SYSTEMS INFRASTRUCTURE &

INTEGRATION
Week 11 (25 ─ 29 Sep)
Pakiso J. Khomokhoana (PhD)
26 Sep, 2023

T: +27 51 401 9396 | E: [email protected] | www.ufs.ac.za/cs

T: 051 401 2754 [email protected] www.ufs.ac.za/it

 TOPICS
Semester Assignment ─ until 10:50 A.M.
tomorrow (27th September, 2023)
Semester Test 2
Date: 16 October, 2023
Duration: 3 hours
Coverage: All semester work!
System Administration
 SYSTEM ADMINISTRATION
Primary responsibility
Ensure efficient and reliable delivery of
IS services.
Broad categories of tasks/activities
Acquire new IS resources.
Maintain existing IS resources.
Design and implement an IS security
policy.
Varies among organizations.
 STRATEGIC PLANNING
 Strategic plan - a set of long-range goals and a plan to attain
these goals (planning horizon is typically three years and beyond).
 Goals - [1] services to be provided; [2] resources needed to
provide these services.
 The strategic plan addresses the following issues related to
achieving stated goals:
Strategies for developing services and markets for them.
Strategies for acquiring enough resources for operations and
growth.
Organizational structure and control.
 ISs are normally a support service for other organizational
units and functions (e.g., customer services, accounting, and manufacturing).
 Therefore, an IS strategic plan tends to follow, rather than
lead, the strategic plans of other units in the organization.
 HARDWARE AND SOFTWARE AS
INFRASTRUCTURE
Hardware and software are usually capital
expenditures (provide benefits over multiple years) and NOT
operating expenditures.

Traits of the Infrastructure

Service to a large and diverse set of users.
Large costs that are difficult to allocate to
specific users.
Recurring need for expenditures for
infrastructure improvement and maintenance.
 STRATEGIC ISSUES
What services will be provided and with what
guarantees?
How will service users be charged*?
What infrastructure is required to provide these
services?
How can the infrastructure be operated,
maintained, and improved at minimal cost?
 STANDARDS
Service standards are required when providing
infrastructure-based services to a wide variety of
users.

Potential issues:
Tendency to stifle innovation and produce solutions
that are suboptimal for some users.
Problems for users who need services at or near
the leading edge of technology.
May fail to meet the needs of some users, because
of reduced cost and simplified services.
Incompatibility issues.
 COMPETITIVE ADVANTAGE
Technology provides a competitive advantage if it
does one or more of the following:
Provides services that competitors are unable to
provide.
Provides services of unusually high quality.
Provides services at unusually low prices.
Generates services at unusually low cost.

Competitive advantage is difficult to achieve due to [1]

rapid technology changes (substantial risks); [2] high
cost for developers and early adopters.
 THE ACQUISITION PROCESS
Acquisition process steps:
1. Determine the applications the hardware
and software will support.
2. Specify hardware and software capability
and capacity requirements.
3. Draft a request for proposal and circulate it
to potential vendors.
4. Evaluate responses to the request for
proposal.
5. Contract with vendor(s) for purchase,
installation and/or maintenance.
 DETERMINING AND STATING
REQUIREMENTS
Application requirements are the primary basis for
hardware and system software requirements.

Other factors to consider:

Integration with existing hardware and
software.
Availability of maintenance services.
Availability of training.
Physical parameters (e.g., size, cooling
requirements, and disk space) for system software.
Availability of upgrades.
 REQUEST FOR PROPOSAL (RFP)
 A formal document sent to vendors that states requirements and
solicits proposals to meet these requirements.

