University Of Petroleum and Energy Studies,

Dehradun

Cloud Security & Management

(Lab)

Submitted by:
Name- Vikash kumar

SAP: 500087705

Enrolment No. : R2142201906

batch: B4.CCVT

Submitted To: Amanjot kaur ma’am

EXPERIMENT NO:- 0 & 1:-

1. AWS Identity and Access Management (IAM)
 Working principle:
-AWS IAM allows administrators to create and manage users and their corresponding access
levels within the AWS ecosystem. This includes the ability to create and manage access keys,
permissions, and policies for users and resources.
 Advantages:
-AWS IAM provides a simple and flexible way to manage access to AWS resources, allowing
for granular control over user access and permissions.
-It also integrates with other AWS services, such as AWS S3 and EC2, to provide an integrated
security solution.
 Disadvantages:
- AWS IAM can be complex to set up and manage, and may require significant knowledge of
AWS services and permissions. Additionally, it may be difficult to manage access across
multiple AWS accounts or regions.
 Limitations:
- AWS IAM only applies to resources within the AWS ecosystem, and does not provide
protection for resources outside of AWS.
 Applications:
- AWS IAM is commonly used in cloud-based infrastructure and development environments,
and can be used to manage access for both internal and external users.

2. Rubrik
 Working principle:
-Rubrik delivers advanced data protection features with its snapshot-centric backup and recovery
solutions. By combining the benefits of short-term snapshots and creating full backups of those
snapshots, you get fast, reliable recovery down to a granularity of single-file restore.

 Features:
-- Secure data backup ensuring nothing is lost and quickly restored in case of a disaster
-- Protected backups which make it useless to even attempt to destroy them thanks to immutable
storage
-Works well with complex cloud architecture, as well as legacy and next-gen application
environments
-- Rubrik offers such a solution: it backs up and recovers data center and cloud data and features
automatic recovery from failure. It has in-depth reporting capabilities and it is also highly scalable.
-- Administrators can search and recover the precise data that is needed, instead of having to restore
the whole database. There is no need to be concerned about data loss or theft because Rubrik
protects the data from ransomware attacks – even after it has been stored in backup – with the help
of immutable storage.
-- Rubrik also makes it easy for backup and recovery processes in a hybrid cloud environment. In
fact, it can be used to get rid of complex, legacy backup/restore processes – that don’t even
guarantee recovery. Instead, this tool replaces them with a software solution that bridges legacy
and next-gen applications.
 Advantage
--Offers unified cloud backups – a great BDR alternative
-- Supports physical, virtual, and hybrid environments
-- image-based and incremental backup/recovery
--Supports the full lifecycle of data management
  Disadvantage
--Must contact sales for pricing
 Applications
--Ransomware Monitoring & Investigation.
--Sensitive Data Monitoring & Management.
--Threat Monitoring & Hunting.
--Data Security Command Center.

3. Trend Micro Cloud Security Platform

 Working principle:
--Trend Micro Cloud Security Platform is a cloud-based security solution that provides
visibility and control over cloud applications and services.
-- It monitors and enforces security policies for data in the cloud, including data encryption and
access controls.
 Advantages:
--Trend Micro Cloud Security Platform integrates with a wide range of cloud applications and
services, and provides a comprehensive view of cloud usage across an organization.
-- It also allows for granular control over data encryption and access controls, ensuring that data
is secure while in transit and at rest. Additionally, it provides threat detection and response
capabilities, helping to identify and respond to potential security threats.
 Disadvantages:
--Trend Micro Cloud Security Platform may require additional configuration to integrate with
certain services. Additionally, the service may require a subscription and additional cost to use.
 Limitations:
--Trend Micro Cloud Security Platform only applies to resources within the Trend Micro
ecosystem, and does not provide protection for resources outside of Trend Micro.
 Applications:
-- Trend Micro Cloud Security Platform is commonly used to secure data in cloud-based
applications and services, such as SaaS applications and public cloud infrastructure.
4. Google Cloud Identity and Access Management (IAM)
 Working principle:
--Google Cloud IAM allows administrators to create and manage users and their corresponding
access levels within the Google Cloud ecosystem. This includes the ability to create and
manage access keys, permissions, and policies for users and resources.

