IT601 – System and Network Administration STATES OF COMPUTER MACHINES

Introduction A Computer Machine Consists of ….

➢Computers and networks are now a days a vital part of the daily life. • Hardware Components
➢System administration matters because computers and networks matter • Operating System
▪ Applications are everywhere e.g SOHO, SME, NGOs, Government and • Accessories
Educational Institutes • Has Different States and Several Processes Associated with it
▪ User of Computers have increased, esp the networked computers Evard's Computer Machine Life Cycle
▪ Technologies are diversified and heterogeneous  A Computer Machine Goes through different states in their life
▪ Architectural approaches are also diversified  Evard has outline different states and process that are performance on
➢The need to have specialized people to operate and maintain computers and Five States
networks • New • Clean • Configured • Unknown • Off
▪ Build the infrastructure Several Processes
▪ Operate and maintain • Build • Initialize • Update • Entropy • Debug • Retire
▪ Provide Support to users New State
➢System administration matters because computers and networks matter  A new machine
 Unpacking
➢This course focuses on the principles of systems and network administration
 Physical Connections
IT SYSTEM
A. What is a System?  Power up
A system is a collection of elements or components that are organized for a common  Preinstalled OS or No OS
Purpose. Clean State
A. What is a IT System? A machine that has the operating system installed but isn't set up to function in the
A collection of computing and/or communications components and other resources System.
that support one or more functional objectives of an organization Build Process
Computing, Network, DHCP, DNS, http, Computing, PC, Phone, Configuration. Select OS, Install OS, Drivers and Software’s
IT System Components Rebuild Process
Computing Machines, Software, Network, Services, Users, Processes Recovered Data, Reformate Disks, Reinstall OS/Software
Computing Machines Configured State
Computing Machines are important component of IT Systems and there are different • A machine that is properly configured to meet the needs of the System.
forms of computing machines in an organization. • User Roles and Permissions
Servers/Workstation, Desktops, Laptops/ Mobile Devices • Updates
Software Update Process
Operating Systems, Applications, Utilities Select Updates, Schedule Updates, Monitor
Network Unknown State
Wireless, Router, Switch, Firewall, DPI, Load balancers, VPNs, Cable and • A machine that has been misconfigured, or that has become out of date, or that has
Connector been borrowed by an intern and returned stained
Services Debug Process
Application Services, Network Services, Web services Troubleshooting, Remove the bugs, Fix Drivers and Software’s
Users Entropy Process
Diverse Users, Different Roles, Different Levels Changes by user/admin/updates, Compromised State
Processes Rebuild Process
Support System, Operations, Configurations, Change Management Recover User Data, Format Disks and Reinstall OS
Off State • The typical characteristics of a small business are having no more than 1,500
Powered Off, No User Data, OS installed or Removed, Disconnected from employees
Infrastructure • Mid-market enterprise:
Retire Process • These organizations are larger than small businesses but smaller than large
Recover User Data, Flush the Hard Disks, Isolate from Infrastructure enterprises.
• Computer Machine Passes through 5 states throughout their life cycle • They generally employ between 1,500 and 2,000 people
• Different Processes are used for transition of the state of Computer Machines • Large enterprise:
System Administration •These organizations are relatively few,
What is SNA and Who is System Administrator? Managing an IT System means?
1. Difficult to define because system administrators do so many things. Applying Tasks and actions
• looks after computers, networks, and the people who use them. ● Installation and Configuration
• look after hardware, operating systems, software, configurations, applications, or ● Monitoring, Logging and Reporting
security ● Changing Changes System State
2 - A system administrator influences how effectively other people can or do use ● Supporting
their computers and networks. ● Provisioning
Help Employees, Support Others, Guide Others ● Troubleshooting
3 - A system administrator sometimes needs to be a WEEK#2
Business-process, consultant, corporate visionary, janitor, software engineer, System Administration Maturity
electrical engineer, psychiatrist, mind-reader, economist Process and its Maturity
4 - Known with different names. ● The term process describes the means by which the system components are
Network administrators, system architects, system engineers, operator’s system integrated or interact with each other to produce a desired end result.
programmers ● IT System have several components which Objective interacts or integrate with
General Definition each other for the common objectives.
System administration is the field of work which involves… Maturity
● Managing one or more systems ● Process maturity is a measure of how well defined and controlled a system 's
● System could be software, hardware, servers or workstations processes are.
● The objective are efficiency and effectiveness ● A high level of process maturity shows that processes are documented well, users
Importance of System Administration understand and follow procedures, and there is continuous process improvement.
• System administration matters because computers and networks matter. Maturity Models IT
Business Operations, Collaborations, Solve Many Problems Several maturity models exists for IT and Business, Examples are….
• Business Depends on • CMMI
Internet, Intranet, World Wide Web • ITIL Maturity Model
• Management now has a more realistic view of computers, more people becoming • Agile Maturity Model
direct users of Computers • DevOps Maturity Model
• Unreliable machine room power system that caused occasional but bearable • MDM Maturity Model
problems now prevents sales from being recorded. We Focus on System Administration Maturity Model (SAMM) which is quite
• Computers matter more than ever. If computers are to work and work well, system similar to ITIL Maturity Model.
administration matters SAMM Maturity Levels@
Organization Size and System Administration Level 1 Initial (Adhoc Proceses)
• Small and Home Offices: Key Process Area
• Most businesses in the U.S. fall under this category. • The user is given the authority to decide what to do and when to do.
• They must also be able to assign work to other people creating interactions.
Level 2 Repeatable (Disciplined process) Hardware install – New or upgraded hardware is installed whenever & where ever
Key Process Area makes the most sense at the moment.
• Requirements Management Problem report – Problems are sometimes reported by users by mail or phone to a
• Project Planning random administrator.
• Project Tracking Security – No specific security standards or policies exist.
• Subcontract/Vendor Management Disk capacity – Disk space is in short supply. No information on usage rates is
• Quality Assurance available. Project managers of supported organizations often fight among
• Configuration Management themselves regarding disk space.
Level 3 Defined (Standard, consistent process) Backups – Backups are usually done according to a weekly schedule.
Key Process Area Level 2 – Repeatable – Practices
• Process Focus New user – Procedure to request and create an account is well documented. Cycle
• Process Definition time for requests is monitored.
• Training Software install – Installation guidelines are understood. Time spent installing and
• Integrated Management configuring software is tracked.
• System & Network Engineering Hardware install – Installation standards are understood. Time spent installing and
• Intergroup Coordination configuring hardware is tracked.
Level 4 Managed (Predictable process) Problem report – Process to report problems is well understood by users and cycle
Key Process Area time for problem resolution is monitored.
• Quantitative Process Management Security – Various security standards are clearly documented. Security violations
• Quality Management are monitored.
Level 5 Optimizing (Continuously Improving) Disk capacity – Acceptable disk capacity levels are established. Capacity is
Key Process Area periodically monitored.
Defect Prevention Backups – Failure conditions for backups are understood. Failure rates and effort
Technology Change Management to resolve problems are tracked.
Process Change Management Level 3 – Defined – Practices
SAMM –Common Practices New user – Head count expansion information is provided to signal new account
Common Practices at different SAMM Levels requests are expected. Revision of procedure.
Five Levels Software install – Installations are planned with the supported organizations
• Initial Reasons for install/upgrade are recorded.
• Repeatable Hardware install – Installations are coordinated with supported organizations and
• Defined vendors. Reasons for install/upgrade are recorded.
• Managed Problem report – Problems are mapped to root causes. Group reviews solutions to
• Optimizing resolutions suggested to address root causes.
Level 1 – Initial – Practices Security – Group reviews security incidents for root vulnerabilities. Resolutions are
New user – Verbal requests are addressed as time permits or escalated with discussed, tested and released.
management. Disk capacity – Capacity planning is addressed in project plans written by
Software install – New or upgraded software is installed whenever & where ever supported organizations and reviewed by the network & systems group.
makes the most sense at the moment. Backups – Training is provided for network and systems group to enhance backup
programs and procedures.
