Developing your own lifecycle and proactive maintenance should be considered at the start of any investment. It allows administrators and managers and all stakeholders to understand the cost of the network. In some environments the network is purely seen as a cost centre. In other environments the network is expected to drive profit and actually presents itself as a cost centre.
Another financial aspect is the way items are acquired through procurement. Depending on how your workplaces or business units financial situation is some organisations look to buy outright, lease to own, or lease to refresh. There are benefits of each which have a direct impact on your CapEx and OpEx spends. Buying outright directly affects your CapEx and generally is done in some government departments where money is taken away if it isn’t spent. Lease to own works well where items are bought and placed into a lease. Depending on the device type this lease can be three to five years. This allows a per month cost allows a deterministic expenditure. The money set aside for these investments does not have to be spent at once and interest can be made on later year spends. Leasing on going also forces a refresh and can have a lower cost due to the leaser selling the device after the lease period.
Without thinking about the financial situation in depth it is possible to put yourself on the back foot when it comes to future investment. As architectural mandates such as leverage and reuse are pushed down into IT a wrong play in the investment department can hurt as it comes time to refresh. What would be a normal cycle if a lease was in place, a pure capital expenditure may leave you with an older piece of hardware as it is marked for maintain and milk.
After the initial install maintaing the firewall takes a lot of time and resources. It is important to maintain the initial build and grow the firewall with the business. With rules and auditing it is important to have a change management system in place ( another series of posts all together ) and align each rule with a ticket or change request. This allows administrators to track changes and deviations from the template. It is great that this information is captured as when it comes to auditing time it is possible to note variations and quickly and efficiently compare configurations.
Updating devices should be considered with lifecycle management. If it is foreseen that software upgrades are required then a HA pair, cluster or redundant pairs and clusters should be considered. Not only does this help to bring a higher service availability through hardware resiliency but it allows for pro active maintenance on devices. This is great especially for internet edge firewalls as these guardians face the internet daily and are susceptible to a variety of attacks.
When the firewall enters its 12 month to refresh stage of its lifecycle it is important to get the conversation going again surrounding the refresh. In some environments there is a long lead time to perform changes on a device and this is especially true when devices are critical to business revenue. It is paramount that the current state is compared to a future state and horizons are made to show progression in an upgrade. If you are evolving from one state to another there are dependancies, other business units and various stakeholders that require engagement through the development, design, implementation and support of the new state. If it is only a refresh of existing hardware that maintains the same capabilities there will still be stakeholder engagement required.
No matter what occurs within your network this administrative side is important. It allows you to meet the stakeholder requirements, potential architecture mandates and other influencing factors. Although this isn’t a comprehensive guide to lifecycle management some takeaways within this can be applied to your thinking right away.