 Advantages:
--Google Cloud IAM provides a simple and flexible way to manage access to Google Cloud
resources, allowing for granular control over user access and permissions. It also integrates
with other Google Cloud services, such as Google Cloud Storage and Google Compute Engine,
to provide an integrated security solution.
 Disadvantages:
--Google Cloud IAM can be complex to set up and manage, and may require significant
knowledge of Google Cloud services and permissions. Additionally, it may be difficult to
manage access across multiple Google Cloud projects or regions.
 Limitations:
 --Google Cloud IAM only applies to resources within the Google Cloud ecosystem, and does
not provide protection for resources outside of Google Cloud.
 Applications:
--Google Cloud IAM is commonly used in cloud-based infrastructure and development
environments, and can be used to manage access for both internal and external users.

5. Splunk Enterprise Security

 Working principle:
Splunk is a software mainly used for searching, monitoring, and examining machine-generated Big
Data through a web-style interface. Splunk performs capturing, indexing, and correlating the real-
time data in a searchable container from which it can produce graphs, reports, alerts, dashboards,
and visualizations.
 Advantages:
--Can utilize behaviour analysis to detect threats that aren’t discovered through logs
--Excellent user interface, highly visual with easy customization options
--Easy prioritization of events
--Offers features to create operational and business intelligence from your data
--Available for Linux and Windows
 Disadvantages:
-- Better suited for large enterprises
 Applications:
--collect machine data from across the enterprise, search it, derive business insights from it, and
leverage it for monitoring and reporting.

6. Azure Active Directory (Azure AD)

 Working principle:
--Azure AD is a multi-tenant cloud-based identity and access management solution that allows
administrators to manage users and their access levels across Azure and other Microsoft
services. This includes the ability to create and manage access keys, permissions, and policies
for users and resources.

 Advantages:
--Azure AD integrates with other Azure services, such as Azure SQL and Azure VMs, to
provide an integrated security solution.
--It also allows for single sign-on (SSO) across multiple applications, reducing the need for
users to remember multiple sets of login credentials.
 Disadvantages:
--Azure AD may be complex to set up and manage, and may require significant knowledge of
Azure services and permissions.
-- Additionally, it may be difficult to manage access across multiple Azure accounts or regions.
 Limitations:
--Azure AD only applies to resources within the Azure ecosystem, and does not provide
protection for resources outside of Azure.
 Applications:
 --Azure AD is commonly used in cloud-based infrastructure and development environments,
and can be used to manage access for both internal and external users.
7. Zscalar
 Suite of cloud-based security tools ideal for protecting users of on-demand software; can work
as a gateway as well as a tunnel for private usage (better than a VPN), for an enhanced UX.
 Working Principle:
--Zscaler is a cloud-based information security platform delivered through more than 100
global data centres. To use Zscaler, Internet traffic from fixed locations such as branch offices
or factories, roaming devices and mobile devices is routed through Zscaler points of presence
before going on to the public Internet. The Zscaler Zero Trust Exchange™ is a cloud native
platform built on zero trust. Based on the principle of least privilege, it establishes trust through
context, such as a user's location, their device's security posture, the content being exchanged,
and the application being requested.
 Advantages:
● Reduces IT cost and complexity.

● Delivers a great user experience.

● Reduces risk.

● Products / Services.

● “Instead of forcing.

● Zscaler, Inc.

● A cloud-first architecture.

● Full inline SSL inspection at scale.

 Limitations:
● Zscaler SCIM servers have a rate limit of 5 requests per second. In order to avoid retries,
reduce the number of threads in the PingFederate channel configuration. For more information,
see Specifying channel information in the PingFederate documentation and SCIM API
Examples in the Zscaler documentation.
● When provisioning users to a group, all users must be set to active. If an inactive user is
present, the active users and group will be provisioned but no users will be added to the group.
● Rate limiting can prevent the connector from provisioning users to groups. If rate limiting
forces a retry, and a user is created on the retry, the user's group memberships are applied the
next time the relevant groups are updated.