Level 4 – Managed – Practices
Outstanding 10 Excellence in practice well recognized Consistent long term
New user – Cycle time numbers are used to adjust staffing to meet demand and
use Consistent world class results
requirements.
Software install – Productivity measures and goals for installation created. Building Reliable Systems
Hardware install – Productivity/problem data is compare to goals for installs, tests Introduction to Reliability
and demos.  All systems will eventually fail.
Problem report – Cycle time and resolution quality information is used on a regular • Many Reasons
basis to access effectiveness of problem reporting and resolution system. • An important term that quantifies dependability of a system during
Security – Effectiveness of group reviews is studied. its life-cycle is the reliability.
Disk capacity – Metric for disk availability is created and used.  Generally, Reliability is defined as the probability of success.
Backups – Backup system is certified with high reliability rating. Objectives of Reliability
Level 5 – Optimizing – Practices  The objective of studying reliability
New user – Accounts are electronically requested and verified. To quantify how “reliable” a product or service is, to understand the causes for poor
Software install – Problems with software installs are documented and avoidable reliability,
with new procedures. To deploy actions to improve the reliability of Organizations.
Hardware install – New hardware technologies are evaluated & integrated.  Unreliable Systems contributes
Problem report – New problem reporting system installed to better meet user Increase cost of ownership of the systems.
requirements for ease of use. Defining Reliability
Security – Internal contest to establish better security practices is established.  Reliability is defined as the probability that a system will perform its
Disk capacity – Project tracking information combined with metrics of utilization intended function(s) during a specified period of time under defined
are used to predict needs. conditions.
Backups – Backup process is revisited with input from supported organizations re: • Specified Time Period
production schedules. • Defined Conditions
SAMM Process Evaluation Ratings Examples of Reliability
Reliability usually changes as a function of time and is denoted as R (t).
Rating Score Characterization Examples of reliability statements are:
The basic coverage warranty lasts for 36 months or 36,000 miles.
Poor 0 No ability No interest Ineffective results We warrant the bulb will be free from defects and will operate for 3 years based on
3 hours/day.
Weak 2 Partial ability Fragmented usage Inconsistent results Calculating Reliability
The Reliability is calculated by
Fair 4 Implementation Plan defined Usage in major areas r𝑇 Reliability at time T
Consistent positive results (𝑇) Working Systems at time T
(𝑇0) Total Systems at time T0
Marginal 6 Implementation across organization Usage in most areas Failure Probability
Positive measurable results (( Failure Probability at time T
(𝑇) Failed Systems at time T
Qualified 8 Practice is integral part of process Consistent use across
(𝑇0) Total Systems at time T0 = 1 − (𝑡)
organization. Positive long term results
Failure Rate
 • The frequency of component failure per unit time. It is usually denoted by Mean time to recovery (MTTR)
the λ. 𝜆 𝑡 Failure rate at time t dt interval • The average time duration to fix a failed component and return to operational
state.
• It includes the time spent during the alert and diagnostic process before
repair activities are initiated.
Weibull distribution Mean time to detection (MTTD)
𝛼 is called the scale factor which represents the characteristic life of the product The average time elapsed between the occurrence of a component failure and its
• which is the time at which 63% of the products have failed. detection.
• 𝛽 is called the shape factor and represents the different shapes for the Availability
Weibull distribution. It Determines the instantaneous performance of a component at any given time
 𝛽 < 1 represents early failures based on time duration between its failure and recovery
 𝛽 = 1 represents constant failure rate
 𝛽 > 1 represents wear-out failures Reliability in Practical IT Systems
System/Service Metrics For series connected components, the effective failure rate is determined as the sum
• MTTF of failure rates of each component. Given n series-connected components:
• Mean time to failure
• MTTD
• Mean time to detection For parallel connected components, MTTF is determined as the reciprocal sum of
• MTTR failure rates of each system component. Given n parallel-connected components:
• Mean time to recovery For hybrid systems, the connections may be reduced to series or parallel
• MTBF configurations first.
• Mean time between failure
Failure Rate Availability and Reliability specifications
• The frequency of component failure per unit time denoted by λ. • Calculate reliability and availability of each component individually. For
• Failure rate is considered as forecasted failure intensity given that the series connected components, compute the product of all component values.
component is fully operational in its initial condition. for N series-connected components.
• For parallel connected components, for N parallel-connected components.
Repair rate
• The frequency of successful repair operations performed on a failed
component per unit time and denoted μ .
• Repair rate is defined mathematically as follows: • For hybrid connected components, reduce the calculations to series or
Mean time to failure (MTTF) parallel configurations first.
The average time duration before a non-repairable system component fails. Caveats
• It’s important to note a few caveats regarding these incident metrics and the
associated reliability and availability calculations.
Mean time between failure (MTBF)  These metrics may be perceived in relative terms. Failure may be
The average time duration between inherent failures of a repairable system defined differently for the same components in different
component. applications, use cases, and organizations.
𝑀𝑇𝐵𝐷 = 𝑀𝑇𝑇𝐹 + 𝑀𝑇𝑇𝑅
  The value of metrics such as MTTF, MTTR, MTBF, and MTTD are 4.3 – Backups
averages observed in experimentation under controlled or specific Backup strategy and policies
environments. These measurements may not hold consistently in Scheduling: when and how often?
real- world applications. Capacity planning
• Organizations should therefore map system reliability and availability Location: on-site vs. off-site.
calculations to business value and end-user experience. Monitoring backups
• Decisions may require strategic trade-offs with cost, performance and, security, Checking logs
and decision makers will need to ask questions beyond the system Verifying media
dependability metrics and specifications followed by IT departments. Performing restores when requested
Common Tasks Time
IT System Components Automated?
1. Services 4.4 - Software Installation
2. Computing Machines Automated consistent OS installs
3. Network Desktop vs. server OS image needs.
4. Processes Installation of software
Routine Tasks
5. Software’s 1) User Managment Purchase, find, or build custom software.
6. Users 2) Hardware Managment. Managing multiple versions of a software pkg.
Common Tasks 3) Backup Managment. Managing software installations
Planning and Design 4) Software Managment. Distributing software to multiple hosts.
1) Architecuture 5) Troubleshooting. Patching and updating software
2) Physical Planning 6) System monitoring. When?
3) IP Addressing 7) Security Managment. Updates vs Upgrades
4) VLANS 8) Users Assistance. 4.5 – Troubleshooting
5) Internet vs Intranet 9) Communication. Problem identification
User Management By user notification
Adding User Accounts By log files or monitoring programs
Namespace management Tracking and visibility
Removing user accounts Ensure users know you’re working on problem
4.2 Hardware Management Provide an ETA if possible
Adding and removing hardware Finding the root cause of problems
Configuration, cabling, etc. Provide temporary solution if necessary
Purchase Solve the root problem to permanently eliminate
Evaluate and purchase servers + other hardware 4.6 - System Monitoring
Capacity planning Automatically monitor systems for
How many servers? How much bandwidth, storage? Problems (disk full, error logs, security)
Data Center management Performance (CPU, memory, disk, network)
Power, racks, environment (cooling, fire alarm) Provides data for capacity planning
Virtualization Determine need for resources
When can virtual servers be used vs. Physical? Establish case to bring to management
4.7 - Helping Users
Request tracking system
Ensures that you don’t forget problems. Security  Highly secure against More prone to
Ensures users know you’re working on their problem; reduces interruptions, status malware  Hacking attempts
queries. cyber threats  cyber threats
User documentation and training
Policies and procedures Support Large comm. supports  Community and long-
Answer commonly term customer support
Schedule and communicate downtimes
asked questions  Great documentation
Effected Systems
Downtimes command line graphical user interface
Operation
4.8 – Communicate
Customers User Experience requires an relatively more beginner- friendly
Keep customer appraised of process. experienced Linux
• When you’ve started working on a request with ETA. administrator
• When you make progress, need feedback.
