Operation Product Manual (OPM) V 0.10 Template – Buildbook

This document template provides a detail guide and sections how to document a system operation manual (Buildbook). A build book is a document that details the procedures for installing equipment, systems, and/or software. It’s frequently considered a companion to a run book, but the build book is commonly used by a different group of admins than a run book (except in small environments, where admin responsibilities often overlap).

Document history

Version Modified on Modified by Description of Changes
       
       

Contact List

Name Role Contact Data
  Document owner  
     


Contents

1            Document Information………………………………………………………………………………………………………. 6

1.1     Instructions / Guideline……………………………………………………………………………………………………… 6

2            General Information………………………………………………………………………………………………………….. 7

2.1     Product……………………………………………………………………………………………………………………………. 7

2.2     Product Manager, Contact Person………………………………………………………………………………………. 7

2.3     Subsystems of the Application…………………………………………………………………………………………… 7

2.4     Brief description of the Product………………………………………………………………………………………….. 7

3            Business Impact Assessment……………………………………………………………………………………………… 8

3.1     Business Impact Rating…………………………………………………………………………………………………….. 8

3.2     Business Continuity………………………………………………………………………………………………………….. 8

3.3     Disaster Recovery…………………………………………………………………………………………………………….. 8

4            System Overview……………………………………………………………………………………………………………… 9

4.1     Product Description………………………………………………………………………………………………………….. 9

4.2     Architecture…………………………………………………………………………………………………………………….. 9

4.3     Purpose and Function of the System…………………………………………………………………………………… 9

4.4     Deployed Hardware & Software………………………………………………………………………………………… 9

5            Processes……………………………………………………………………………………………………………………….. 10

5.1     Dependent Processes………………………………………………………………………………………………………. 10

5.2     Processes based on this Product……………………………………………………………………………………….. 10

6            Legal & Regulatory Requirements……………………………………………………………………………………. 11

6.1     Vendor Contracts……………………………………………………………………………………………………………. 11

6.2     Related SLA´s and Services…………………………………………………………………………………………….. 11

6.3     Contact Persons & Call Management………………………………………………………………………………… 11

6.4     Data Privacy…………………………………………………………………………………………………………………… 11

7            System Design and Implementation………………………………………………………………………………….. 12

7.1     Approved Scope of Operation………………………………………………………………………………………….. 12

7.2     Network Plan…………………………………………………………………………………………………………………. 12

7.3     Dependencies…………………………………………………………………………………………………………………. 12

7.4     System Internal Interfaces……………………………………………………………………………………………….. 12

7.5     External Interfaces………………………………………………………………………………………………………….. 12

8            Users and Access……………………………………………………………………………………………………………. 13

8.1     Authentication………………………………………………………………………………………………………………… 13

8.2     User Authorization………………………………………………………………………………………………………….. 13

8.3     User Administration & Access Rights……………………………………………………………………………….. 13

8.4     Configuration…………………………………………………………………………………………………………………. 13

8.5     Roles & Users………………………………………………………………………………………………………………… 13

8.6     Technical Users……………………………………………………………………………………………………………… 13

9            System Operation……………………………………………………………………………………………………………. 14

9.1     Regular Maintenance………………………………………………………………………………………………………. 14

9.2     Updates & Patch-Management…………………………………………………………………………………………. 14

9.3     High Availability……………………………………………………………………………………………………………. 14

9.4     Monitoring & Reporting………………………………………………………………………………………………….. 14

9.5     Logging…………………………………………………………………………………………………………………………. 14

9.6     Backup & Archiving……………………………………………………………………………………………………….. 14

9.7     Troubleshooting……………………………………………………………………………………………………………… 15

9.8     Recovery……………………………………………………………………………………………………………………….. 15

10          References……………………………………………………………………………………………………………………… 16

11          Responsibility Matrix……………………………………………………………………………………………………… 17

1           Document Information

1.1 Instructions / Guideline

Please provide the information as requested within the following chapters. Please delete the existing instructional texts.

Please also see “xx.”, page xx. as a guideline on who would typically contribute the requested information.

2 General Information

2.1 Product

Product Name:                   <Vendor, Model, Version>

Approved at:                      <date>

Approved by:                     <name>

2.2 Product Manager, Contact Person

Product Manager:              <name>

Additional contact person: <name>

External Partners:              <company, contact person>

2.3 Subsystems of the Application

Description of subsystems of the application, e.g. realized services based on the system: Intrusion Prevention System as subsystem of a firewall.

2.4 Brief description of the Product

A short overview of the product and its features.

3 Impact Assessment

3.1 Business Impact Rating

[Copy BIA Rating Summary from BIA Assistant (Excel, separate File)]

Sample:

3.2 Business Continuity

If the results from “Business Impact Rating” suggest this system should be explicitly covered by Business Continuity processes, please list references here.

3.3 Disaster Recovery

If the results from “Business Impact Rating” suggest this system should be explicitly covered by dedicated Disaster Recovery processes, please list references here. Also see “Recovery”, page 15.

4 System Overview

4.1 Product Description

Detailed description of the product and its features. Describe possible fields of application.

4.2 Architecture

Describe the architecture of the system, e.g. distribution of the components, separation of management, et cetera. Additionally supply a graphical overview of the architecture (conceptional).

4.3 Purpose and Function of the System

Contrary to the Product Description describe here the concrete operation purpose of the product within the company. What are the desired goals by using this product? What kind of usage is intended? Local, regional or global?

4.4 Deployed Hardware & Software

List all deployed hardware and software (incl. versions).

Product (Firmware-)Version
   

5 Processes

5.1 Dependent Processes

What processes are required in order to run the system?