 Applications:
--Zscaler Client Connector
--Zscaler Executive Files

8. CloudFlare Access
 Working principle:
 --CloudFlare Access is a cloud-based identity and access management solution that allows
administrators to manage users and their access levels across CloudFlare and other services.
--This includes the ability to create and manage access keys, permissions, and policies for users
and resources.
 Advantages:
--CloudFlare Access integrates with other CloudFlare services, such as CloudFlare Gateway, to
provide an integrated security solution.
-- It also allows for single sign-on (SSO) across multiple applications, reducing the need for
users to remember multiple sets of login credentials. It also provides end-to-end encryption,
ensuring that data is secure while in transit and at rest.
 Disadvantages:
-- CloudFlare Access may not be supported by all applications, and may require additional
configuration to integrate with certain services.
-- Additionally, the service may require a CloudFlare account and additional cost to use.
 Limitations:
-- CloudFlare Access only applies to resources within the CloudFlare ecosystem, and does not
provide protection for resources outside of CloudFlare.
 Applications:
--CloudFlare Access is commonly used to secure internal applications and resources, such as
corporate websites and web-based applications
 Introduction to different cloud security tools with their advantages,
disadvantages, limitations and applications

No. Working principle Advantages Disadvantages Limitations Applications

1. AWS Identity and Works on the --integrated with --requires --only applicable --create access
Access principle of creating AWS services in knowledge of to AWS and its roles and
Management (IAM) access roles, where order to provide AWS access roles, services groups as
administrator security solutions. policies . assigned by
creates roles for administrator
accessing resources --provide multi- --can be difficult
or services using level control of to maintain
policies, groups and resources across multiple
roles. AWS account.

2. Rubrik core principle of --Offers unified --high pricing --Limited Platform ----Ransomware
Rubrik's platform is cloud backups. Support. Monitoring &
to provide a single, Investigation.
unified view of an --snapshot based --scale and
organization's data, recovery. complexity of data --Sensitive Data
regardless of where Monitoring &
it is stored and Management.
provide a distributed
architecture and
advanced data
indexing to allow for
fast and efficient
data management,
search, and recovery.
3. CrowdStrike The core principle of --Advanced Threat --CrowdStrike --CrowdStrike -- Falcon can be
Falcon CrowdStrike Falcon is Intelligence. Falcon can be Falcon can be used to protect
to provide real-time relatively integrated with an
visibility and --providing expensive, and its other security organization's
protection for an visibility into the pricing model solutions, but it endpoints, such
organization's activity on may not be may not be as laptops,
endpoints by using endpoints and suitable for all compatible with desktops,
advanced threat helping to speed organizations, all systems or servers, and
intelligence and incident response. particularly those applications. mobile devices,
machine learning to with limited from a wide
detect and prevent --lightweight budgets. -- CrowdStrike range of cyber
cyberattacks on an agent. Falcon is an agent- threats,
organization's based solution, including
network. which means that malware,
the agent needs to ransomware
be installed on the etc.
endpoints

4. Cloudflare The core principle of -- Cloudflare's -- Cloudflare's -- Cloudflare's -- Load

Cloudflare's platform global network of platform requires platform may not Balancing and
is to use a global data centers can internet be compatible cloud security.
network of data help to improve connectivity to with all
centers to improve the performance function technologies or -- Content
the speed, reliability, of websites and properly, which platforms, which Delivery
and security of web applications can be an issue can limit its Network.
websites and by reducing the for organizations usefulness for
applications. The load on an with limited or some
platform uses a organization's own unreliable organizations
distributed servers internet
architecture to cache connectivity.
and distribute -- Affordable and
content from a easy to use. -- Limited
website or customization
application, so that it options.
is delivered to users
from the closest data
center.
5. Trend Micro -Trend Micro Cloud -Trend Micro --Trend Micro --Trend Micro -- Trend Micro
Cloud security Security Platform is a Cloud Security Cloud Security Cloud Security Cloud Security
cloud-based security Platform Platform may Platform only Platform is
solution that integrates with a require applies to commonly used
provides visibility wide range of additional resources within to secure data
and control over cloud applications configuration to the Trend Micro in cloudbased
cloud applications and services, and integrate with ecosystem, and applications and
and services. provides a certain services. does not provide services, such as
comprehensive Additionally, the protection for SaaS
-- It monitors and view of cloud service may resources outside applications and
enforces security usage across an require a of Trend Micro public cloud
policies for data in organization. subscription and infrastructure.
the cloud, including additional cost to
data encryption and -- It also allows for use
access controls. granular control
over data
encryption and
access controls,
ensuring that data
is secure while in
transit and at rest.

6. Orca Security Orca Security --Agentless --The platform --Limited to cloud- --Cloud
provides a approach and may not provide based Workload
centralized Complete visibility as environments Protection
management comprehensive
console that allows -- Automated reporting and --Cloud Data
organizations to security analytics as some Protection
manage and monitor assessments other security
their cloud security solutions on the --Cloud Threat
posture, with real- market. Detection and
time visibility into -- Integration Response
the security status of challenges
their cloud
resources.