• When you’re finished. Database Support MySQL, PostgreSQL Microsoft SQL Microsoft
Communicate system status. Access
• Uptime, scheduled downtimes, failures.
• Meet regularly with customer managers. Scripting Support Python PHP, Perl, Other ASP ASP.NET
Managers Unix languages
Meet regularly with your manager.
Write weekly status reports. Advantages/Disadvantages of Linux Servers
WEEK#3 Advantages
Server Operating Systems  No additional licensing fee as the operating system is free.
Two Major Server Operating Systems  More reliable - it rarely experiences malware, cyber threats, or other security
 Linux Operating Systems errors.
 Servers  Not demanding on the client hardware and lower resource consumption.
 Desktops  Due to its low infrastructure requirements, it shows excellent performance
 Mobiles rates.
 Windows Operating Systems  System administrators have the freedom and opportunity to customize the
 Servers system.
 Desktops  Seamless use of open-source software on the server.
 Mobiles  Supports cooperative work without exposing the program’s core.
Linux Window system Disadvantages
Architecture Centered around the  Based on the Windows  Operating via a command line instead of a GUI requires some learning or
Linux kernel NT architecture experience.
 Not all versions have long-term support.
Cost Free open-source  Owned by Microsoft,  Updating from one major version to another can sometimes be complex.
software  a licensing fee per user
  Some third-party and professional programs may not have support or require
admin privileges.
Advantages/Disadvantages of Windows Servers
Advantages
 Beginner-friendly due to its intuitive graphical user interface and out-of-the-
box functionality.
 Guaranteed five years of maintenance + five years of extended support.
 Supports third-party applications and is compatible with Microsoft
applications.
 Requires less admin monitoring and maintenance thanks to its robust
approach and automated updates.
Disadvantages
 Higher costs due to the obligatory licensing fee for the OS.
 More prone to malware, cyber-threats, and other security-related errors.
 Its mandatory GUI makes it more resource intensive.
Linux Server
What is Ubuntu Server?
 Ubuntu Server is a server operating system developed by Canonical that
runs on all major architectures
 Ubuntu is a server platform that anyone can use for the following and much
more:
 Ubuntu Server has these minimum requirements:
Differences from Ubuntu Desktop
 There are a few differences between the Ubuntu Server Edition and the
Ubuntu Desktop Edition.
 It should be noted that both editions use the same apt repositories, making it
just as easy to install a server application on the Desktop Edition as it is on
the Server Edition.
 The differences between the two editions are the lack of an X window
environment in the Server Edition and the installation process.
 Ubuntu version 10.10 and prior, actually had different kernels for the server
and desktop editions. Ubuntu no longer has separate -server and -generic
kernel flavors.
 These have been merged into a single -generic kernel flavor to help reduce
the maintenance burden over the life of the release.
 When running a 64-bit version of Ubuntu on 64-bit processors you are not
limited by memory addressing space.
 To see all kernel configuration options you can look through /boot/config-
4.14.0-server. Also, Linux Kernel in a Nutshell3 is a great resource on the
options available.
Installing Ubuntu Server@
Software Package Management
 Package management system is derived from the same system used by
the Debian GNU/Linux Distribution.
 Package Files
 The package files contain all of the necessary files, meta-data, and
instructions to implement a particular functionality or software
application on your Ubuntu computer.
 Debian package files typically have the extension '.deb', and usually
exist in repositories which are collections of packages found on
various media, such as CD-ROM discs, or online.
 Packages are normally in a precompiled binary format; thus
installation is quick, and requires no compiling of software.
 Dependencies
 Many complex packages use dependencies.
 Dependencies are additional packages required by the principal
package in order to function properly.
 For example, the speech synthesis package festival depends
upon the package libasound2, which is a package supplying
the ALSA sound library needed for audio playback. In order
for festival to function, it and all of its dependencies must be
installed.
 The software management tools in Ubuntu will do this automatically.
Dpkg
 dpkg is a package manager for Debian-based systems.
 It can install, remove, and build packages, but unlike other package
management systems, it cannot automatically download and install packages
or their dependencies.
 Using dpkg to manage software
  List all packages installed on the system, from a terminal prompt Over time, updated versions of packages currently installed on your computer may
type: become available from the package repositories (for example security updates). To
dpkg -l upgrade your system, first update your package index as outlined above, and then
 Depending on the amount of packages on your system, this can generate a type:
large amount of output. Pipe the output through grep to see if a specific sudo apt upgrade
package is installed:  Actions of the apt command, such as installation and removal of packages,
dpkg -l | grep apache2 are logged in the /var/log/dpkg.log log file.
 To list the files installed by a package, in this case the ufw package, enter: Aptitude
dpkg -L ufw  Launching Aptitude with no command-line options, will give you a menu-
 If you are not sure which package installed a file, dpkg -S may be able to driven, text-based front-end to the Advanced Packaging Tool (APT) system.
tell you. For example: dpkg -S /etc/host.conf base-files: /etc/host.conf  Many of the common package management functions, such as installation,
APT removal, and upgrade, can be performed in Aptitude with single-key
 The apt command is a powerful command-line tool, which works with commands, which are typically lowercase letters.
Ubuntu's Advanced Packaging Tool (APT) performing such functions as  Aptitude is best suited for use in a non-graphical terminal environment to
 installation of new software packages ensure proper functioning of the command keys.
 upgrade of existing software packages  You may start the menu-driven interface of Aptitude as a normal user by
 updating of the package list index typing the following command at a terminal prompt:
 upgrading the entire Ubuntu system sudo aptitude
Advantages  Actions
 Being a simple command-line tool, apt has numerous advantages  Install Packages
over other package management tools available in Ubuntu for server  Remove Packages
administrators.  Update Package Index
 Ease of use over simple terminal connections (SSH)  Upgrade Packages
 The ability to be used in system administration scripts  The first column of information displayed in the package list in the top pane,
 Which can in turn be automated by the cron scheduling utility. when actually viewing packages lists the current state of the package, and
Using APT uses the following key to describe the state of the package:
 Installing a Package  i: Installed package
sudo apt install nmap  c: Package not installed, but package configuration remains on
 Removing a Package system
sudo apt remove nmap  p: Purged from system
Also, adding the --purge option to apt remove will remove the package configuration  v: Virtual package
files as well. This may or may not be the desired effect, so use with caution.  B: Broken package
 Updating the Package Index  u: Unpacked files, but package not yet configured
The APT package index is essentially a database of available packages from the  C: Half-configured - Configuration failed and requires fix
repositories defined in the /etc/apt/sources.list file and in the /etc/apt/sources.list.d  H: Half-installed - Removal failed and requires fix
directory. To update the local package index with the latest changes made in the  To exit Aptitude, simply press the q key and confirm you wish to
repositories, type the following: exit. Many other functions are available from the Aptitude menu by
sudo apt update pressing the F10 key.
 Upgrade Packages  Command Line Aptitude
 sudo aptitude install nmap sudo aptitude remove nmap quickly identify all available Ethernet interfaces
Automatic Updates@ sudo lshw -class network
 The unattended-upgrades package can be used to automatically install provides greater details around the hardware capabilities of specific adapters.
updated packages, and can be configured to update all packages or just install ip a@
security updates. sudo lshw -class network@
 Install the package by entering the following in a terminal: Ethernet Interface Logical Names
sudo apt install unattended-upgrades  Interface logical names can also be configured via a netplan configuration.
Configuration of APT If you would like control which interface receives a particular logical name
 Configuration of the Advanced Packaging Tool (APT) system repositories use the match and set-name keys.
is stored in the /etc/apt/sources.list file and the /etc/apt/sources.list.d  The match key is used to find an adapter based on some criteria like MAC
directory. address, driver, etc. Then the
 You may edit the file to enable repositories or disable them. For example, to set-name key can be used to change the device to the desired logial name.@
disable the requirement of inserting the Ubuntu CD-ROM whenever Ethernet Interface Settings
package operations occur, simply comment out the appropriate line for the  ethtool is a program that can display and
CD-ROM, which appears at the top of the file: change Ethernet card settings such as
# no more prompting for CD-ROM please  auto-negotiation,
# deb cdrom:[Ubuntu 18.04 _Bionic Beaver_ - Release i386 (20111013.1)]/ bionic  port speed,
main restricted  duplex mode,
 Extra Repositories  and Wake-on-LAN.
