Maximizing Your ERP System’s Availability
“Availability” is in 2012 what we used to call “up time” in the 1900’s. Ideally, you’d like it to be 100%, but it can be affected by a myriad of issues, and those issues are different, depending on whether you’re using cloud or on-premises ERP. We’ve talked about cloud ERP availability in a previous blog (CLOUD SOFTWARE VS. ON-PREMESIS: SYSTEM AVAILABILITY), so this installment will deal with on-premises availability only.
Your on-premises system’s availability can be governed by these factors:
- Power issues
- Hackers
- Internet availability
- Hardware issues
- Software bugs
- System maintenance requirements (hardware and software)
- Availability of connected services
- Availability of a reliable backup
t’s remarkable how many factors must be in exactly the right state for your system to be up and running, but it’s only productive to dwell on the issues that you can control. For example, you can’t really control whether or not there are hackers out there trying to break into your system. There are. You can only control how solid your firewalls and system security are.
If you want to maximize your ERP system’s availability, here are some strong suggestions:
- Place all your servers on battery backups, and set them up for an orderly shutdown in the event of a
power loss. Test them once a month. If your area is known to have power fluctuations or spikes, be
sure that your battery backups also act as line conditioners. - Mandate the use of strong passwords throughout your system. Consider these guidelines:
- They should be at least 12 characters long. The longer, the better.
- They should contain at least one of each of these: Upper case letter, lower case letter, number, special character.
- They should use at least 5 unique characters.
- Encourage the use of a password manager, such as KeePass.
- Disallow weak passwords. Here are some guidelines (from Wikipedia):
- Don’t use default passwords, as supplied by the system vendor and meant to be changed at installation time. Examples: password, admin, guest, etc.
- Don’t use words right out of the dictionary, including words in non-English dictionaries. Examples: retriever, wizard, goddess, etc.
- Don’t use words with numbers appended. Examples: password1, deer2000, john1234, etc.
- Don’t use words with simple obfuscation. Examples: p@ssw0rd, l33th4x0r, g0ldf1sh, etc.
- Don’t use doubled words. Examples: crabcrab, stopstop, treetree, passpass, etc.
- Don’t use common sequences from a keyboard row. Examples: qwerty, 123456, asdfgh, fred, etc.
- Don’t use numeric sequences based on well-known numbers. Examples: 911, 314159, 27182, etc.
- Don’t use identifiers. Examples: jsmith123, 1/1/1970, 555–1234, your username, etc.
- Don’t use anything personally related to you. Examples: your license plate number, your Social Security number, current or past telephone number, student ID, address, birthday, sports team, relative’s or pet’s names/nicknames/birthdays/initials, etc. Much of this information can be obtained from your Facebook entry.
- Setup roles-based passwords, and change them at least quarterly.
- Keep all software, on the server, and on your users’ workstations, updated with the latest versions, particularly your anti-virus software. Updates are often released to address security issues and weaknesses in your application software. This is critically important to do on your servers and on your Internet site.
- Be sure that all users understand your security policies, and obey them. Your security is only as good as your weakest user.
- Thoroughly screen all new hires. Perform a background check and call their references. This must be written into your employee handbook as a condition for employment.
- Keep your network administrator and your security personnel updated with all staff changes, so that former employees are not given access to your data.
- Design internal controls and user security before your ERP implementation begins.
- Consider having your system security audited by an outside consultant. Ask them to try to break in to your system and your website.
- Schedule software and hardware maintenance during off-hours, and be sure that the schedule is known to all staff.
- Confirm that you have a reliable system backup. Test it. Store one backup per week at an offsite location.