Sample Deliverable

Infrastructure Health Check Report

ID: HC-2025-01-EXAMPLE | Status: Finalized | Prepared for: [Client Name Redacted]

Executive Summary

The environment is functional but fragile. While core services are currently operational, several critical gaps in backup immutability, identity synchronization, and lifecycle management represent significant risks to business continuity.

Critical Risks

3 Findings

Drift Status

MODERATE

Recovery Readiness

LOW

Environment Snapshot

Infrastructure Overview

VMs / Workloads

Hypervisor

3 ESXi 6.7/7.0 hosts

Cloud

1 Azure subscription (East US 2)

Backup

Veeam Backup & Replication v12

Identity

Active Directory (2 DCs, single forest)

Storage

Dell PowerStore 500T (iSCSI)

System Tier Classification

Tier-1 Business-critical (revenue-impacting)

12 VMs

Tier-2 Supporting services (internal ops)

22 VMs

Tier-3 Development / test / sandbox

14 VMs

Tier assignments are based on business-impact analysis conducted during intake. A dependency diagram is included in the full client report.

Findings Matrix

6 Items Identified

Area	Tier	Finding	Risk	Recommendation	Evidence
Backup & Recovery	Tier-1	Backup immutability is not enforced on primary repository.	Critical	Enable S3 Object Lock or hardened Linux repository for immutable storage.	Veeam B&R Console → Backup Infrastructure → Repositories (screenshot 2025-01-12)
Identity	Tier-1	Domain Controller time drift exceeding 5 minutes (NTP skew).	Critical	Re-sync PDC Emulator to reliable external stratum-1 source.	w32tm /monitor output on DC01 (log capture 2025-01-11)
Virtualization	Tier-1	vSphere 6.7 hosts remaining in production (End of General Support).	High	Accelerate hardware refresh or migrate to vSphere 8.0.	vCenter Inventory → Hosts & Clusters view (screenshot 2025-01-10)
Azure Foundation	Tier-2	Missing Resource Locks on 'Production-Core' networking resources.	Medium	Apply 'CanNotDelete' locks to critical VNets and Gateways.	Azure Portal → Resource Group → Locks blade (screenshot 2025-01-12)
Storage	Tier-2	SAN firmware is 3 versions behind manufacturer baseline.	Medium	Schedule rolling controller updates during next maintenance window.	Dell PowerStore Manager → System → Software (screenshot 2025-01-09)
Documentation	Tier-3	Site Recovery Plan (SRP) has not been tested in >12 months.	Medium	Execute a non-disruptive DR drill for Tier-1 applications.	SRP document revision history — last update 2023-11-14 (PDF metadata)

Recovery Evidence Checklist

Restore tests, runbooks, logs

System	Tier	Last Restore Test	Result	Notes
AD Domain Controllers	Tier-1	2024-09-15		Bare-metal restore to isolated VLAN verified.
SQL Production Cluster	Tier-1	2024-06-22		Database integrity check passed. Runbook references deprecated SAN.
File Server (DFS)	Tier-2	Never	—	No documented restore procedure exists.
Azure App Services	Tier-2	2025-01-05		Deployment slot swap verified; geo-failover untested.
Legacy ERP (VM)	Tier-1	2023-11-02		Restore boot failed — missing SCSI driver in backup image.

Recovery evidence is verified against actual restore job logs and operator confirmation. Systems marked "untested" have no documented restore attempt on record.

Prioritized Remediation

Immediate

Fix NTP skew and verify identity synchronization.

Reversible

Non-destructive; previous NTP source can be restored.

Implement immutable backup tier for ransomware protection.

Reversible

Additive change; existing repositories remain untouched.

Decommission or upgrade vSphere 6.7 legacy hosts.

Maintenance window

Requires maintenance window. VMs can be migrated back if needed.

Execute full DR test and update recovery runbooks.

Reversible

Non-disruptive drill in isolated network; production unaffected.

Get this clarity for your environment.

Stop guessing about drift and recovery. Get a fixed-scope Health Check that provides evidence, not just opinions.

Request Health Check Download PDF (Client Only)

Operator Handoff Notes

Operational Context — Redacted

Primary Operator

[Redacted] — sole administrator for vSphere and Veeam. On-call rotation is informal.

Escalation Path

No documented escalation matrix. Hardware issues go directly to Dell ProSupport; Azure issues default to Microsoft Premier.

Tribal Knowledge Risk

Firewall rules on the Fortigate were last modified by a former contractor. No change log exists. Current operator inherited the configuration.

Credential Management

Service accounts use shared credentials stored in a local KeePass file on the admin workstation. No PAM or vault solution in place.

Full handoff documentation includes credential inventory, vendor contact list, and infrastructure decision log. Provided to client in the finalized report package.