 By default, the Universe and Multiverse repositories are enabled but  The following is an example of how to view supported features and
if you would like to disable them edit /etc/apt/sources.list and configured settings of an Ethernet interface. @
comment the following lines: IP Addressing
Networking – Interfaces and Addressing  Temporary IP Address Assignment
Network Management  Dynamic IP Address Assignment (DHCP Client)
 Ubuntu ships with a number of graphical utilities to configure your network  Static IP Address Assignment
devices.  Loopback Interface
 The network management includes Temporary IP Address Assignment
 For temporary network configurations, you can use the ip command which
 Configuring Interfaces
is also found on most other GNU/Linux operating systems.
 IP Addressing  The ip command allows you to configure settings which take effect
 DNS immediately, however they are not persistent and will be lost after a reboot.
 Bridging  To temporarily configure an IP address, you can use the ip command in the
Ethernet Interfaces following manner. Modify the IP address and subnet mask to match your
 Ethernet interfaces are identified by the system using predictable network network requirements.
interface names. sudo ip addr add 10.102.66.200/24 dev enp0s25
 These names can appear as eno1 or enp0s25.  The ip can then be used to set the link up or down. ip link set dev
 In some cases an interface may still use the kernel eth# style of naming. enp0s25 up
 Identify Ethernet Interfaces ip link set dev enp0s25 down
To identify all available Ethernet interfaces, you can use following commands as To verify the IP address configuration of enp0s25, you can use the ip command in
shown below. ip a the following manner. @
ip route show@  LACP , Link Aggregation Control Protocol
Dynamic IP Address Assignment (DHCP Client)@  NetFlow
ip address show lo@  sFlow
Networking – Name Server and Bridging  IPFIX , Internet Protocol Flow Information Export
Name Resolution  RSPAN , Remote SPAN
 Name resolution as it relates to IP networking is the process of mapping IP  CLI
addresses to hostnames, making it easier to identify resources on a network.  802.1ag
 Two cases shall be discussed,  It is designed to support distribution across multiple physical servers similar
 Name resolution using DNS to VMware’s vNetwork distributed vswitch or Cisco’s Nexus 1000V.
 Name resolution using static hostname records  OVS can be installed as below
Name resolution using DNS @  sudo apt update
Name resolution using static hostname records @  sudo apt install openvswitch-switch
Fully Qualified Domain Names (FQDN's)@  Service is started automatically after installation:
Name Service Switch Configuration @  systemctl status openvswitch-switch.service
Bridging  ovs-vsctl show
 Bridging multiple interfaces is a more advanced configuration but is very MACVLAN
useful in multiple scenarios.  MacVLAN helps the user to configure sub-interfaces of a parent physical
 One scenario is using bridge on a system with one interface to allow virtual Ethernet interface with its own unique MAC address and as a result with its
machines direct access to the outside network. own IP address.
 Another scenario is setting up a bridge with multiple network interfaces, then  Applications, VMs and containers can now be grouped to a specific sub-
using a firewall to filter traffic between two network segments. interface, in order to connect directly to the physical network using their own
 Configure the bridge by editing your netplan configuration found in MAC and IP addresses.
/etc/netplan/:@  Drawbacks
 Now apply the configuration to enable the bridge:  limitation to the number of different MAC addresses allowed
sudo netplan apply on the physical port.
 The new bridge interface should now be up and running. The brctl provides  NICs have a limitation on the number of MAC addresses they
useful information about the state support natively.
of the bridge, controls which interfaces are part of the bridge, etc.  IEEE 802.11 protocol specifications, multiple MAC
Networking – Bridging (cont.) addresses on a single client are not allowed.
Legacy Bridging  Common DHCP Server, Low CPU, Normal Network Utilization, Meets
 The brctl utility provide ubuntu ‘s legacy bridging that can be 802.11 standards and Easy to Set-Up are some salient feature of
installed using the following command. sudo apt install bridge-utils MACVLAN
 creating a new bridge device, we’ll create one called br-sna1 WEEK#4
brctl addbr br-sna1 ip link set br-sn1 up User Management
 A net device can be added to bridge using following command  User management is a critical part of maintaining a secure system.
brctl addif br-sna1 NetDeviceName Ineffective user and privilege management often lead many systems into
Open vSwitch Bridge devices being compromised.
 Open vSwitch (OVS) is an open source, production-quality, multilayer-  it is important to understand how you can protect your server through
virtual switch. simple and effective user account management techniques.
 Open vSwitch is designed for massive network automation through  Root User
programmatic extension, but still with the support for standard protocols and
management interfaces.
 o Root is the superuser account in Unix and Linux. It is a user account
for administrative purposes, and typically has the highest access
rights on the system.
o Usually, the root user account is called root. However, in Unix and
Linux, any account with user id 0 is a root account, regardless of the
name.
Root user in Ubuntu
 In ubuntu server, administrative root accountis disabled by default.
 This does not mean that the root account has been deleted or that it
may not be accessed. It merely has been given a password which
matches no possible encrypted value, therefore may not log in
directly by itself
 Instead, users are encouraged to make use of a tool by the name of
sudo to carry out system administrative duties.
 sudo allows an authorized user to temporarily elevate their privileges using
their own password instead of having to know the password belonging to
the root account.
 This simple yet effective methodology provides accountability for all
user actions, and gives the administrator granular control over which
actions a user can perform with said privileges.
 By default, the initial user created by the installer is a member of the group
"sudo" which is added to the file /etc/sudoers as an authorized sudo user.
 To give any other account full root access through sudo, simply add them to
the sudo group.
Enabling/disabling root
 If for some reason you wish to enable the root account, simply give it a
password:
sudo passwd
 sudo will prompt you for your password, and then ask you to supply a new
password for root.
 To disable the root account password, use the following passwd syntax:
sudo passwd -l root
 However, to disable the root account itself, use the following command:
usermod --expiredate 1
 You should read more on sudo by reading the man page:
man sudo
User Management Operations
The process for managing local users and groups is straightforward and differs very
little from most other GNU/Linux operating systems. Ubuntu and other Debian
based distributions encourage the use of the "adduser" package for account
management.
 Deleting an account does not remove their respective home folder. It is up
to you whether or not you wish to delete the folder manually or keep it
according to your desired retention policies.
User Group Management
 A user can be assigned to group(s) based on their department or
 A group allows a user special access to system resources, such as files,
directories, or processes (programs) that are running on the system.
 This group membership can also be used to prevent access to system
resources because several security features in Linux make use of groups to
impose security restrictions.
 Every user is a member of at least one group. This first group is called the
user’s primary group. Any additional groups a user is a member of are called
the user’s secondary groups.
 Group membership can be displayed by executing either the id or groups
command: student@onecoursesource:~$ id
uid=1002(student)gid=1002(student)
groups=1002(student),60(games),1001(ocs)
student@onecoursesource:~$ groups student games ocs
 Both the id and groups commands display information about the current user
by default. Both commands also accept an argument of another user account
name:
student@onecoursesource:~$ id root
uid=0(root) gid=0(root) groups=0(root)
student@onecoursesource:~$ groups root
root : root
 The most important difference between primary and secondary group
membership relates to when a user creates a new file. Each file is owned by
a user ID and a group ID.
 When a user creates a file, the user’s primary group membership is used for
the group ownership of the file:
Group information
 Group information is stored in several files:
 The /etc/passwd file contains user account information, including the
primary group membership for each user.
