S 2.170 Requirements to be met by a system management system

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

A system management system serves to support an administrator of a local network (or virtual local network). Therefore, a system management system must meet certain requirements in order to be able to provide the administrator with appropriate support. However, the requirements for such a system mainly depend on the planned use (see S 2.169 Developing a system management strategy) and on the selected architecture of the system management system (see S 2.171 Selection of a suitable system management product).

A system management system should provide the following functions:

• User management
  
  This includes the processes of adding, changing, and deleting user and group accounts.
• Policy management
  
  It should be possible to manage access rights both for accesses from or to the local network and for accesses to and/or from the internet.
• Software management
  
  It should be possible to add, delete, and update software components using the system management system.
  
  Additionally, the automatic detection of the installed software may be important, particularly for the introduction phase. Software license management is desirable, but is rarely supported by today's systems (see also application management below. Exception: Licenses are present as files, for example, so that the license files can be managed within the framework of the file sharing mechanisms of a management system.).
• Determining, changing, and managing system configuration data.
• Application data management
  
  It must be possible to manage files of a database system or configuration files of an application so that it is possible to distribute a new version of a database or new configuration files.
• Monitoring of system components
  
  This may also make sense for external components not subject to your own administration, for example for the router of the internet service provider (ISP) that is used to implement the internet connection.
• Application management
  
  It should be possible to manage software on an application level, e.g. the management of HTTP access rights to the data of a WWW server ("Realms"). This type of management is generally rarely supported, since the cooperation of the application itself is required for this.

Ideally, such a system allows delegation of administrative tasks so that a system administrator may grant a work group system administrator the right to install software on the computers of the work group, for example. This mechanism is particularly necessary in medium and large networks.

The network and system administration are normally performed by the same administrative units in a company and/or government agency. Since the separation of duties between network administration and system administration is unclear in some departments, it is recommendable to take into account the extent to which a present network management system can be integrated into a system management system to be procured.

In addition to these predominantly functional requirements, there are also technical requirements within the framework of the criteria relevant for the selection of a system management software (see S 2.171 Selection of a suitable system management product). The following must be emphasised particularly at this point:

• The management system must be capable of supporting the operating system of all computers used for management and managed (operating system-specific components of the management system, graphical user interface).
• If there already is a local database system, the management system should provide the option of storing your management information in the existing database system.
• It should be possible to expand the management system. On the one hand, this applies to the components of the management system (e.g. module concept with the option of purchasing and integrating modules at any time), but also the function of the management system (e.g. programming API in order to be able to connect one's own components), on the other hand.

In general, the criteria for categorising the requirements presented in S 2.171 Selection of a suitable system management product can be used within the framework of the present safeguard. For selected categories, the criteria result from defining a specification within the framework of the respective "range of values".

Review questions:

• Have the requirements for the system management tool to be used been determined?
• Medium and large networks: Does the system management system allow delegation of administrative tasks?