This checklist is for solution designs in enterprise IT when adopting software/ services/ infrastructure from third parties such as Microsoft, Amazon, Dell, etc.
Requirements
- Functional requirements with reference to section in the design that delivers the requirement
- Non-functional requirements with reference to section in the design that delivers the requirement
- Must have/ Nice to have/ Should have
Architecture
- Diagram illustrating components and relationships
Bill of materials
- List of hardware (physical/ virtual, sizing specifications)
- List of software
- List of licences
Monitoring
- Error logs
- Service monitoring
- Synthetic transactions
- Alerting
Availability
- Availability % with/without maintenance windows
Capacity
- Day 1 capacity
- Maximum capacity
- Scaling considerations (what do you need to buy/ configure/ connect)
Networking
- Bandwidth, latency, packet loss
- Firewall source/ destinations/ ports
- Forward proxy needs (proxy port utilisation/ SSL inspection limits)
- Reverse proxy needs
- DNS records (public/ private)
- Load Balancing
- VLAN
- 802.1x port security
- IP addresses
- Certificates for Https (pubic cert or private cert)
Physical considerations
Lifecycle management
- Mainstream and extended support timeframes
- Patching regularity and patching process/ tools
- Version upgrade cadence
Security
- Data sensitivity classification
- Access restrictions (which devices and from where)
- Authentication (MFA, special accounts with restrictions)
- Credential management
- Encryption at rest
- Encryption in transit
- Logging
- Security boundary definition
- Firewall requirement (client side/ network)
Disaster Recovery
- Recovery Time Objective (RTO)
- Recovery Point Objective (RPO)
- Geographic distance required
- Vendor dependence required
- DR process (automated or semi-automated)
- DR scope (all or some functions/ features)
Backup and restore
- Backup frequency and type (full or incremental)
- Backup retention
- Offsite backups
- Backup protection from distraction
- Frequency of backup testing (restore)
- Restore granularity (all or nothing, or granular options)
Licensing
- Licensing driver
- Renewal timeframes
- Agreement dependencies
Leave a Reply