  The /etc/group file stores information about each group, including the group
name, group ID (GID) and secondary user membership.
student@onecoursesource:~$grepstudent/etc/passwd
student:x:1002:1002::/home/student:
 The /etc/gshadow file stores additional information for the group,
including group administrators and the group password.
 student@onecoursesource:~$head/etc/group
root:x:0:
 daemon:x:1:
 bin:x:2:
 sys:x:3: adm:x:4:syslog,bo tty:x:5:
 disk:x:6:
 lp:x:7:
 mail:x:8:
 news:x:9:
Special Groups
 A typical Linux system will have many default group accounts. These
default group accounts typically have GID values under 1000, making it easy
for an administrator to recognize these as special accounts.
 Additionally, if you add new software to the system, more groups may be
added as software vendors make use of both user and group accounts to
provide controlled access to files that are part of the software.
 Administrators who are focused on security should be aware of these special
group accounts because these accounts can provide either security features
or pose security threats.
Group Description
Root This group account is reserved for the system administrator. Do not
add a regular user to this group because it will provide the regular user
with elevated access to system files.
Adm Members of this group typically have access to files related to system
monitoring (such as log files). Being able to see the contents of these
files can provide more information about the system than a regular user
would typically have.
Lp This is one of many groups (including tty, mail, and cdrom) used by
the operating system to provide access to specific files. Typically,
regular users are not added to these groups because they are used by
background processes called daemons.
sudo This group is used in conjunction with the sudo command.
staff A default group that was traditionally used on Unix systems but is
rarely used in modern Linux distributions.
users A default group that is rarely used in modern Linux distributions.
operators A group that was traditionally used on Unix systems for users who
required elevated privileges for specific system tasks. This group is
rarely used in modern Linux distributions.
Adding Removing Groups
 To add or delete a personalized group, use the following syntax,
respectively:
sudo addgroup groupname
sudo delgroup groupname
 To add a user to a group, use the following syntax:
sudo adduser username groupname
User Level Security
User Profile Security
 When a new user is created, the adduser utility creates a new home directory
named /home/username.
 The default profile is modeled according to contents of /etc/skel,
which includes all profile basics.
 For multiuser environment, close attention is required to the user
home directory permissions to ensure confidentiality.
 By default, user home directories in Ubuntu are created with world
read/execute permissions.
 This means that all users can browse and access the contents of other
user’s home directories.
 To verify your current user home directory permissions, use the following
syntax: ls -ld /home/username
drwxr-xr-x 2 username username 4096 2007-10-02 20:03 username
 To remove the world readable-permissions, following command can be
used. sudo chmod 0750 /home/username
 The efficient approach is to modify the adduser global default permissions
when creating user home folders. Simply edit the file /etc/adduser.conf and
modify the DIR_MODE variable to something appropriate, so that all new
home directories will receive the correct permissions.
DIR_MODE=0750
ls -ld /home/username
drwxr-x--- 2 username username 4096 2007-10-02 20:03 username
Password Policy
 A strong password policy is one of the most important aspects of your
security posture. Many successful security breaches involve simple brute
force and dictionary attacks against weak passwords.
 To offer any form of remote access involving your local password system,
make sure you adequately address
  Minimum password complexity requirements
 Maximum password lifetimes
 Frequent audits of your authentication systems
Password Expiry
 When creating user accounts, you should make it a policy to have a
minimum and maximum password age forcing users to change their
passwords when they expire.
 To easily view the current status of a user account, use the following syntax:
sudo chage -l username
Last password change : Jan 20, 2015
Password expires : never Password inactive : never Account expires : never
Minimum number of days between password change : 0 Maximum number of
days between password change : 99999
Number of days of warning before password expires : 7
 To set any of these values, simply use the following syntax, and follow the
interactive prompts: sudo chage username
 Example : Change the explicit expiration date (-E) to 01/31/2015, minimum
password age (-m) of 5 days, maximum password age (-M) of 90 days,
inactivity period (-I) of 30 days after password expiration, and a warning
time period (-W) of 14 days before password expiration:
sudo chage -E 01/31/2015 -m 5 -M 90 -I 30 -W 14 username
Other Considerations
 Many applications use alternate authentication mechanisms that can be easily. It
is important to understand and control how users authenticate and gain access
to services and applications on your server.
 SSH Access by Disabled Users
 Simply disabling/locking a user account will not prevent a user from
logging into your server remotely if they have previously set up RSA
public key authentication.
 They will still be able to gain shell access to the server, without the need
for any password.
 Remember to check the users home directory for files that will allow
for this type of authenticated SSH access, e.g.
/home/username/.ssh/authorized_keys.
 Remove or rename the directory .ssh/ in the user's home folder to
prevent further SSH authentication capabilities.
 Be sure to check for any established SSH connections by the
disabled user, as it is possible they may have existing inbound or
outbound connections. Kill any that are found.
who | grep username (to get the pts/# terminal) sudo pkill -f pts/#
 Restrict SSH access to only required user accounts. You may create
a group called "sshlogin" and add the group name as the value
associated with the AllowGroups variable located in the file
/etc/ssh/sshd_config.
AllowGroups sshlogin
 External User Database Authentication
Remote Administration
OpenSSH
 This topic introduces a powerful collection of tools for the remote control
of, and transfer of data between, networked computers called OpenSSH.
 OpenSSH is a freely available version of the Secure Shell (SSH) protocol
family of tools for remotely controlling, or transferring files between,
computers.
 Traditional tools used to accomplish these functions, such as telnet or rcp,
are insecure and transmit the user's password in cleartext when used.
 OpenSSH provides a server daemon and client tools to facilitate secure,
encrypted remote control and file transfer operations, effectively replacing
the legacy tools.
 The OpenSSH server component, sshd, listens continuously for client
connections from any of the client tools.
 When a connection request occurs, sshd sets up the correct connection
depending on the type of client tool connecting.
 if the remote computer is connecting with the ssh client application,
the OpenSSH server sets up a remote control session after
authentication.
 If a remote user connects to an OpenSSH server with scp, the
OpenSSH server daemon initiates a secure copy of files between the
server and client after authentication.
 OpenSSH can use many authentication methods, including plain password,
public key, and Kerberos tickets.
Install OpenSSH
 Installation of the OpenSSH client and server applications is simple.
 To install the OpenSSH client applications on your Ubuntu system,
use this command at a terminal prompt:
sudo apt install openssh-client
 To install the OpenSSH server application, and related support files,
use this command at a terminal prompt: sudo apt install openssh-
server
 Configuring the OpenSSH
 You may configure the default behavior of the OpenSSH server
application, sshd, by editing the file /etc/ssh/sshd_config.
 For information about the configuration directives used in this file,
you may view the appropriate manual page with the following
command, issued at a terminal prompt: man sshd_config
Configuring the OpenSSH@
SSH Keys
 SSH keys allow authentication between two hosts without the need of a
password. SSH key authentication uses two keys, a private key and a public
key.
 To generate the keys, from a terminal prompt enter: ssh-keygen -t rsa
This will generate the keys using the RSA Algorithm. During the process you will
be prompted for a password. Simply hit Enter when prompted to create the key.
 By default the public key is saved in the file ~/.ssh/id_rsa.pub, while
~/.ssh/id_rsa is the private key. Now copy the id_rsa.pub file to the
remote host and append it to ~/.ssh/authorized_keys by entering:
ssh-copy-id username@remotehost
 Finally, double check the permissions on the authorized_keys file,
only the authenticated user should have read and write permissions.
If the permissions are not correct change them by:
chmod 600 .ssh/authorized_keys
 You should now be able to SSH to the host without being prompted
for a password.
Puppet
 Puppet is a cross platform framework enabling system administrators to
perform common tasks using code.
 The code can do a variety of tasks from installing new software, to checking
file permissions, or updating user accounts.
 Puppet is great not only during the initial installation of a system, but also
throughout the system’s entire life cycle. In most circumstances puppet will
be used in a client/server configuration.
 Puppet uses a client-server approach and consists of the following systems:
 The Puppet Master is a server with the Puppet Master daemon that
manages crucial system information for all nodes using manifests.
