How do you store and share your internal system documentation/passwords?

[Concentric]

I figure this is the most appropriate section of the forum for this type of question.

For those of you who work in a corporate IT environment, where you have many staff working in network/server/storage/system admin roles, how do you go about securely managing and protecting your documentation (presumably in electronic form: Visio diagrams, policies/procedure documents, records of system configuration, IP addresses, passwords, etc)?

Do you use a Sharepoint site or similar? Are you concerned about the security of that Sharepoint/similar given that it holds effectively the gates to the kingdom?

The challenge is to make the information easily accessible for the people that need it whilst protecting it from prying eyes and insider threats etc.

Do you follow particular practices, or use particular products that you would recommend?

I am not sure that I currently do things in the best way so interested to hear your advice/experiences.

Thanks

 

[iroc409]

I worked for almost 10 years in an engineering documentation group. We didn't have to concern ourselves with password sharing, but we did have probably hundreds of thousands of engineering documents to catalog, revision, etc. We used an electronic document management system (EDMS). The tool we used was web-based with full user registration and access permissions. We chose Documentum, which is a very solid product, but there are lots of them out there.

I can't in good conscience recommend anything Sharepoint-based. They were trying to go to a system called Atlas that is Sharepoint-based, and it is a disaster. They actually did implement it for the operations/maintenance procedure system and it was bad. Microsoft is really pushing the cloud/SaaS platform, which does not work well with Sharepoint when you're talking tens of thousands of documents running to remote sites with limited network resources. Atlas also did not have any functionality for concurrent engineering, which isn't a huge issue in an IT environment but a major, major problem for maintaining this level of drawings for multiple massive production facilities with several multi-year projects running simultaneously.

My current company does not use an EDMS, so I am looking at a few to showcase how we can effectively manage all the documentation. I've found a free product that has some promise called Mayan EDMS. They even have a premade virtual machine to try it out running Debian. Might be worth a look to get a feel for an EDMS without a significant financial outlay.

All of the document management procedures at my previous employer were very detailed and mature. Totally different industry, but I think an EDMS might work for you. I hope this helps.

ETA: I should clarify. The version of Documentum we use is web-based but it ran on our servers and was available on our intranet/internet--we had all control over the software, contents and hardware. The distinction is small but a big difference from SaaS.

 

[boss6021]

I second not using Sharepoint. It is an absolutely terrible option. Our firm has gone through a few platforms. We have recently moved to IT Glue, and thus far like it. The suggestion iroc409 made may be a better fit financially. I haven't looked at it, but will definitely check it out.

 

[Farva]

You don't secure your documents in a network share and then secured with an AD group?

 

[Deleted member 12106]

Docs are kept on server where only domain admin can access. cert keys or other extreme sensitive items are stored within a password protected zip and stashed elsewhere. I may or may not change the extension of said files. My user is a standard user, so there is a dedicated set of "big dog" creds I use when needed.

 

[nowwhatnapster]

As others have said a windows server with Active Directory and file shares. Or if you don't have a server a quality NAS has means of securing docs.

For cloud based I've seen Sharepoint, box and dropbox im action. Lots of companies fighting to be your cloud vendor. They all have their pros and cons. Test a solution before you implement and make your own conclusions.

 

[firedrow]

We setup a server @ DigitalOcean for $5/mo. Using Apache2 and VirtualHosts I have setup a DokuWiki internal wiki, DokuWiki NetDoc wiki, TeamPass password manager, and phpIPAM IP Manager. I've secured the server with SSH Keys, ufw, and SSL. All documentation is done on this server, then I use a backup script to download archives of the websites and databases, then store those backups on a USB drive stored in the server room. The internal wiki is for all employees; it's how to guides, training, company policies, etc. The NetDoc wiki has a special login only a couple admins have access to. I've also stored that login in the TeamPass, using groups to make certain passwords available to specific people. I've changed the NetDoc wiki to allow any file type for upload so I can attach Visio diagrams and other associated documentation.

 

[Concentric]

Thanks for the replies so far. To be clear I am talking from the point of view of a serious corporate environment where security is a major concern, so storing documentation and passwords in the cloud is definitely not an option.

We setup a server @ DigitalOcean for $5/mo. Using Apache2 and VirtualHosts I have setup a DokuWiki internal wiki, DokuWiki NetDoc wiki, TeamPass password manager, and phpIPAM IP Manager. I've secured the server with SSH Keys, ufw, and SSL. All documentation is done on this server, then I use a backup script to download archives of the websites and databases, then store those backups on a USB drive stored in the server room. The internal wiki is for all employees; it's how to guides, training, company policies, etc. The NetDoc wiki has a special login only a couple admins have access to. I've also stored that login in the TeamPass, using groups to make certain passwords available to specific people. I've changed the NetDoc wiki to allow any file type for upload so I can attach Visio diagrams and other associated documentation.

Thanks firedrow, this is the kind of detailed response I was hoping for; although mine wouldn't be cloud hosted, I'll check out some of the products you mentioned.


P.S. Wooo 1000 posts!

 

[Dead Parrot]

Assuming you have an offsite location, one copy should be there, both in hard copy and in whatever your standard electronic format is. If you don't have an off site location, that is step 1. The hard copy doesn't have to be everything, but it should contain enough info to allow someone to restore enough systems to bring up the electronic format. Also, make sure any copies of needed server creation media is there also. One state agency I worked at early on had a disaster recovery drill. Main frame based shop. Step 1 was call IBM to have new equipment delivered.(Simulated) Step 2 was IPL the system (IPL tape needed). Where is the IPL tape? Uh-OH! Then began a several hour calling session begging other mainframe shops for a compatible IPL tape. I was in the PC section at the time so got a good laugh out of it but did learn from their screw up.

As for actual format, the last place I worked had no standard format for documents other then MS Office+Visio but we did have a central file location limited to access only by the appropriate IT folks. This file location was replicated to our off site location.