It's a longstanding tradition among some IT professionals to gather 'round the server rack for warmth and ghost stories. One favorite tale is the one where a missing -- yet still operating -- old-school Novell server was found sealed behind a wall at the University of North Carolina at Chapel Hill.
The moral of the story is that it's easy to lose track of all your gear, so manage it carefully. It should be noted that UNC vigorously denies this ever happened, going so far as to issue a press release debunking it. But that's how urban legends -- and cautionary tales -- are born.
True or not, the questions must be asked. Do you know where all your gear is? Do you even know what all your gear is?
In this article, I'm proposing you do a comprehensive gear audit on a regular basis. The size of your organization will determine the scope of that project, but the value remains the same: It's about preserving the viability of your gear and protecting your company, employees, and network from malware and ransomware.
Old gear is often unprotected gear. I recently replaced a perfectly good, 11-year old computer. It was still running reliably, but its internal hardware limited its upgradeability. It is no longer possible to run the latest releases of the operating system.
That limitation has a cascading effect:
- Some programs that we rely upon will only run on more-recent code and newer OSs.
- Some newer peripherals have drivers that will only run on more modern OS releases.
- Some older peripherals will only run on older computers, which limits their functionality in an office setting.
- Older OSs are inherently more vulnerable than newer ones.
As attackers find new ways to attack, OS developers build in better natural defenses. Some older OS releases may be patched with fixes that overcome specific exploits, but the overall evolution of OS architecture involves an ongoing effort to harden machines against attack and exploit.
There's also the matter of, "Where is all our gear?" Last month, I needed a gyroscopically stabilized video camera for a shoot. I knew I owned it, but I couldn't find it. I'd run out of plugs in my normal charging location and apparently decided to plug it in and charge it somewhere else. Needless to say, when it was time to use it, I had no idea where I put it. And yes, it was on the network (as an IP scan proved), but I didn't stumble upon it until a week later.
All IT professionals have versions of this story, and it serves as a reminder that even in my tiny firm, systematizing gear management and tracking is essential.
Managing your physical items
Where does each of your items live? Some computers are on desks, some are in backpacks, some are on server racks. Smaller IoT devices can be embedded in other solutions. I have a bunch of Raspberry Pi Linux servers attached to each of my 3D printers. I consider them to be two separate items: the printer and the server.
Some organizations like to use asset-tracking labels that are affixed to each item. Even if you don't have a barcode scanner or asset management software, it might not be a bad idea to use labels, because then you can give each device a unique number. If you bought ten Inspirons last year, which one are you discussing? Do you boot up to see the desktop picture, look underneath for the long serial number, or describe it by its owner? A simple label makes it easy.
Asset management labels are not particularly hard to find or expensive. One of my favorite resources is Uline (because of course I love a place that has all sorts of geeky packaging and factory resources). Uline sells uniquely serialized asset labels for about $200 for three, hundred-label rolls.
Another approach in the physical world is establishing storage stations. I'm doing that now with my USB charging station, but you might want to devote a closet or bookcase specifically to gear that's not mounted on a rack or used in an individual's work area. Giving everything a home will make tracking much easier, and if each team member knows where to return an item when they're done with it, that item is less likely to wind up on top of the office microwave or in an unlabeled bin.
Even if you're working from home, you're bound to have a lot of gear. Choosing specific storage locations and getting in the practice of cleaning up and returning items to those locations will not only make it easier to track your gear, it will save you time when you need to get work done.
Building your database
The real power of your gear audit will become apparent once you start to build a database. You can use tools as simple as Excel and Google Docs, all the way up to formal asset management systems like ManageEngine AssetExplorer, GoCodes, and even ServiceNow's asset management tools.
But my favorites, and the tools I'm going to recommend, are shared table tools like those in the cloud services Notion and AirTable (both of which I use each day). Notion allows you to mix tables and pages, so if you want to organize your assets by department along with other relevant information, it might be the way to go. If you want a big table, AirTable may deliver. Both allow for collaboration, so different people can add to the table.
When it comes to defining your fields, consider recording this information:
- Asset tag number (if you're using tags)
- Detailed description, which is critical if you're not using tags, but helpful even if you are
- Home location -- where it should go when it's put back
- Current location or person checked out to -- where it is now
- Purchase date -- actual or approximate
- Current software version -- you'll want to select on older software versions when you're looking to upgrade software or replace devices
- Price or value, if you want to keep track of the general cost
Feel free to add other fields, but these will allow you to make your database actionable.
Making it actionable
Let's divide the actions you might take into two main categories: gathering and updating.
On the gathering side, you're doing a hunt for everything that's not already cataloged. If you know of items but you don't know where they are, enter them into your database, and then find them. The goal is to log and locate every item, which is an accomplishment.
If it's not perfectly complete, that's okay, too. If that 2012 desktop tower is sitting unused under Dave's desk and you're not sure where to put it, enter "under Dave's desk" as the location. At least you'll know where it is. The point is, it's far more valuable to know where your stuff is than to have good intentions to put everything in a proper location and then lose track.
On the updating side, once you have a good database, you can make decisions more easily. Let's say you've decided that you want to stop supporting Windows 8. If your asset database is up to date, you can determine which machines are running Windows 8 and either update them or replace them.
The benefits here are (1) you can take control over the minimum specs you want to support, (2) it won't take you months to find everything, and (3) there will be no last-minute surprises when you discover a mission-critical machine is running an OS version dependent on a device driver or application that's no longer available anywhere.
Inventorying gear can be tedious, but the benefits of knowing where stuff is, being able to make informed decisions, and keeping your company safe because you can upgrade to safer software all save time and reduce stress. There's no price you can put on that.