Getty Images
Best practices for network documentation and auditing
Network documentation helps enterprises resolve problems more quickly and create more reliable networks. But documentation needs to include various components to be effective.
One of the most important aspects of administering a network is to conduct frequent network documentation updates and auditing. These steps provide a centralized representation of an organization's network, which is a critical component in delivering against business goals.
Network admins should document some basic parts of the network: LAN software, LAN hardware, network diagrams, usernames (ID numbers) and network numbers.
Benefits of network documentation
Network documentation provides several potential benefits, according to Abinet Girma Abebe, senior network engineer at SICE Canada Inc., in Toronto. Some of those benefits include the following:
- The process enables IT teams to fix known problems that occur repeatedly in a timely manner without having to do extensive research into the problems.
- Network documentation can be used as a source of knowledge from past employees, as well as help in the training, integration and onboarding of new personnel.
- It helps the organization achieve network consistency by having every team member follow certain desired processes and procedures that are tried, tested and documented.
- It can reduce mistakes that result from network outages.
How to document the network
When beginning the process of network documentation, teams should first create policy and guidelines that specify what to include in the documentation. They can then include a brief introduction about the network, looking at topology, business requirements and other factors.
Next, teams should outline the various details within the documentation, which includes different components, Girma Abebe said. The major components network teams should include in documentation are the following:
- high-level design, or HLD;
- low-level design, or LLD;
- final document that shows how the network was built (as-built);
- device inventory;
- IP schema;
- IP address management;
- topology diagrams (physical/logical);
- methods of procedure;
- company network security policy; and
- firmware and software.
All these components can't be included in a single document. Further, everything likely won't be stored in writing only. So, an organization may need to use different tools to store this information. To manage IP address and device inventories, network teams commonly use different tools depending on the company's preference, Girma Abebe said. He recommended using automated tools for discovery and maintenance.
"From my experience, network documents that are kept in writing are stored in shared folders in remote file servers, which are part of the Active Directory domain," Girma Abebe said. "These documents are easily available for everyone, and access can be allowed or restricted based on domain policies. But I believe they lack version control."
Instead, Girma Abebe suggested teams use Git and store documents on GitHub and GitLab, which provide more version control and collaboration.
Finally, whenever teams make changes, they should update document names to reflect the date, month and year of the update. The updated documentation should also include a version number.
Network diagrams
Documenting a network typically involves creating a diagram that illustrates how an organization's servers, routers and switches are connected. This diagram serves as a network blueprint and usually accounts for both physical and logical connections. It also reminds teams of what they've done to the network and why. The diagram should reside in storage that is distributed, redundant, secure and easy to access, according to Eric Chou, principal engineer at A10 Networks.
Abinet Girma AbebeSenior network engineer, SICE Canada Inc.
Teams should update the network documentation as often as possible, especially when they introduce a new component or process. Network pros should review maintenance, network compliance and security policy documents at least once a year, Chou said.
Network cabling documentation
Organizations should also conduct network cabling documentation as part of the overall diagram. This process shows the physical path cables take throughout the network and how devices and endpoints are interconnected. This documentation is invaluable in data security and privacy assessments, as well as regulatory compliance.
Network auditing
Before an organization can begin the process of conducting a network audit, it must first inventory what is on the network. An inventory includes collecting host identification information, such as IP addresses, network interface card (NIC) hardware addresses and DNS entries for all network nodes.
Some of the most important benefits of network auditing are it provides an organization with insights on where security vulnerabilities may lie and aids in risk management assessment reviews. Network professionals should be aware that this information may be on hand in most environments but often contains errors. In most cases, NIC information and media access control addresses won't be recorded.
By conducting an inventory review before starting an audit, organizations can verify information they have on hand and resolve inconsistencies that may be revealed.
Often, network teams don't emphasize network documentation enough, although they understand its benefits, Girma Abebe said.
"We are often focused on solving the current problems and meeting our immediate target needs, so sometimes, there is a tendency to consider it as time wasted," Girma Abebe said. "We should reject this mentality and consider it a critical component of our daily job. Network documentation needs to be clear and simple, updated and version-controlled, and available for everyone responsible."