7 Steps to a Comprehensive Network Assessment with Auvik

Performing a comprehensive network assessment is a crucial part of managing any IT infrastructure. As networks grow and evolve, it’s important to periodically analyze their health, security, performance, and capacity to identify issues before they cause major disruptions.

Let’s take a more detailed look at what a network assessment is, why it’s important, and seven critical steps to ensure it’s done right.

What is a network assessment?

A network assessment is a thorough inspection and analysis of an organization’s network infrastructure to evaluate its overall health, security, and ability to support business objectives. The goals are to:

• Identify any vulnerabilities or misconfigurations that pose security risks
• Uncover performance issues impacting users
• Assess capacity and plan for future growth
• Ensure proper network hygiene and best practices are followed

The assessment provides a snapshot of the current state of the network and highlights areas in need of improvement. It gives organizations visibility into problems affecting network operations and guidance for enhancing performance, stability, and security.

The scope of a network assessment can cover factors like:

• Device inventory and configuration
• Traffic flow patterns and utilization
• Availability and redundancy mechanisms
• Routing and switching performance
• Wireless coverage and capacity
• Security policies and controls
• Management and monitoring capabilities

Approaching network assessments methodically using the right network assessment tools lays the foundation for a successful engagement that delivers value.

Why network assessments are critical

Regular network assessments provide enormous benefits for both MSPs and their clients by maintaining optimal network health and performance.

For MSPs, network assessments:

• Demonstrate value to prospects and clients
• Uncover opportunities for additional projects and services
• Build trusted advisor relationships through expertise
• Keep client networks running smoothly to prevent issues
• Identify needs for upgrades to maintain performance
• Ensure client networks are secure and compliant

For clients, network assessments:

• Pinpoint issues affecting network and application performance
• Identify security vulnerabilities before they can be exploited
• Provide visibility to make informed decisions on upgrades
• Help capacity planning as organizations grow
• Ensure networks meet regulatory compliance requirements
• Reduce the risk of outages that impact business operations

When performed regularly, assessments maximize network uptime, performance, and security, in turn delivering immense value for MSP clients. They should be a core component of a solid MSP service offering, providing proactive insights before problems arise.

Download our free Network Assessment Report Template to present findings and recommendations to clients.

When to conduct a network assessment

There are several instances where it’s appropriate to perform a network assessment.

1. Onboarding a new client: A network assessment report can help establish the partnership and set client expectations.
2. Experiencing a lack of network visibility: Network assessments and reports serve as investigative tools to gain a better understanding of the existing network.
3. Noticing changes in network performance: If systems are not functioning as expected, it’s important to investigate and identify the underlying issues.
4. Implementing major network changes: For instance, when introducing new services or migrating data from on-premises to cloud-based systems.
5. Needing cost reduction: A report can help identify cost-saving opportunities, such as optimizing underutilized resources.

By conducting network assessments and creating comprehensive network assessment reports, MSPs can ensure effective network management and meet client requirements.

How to conduct a network assessment

Conducting a successful network assessment requires methodically going through several key steps.

Here’s a network assessment checklist you can use as a starting point:

Step 1: Deploy a network management system

Deploying the right network management system is crucial for getting the visibility and data you need to thoroughly analyze a client’s infrastructure. Modern systems can automatically discover and document network environments, saving you tons of tedious manual work.

The key is finding a platform that can do the following:

• Automatically map out network topology, devices, and relationships between them, eliminating the need to document everything manually.
• Continuously collect detailed performance metrics for historical trend analysis. This data is valuable for capacity planning.
• Analyze device configurations and compare them to best practices to help identify vulnerabilities and optimization opportunities quickly.

With the right system, assessments become much faster and more effective, eliminating a significant amount of tedious work that can be automated.

Auvik is a great example of a modern network management platform that does all this and more. It uses protocols like SNMP to connect to devices without installing agents, then starts mapping topology and collecting data within minutes.

The visualization tools make it easy to understand discovered infrastructure and device relationships. For instance, the topology map validates connectivity between sites, spots single points of failure, and evaluates redundancy.

Auvik stores granular performance metrics over time so you can see historical trends for capacity planning. It also tracks and archives configuration changes to give you audit trails.

The built-in analysis uses an extensive database of established best practices to identify potential vulnerabilities and recommend improvements in security, redundancy, and performance.

💡Pro tip: Take advantage of Auvik’s centralized credential storage to easily deploy across multiple devices. It keeps all client credentials organized and secure in one place!

Step 2: Document existing infrastructure

Once you have a management system deployed, the next step is leveraging it to thoroughly document the existing infrastructure. This establishes a baseline for comparison in future assessments.

Take the time to build out complete device inventories, map network topology, record configurations, and validate connectivity between infrastructure components. Compare your discoveries against expectations, noting any variations or undocumented assets found.