5.2 Processes based on this Product

Which business processes (e.g. derived from CHANGE process descriptions) are based on the system or service?

6 Legal & Regulatory Requirements

Are there any legal or regulatory conditions to meet, so that a user is allowed to use the application or service? What processes must be adhered?

6.1 Vendor Contracts

What kind of maintenance contracts, licenses, etc. are in effect?

6.2 Related SLA´s and Services

Describe SLA’s and coherences to other systems.

6.3 Contact Persons & Call Management

Name the persons and contact details, which are responsible for the product or can help in case of emergencies. Insert details how to reach the vendor respectively support engineers of the vendor. Similarly insert a little howto for opening calls at the vendor (e.g. by using the provided support-sites and designated accounts).

6.4 Data Privacy

Are there regulations regarding data privacy which have to be considered for this system? Has the data privacy officer been involved in systems design? Please list references or details regarding data privacy.

7 System Design and Implementation

7.1 Approved Scope of Operation

Which features of the product are approved for usage?

7.2 Network Plan

Insert a detailed network plan. It must be sufficient for people, who know neither the product nor the environment in which it is deployed. Therefore networks and IP-addresses must be available.

7.3 Dependencies

Are there any dependencies, e.g. specific software- or OS-versions, Patch-levels, etc.?

7.4 System Internal Interfaces

What internal communications are there?

Source Destination Protocol Port(s) Service Description
           
           
           
           

(please copy this table for additional systems, the communications needs to be listed for each system individually)

7.5 External Interfaces

Which services are reachable by other systems (e.g. Admin-Client needs to connect to the management console)? Describe, to which systems the application must talk, including destinations, protocols and ports (LDAP, NTP, …).

Source Destination Protocol Port(s) Service Description
           
           
           
           

(please copy this table for additional systems, the communications needs to be listed for each system individually)

8 Users and Access

8.1 Authentication

What kind of authentication is used? Describe the process and variations, also regarding security issues.

8.2 User Authorization

Describe the authorization technology or link to resp. reference document of standard user authorization.

8.3 User Administration & Access Rights

How does the user administration work? How are access rights assigned? Is there a local or centralized user management?

8.4 Configuration

Insert the complete relevant configuration of the service, application or system, including the initial configuration (e.g. for appliances). Consider that in case of emergency also a person not knowing the product must be able to find and handle the configuration.

Please describe your configuration in a few words, so that the intent of the configuration section is clear.

8.5 Roles & Users

Describe the defined roles and users (e.g. Administrators, Operators, Auditor,…). Are there any restrictions or requirements for some roles (see Legal & regulatory Conditions)?

8.6 Technical Users

Which technical users are defined and what roles do they have? For what and in which way are they used?

9 System Operation

9.1 Regular Maintenance

How is the system normally managed? Are there any regular tasks or cronjobs?

9.2 Updates & Patch-Management

Describe the update- and patch-management (regularity [e.g. pattern-updates], security patches, firmware-updates,…). What prerequisites must be fulfilled? How does the update-process work? If using high availability, describe how to update the cluster (e.g. disable cluster, manual failover, etc.). Also describe a rollback.

9.3 High Availability

In case of a high availability system, describe the HA-mode (e.g. active/passive). Also describe failover mechanism and triggers. Insert a detailed description for triggering a manual failover.

9.4 Monitoring & Reporting

What kind of monitoring is implemented (e.g. network or service reachability, etc.)? Is there any integrity control? What kinds of failures or attacks can be recognized? Are reporting mechanisms used, e.g. for compliant issues?

9.5 Logging

Describe the logging of the product. Where are the logs located (e.g. local, central syslog-server, …)? How long are the logs preserved and are the logs archived? Also describe whether the logs are used for compliance-analysis? What regulations are applied?

9.6 Backup & Archiving

Describe the Backup process. How does it work? What kind of data is backed up? How long is data being archived?

9.7 Troubleshooting

Describe how to do basic troubleshooting. What tools should be used and in what way? How can debug-output be activated? Where are additional logs stored? Are there common errors (errors, which might occur more probably than others)? How can those failures be resolved?

9.8 Recovery

What is to do in case of emergency or failures? Please think about possible scenarios and an according recovery. Is there a fallback-config available? How to reset to factory defaults? What are the default credentials? What to do in case of lost password?

10 References

Links to used references

11 Responsibility Matrix

This matrix shall serve as a guideline to determine who is responsible for providing the information for the various chapters. Please note that these responsibilities may vary slightly depending on the assessed project.

  Business Owner Corporate IT
Document Information (on each change)
General Information    
Product X  
Product Manager, Contact Person X  
Subsystems of the Application X  
Brief description of the Product X  
Business Impact Assessment    
Business Impact Rating X  
Business Continuity c X
Disaster Recovery c X
System Overview    
Product Description X  
Architecture c X
Purpose and Function of the System X  
Deployed Hardware & Software c X
Processes    
Dependent Processes X c
Processes based on this Product X c
Legal & Regulatory Requirements    
Vendor Contracts X c
Related SLA´s and Services X c
Contact Persons & Call Management X c
Data Privacy X  
System Design and Implementation    
Approved Scope of Operation c X
Network Plan   X
Dependencies   X
System Internal Interfaces   X
External Interfaces   X
Users and Access    
Authentication   X
User Authorization   X
User Administration & Access Rights   X
Configuration   X
Roles & Users   X
Technical Users   X
System Operation    
Regular Maintenance   X
Updates & Patch-Management   X
High Availability   X
Monitoring & Reporting c X
Logging c X
Backup & Archiving c X
Troubleshooting c X
Recovery c X
References (all used references)

X = usually responsible

c = usually contributing

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: