Sample Operations Procedure Outline manual

Listed below is an example Operations Procedure Outline manual:

Introduction
Describe the purpose of this document. Identify the audience of the document and explain how the document should be used. Document Distribution List List the sites and personnel who should have a copy of this operations manual. When changes are made to the document, the updated version will need to be forwarded to the members of the distribution list. Document Change Process Describe the process that will be followed to keep this document current. Include the following:

When a change is made to the environment, how will the documentation be updated? Who is responsible for the updates?

Application Overview
Provide an overview of the application. This should be a textual description of what the system is expected to do in the final production environment. It should address the following topics:

Basic functionality User population Estimated number of users and growth projections Estimated transaction volumes Peak times throughout the year Peak hours during the day Planned hours of availability User access controls and any other application security features Other system interfaces

Production Environment
This section describes the production environment and provides information about each of the application specific production environment components. Production Architecture Overview Describe the overall architecture for the application. If a diagram of the production environment is available it should be included here. Ideally, the diagram should show the layout of the network, the logical separation of software services across the servers, integration points to other systems, backend connectivity, transport protocols, and application protocols used. Production Environment Components For each of the following subsections, provide information that will assist the Operations staff in the maintenance and operation of the production environment components. If a component listed below is not applicable to your particular application, please make a note of it. Define each of the components using the following table. Describe the role of the component including, as applicable, number of components, communications, external interactions, system function, etc. Functional Description For example: Two database servers run Oracle 8.1 with the Parallel Server option for high availability and load balancing. They serve as the relational database management system for the application storing customer and transaction data. Describe the technical details of the component. Technical Description For example: Oracle 8.X for HP-UX relational database management system runs on HP N9000, Quad 360 MHz Xeon, 4GB RAM, 10GB HD, Dual Fiber Channel Cards. Describe the configuration of the component. Features/ Configuration For example: HP 9000 N-Class Enterprise Server, Quad 360 MHz PA-RISC 8500 with 1.5 MB cache, 4 GB RAM, 2 x 4.3 GB HD

2 x PCI Fiber Channel Interface, 10/100 BT Adapter Describe the software that is required for the component. Software For example: HP-UX, Oracle 8.X Enterprise Edition Describe the high-level details of the SLA for the component. Additional details may be included in Appendix C. For example: Oracle Support 24x7. See Appendix C for additional information. Provide reference information that will help with the maintenance, and monitoring of the component. Include the address of the web site where further information may be found. For example: www.oracle.com
Application Servers

Service Level Agreement

Reference Information

Describe the application servers required to run the application using the table provided.
Web Servers

Describe the web servers required to run the application using the table provided.
Database

Describe the database and database servers required to run the application using the table provided.
Networking

Describe the networking environment and protocols for the application using the table provided.
Data Storage

Describe the Data Storage requirements for the application using the table provided.
Administration/Monitoring Workstations

Describe the Administration/Monitoring Workstations for the application using the table provided.

Backup Devices

Describe the Backup Devices for the application using the table provided. Other Application Specific Components= Describe any other application-specific components that the Operations group should know about using the format from the previous sections. For example, if the application accepts on-line payments, you should describe the payment processing components.

Security
This section enables the project team to document detailed instructions on how to secure their application in the production environment. Security procedures should be documented in such a way that they highlight project specific procedures that need to be performed above and beyond the security procedures already documented in the existing Hosting Operations Guide. Server Security Configurations This section should detail any specific security software and systems in use by the application's servers. Outline the security configuration for the servers. If any server-side digital certificates need to be installed, outline the process of obtaining and configuring the certificates. Identify the personnel responsible for this configuration. Provide copies of any configuration files (if applicable) as appendixes to this document. Security Log Reviews Outline the process and agreements with respect to maintaining and reviewing specific application security log files. Identify the log files that need to be maintained, the duration of maintenance, and the personnel or groups responsible for reviewing the logs.

Describe the follow-up action that may be required after log reviews. Detail the parties responsible for the action and the relation between the hosting group and the application group. If applicable, include documents in the appendix that will serve as guidelines to the reviewing team in detecting discrepancies, break-ins, and intrusions based on the log contents. Guidelines for Access Describe the authorization rights for various types of end users and support users. Consider the following items:

All domains/groups of the application. Access rights (including physical access) of developers to production hardware and software. Access (if any) for contractors or third-party developers to the production environment. Outline their access rights to the entire production environment (including physical access to environment, hardware, software, and developed code). Access rights for customer service personnel. Detail any specific limitations to application data.

Describe the functional role for the application and the access rights for that role. The following table has been included as an example. Functional Role Operations Manager Information Security Administrator Network Engineer Network Security Administrator NT Network Administrator UNIX Network Administrator Backup Administrator Access Read only for all servers Read only for all servers. Access to all routers and switches. Has administrative rights to routers, switches, and firewall applications. Administrator for specific application server, Customer Service server, Application server, and Load Balancing server. Administrator for firewall server, RDBMS server and Intrusion Detection server. Application DLT access.

Backup Tape Courier Database Administrator Application Administrator Customer Service Representative

None. Administrator rights to Oracle database, logon to the DBMS server. Access to application servers. Access to Customer Service servers.

Account Administration Provide specific operating procedures to be used at the Hosting for managing access to the application systems and servers. This section should detail the steps required to add, delete, and modify accounts for the various hardware, network services, databases, remote access facilities and operating systems being used for the application. Please use the table provided in Appendix B to describe the user account administration procedures.

Data Center Procedures

For each of the subsections below, the project team should describe any application specific requirements that are not hosting standard practices. Refer to the standard practices identified in the Company Hosting Operations Guide when completing this section. Startup/Shutdown Explain the application specific requirements for the Startup/Shutdown procedures of this application. This may include:

Application Servers Web Servers Database Servers DNS Servers Data Storage Monitoring Workstations Backup Systems Server Processes

Job Scheduling

Explain the application specific requirements for the Job Scheduling procedures of this application. Describe any jobs that your application needs to have scheduled. Monitoring & Logging Document the application specific requirements for the monitoring and logging processes of this application. Explain the performance monitoring and logging, the database logging and the application logging. Include all information that will help the operations staff successfully monitor the application. Load Balancing Define the application specific requirements for the Load Balancing procedures of the application. Problem Management Document the Problem Management application specific requirements for the application. Problem Management consists of application support and the organization and processes used by the support center. If employing a Problem Management system outside of the Company Hosting Services, the project team must define their application support system in full detail including the support team organization, the problem resolution process and call list, and escalation details from the support center to the Company Hosting Services. Change Management Document the application specific Change Management requirements for the application. Provide the names and contact information for people who should be involved in the Change Management process. Vendor Management Describe any application specific requirements for the Vendor Management processes that apply to the application. Include specific vendors (hardware, software, services, etc) utilized for the operation and support of the application and the service level agreements defined for them. Refer to Appendix C, Service Level Agreements, for additional information. Backup/Restore Procedures for Application Components

Describe any application specific requirements for the Backup and Restore procedures that apply for all production environment components. Include detailed steps on how to conduct the backup and restore and the location of the backup and restore files for any exception cited. System Maintenance Describe any application specific requirements for the System Maintenance procedures that apply to the application. This may include exceptions to the scheduling of server reboots, testing and cleaning tape drives and any activities involving network administration that directly affect the system. Print Services Explain any Print Services procedures for this application such as batch print jobs. Failure Describe any required exceptions to the hosting failure procedures that apply to the application for all production environment components including:

Application Servers Web Servers Database Servers DNS Servers Data Storage Monitoring Workstations Backup Systems

Appendix A - User Account Setup Process & Access Rights

User Account Setup Use the table below to define the system user account setup process in detail. Action Definition Responsible Party List the action for which this process applies. Provide a description and an overview of the procedure. List all the individuals who are responsible for the action. Identify the owner who is responsible for the process in bold text. The owner should be the person who initiates and

oversees the process. Required Approval/ Prerequisites Trigger Process Ramifications Closure Comments/Notes For example: User account setup process Action Definition Responsible Party Required Approval/ Prerequisites Trigger Process Open a database account Add a login ID and password for a new user to access the Sybase database. Information Security Manager (ISM) Approval is required from the Project Manager (PM). The user should be a full-time member of the development team (no contractors). User requests access to the database. 1. User asks the PM for access to the database. 2. PM approves and forwards the request to the ISM 3. ISM creates the account The database contains confidential data, as such, the user is privy to the same. The user is able to access the database. The access is temporary and needs to be revoked at the end of the module build cycle. Identify the person whose approval is required before the action may be performed. Also list any preconditions that must be met. Identify the event that necessitates the procedure. Provide a detailed list of the steps necessary to complete the procedure. Describe the possible implications of an unsuccessful completion of the procedure. Identify the event that signals the completion of the procedure. Document any additional information that may be helpful.

Ramifications Closure Comments/Notes

Access Rights Define the access rights for each system user, user group or domain. User/Group/ Domain Name System Access Rights Access Timeframe Comments/Notes For example: Access Rights User/Group/ Domain Name System Access Rights Access Timeframe Comments/Notes Database Team Oracle database on Server Three (Solaris) Read Write No Table modifications allowed Access should be allowed for the duration of the development. Should be revoked before the system goes into production. Get Project Manager approval for new user additions to the list. Identify the system user, the user group or the domain. Identify the system for which the access rights apply. Describe the access rights. Describe the period of time for which the access rights apply. Provide any additional information that may be helpful.

Appendix B - Service Level Agreements

Include information on all Service Level Agreements for the application. Include application specific software and hardware maintenance agreements as well as service oriented vendor agreements (i.e. Development contractors).
Component Application Servers Element Vendor SLA Description Technical Support Contact Period Covered

Web Servers

Database

Security

Networking

Reporting Engine

Legacy Interfaces DNS Server Data Storage Administrative/Monitoring Backup Devices Service Vendors

Appendix C - Contact Matrix

Provide contact information for the business personnel who are associated with the application. EName</font Position</fon Telephone</fon Mobile</font Pager</font mail</font > t> t> > > >

Appendix D - Software Versions List

Complete the matrix below including all software used by the application. Software List the software used by the application. Version List the version of the software.