How to Map IT Assets on Your Network with Your Employees
IT, Employees, Productivity and Cybersecurity are deeply interlinked.
Historically, humans have been mapping the world around them navigate with ease and confidence. As we have started building our own little worlds through IT networks, we’ve been making use of the same mapping process to keep track of the network’s evolution.
IT infrastructure networks have reached levels of compounding complexity that would be impossible to manage without excellent mapping techniques. They are formed from multiple layers, from core assets such as data centres to peripheral devices such as access points.
The latest developments in technology and business practices such as the Internet of Things, Cloud and Virtualisation solutions, as well as bring-your-own-devices policies are drastically increasing the complexity of networks.
Hybrid solutions and the general traffic increase trend requires the network to evolve and adapt.
By mapping the IT assets and their configuration, you will achieve a comprehensive network infrastructure topology. This topology will contain information about each asset, their location within the network, associated addresses and connections to neighbouring devices.
In this article, we will cover multiple ways of creating a network map based on your hardware assets. In addition, we’ll discuss its importance in data governance and its usage by your employees.
Types of IT infrastructure maps
IT networks generally operate at multiple levels of abstraction. Even if a ‘real’ physical asset such as a router is simple, abstracting its functionality into Virtual Routing and Forwarding can make the system more complex and less intuitive.
These are the most straightforward and easy to understand the types of maps. If two computers are connected together through a copper wire, a physical map will simply reflect the connection.
You can include hardware information about the assets, including location, address and technical specifications. However, you can get to such a low-level of physical details that they stop being useful in a real-world environment.
This is the most common type of map used nowadays. It looks at the way the network behaves rather than just its physical configuration. It focuses on the movement of data across the estate while keeping an accurate rendition of the assets’ location and configuration.
This is the layer where virtualised elements on the same host device appear as separate entities even though they are physically operating on the same machine.
The highest level of mapping abstraction will render a functional map. At this point, the map is only concerned with the way application traffic flows through an environment, straying away from the physical infrastructure setup.
This type of map is useful for systems administrators who are concerned with end-user experience and less useful for network engineers who are looking at the low-level communications details.
Adding IT assets and generating topology maps.
Manually mapping an individual asset to the network.
Typically, when it comes to adding an individual asset to an IT network, you will most likely need to connect a user device to an organisational network.
This setup is simple in any kind of operating system as long as the device is connected to the respective IT network and the user has the required permissions.
For example, to connect a user device running Windows OS to a network drive, all you need to do is to click on the ‘Map network drive’ button within a file explorer window, type in the path of the folder or computer that you want to connect to, and press OK.
Manually mapping multiple assets to a LAN network blueprint.
In case you already have a set of network diagrams which you would like to convert into an interactive and dynamic format, you can use a tool such as Lansweeper.
This application enables you to upload your own blueprint or map in a variety of formats. Afterwards, you can automatically assign your IT assets to a specific location on the map and even create subsets for each congregation of devices.
Mapping IT assets on a large geographical scale.
GIS mapping tools allow network administrators to create high-level maps for each geographical location and see the configuration with other operation centres.
GIS tools need to operate at multiple level of abstractions. For example, each operation centre can be summarised at the internet/intranet facing routers, only providing details about the amount of traffic, saturation and errors and QoS data.
The advantage with GIS systems is that it allows for the integration of existing mapping tools (such as Google Maps) which don’t only allow for satellite-imagery to be used, but can also provide multiple sets of geographical data points such as population numbers.
Automatically discover assets and generate maps:
Select tools offer the option of automatically discovering all assets on a network and generating a comprehensive map. This method is the quickest one out of the ones outlined above and is highly reliable as it removes the element of human error.
If you have chosen to automatically discover your network assets and compose a map using a tool such as the ones described above, you can conduct additional checks to fully understand the resulted map.
Understand your network’s current baseline.
Using the results from the generated report, look at how your network is performing and check for traffic imbalances and other idiosyncrasies.
You will be able to identify the slowest nodes, the ones with the highest amount of packet loss, the most used routers and the utilisation on each device. This generated picture will enable you to optimise your configuration and increase your network performance.
Check assigned IP addresses and resolve conflicts.