7. Splunk Splunk Enterprise -- Real-time threat -- High cost -- Splunk ES -- Threat

Enterprise Security Security (ES) is a detection. requires a Intelligence
security information -- Complex significant amount
and event -- Integration with deployment and of data to be -- Incident
management (SIEM) other security maintenance ingested in order Investigation
tool that helps tools to be effective. and Response
organizations detect, This can lead to
investigate, and high costs for data
respond to security storage and
threats in their IT processing.
environments.
8. Zscaler Its working principle -- Global coverage -- Zscaler relies -- Because --web,
is to provide a secure and flexible on an internet Zscaler's security email ,network
internet gateway. connection to services are security.
When a user -- Zscaler solutions provide its provided via the
attempts to access are delivered security services, cloud, -- Allows for
the internet, their through the cloud, so if the internet organizations may secure and
request is directed to which allows for connection is have less control controlled
the Zscaler cloud faster deployment lost, the security over the access to
platform, rather than and scalability. services will not configuration and resources and
going directly to the be available. management of applications
destination website. the security based on user
The platform then -- Latency and services. identity and
examines the complexity role.
request and applies a
variety of security
checks and controls
to ensure that it is
safe to proceed.
 Experiment no:-2
Installing web server in virtual machine

Step 1 creating a ubuntu virtual machine using VirtualBox. Enter the name of your VM.

Step 2now, we are going to allocate base memory(RAM) to our VM(here we are allocating almost
increased to 1700 MB of RAM) and click on next.
Step 3let, the hard disk option be remain same(create a virtual hard disk now),hard disk file type be
(VDI(VirtualBox disk image)) and also let storage be (dynamically allocated). Now, here we are going to
allocate storage to our VM and locate the folder where we want to keep our VM. Now, select on create.

Step 4after creation of our VM. Select on settings, go to system, select the processor and increase the
processors count from one to four.
Step 5then select on storage, select on empty with a disc icon and again select on disk with drop down
and select the iso file which we downloaded(we can also locate the iso file by clicking on choose a dick
file, if your iso file is not shown here).

Step 6after attaching iso file and complete installation of linux.we are going to install apache2
webserver on our Linux Virtal machine.
 Command:-sudo apt-get install apache2
Step 7check status of apache2 server.
 Command—systemctl status apache2

Step 8now, we go to apache webserver default port number(80). As, we see our apache server is
running successfully.
 Localhost:80/
EXPERIMENT NO:-3:-
 Installation and Configuration of virtualization using KVM
Enabling nested virtualization:
1.intially, we are going to enable nested virtualization.

2.locate path using

 Cd C:\Program Files\Oracle\VirtualBox
3. enable nested virtulization. using
 VBoxManage modifyvm "ubuntu 22" --nested-hw-virt on

4.nested virtualization on.

Check Virtualization Support on Ubuntu 22
1. Before you begin with installing KVM, check if your CPU supports hardware
virtualization via egrep command:
 egrep -c '(vmx|svm)' /proc/cpuinfo
output:

2. Now, check if your system can use KVM acceleration by typing:

 sudo kvm-ok
output:

3.If kvm-ok returns an error stating KVM acceleration cannot be used, try solving the
problem by installing cpu-checker. To install cpu-checker, run the following command:
 sudo apt install cpu-checker
Install KVM on Ubuntu 22
To enable KVM virtualization on Ubuntu 22 .
Step 1.installing kvm:-
1. First, update the repositories:
 sudo apt update

2. Then, install essential KVM packages with the following command:

 sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils

Step 2: Authorize Users

1. Only members of the libvirt and kvm user groups can run virtual machines. Add a user
to the libvirt group by typing:
 sudo adduser ‘username’ libvirt
Replace username with the actual username.

Step 3: Verify the Installation

1. Confirm the installation was successful by using the virsh command:
 virsh list --all
output :

2. Or use the systemctl command to check the status of libvirtd:

 sudo systemctl status libvirtd
If everything is functioning properly, the output returns an active (running) status.

