pfv-stor2 respectively (on the monitor sitting on top of the UPS rack)
|
||||
|
||||
* Press the button with the label s1
|
||||
* Look at the monitor
|
||||
* Ensure it's at a login prompt.
|
||||
|
||||
* Press the button with the label s2
|
||||
* Look at the monitor
|
||||
* Ensure it's at a login prompt.
|
||||
|
||||
Step 2)
|
||||
|
||||
Restart pfv-vm1
|
||||
|
||||
Procedure:
|
||||
|
||||
1) reboot the system labeled pfv-vm1:
|
||||
|
||||
* Press the button on the KVM switcher labeled v1
|
||||
* quickly press and let go of the power button (just tap it and release). This will start a shutdown of the system.
|
||||
* wait for power off and observe the output on the monitor . It will print out status as it shuts down.
|
||||
* Press the power button and let go of the power button (just tape it and release). This will start the system back up.
|
||||
* wait for power on and observe the output on the monitor . It will print out status as it starts up and will end at a login prompt.
|
||||
* wait two minutes
|
||||
* see if internet is working
|
||||
|
||||
2) start the guests by logging into the console of vm1 by typing at the login prompt
|
||||
|
||||
root
|
||||
<password from the envelope in the safe>
|
||||
|
||||
Then type: qm start 120
|
||||
This will start up the router
|
||||
|
||||
Then type: qm start 106
|
||||
This will start up the virtual private network
|
||||
|
||||
You can use the command:
|
||||
|
||||
``` qm list ```
|
||||
|
||||
to get the current state
|
||||
|
||||
You may see additional systems other than those listed below, when you run qm list. They are not critical path for production and can be started by ops team once core critical path is operational.
|
||||
|
||||
* pfv-vmsrv-01
|
||||
|
||||
root@pfv-vm1:~# qm list
|
||||
VMID NAME STATUS MEM(MB) BOOTDISK(GB) PID
|
||||
120 pfv-core-rtr01 running 2048 20.00 3786 << this is the virtual router, if it's down, nothing else will work .
|
||||
106 pfv-vpn running 2048 50.00 12814 << vpn server. No one will be able to access the network remotely if it's down
|
||||
|
||||
If the above two systems are functioning , then IT can start up the other systems remotely.
|
||||
|
||||
|
||||
|
||||
### UPS battery fails
|
||||
|
||||
Sometimes the UPS will continue to function, passing through utility power, with an active alarm.
|
||||
|
||||
Other times it will fail.
|
||||
|
||||
1) Report this to ops team as an incident, including
|
||||
* which UPS (they are labeled front/back) is having an issue
|
||||
* nature of the issue (total failure, alarm)
|
||||
* include a picture of the front which will have some information
|
||||
|
||||
2) Replace the battery
|
||||
* Access printed manual in the file cabinet in server room
|
||||
* Follow battery replacement procedure
|
||||
* Take pictures as you pull the battery pack out, to allow for easier re-wiring
|
||||
* Go to batteries plus with the failed batteries (we replace whole packs at once) and they'll sell you replacements for the pack
|
||||
* Wire pack and place into UPS
|
||||
|
||||
### Air conditioning fails (E5 error)
|
||||
|
||||
1) Shut down and unplug air conditioning unit
|
||||
2) Take air conditioning unit outside (front porch)
|
||||
3) Drain reservoir
|
||||
0
Processes/VpnUser.md
Normal file
0
Processes/VpnUser.md
Normal file
14
Processes/VulnerabilityManagmentNotes.md
Normal file
14
Processes/VulnerabilityManagmentNotes.md
Normal file
@@ -0,0 +1,14 @@
|
||||
|
||||
# Vulnerability management
|
||||
|
||||
* identify total asset base (use nmap and see if it matches librenms and resolve any discrepancies)
|
||||
* perform scans of total asset base (using openvas/lynis/ossim)
|
||||
* manage vulnerability ratings/scope
|
||||
* notify/escalate to appropriate contacts
|
||||
* address the vulns
|
||||
* report metrics (i think the apps provide built in dashboards, may need some light modification)
|
||||
|
||||
|
||||
i think ossim can do all the above ,also lynis/openvas (the three combined should provide complete coverage) (network scan/agent based combination)
|
||||
|
||||
librenms is our CMDB currently (for identifying assets/contacts). phpipam is our inventory.
|
||||
Reference in New Issue
Block a user