As a managed service provider, you’re used to an interrupt-driven workflow—when something’s broken, your client expects you to fix it.
But there are also routine network maintenance tasks you can perform to keep ahead of potential issues. Being proactive with your network maintenance generally leads to fewer tickets and greater client satisfaction.
- Keep an eye on the network firmware
When you get down to it, networking devices like routers and switches are simply computers—just with a ton more ports. And like computers, they run software that’s susceptible to bugs and security threats, and they suffer from feature rot when they’re not updated to the latest code.
There are many examples of network gear needing firmware upgrades to patch nasty security holes that can (a) compromise the network device itself, and (b) potentially compromise devices connected to that network device (i.e., your client’s endpoints).
Take advantage of any automation that might be available for firmware updates. You might be able to schedule automatic upgrades during off-hours, or request notifications of new firmware from the device itself or the vendor’s support website.
If you’ve standardized hardware deployments across your client base, make it a point to check on firmware updates every few weeks.
- Perform network capacity planning
Consumer appetite for bandwidth these days is insatiable. As more services become cloud-based and each service becomes increasingly interactive and data-rich, the load on the network—and the bandwidth required to support a user—increases.
Watch for potential bottlenecks at every layer within your client networks. Common bottleneck points in the network include:
- Trunk links between switches
- Uplink from the core switch to the firewall
- The ISP-provided WAN connection from the local network out to the Internet
- Access point capacity
- Radio (802.11) and client capacity
- Backhaul / uplink capacity
Tips and tricks to stay ahead of the curve here
- Commit to an acceptable peak utilization across all network devices. Configure your RMM tool to alert you when this threshold is crossed.
- Plan what you’ll do to reduce such utilization. You might:
- Set up an additional uplink between your switches (you can use a port-channel or link aggregation)
- Engage the ISP providing WAN connectivity to upgrade the speed of the Internet connection. Sometimes if a line is maxed out, an ISP will recommend an additional link. Your firewall can then be configured to load balance traffic across the two connections. This serves as a form of redundancy as well.
- Use tools like your firewall’s traffic visualizer, a NetFlow analyzer, or packet capture against a workstation to understand what your users and devices are doing. Get answers to questions like:
- What are the most common applications that client employees are using? Is there any data that can be cached locally to prevent WAN congestion?
- Is there any evidence to suggest users are accessing infrastructure for activities other than work?
- Are there activities, like recurring backups, that can be shifted to off-peak hours?
- Keep an eye out for unknown devices
Routinely review what devices, device types, and vendors you expect on each client’s network. Know their industry. A client in the healthcare sector is going to have different types of gear than a client practising law.
If something looks suspicious, action it as part of your next follow-up with the client.
- Review and harden the network’s configurations for stability
No one likes for their clients to start messing with the IT infrastructure—like bringing in an unmanaged switch or a consumer-grade access point so they can connect multiple devices to corporate Wi-Fi.
Where possible, harden the network to only allow the devices you and your customer’s CIO expect to be on the network. This might be an IP phone and workstation combination for each employe, or maybe just a workstation if voice is handled through a softphone or cellphone.
Consider setting up MAC address limits per switchport. Enable PortFast, BPDU guard, storm control, and equivalent features to prevent unsanctioned devices being plugged into your infrastructure from taking the network down.
- Do regular security and credential reviews
People come and people go. Sometimes passwords are never changed from the default. Sometimes they’re so weak they can be guessed by malicious actors with a bit of intuition and automation.
Consider a quarterly credential review to make sure access to customer devices isn’t in the wrong people’s hands.
Standard best practices for online banking or social media websites apply, such as generating complex passwords that aren’t easily guessable. Use a proper multi-tenanted (for each client) password management tool to securely store credentials and share them safely. Use RMM tools that allow for blind logins to devices for users with the appropriate role.
There’s more than one way to extract information from a network device. For example, someone can typically gain a lot of basic information on how a network device is configured just by doing an SNMP walk against the device. They don’t need login credentials to the device’s web GUI or CLI. In many cases, SNMP can also be used to make configuration changes to devices.
So it’s critical that devices are locked down as much as possible to prevent unauthorized users. Use non-standard community names and choose SNMPv3 over its predecessors when you can.
And make sure your credential management process applies to all services that could be used to extract from, or alter configurations on, a device.