3. Press Q to quit the status screen.

4. If the virtualization daemon is not active, activate it with the following command:
  sudo systemctl enable --now libvirtd

step 4:setting up tools for VM:-

1. Before you choose one of the two methods listed below, install virt-manager, a tool for
creating and managing VMs:
 sudo apt install virt-manager

2. Type Y and press ENTER. Wait for the installation to finish.

3.Make sure you download an ISO containing the OS you wish to install on a VM and
proceed to pick an installation method.

Step 5:build a fedora virtual machine

1. Start virt-manager with:
 sudo virt-manager
2. In the first window, click the computer icon in the upper-left corner.In the dialogue box
that opens, select the option to install the VM using an ISO image. Then click Forward.

3. In the next dialogue, click Browse Local and navigate to the path where you stored the
ISO you wish to install.
4.. The ISO you chose in the previous window populates the field in Step 2. Proceed to
Step 3 by clicking Forward.

5. Enter the amount of RAM and the number of CPUs you wish to allocate to the VM and
proceed to the next step.
6. Allocate hard disk space to the VM. Click Forward to go to the last step.

7. Specify the name for your VM and click Finish to complete the setup.
8. The VM starts automatically, prompting you to start installing the OS that’s on the ISO
file.
Experiment no:-4
Implementation of Para-Virtualization using VM Ware‘s
Workstation/ Oracle‘s Virtual Box and Guest O.S.
Step 1:-select on start to create a new virtual-machine.

Step 2:-enter name of virtual-machine.

Step 3:-select base storage and cores of CPU which we want to allocate.

Step 4:-select storage size.

Step 5:- check your VM summary and click on finish.

Step 6:-go to setting and choose ISO file.

Step 7:- ISO file selected and click on ok.

Step 8:- now, click on start.

Step 9:-now select on install ubuntu and choose language.

Step 10:-select on normal installation.

Step 11:-select on erase disk and install ubuntu.

Step 12:-create an user-name and choose password.

Step 13:-VM successfully created and installed.

Step 14:- As, we see we successfully Implemented Para-Virtualization using Oracle‘s Virtual Box and
Guest O.S .
EXPERIMENT NO:- 5
Implementation of Para virtualization
Step 1:-We can see there is grey marked button in the settings of the virtual box we need
some internal CMD commands to enable this
Change the para virtulization interface to Hyper-V
Step 2:-For this run windows+r and write cmd in dialogue box
Command prompt should open

 Go to installation folder

 Enable para virtualization by this command using this “DevOps_lab” to be my virtual

machine in which para virtulization should start

 We can see the greyed out option is now enabled and in “Acceleration” tab
Para virtualization is considered “Hyper-V”

 Check the hardware options

step 3:-Ubuntu installation
step 4:-Type of installation
Step 6:-Partinging the hard disk

step 7:-We can see the partion type

Experiment 6: To study and implementation of
Storage as a Service:-
Storage as a Service (STaaS) is a cloud computing model where a cloud service provider
offers storage infrastructure to customers on a pay-per-use or subscription basis. Instead of
buying and maintaining their own physical storage devices, customers can leverage the
provider's storage infrastructure to store and manage their data in the cloud.
storage as a service with versioning refers to a cloud-
based storage solution that automatically keeps track of different versions of files and
documents as they are created, modified, or deleted. This type of service allows users to
access and restore previous versions of their files, providing an important safeguard against
data loss or corruption(storage as a service using AWS with versioning).

Step 1:-login into AWS account.

Step 2:-click on create bucket.

Step 3:-enter the name of bucket and its region.

Step 4:-enable bucket versioning for preservation of data and files and click on create
bucket.

Step 5:-bucket created. Now, we are going to upload a file.

Step 6:-choose the file and click on upload.

Step 7:-file uploaded successfully.

Step 8:-now ,delete the file.

Step 9:-file deleted successfully.

Step 10:-now, click on show version and we can retrieve back our deleted file successfully.
Experiment 7: To Study and implement Infrastructure
as a Service using Xen/ VMWare
Step 1:-sign in and activating our vmware account.

Step 2:-downloading vmware 6.5 enterprise iso file.

Step 3:-building a new virtual-machine using virtualbox.

Step 4:-setting up base memory(RAM) and processor cores.

Step 5:- allocating storage and click on next.

Step 6:- virtual-machine summary.

Step 7:-setting exsi iso file.

Step 8:- setting up boot order.

Step 9:-setting up network as bridged adapter for internet access.

Step 10:-disabling usb control.

Step 11:- vm successfully built.