Having an accurate baseline is crucial for tracking how the infrastructure evolves over time during subsequent assessments. It enables things like:

• Identifying unauthorized or stale assets that should be removed
• Illustrating growth trends in the device inventory
• Detecting topology changes and network modifications
• Troubleshooting connectivity or capacity issues by comparing to the baseline
• Auditing configuration changes over time

With Auvik, the network topology maps provide powerful visualization to understand dependencies and relationships between devices. All the detailed data the system collects, like hardware inventory specs, routing tables, and interface properties, helps thoroughly document the as-built network. Auvik automates this topology mapping, meaning that documentation stays up to date no matter how fast your network changes. 

Auvik’s robust searching, filtering, and exporting capabilities make it easy to explore inventory data. Device configurations are fully archived and tracked, enabling deep historical config analysis. Integrations with services like RapidFire Tools combine network data with broader IT asset details.

💡Pro tip: Build saved views and worksheets in Auvik focused on key segments like the LAN topology or WAN edges. Use Auvik’s view sharing to easily distribute the important baseline documentation.

Step 3: Assess capacity, performance, and utilization

Getting visibility into current network performance and usage is crucial for identifying bottlenecks and capacity planning. The right network management system makes this easy by collecting granular metrics automatically.

You want to analyze trends for things like port utilization, CPU, and memory usage to see if any devices are overworked. Checking traffic flow by application gives insight into usage patterns so you can shape and prioritize traffic intelligently.

For wireless networks, monitor metrics like client counts, interference, retry rates, and coverage area to gauge Wi-Fi capacity. In wired networks, be alert to the potential for broadcast storms, which can cause significant disruptions by overwhelming the network with excessive traffic. A historical analysis across both network types will highlight usage spikes and let you compare them to a baseline.

Consider focused assessments on key areas:

• Internet circuit utilization
• Backbone bandwidth capacity
• Traffic segmentation by network/VLAN
• Critical business application performance
• Wireless infrastructure capacity

With a system like Auvik, you get a continuous collection of detailed device and network metrics. The visualization tools make it easy to spot trends and application usage for capacity planning and troubleshooting.

Auvik retains historical performance data for comparison to baselines over time. Alerts can automatically notify teams about unexpected usage spikes. In essence, Auvik eliminates the manual grunt work by automatically collecting and analyzing network metrics. This frees you up to focus on interpreting the data and identifying optimization opportunities.

💡Pro tip: Check capacity during peak usage times. Trends around the start/end of the week and core business hours often uncover hidden bottlenecks.

Step 4: Analyzing network device configurations

Taking a deep dive into the configurations and settings of your network devices is crucial for you to optimize performance and identify any vulnerabilities. You’ll want to thoroughly review configurations and compare them to best practice templates and industry standards. This helps you determine compliance risks and opportunities for improvement.

8 ways to analyze configs

Here are some key areas you should focus on when analyzing configurations.

• Access control lists and firewall policies: Review the ACLs and firewall rules in place. Do they restrict unauthorized traffic and unnecessary access? Tighten things up if needed.
• Network segmentation and subnetting: Assess the network segmentation and subnet sizing. Are the broadcast domains too big? Tweak things to enforce tighter access controls.
• Protocols and services enabled: Look at what’s enabled across devices. Is there anything on there that’s risky or unnecessary? Shut down unused protocols and services.
• Authentication mechanisms: Check the authentication methods used, like SSH keys, RADIUS, and TACACS+. Make sure access control is secured.
• Redundancy protocols: Validate that protocols like HSRP and VRRP are configured correctly for failover. You don’t want surprises when something happens.
• Switch configuration: Examine switch configurations to ensure spanning tree and similar protocols are properly set up to avoid network loops. 
• SNMP and management settings: Is SNMP using the most limited, secure access possible? Disable any unneeded management protocols.
• Routing protocols and path manipulation: Verify routing is securely configured and route info protected.

Avoid relying on periodic “point in time” snapshots. You’ll get more value tracking configuration changes over time. This helps you detect modifications that increase performance and security risks.

Tools like Auvik automatically analyze device configs using a large database of best practice checks that stay up to date. It tracks all changes, too, creating audit trails of modifications.

Auvik makes it easy to benchmark against comprehensive frameworks like the NIST Cybersecurity Framework to define security baselines. Plus, comparison reports highlight the differences between sites or over time.

💡Pro tip: Pay special attention to configurations on Internet-facing systems like firewalls and remote access VPNs, which pose the highest risk if misconfigured.

Step 5: Evaluate fault tolerance and disaster recovery

Assessing existing redundancy and failover provisions across your infrastructure is crucial to mitigate the risks of downtime caused by network failures or disasters.