General Outline:
 Identification of requestor
 Describes the organization requesting proposals, e.g., the name of a
person to whom questions can be addressed as well as postal and e-
mail addresses, phone numbers, etc.
 Format, content, and timing requirements for responses
 The RFP should state procedural requirements for submitting a valid
proposal and when possible, include an outline of a valid proposal
describing each section’s required content. It should also clearly state
deadlines for questions, proposal delivery, and other important events.
 Requirements
 Requirements should be categorized by type and listed completely.
 Evaluation criteria
 A point system or weighting scheme is often used to evaluate optional or
desirable requirements. Weight might also be given to factors that are
not stated as part of the hardware or software requirements, such as a
vendor’s financial stability and good or bad previous experiences with a
vendor.
 EVALUATING PROPOSALS
 Determine the acceptability of each proposal
Each proposal is evaluated to determine whether it
meets the basic criteria, including essential
requirements, financial requirements, and deadlines.
Proposals that fail to satisfy minimal criteria in any
category are eliminated.
 Rank acceptable proposals
The remaining proposals are ranked by evaluating the
extent to which they exceed minimal requirements.
 Validate high-ranking proposals
A small subset of highly ranked proposals is then
chosen for validation. To validate a proposal, the
evaluator determines the correctness of vendor claims
and the vendor’s ability to meet commitments in the
proposal.
 DETERMINING REQUIREMENTS AND
EVALUATING PERFORMANCE
Read through this section on pages 524-529.
 SECURITY
 Describes all measures for protecting the value of these investments,
including physical protection against equipment loss or damage and
and economic protection against loss of information’s value through
unauthorized disclosure.

 Some resources, such as specific items of hardware and software

are tangible and have well-defined dollar values.

 Others, such as databases, user skills, and reliable operating

procedures, are less tangible but also of considerable value.

 A well-integrated approach:
 Protect physical resources against accidental loss or damage.
 Protect data and software resources against accidental loss or
damage.
 Protect all resources against malicious tampering.
 Protect sensitive software and data resources against
unauthorized access and accidental disclosure.
 SECURITY (CONT. [1])
Commonly used security measures:
Physical security
Access controls
Password controls and security
Auditing
Virus protection
Software updates
Firewalls
 PHYSICAL SECURITY
Access to computers and related equipment should be
restricted to prevent theft, tampering, and
unauthorized access.

Locked doors and limited distribution of keys, key

cards, and other lock control mechanisms are the
most direct ways to protect equipment.

Additional protective measures for rooms containing

servers and other dedicated equipment include
architectural details, such as:
Reinforced doors,
Reinforced walls, and
Barriers above drop ceilings.
 ACCESS CONTROLS
 All operating systems incorporate access control features that enable restricting
access to resources such as data files, programs, and hardware devices.

 Access control is based on two key processes:

 Authentication ─ The process of determining or verifying the identity of a user or
process owner.
 Authorization ─ The process of determining whether an authenticated user or
process has enough rights to access a resource.

 A challenge-response dialogue using a username and password is the most common

means of authentication.

 A user enters a name or other identifier and a password to prove his or her identity.

 The OS verifies the username and password by searching a local security database or
interacting with a security server.

 Although password-based authentication is most common, other methods are often used
as supplements or alternatives for improved security.
 ID cards with bar codes or embedded ROM chips can supplement passwords.
 Biometric authentication methods are sometimes used instead of password-based
authentication.
 These methods identify a person by using physical characteristics, such as
fingerprints, facial features, or retinas.
 PASSWORD CONTROLS AND SECURITY
 Because password-based authentication is so common, OSs
and security services use methods such as the following to
enhance it:
Restrictions on the length and composition of valid
passwords.
Requirements that passwords be changed periodically.
Analysis of password content to identify passwords that can
be guessed easily.
Encryption of passwords in files and during transmission
over a network.
 With most OSs, the system administrator can create and
enforce password policies on a per-user, per-group or per-
system basis.
 Locking out accounts after a specified number of failed log-on
attempts prevents unauthorized users from repeatedly
attempting to guess correct passwords for valid user accounts.
 AUDITING
Creating and managing records of user activity or
resource access.
These records provide data to determine whether
the security policy has been implemented correctly
or whether resources or the system itself have
been compromised.
When auditing is enabled, the OS or security
service writes an entry to a log file each time an
audited action is performed.
This log entry includes information such as [1]
which ticket (user identification) was presented to
gain access; [2] access date and time.
 AUDITING (CONT. [1])
Limitations:
Log files can grow quickly when auditing is enabled
for a large number of users, resources, actions, or
access types.

Auditing reduces system performance because of the

overhead of writing log file entries.

Auditing examines historical data, so it is incapable

of preventing future security breaches.

Extracting useful information from large auditing logs

requires automated search tools and a consistently
implemented program of log file analysis.
 VIRUS PROTECTION
 Virus ─ a program or program fragment that does the following:
 Infects a computer by installing itself permanently, usually in a hard-to-find
location
 Performs malicious acts on the infected computer
 Replicates and spreads itself by using services on the infected computer

 Variants:
 Boot virus - attaches itself to code that runs when the system boots, such as a
BIOS or OS start-up routine.
 Macro virus - Embedded in a macro stored in a desktop application file, such as
a spreadsheet or word-processing document.
 Worm - stored in a stand-alone executable program and usually sent as an e-
mail attachment; runs automatically when the attachment is opened.

