Minimum Standards
March 10, 2023
General
There are no one-size fits all for equipment, but we have several best practices we recommend to ensure your environment is supportable and reliable. This is a general list, but your business may have more stringent requirements that we will bring up with you over time. In addition to any recommendations below, we recommend all equipment either has an active next-business-day replacement or a better warranty or a spare is kept on-site at all times.
While not a strict requirement for service, failure to meet these baseline standards may result in security, stability or suitability issues for your business.
Computers
We recommend laptops and desktops with the following minimum specifications and an active warranty from the manufacturer.
- 6th Generation or newer Intel Core i5 or i7 Processor
- 16GB RAM (memory)
- 512GB Solid State Drive (SSD) for storage
- Windows 11 Professional after consultation and confirmation that it’s appropriate and business software is compatible
- Windows 10 Professional or better, releases officially supported by Microsoft (all new machines)
- Windows 8.1 is no longer supported since Microsoft dropped support on January 10, 2023
- Windows 7 is no longer supported since Microsoft dropped support in January 2020
Servers
Servers should be selected to be suitable for the customer’s business needs and software requirements. We recommend a minimum of RAID and redundant power supplies. Servers should run an operating system and applications currently under vendor support and should have active next-business-day warranties.
Server Backups
We recommend that a backup hard drive or network storage device is used for local backup of the server. This device should use high quality enterprise storage drives and should be sized to hold at minimum 3 full backups of the server(s) it is meant to protect.
Firewall
Our recommended firewall is a Fortinet FortiGate F-series (or existing E-series) sized appropriately for internet connection speed, with an active FortiGuard UTM subscription. Exceptions may be made on a case-by-case basis where a legacy pfSense appliance is already in place or where a Cloud-Managed solution like Meraki is more appropriate.
Switching
Ethernet switching fabrics should be designed for the environment. Where appropriate, quality unmanaged switches may be acceptable, but we highly recommend fully managed switches for all environments. We recommend consistent models and brands when possible to reduce the number of unusual support issues. Our preferred brands of switches are HPE/Aruba, Ubiquiti and Fortinet.
Wireless
To a greater extent than even switching, wireless needs to be designed for the environment. In all cases, we do not recommend using any wireless provided by an ISP modem or other equipment. Our preferred brands of wireless equipment are Ubiquiti, Fortinet, Aruba, Mist and Ruckus.
Internet Service
We recommend, at a bare minimum, a business-class broadband Internet connection, but this may not be suitable for all purposes. If the Internet is required for primary business operations, we recommend at minimum redundant broadband services or a dedicated fibre circuit. For remote or home workers we recommend, at a bare minimum, 15Mbps download and 10Mbps upload and we cannot guarantee system performance.
Battery Backup (UPS)
We recommend all servers and critical network infrastructure have appropriately sized battery backups that are regularly tested and maintained.
Security We recommend all authentication used in the business comply with Current US-Cert Guidelines for Password Management. For convenience, they have been copied below:
- Use multi-factor authentication when available.
- Use different passwords on different systems and accounts.
- Don’t use passwords that are based on personal information that can be easily accessed or guessed.
- Use the longest password or passphrase permissible by each password system.
- Don’t use words that can be found in any dictionary of any language.
We recommend the use of account lockouts, separate accounts per user, secure password storage, audit logging and the timely disablement of disused accounts. When access outside the office or over a VPN is not required, we recommend locking down access.
We recommend periodic security awareness training for anyone with access to critical business systems.