 The Puppet Agents are nodes with Puppet installed on them with the
Puppet Agent daemon running.
 Puppet utilizes a client/server architecture consisting of the Puppet Master
and Puppet Agents. Puppet Agents uses pull mode to poll the master and
retrieve node-specific and site-specific configuration info.
 The topology goes through the following steps: 1 - A node running a Puppet
Agent daemon
gathers all the information (facts) about itself, and the agent sends the facts to the
Puppet Master.
1 - The Puppet Master uses the data to create a catalog on how the
node should be configured and sends it back to the Puppet Agent.
2 - The Puppet Agent configures itself based on the catalog and reports
back to the Puppet Master.
Installing and Configuring Puppet@
Zentyal
 Zentyal is a Linux small business server that can be configured as a gateway,
infrastructure manager, unified threat manager, office server, unified
communication server or a combination of them.
Integrated
 All network services managed by Zentyal are tightly integrated,
automating most tasks.
• This saves time and helps to avoid errors in network configuration and
administration.
Opensource
• Zentyal is open source, released under the GNU General Public License
(GPL) and runs on top of Ubuntu GNU/Linux.
• Zentyal consists of a series of packages (usually one for each module) that
provide a web interface to configure the different servers or services.
• Zentyal publishes one major stable release once a year based on the latest
Ubuntu LTS release.
Configuration
• The configuration is stored on a key-value Redis database, but users, groups,
and domains-related configuration is on OpenLDAP.
• When you configure any of the available parameters through the web
interface, final configuration files are overwritten using the configuration
templates provided by the modules.
Advantage
• The main advantage of using Zentyal is a unified, graphical user interface to
configure all network services and high, out-of-the-box integration between
them.
Installing and Configuring Zantyal@
Logging
 Logging refers to record keeping of information about events that occur in a
computer system, such as problems, errors or just information on current
operations.
 Different types of events may occur in the operating system or in
other software.
 These log messages can then be used to monitor and understand the
operation of the system, to debug problems, or during an audit.
 Logging is particularly important in multi-user software, to have a central
overview of the operation of the system.
 On Linux, you have two types of logging mechanisms :
 Kernel logging: related to errors, warning or information entries that your
kernel may write
  User logging: linked to the user space, those log entries are related to
processes or services that may run on the host machine.
Kernel Logging
 On the kernel space, logging is done via the Kernel Ring Buffer. The ring
buffer is a circular buffer that is the first data structure storing log
messages when the system boots up.
 When starting Linux machine, if log messages are displayed on the
screen, those messages are stored in the kernel ring buffer.
 The Kernel logging is started before user logging
 The kernel ring buffer, pretty much like any other log files on your
system can be inspected.
 In order to open Kernel-related logs on your system, you have to use
the “dmesg” command.
Example of events : Errors in mounting a disk, Driver Loading etc
Log files locations
 There are many different log files that all serve different purposes. When
trying to find a log about something, you should start by identifying the most
relevant file.
 System logs
 Application logs
 Non-human-readable logs
Viewing and monitoring log files
 The most basic way to view files from the command line is using the cat
command. You simply pass in the filename, and it outputs the entire contents
of the file: cat file.txt.
 Viewing the start or end of a file
 It is generally required to quickly view the first or last n number of
lines of a file.
 The head and tail commands come in handy.
 These commands work much like cat, although you can specify how
many lines from the start/end of the file you want to view.
 To view the first 15 lines of a file, run head -n 15 file.txt, and to view
the last 15, run tail -n 15 file.txt.
 Due to the nature of log files being appended to at the bottom, the
tail command will generally be more useful.
 Monitoring files
 To monitor a log file, you may pass the -f flag to tail. It will keep
running, printing new additions to the file, until you stop it (Ctrl +
C). For example: tail -f file.txt.
 Searching files
 One way that we looked at to search files is to open the file in less
and press /.
 A faster way to do this is to use the grep command.
 We specify what we want to search for in double quotes, along with
the filename, and grep will print all the lines containing that search
term in the file. For example, to search for lines containing “test” in
file.txt, you would run grep "test" file.txt.
 If the result of a grep search is too long, you may pipe it to less,
allowing you to scroll and search through it: grep "test" file.txt | less.
System Logging Daemon (syslogd)
 The system logging daemon syslogd, also known as sysklogd, awaits
logging messages from numerous sources and routes the messages to the
appropriate file or network destination.
 Messages logged to syslogd usually contain common elements like
system hostnames and time-stamps in addition to the specific log
information.
 Configuration of syslogd@
Log Rotation
 When viewing directory listings in /var/log or any of its subdirectories, you
may encounter log files with names such as daemon.log.0, daemon.log.1.gz,
and so on.
 What are these log files? They are 'rotated' log files. That is, they
have automatically been renamed after a predefined time-frame, and
a new original log started. After even more time the log files are
compressed with the gzip utility as in the case of the example
daemon.log.1.gz.
 The purpose of log rotation is to archive and compress old logs so
that they consume less disk space, but are still available for
inspection as needed.
 Typically, logrotate is called from the system-wide cron script
/etc/cron.daily/logrotate, and further defined by the configuration file
/etc/logrotate.conf. Individual configuration files can be added into
/etc/logrotate.d
  Log files that have zeroes appended at the end are rotated files. That means  Vim is based on the original Vi editor, which was created by Bill Joy in
log file names have automatically been changed within the system. 1976. In the 90’s, it started becoming clear that Vi was lacking in some
 logrotate handles systems that create significant amounts of log files. The features when compared with the Emacs editor.
command is used by the cron scheduler and reads the logrotate configuration  VIM includes all the missing features of VI.
file /etc/logrotate.conf. It’s also used to read files in the logrotate  VIM is generally preinstalled with many linux distributions, if not it can be
configuration directory. installed as below sudo apt-get update sudo apt-get install vim
var/log/log name here].log { Missingok Vim Modes
Notifempty Compress Size 20k Daily  Everything in Vim is considered a mode. You can achieve whatever you
Create 0600 root root want if you understand modes in Vim.
}  There are many modes in Vim. But, we'll be looking at the 4 most important
 The commands perform the actions as follows: modes.
 missingok – Tells logrotate not to output an error if a log file is Command Mode
missing  Default mode, also called Normal mode.
 notifempty – Does not rotate the log file if it is empty. It reduces the  To switch from one mode to another, you have to come to Command Mode
size of the log file with gzip  The commands that you run without any prefix (colon) indicate that you're
 size – Ensures that the log file does not exceed the specified running the command in command mode.
dimension and rotates it otherwise Insert Mode
 daily – Rotates the log files on a daily schedule. This can also be  to edit the contents of the file.
done on a weekly or monthly schedule  You can switch to insert mode by pressing i from command mode.
 create – Instantiates a log file where the owner and group are a root  You can use the Esc key to switch back to command mode.
user Command-Line Mode
Logging related commands  To execute commands
1) dmesg . the dmesg kernel ring buffer utility  the commands in this mode are prefixed with a colon (:)
2) faillog, the faillog command (and also the faillog configuration file via man  Switch to this mode by pressing : (colon) in command mode
5 faillog) Visual Mode
3) grep , the grep pattern searching utility  to visually select some text and run commands over that section of code
4) head , the head utility  switch to this mode by pressing v from the command mode.