Step 12:- start virtual-machine.

Step 13:-exsi successfully running.

Step 14:-setting up root password.

Step 15:-configuring network manager.

Step 16:-exsi server running at 192.168.0.100.

Step 17:-opening http://192.168.0.100

Step 18:- successfully opened.

Step 19:-creating a new vm.

Step 20:-adding os name.

Step 21::_customizing vm.

Step 22:- vm successfully built.

Experiment no:8(To study and implementation
of identity management)
Aim:- to create and ec2 instance having a role to access s3 bucket.
IAM:-Identity and access management (IAM) is the discipline that
enables the right individuals to access the right resources at the right
times for the right reasons.

Step 1.log in into our AWS console.

Step 2.first we create an ec2 instance.

Step 3.now, we create a s3 bucket and try to access it through our ec2
instance.
Step 4.As, we see we are unable to access our s3 bucket because we need to
create a bridge using IAM policies and role to access our s3 bucket.

Step 5.so now we create an IAM role.

Step 6.now, go to roles and select on create role.

Step 7.now, we select who access the role(also known as trusted entity, we
select aws services and also select use case as ec2).
Step 8.now, we have to choose a policy which provides us full access to our s3
bucket via the ec2 instance (Amazons3fullacess).

Step 9.here, we can see json format of our policy.

Step 10.now, we name our role and select on create role.

Step 11.role created successfully.

Step 12.now, we go back to ec2 and choose role, by right click on instance then
go to security and then select modify IAM role.

Step 13.now, choose our created role(s3fullacess) and click on save.

Step 14.now, we go back to ec2 instance and connect it.

Step 15.now, as we see we are able to access our s3 bucket through our ec2
instance.
EXPERIMENT NO:-9
setting up SSH, Installing Ansible and setting its inventory
Step 1:-Setting up SSH between two Linux VM (one act as control server and other as remote
server).

Now, creating a SSH key on control node and also setting our password for key using

 ssh-keygen -t rsa -b 4096

Output:-

Step 2:-check your ssh key in folder by using following command

 cd –(to go into root directory)

 cd .ssh(to go into .ssh directory)
 ls
here,

 vikash private key(traffic decrypted by private key, and let private key remain on control
server)
 vikash.pubpublic key(traffic encrypted by public key, so put public key on remote server)
Step 3:-now ,we are going to install openssh-server on remote server (left side) , control server(right
side).

 sudo apt install openssh-server

Step 4:-start ssh server on (remote server)

 sudo systemctl start sshd

Step 5:-now we are going to copy public key(id_rsa.pub) on (remote server) using command

 scp vikash.pub [email protected]:/home/ec2-user (from the control server)

Step 6:-public key successfully copied on remote server successfully.

Step 7:-we can check public key on remote server by going to directory /home/vikash, then

 ls

Step 8:-now, we are going to transfer public key in a .ssh folder on remote server.

 Cat vikash.pub >> .ssh/authorized_keys

Step 9:-now, we are going to access remote server on control node

 ssh [email protected]

Step 10:-to exit/logout from remote server use

 exit
Now, we are going to install ansible on control server

Step 11:-run the following command to include the official project’s PPA (personal package archive)
in your system’s list of sources, from the control node.

 sudo apt-add-repository ppa:ansible/ansible

Step 12:-update your system’s package index, so that it is aware of the packages available in the
newly included PPA.(control node)

 sudo apt update

Step 13:-now, install the Ansible software using. (control node)

 sudo apt install ansible

Step 14: - now, we are going to Setup the Inventory File(control node)

we are going to edit the contents of our default Ansible inventory, open the /etc/ansible/hosts file
using any text editor, on your Ansible control node:

 sudo gedit /etc/ansible/hosts

 [servers]
server1 ansible_host=192.168.0.117
[all:vars]
ansible_node_interpreter=/usr/bin/node
The all:vars subgroup sets the ansible_ node _interpreter host parameter that will be valid for all
hosts included in this inventory. This parameter makes sure the remote server uses the /usr/bin/
node node executable instead of /usr/bin/node (node latest), which is not present on recent Ubuntu
versions.
Step 15:- now we are going to check our inventory using: (control node)

 ansible-inventory --list -y

Step 16:-installing ansible on remote server through control server using ssh.

 Sudo apt install anisible

Step 17:- now, From Ansible control node, run:

 telnet 172.31.16.248.22

 Output:ping successful