If multiple devices are assigned the same IP address, the conflict can lead to congestion and packet losses.
Sometimes, IP address conflicts arise due to a device with a static IP address being assigned within a DHCP address range, or two static addresses. In addition, you will also be able to monitor the number of subnets left so that you can reconfigure the network appropriately.
Identify applications running on your network.
Select tools enable you to look at the applications which are running on your network. This feature can give you an idea of how your network is typically used and details about the deployed applications.
Integrating cloud-based tools into networks maps.
Adopting cloud-based solutions into proprietary networks can add layers of complexity which are tricky to manage without adequate mapping.
If you are using AWS as part of your network infrastructure, you can use a tool such as Lucidchart to import the architecture details and then merge it with your physical network infrastructure. This way, you can get a holistic view of the whole network.
Employees, users and owners on your network infrastructure.
While your network might be comprised out of servers, switches, routers and hubs, all devices will have owners and users.
In order for the employees to securely connect to an organisation’s network, they need access to secure devices. It is the IT department’s responsibility to assign such secure devices to employees, enabling them to connect to corporate networks.
When assigning a device to an employee, the two will form a pair and become another asset on the network. From that point, you will need to monitor it accordingly. Details such as applications used, traffic and location will need to be recorded and reflected on your network infrastructure map.
The asset assigning feature is generally supported by IT asset management applications. Tools which focus on software asset management will allow IT administrators to control the permissions and access of individual users to applications. All actions can be done remotely from a single, central place.
Likewise, hardware asset management tools contain information about the owners of each asset, which is specifically important when dealing with mobile devices such as laptops or phones.
In addition, all parts of your core network infrastructure will need to have an owner, or more specifically, somebody responsible for the operation of the assets. For example, the Technology Security department is responsible for firewalls and other security devices, while the Network Engineers are responsible for routers and hubs.
Information flows through the IT Network.
In this section, rather than looking at the IT network itself, we will change focus and investigate data flows. After all, the purpose of Information Communications Technology is to facilitate the transmission of digital data.
To ensure a consistent and continuous flow of information throughout the network, IT administrators need to be mindful of any changes to the network, such as system upgrades and decommissioning, changes in file formats, data migrations and new software applications.
When bringing in a new device into a network and mapping it accordingly, IT administrators must ensure not only that the device is connected, but also that it’s using the correct data formats and protocols.
Mapping the technical dependencies of your information enables you to relate your technical environment and your information assets directly to your business needs. This will help you to understand and manage the risks to the continuity of your digital information, manage the impact of change, protect your information appropriately and exploit it fully.`
If you adopt an information-first approach, the UK Government’s National Archive recommends the following set of questions for accessing and managing information:
- How will you find the information?
- Who can access the information and how?
- What do you need to be able to do with the information?
- What do you need to be able to understand about your information?
- To what extent do you need to trust that your information is what it claims to be?
Those high-level questions are enough to lay the groundworks for setting up technical configurations.
Whether you are bringing in a new hardware asset or software asset, you must ensure compatibility with the existing systems, including permissions, formats, protocols, headers, wrappers, seeding procedures, coding and decoding algorithms.
As this list is quite comprehensive and depends on the types of assets that you are adding to your network, you can use management tools to help you ensure compatibility. Those include:
- Information Asset Registers: a simple way of storing mandatory data about your assets. The IAR needs to contain details about all assets which are concerned with the storing or transmission of data.
Typically, it contains details such as name, asset type, owner, go-live and end-of-life dates, and system specifications.
- Configuration Management Databases: In addition to the details contained by the IAR, the CMDB outlines the relationships between assets and other similar dependencies.
- Software Asset Management tools: Such tools offer a comprehensive view of the software estate. They enable IT administrators to control the deployment and permissions of software, as well as manage licences, warranties and generate usage reports.
- Hardware Asset Management tools: Similarly to SAM, HAM store critical hardware information and offer visibility over the health and performance of the IT estate.
- IT service management tools: used for efficient handling of incidents, changes, problems, releases and risks.
IT asset mapping needs to be focused on ensuring efficient data flows throughout the network and removing any redundant assets and unnecessary configurations.