5) klogd, the kernel log daemon (klogd) VIM Commands
6) last , the last command which shows last logged in users Insert mode commands
7) less , the less paging utility  a Append text following current cursor position
8) logger , the logger command-line interface to syslog utility  A Append text to the end of current line
9) logrotate , the the logrotate utility  i Insert text before the current cursor position
10) savelog , the savelog log file saving utility  I Insert text at the beginning of the cursor line
11) syslogd , the system log daemon (syslogd)  o Open up a new line following the current line and add text there
12) syslog.conf , the syslogd configuration file  O Open up a new line in front of the current line and add text there
13) Tail , the tail utility  Command mode commands
Shell Scripts  Ctrl + e
Writing and Editing Files  Ctrl + d
 Vim is an acronym for Vi IMproved. It is a free and open-source cross-  Ctrl + f
platform text editor. It was first released by Bram Moolenaar in 1991 for  Ctrl + y
UNIX variants.  Ctrl + u
 Ctrl + b
  % - use with '{','}','(',')' to jump with the matching one.  Unsetting Variables
 0 - first column of the line unset VAR_NAME
 $ - jump to the last character of the line  Variable Types
 Editing Commands  Local Variables
 d …delete the characters from the cursor position up the position  Environment Variables
given by the next command  Shell Variables
 c …change the character from the cursor position up to the position Special variables@
indicated by the next command.  $0 - The filename of the current script.
 y …copy the characters from the current cursor position up to the  $n - These variables correspond to the arguments with which a script was
position indicated by the next command. invoked. Here n is a positive decimal number corresponding to the position
 p …paste previous deleted or yanked (copied) text after the current of an argument.
cursor position.  $# - The number of arguments supplied to a script.
 Undo and Redo  $* - All the arguments are double quoted. If a script receives two arguments,
 u- you can undo almost anything using u in the command mode. $* is equivalent to $1 $2.
 Ctrl+r - undo is undoable using Ctrl-r.  $@ - All arguments are individually double quoted. If script receives two
 Searching and Replacing arguments, $@ is equivalent to $1 $2.
 :s/old/new/gc  $? - The exit status of the last command executed.
 :s/old/new/g  $$ - The process number of the current shell. This is the process ID under
 Save the file which they are executing.
 :wq , Save file and exit  $! - The process number of the last background command.
 :q! , Exit file without saving the changes Defining Array Values
First Script@  Basic Syntax
 Create a new script file with name : myfirstScript.sh Vi myfirstScript.sh array_name[index]=value
 Write the following content #!/bin/sh  For the ksh shell, here is the syntax of array initialization
# Author : IT601 set -A array_name value1 value2 ... valuen
# Copyright (c) Virtual University of Pakistan  For the bash shell, here is the syntax of array initialization
echo “Hello Virtual University Student, What is your student iD” read VUID array_name=(value1 ... valuen)
echo “WELCOME !, $VUID"  Accessing Array Values
 Make the script executable Chmod 777 myfirstScript.sh ${array_name[index]}
 Run script Operators
./myfirstScript.sh  Arithmetic Operators@
Variables  Relational Operators@
 Variable Names@  Boolean Operators@
The name of a variable can contain only letters (a to z or A to Z), numbers ( 0 to 9)  String Operators@
or the underscore character ( _). By convention, Unix shell variables will have their  File Test Operators@
names in UPPERCASE. Control Statements@
 Defining Variables Loops@
VAR_NAME=variable_value Nesting while Loops@
 Accessing Values Creating Functions
echo $VAR_NAME Syntax
 Read-only Variables function_name () { list of commands
readonly VAR_NAME }
Simple Function Linux, Window Server, UNIX
# Define your function here Hello () { • Software packages
echo "Hello World" MySQL, DHCP Server, DNS server, Oracle Server
} How are Servers different?
# Invoke your function Hello • 1000s of clients depend on server.
Passing Parameters • Requires high reliability.
# Define your function here Hello () { • Requires tighter security.
echo "Hello World $1 $2" • Often expected to last longer.
} • Investment amortized over many clients, longer lifetime.
# Invoke your function Server CPU
Hello test1 test 2 CPUs
Returning Data There are two main types of server processors:
# Define your function here X86.
Hello () { • X86 processors are the most common type of processor found in servers.
echo "Hello World $1 $2" return 10 • They are made by companies such as Intel and AMD.
} • X86 processors are designed for general-purpose computing.
# Invoke your function • They can be used for a variety of tasks, including web hosting, database
Hello Zara Ali management, and file sharing.
# Capture value returnd by last command ret=$? RISC
echo "Return value is $ret" • RISC processors are designed for specific tasks.
WEEK#5 • They are often used in high-performance servers.
Servers • RISC processors are made by companies such as IBM and Oracle.
A group of computer machines in an organization generall referd to as server. Selection of CPU
It is used to provide different types of services. • The type of server processor you need depends on the type of server you are
• Application services using.
• Web services • If you are using a general-purpose server, an x86 processor is likely the best
• Back-office processing choice.
• Databases • If you are using a high-performance server, a RISC processor may be the
• Batch computation better choice.
• Etc. Clock speed
Servers vs Services  keep up with the demands of modern businesses
A server offers one or more services. Server is also a more technical term, whereas  ablity to process large amounts of data quickly and efficiently
service is more a term off the problem domain. Cores
Server as hardware (see post from Dan D)  Number of cores in a processor can have a big impact on its performance.
Server as software (eg. Apache HTTP server)  More cores means that the processor can handle more tasks at the
A server provides services to one or more clients, and a server (hardware) is a same time.
computer. A server (hardware) can be anything from a home computer to a big
 in the market today have up to 32 cores and more
server-rack with a lot of processor power. From the view of a computer, a server
Memory support
(software) is just a set of services which is available to clients on the network.
A server is a computer machine consisting of Hardware  support large amounts of memory
CPU, Memory, Storage, Power Supply, NIC, Mother Board  need to store and process large amounts of data
• Operating System Expand-ability
  Need to be expandable so that businesses can add more features as their 4th Gen Intel® Xeon® Scalable processors have the most built-in accelerators of
needs change. any CPU on the market to improve performance in AI, analytics, networking,
 Built-in features such as security or management tools storage, and HPC.
 Expansion slots so that businesses can add more features as they need them 2) Intel® Xeon® Max Series
Efficient Data Management Maximize bandwidth with the Intel® Xeon® CPU Max Series, the first and only
 Data management is a key concern x86-based processor with high-bandwidth memory (HBM).
 Must be able to efficiently handle large amounts of data 3) Intel® Xeon® W Processor
Designed for creative professionals, delivering the performance you need for VFX,
 keep the server running smoothly, even when under heavy load
3D rendering, and 3D CAD on a workstation.
Cost and Power Consumption
4) Intel® Xeon® D Processor
 Most important factors to consider is cost When space and power are at a premium, these innovative system-on-a-chip
 Initial Cost processors bring workload optimized performance.
 Operational Cost 5) Intel® Xeon® E Processor
 energy-efficient Essential, business-ready performance, expandability and reliability for entry server
 Right balance between power consumption and performance to minimize solutions.
your carbon footprint Server Memory
Budget Memory
 key factors to consider is your budget Server memories are concerned witn
Workload  RAM
 The server load  CPU Cache
SERVER CPU Choices Two Major aspects of server memory are
1 Intel Xeon  Large Capacity
(a) - Multicore with two threads per core, 1.8 to 3.3 Ghz, 8 cores  Higher speed
(b) - upto 18 MB L3 Cache x86 supports up to 64GB with PAE. x86-64 supports 1 PB (1024 TB)
2 - AMD Opteron Servers need faster RAM than desktops.
(a) - 4, 6, 8, or 12 cores @ 1.4 to 3.2 GHz • Higher memory speeds.
(b) - Up to 12 MB L3 cache • Multiple DIMMs accessed in parallel.
(c) - IBM Power 7/8/9/10... • Larger CPU caches.