So, consider taking time to review your configurations on routers, switches, firewalls, and load balancers. You’ll want to validate that availability protocols like HSRP, VRRP, ether channels, and spanning tree are properly configured. Look for single points of failure in the topology that increase risk.

Also, analyze WAN edge architectures for redundancy mechanisms like multiple ISP links, SD-WAN, or active/passive VPN concentrators. Verify backups and redundant power exist for critical systems.

Compare your current solutions against frameworks like the Cisco SAFE reference architecture to identify strengths and weaknesses. Check for things like:

• Redundant devices for network cores
• Fully meshed WAN topology
• Alternate paths for traffic re-routing
• Dual power supplies and environmental controls

Document any deficiencies you find that could increase downtime risks. You should also schedule controlled failover tests to validate redundancy capabilities.

Tools like Auvik analyze configurations to confirm your redundancy protocols align with best practices. For example, you can analyze availability trends to quickly discover problematic assets. Auvik can also detect failover events by monitoring interface and routing changes, validating redundancies function as intended.

The historical reports will show you network uptime over time and the root causes of issues, helping improve redundancy implementations going forward.

💡Pro tip: Consider scheduling periodic disaster recovery tests that simulate various failure scenarios. This will validate that redundancies protect critical systems when you need them most.

Step 6: Identify security vulnerabilities

Modern networks face continuous threats from vulnerabilities in software, devices, and configurations that can be exploited. So, it’s crucial that you assess your network’s exposure.

• Review firmware versions and patch levels across infrastructure to identify any outdated or vulnerable versions.
• Scan networks for devices running insecure protocols, services, or applications that increase the attack surface.
• Analyze configurations for insecure authentication mechanisms like plain text, default credentials, and weak passwords.
• Evaluate firewall rules, access control lists, and network segmentation for potential backdoors.
• Check for logging and integration with central SIEM/monitoring tools.

Use frameworks like the CIS Top 20 Critical Security Controls to structure assessments with a risk-based approach. Also, generate reports to summarize your findings and prioritize next steps. 

Auvik integrates leading vulnerability scanning products like Rapid7 and Qualys to uncover software and configuration risks across infrastructure. You can conduct password audits and access analysis to gain additional insights. 

Auvik also keeps firmware versions updated, enabling you to quickly identify assets that need patching. Furthermore, the dashboards illustrate your exposure levels over time, while recommendations help guide your remediation efforts based on severity.

💡Pro tip: Schedule regular external penetration testing engagements to simulate real-world attacks against infrastructure from an outside perspective.

Step 7: Establish a baseline and present recommendations

The assessment produces a baseline that shows the current state of the network while also pointing out what areas need to be improved. Present your findings in a network assessment report that includes the following:

• Documentation of existing infrastructure components and topology

• Analysis of capacity, performance, and utilization
• Overview of vulnerabilities and configuration risks identified
• Lack of redundancy across critical systems
• Prioritized recommendations with remediation guidance
• Network topology diagrams and visualizations

It’s vital that you translate technical details into actionable business context to show the relevant parties why implementation is essential. Also, make sure to provide a roadmap of quick wins and long-term initiatives to enhance operations, uptime, efficiency, and security. The quick wins will help make the long-term initiatives seem more palatable. 

Use the assessment to guide continuous monitoring moving forward rather than a pure point-in-time engagement. If you want to maintain optimal network health, then you must be vigilant constantly. 

With Auvik, you can create branded reports that contain network topology visualizations, custom data analysis, and detailed recommendations. You can also include network trends and historical data to provide supporting evidence.

💡Pro tip: Schedule follow-up working sessions to walk stakeholders through report findings in more depth. This builds buy-in for implementing your recommendations.

Download our free Network Assessment Report Template to effectively present your findings and recommendations to clients in a way that will gain buy-in more easily.

Deliver peak performance through network assessments with Auvik

Performing regular network assessments provides tremendous value for managed service providers and their clients. By taking a proactive approach to evaluating overall network health, performance, and security, you can catch issues before they cause your clients major business disruptions.

For MSPs, assessments are a chance to showcase your expertise, uncover new revenue opportunities through identified projects, and strengthen client relationships by being a trusted advisor. Your clients benefit from optimized networks that meet compliance needs and support the growth of their organizations.

With tools like Auvik, assessments can become an automated, continuous process rather than manual one-offs. Key network metrics and configurations are constantly validated against best practices, so problems are rapidly detected before impacting operations.

Instead of periodic check-ups, you gain complete network visibility at all times. This allows you to maintain optimal performance and quickly respond to new issues as they emerge.

Ready to take your managed services to the next level by transforming network assessments?

Start a free trial of Auvik today to showcase your value as an MSP and keep your clients’ networks running like clockwork.