 Viruses are commonplace and can perform many malicious acts, including damaging
or destroying important files, opening backdoors for potential hackers, and sending
sensitive information to others.

 Therefore, to secure a system against viruses it is important to install antivirus

software that actively protects the system against the spread of viruses.
 VIRUS PROTECTION (CONT. [1])
 Common capabilities of antivirus software include the following:
 Scanning e-mail messages and attachments for known viruses and
disabling or deleting them.
 Monitoring access to important system files and data structures and
logging or denying access when needed.
 Scanning removable media for known viruses whenever they are
inserted.
 Scanning the file system and important data structures periodically
for viruses that might have escaped other scans and monitoring
activities.
 Monitoring web page accesses and disabling malicious software that
might be embedded.

 The most important aspect of antivirus software configuration is

ensuring that it is enabled and updated regularly.
 Antivirus software uses data files, sometimes called "signature
files“, containing information about known viruses.
 Because new viruses appear constantly, these files must be
updated regularly.
 SOFTWARE UPDATES
 A typical OS or desktop application suite includes tens of
millions of lines of source code.
 Given the software's size and complexity, errors, bugs, and
security holes are a certainty.
 Hackers and viruses often attempt to exploit these problems to
perform malicious acts or gain access to secure information or
resources.
 Software developers are in a constant race to fix bugs, errors,
and security holes as they are discovered.
 They do so by developing new software versions or software
patches, sometimes called service packs, to apply to existing
installations.
 A key part of any security system is updating system and
application software.
 FIREWALLS
A hardware device, software, or a combination of
hardware and software that prevents unauthorized
users in one network from accessing resources on
another network.

Typically, a firewall is a stand-alone device with

embedded software that physically separates a private
network from a public network, such as the Internet.

Firewalls are widely deployed in ISs to protect servers

and information resources from unauthorized access
over the Internet.
FIREWALL EXAMPLE [1]
FIREWALL EXAMPLE [2]
 PHYSICAL ENVIRONMENT
Issues to be considered when choosing or
preparing a location for hardware include the
following:
Electrical power
Heat dissipation
Moisture
Cable routing
Fire protection
 ELECTRICAL POWER
Fluctuations can cause momentary loss of
operation or damage to electrical circuits.

Types of fluctuations:
Momentary power surges or spikes (protect against power
surges with a surge protector).
Momentary power sags.
Long-term voltage sags.
Total loss of power (auxiliary power source, such as UPS).
 HEAT DISSIPATION
Excessive heat can cause intermittent or total
failure of electrical circuits, so all computer
equipment needs some means of heat
dissipation.
Means of heat dissipation
Vents or fans on the computer itself
Cooling the room
Auxiliary cooling of cabinet
 MOISTURE
Excessive moisture: danger of short circuits.
Low humidity: Buildup of static electricity.
Protective Measures:
Well-designed cabinets protect against spills
and leaks.
Mount hardware above floor level.
Control humidity with optional components of
heating, ventilation, and air conditioning
systems.
 CABLE ROUTING
Provide protection and ease of access with:
Raised floors
The main purpose is to have an accessible location for
cables connecting different devices.
The flooring panels can be installed or removed from the
grid easily.
Cables are routed under walkway areas.

Dedicated cable conduits

Provide cable access between rooms or floors.
Access panels should be installed at regular intervals for
adding, removing, or rerouting cables.
Conduits should be shielded to limit external
electromagnetic interference.
 FIRE PROTECTION
Protection:
Carbon dioxide.
Fire retardant foams and powders.
Gaseous compounds.

Supplemental detection equipment within the

computer room.
 DISASTER PLANNING AND RECOVERY
Because disasters such as fire, flood, and
earthquakes cannot be avoided, plans must be
made to recover from them.
Measures taken:
Periodic data backup and storage of backups at
alternate sites.
Backup and storage of critical software at alternate
sites.
Duplicate or supplementary equipment installed at
alternate sites.
Arrangements for leasing existing equipment at
alternate sites, such as another company or a service
bureau.
 Thank You!

T: 051 401 2754 [email protected] www.ufs.ac.za/it