(d) - 4, 6, or 8 cores with 4 threads each @ 3.0 to 4.25 GHz Types of Memory
(e) - 4 MB L3 cache per core (up to 32MB for 8-core) FBDIMM
(f) - Sun Niagara 3 – Fully buffered
(g) - 16 cores with 8 threads each @ 1.67 GHz UDIMM
(h) - 6 MB L2 cache - Un-buffered dual in-line memory module
Xeon vs Pentium/Core CPUs RDIMM
Xeon based on Pentium/Core with changes that vary by model: - Registered dual in-line memory module
• Allows more CPUs LRDIMM
• Has more cores - Load Reduced dual in-line memory module
• Better hyper-threading SODIMM
• Faster/larger CPU caches - Used with laptops
• Faster/larger RAM support Micro DIMM
Intel Processor Families Transfer Speed of RAM
1) Intel® Xeon® Scalable Processors SDRAM
 - Synchronous Dynamic Random Access Memory  use a 32-bit data path and provided 32 address lines, giving access to
DDR 4GB of memory
- Double Data Rate SDRAM  ran at 8MHz in order for it to be compatible with ISA common
DDR2 expansion bus types are
– 2 x times the DDR  VESA - Video Electronics Standards Association
DDR3  invented to help standardize PCs video specifications
low power, Twice clock multiplier with a four times clock multiplier , No F/B  32-bit data path and ran at 25 or 33 MHZ
Compatibility, 2 x DDR2 TT  VL-Bus was superseded by PC
DDR4  PCMCIA - Personal Computer Memory Card Industry Association
- low power higher module density and lower voltage requirements, coupled with (Also called PC bus)
higher data rate transfer speeds  AGP - Accelerated Graphics Port
 SCSI - Small Computer Systems Interface
 Universal Serial Bus (USB)
Servers need high I/O throughput.
• Fast peripherals: SCSI-3, Gigabit Ethernet
• Often use multiple and/or faster buses.
PCI
• Desktop: 32-bit 33 MHz, 133 MB/s
Cache Memory • Server: 64-bit 66 MHz, 533 MB/s
The L1, L2, L3 Cache
PCI-X (backward compatible)
Cache memory is high speed memories placed between RAM and CPU.
• v1.0: 64-bit 133 MHz, 1.06 GB/s
RAM -> L3 -> L2 – L1-> Registers - > CPU
• v2.0: 64-bit 533 MHz, 4.3 GB/s
System Bus
PCI Express (PCIe)
 Data sharing • Serial architecture, v3.0 up to 16 GB/s
 Addressing
Power Supply
 Power
Server Power Supply
 Timing
Expansion Bus Types  Servers based on the ATX or microATX form factors generally use an
Common expansion bus types are ATX power supply
 ISA- Industry Standard Architecture  Pedestal servers based on one of the Server System Infrastructure (SSI)
 designed for use in the original IBM PC form factors generally use an EPS12V power supply
 8 bit / 16 bit ATX Power Supply Standards
 The ISA bus ran at a clock speed of 4.77 MHz and improved version  ATX power supplies were originally designed for use in desktop computers.
8MHz.  Widely used in entry-level tower and slimline servers.
 16-bit version of the ISA bus is sometimes known as the AT bus
(AT-Advanced Technology).  ATX power supply standards include the following:
 MCA - Micro Channel Architecture  ATX version 2.03 Older entry-level tower servers
 IBM developed this bus as a replacement for ISA when they designed  ATX12V More recent entry-level tower servers
the PS/2 PC in 1987  ATX1U 1U slimline servers
 speed of 10MHz and supported either 16-bit or 32-bit data  ATX2U 2U slimline servers
 EISA - Extended Industry Standard Architecture ATX1U/2U Rack-Mounted Power Supplies
 as an alternative to MCA  Rack-mounted servers use a variety of power supply standards.
  Most 1U and 2U servers use the power supply standards developed by the  Advantages : Relatively cheap , Fast enough for most , Enough
SSI Forum, such as the ATX1U and ATX2U power supplies capacity for most
 The ATX1U and ATX2U power supply standards use the same 20-  Disadvantages : Limited number of writes , May not be suitable for
pin ATX power supply, floppy, and hard disk power connectors used enterprise use
by the ATX 2.03 and ATX12V v1.x power supply standards.  NVME SSD
 Some 200w and larger ATX1U power supplies also feature the 4-pin  Applications : High-performance computing , Boot drives , Databases
ATX12V power supply connector  Advantages : Currently the fastest persistent server storage type on the
 ATX2U power supplies feature the 6-pin auxiliary power supply market
connector  Disadvantages : Can be very expensive , Limited number of writes
SSI Power Supplies  Network-attached storage
The SSI Forum has developed a series of power supply and connector form factors  Applications : Provides access to the same data on multiple systems
designed for use in various types of servers.  Advantages : Can be very fast and very high capacity, Can mix SSDs and
 Pedestal-mounted servers hard drives to make a faster solution than hard drives alone, RAID storage
 EPS12V always
 ERP12V  Disadvantages : Requires a separate computer, Expensive
 1U rack-mounted servers  Storage area network
 EPS1U  Applications : Sophisticated databases , Virtualization deployments , Large
 2U rack-mounted servers virtual desktop infrastructures (VDIs) , Enterprise resource management
 EPS2U workloads
 ERP2U  Advantages : Resilient, Removes single points of failure , Easily
Storage withstands failure of multiple components/devices
Storage Types  Disadvantages : Expensive , Complex
Four Types of Storage Solutions are :  Cloud Storage
 Direct-attached storage (DAS)  Applications : Off-site backups , Provides access to data from
 Conencted with SAS, SATA or multiple locations
 PCIe  Advantages :Peace of mind
 Network-attached storage (NAS)  Disadvantages : Requires Internet connection , Usage rates may
 Storage area network (SAN) impact upload/download capacity SAS , SATA SSDs and NVME
 Cloud storage  Hard Disks:
 Requires Internet  Three RPM speeds: 7,200 RPM, 10,000 RPM, and 15,000 RPM
 Direct-attached storage  Capacity varies, starting at about 300GB and going up to over 10TB
 HDD  SATA 6, SAS 6, and SAS 12 are typical connection speeds
 Applications : Suitable for Write Heavy Applications, Backups  SSDs
 Advantages : Cheap, High Capacity, Unlimited number of writes , Low  NAND flash memory cells and are always faster than hard drives, primarily
Cost because they do not have to “seek” the data on the disk, and latency is low
 Disadvantages : Frgile, Breaks down over time, Slow  SAS or SATA connector
 SSD  SATA 6, SAS 6, and SAS 12, SAS 24
 Applications : General storage , Boot device  High Cost
 SSDs wear out as they are written to
  Hard Disks:
 SAS and SATA bus interfaces were originally designed for slow,
mechanical hard drives
 NVMe storage can connect via a wide range of connector types from M.2 to
U.2 to U.3 to newer standards such as E1.S, also known as “ruler” SSDs
 connect over the PCIe bus, typically an x4 connection, though x2 and x8 are
also possible
 The maximum speeds for Gen 3 PCIe and Gen 4 PCIe are 3.5GB/s and 7
GB/s, respectively
RAID and its Levels
 RAID (redundant array of independent disks)
 A way of storing the same data in different places on multiple hard disks or
solid-state drives (SSDs) to protect data in the case of a drive failure.
 There are different RAID levels, however, and not all have the goal of
providing redundancy.
RAID 0
 RAID 0 divides data into block units and writes them in a dispersed
manner across multiple disks.
As data is placed on every disk, it is also called "striping".
 This process enables high level performance as parallel access to the data
on different disks improves speed of retrieval. However no recovery
feature is provided if a disk failure occurs.
 If one disk fails it effects both reads and writes, and as more disks are
added to the array the higher the possibility that a disk failure will occur.
RAID 1
 This level is called "mirroring" as it copies data onto two disk drives
simultaneously.
Although there is no enhancement in access speeds, the automatic
duplication of the data means there is little likelihood of data loss or system
downtime.
 RAID 1 provides failure tolerance. If one disk fails the other automatically
takes over and continuous operation is maintained.
 There is no storage cost performance improvement as duplicating all data
means only half the total disk capacity is able for storage.
Raid 5
 RAID 5 is the most popular RAID technology in use today. It uses a
technique that avoids the concentration of I/O on a dedicated parity disk.
 Although RAID 5 divides the data and creates parity information.
 The parity data is written separately across multiple disks.
 RAID 5 enables multiple write orders to be implemented concurrently
because updated parity data is dispersed across the multiple disks. This
feature ensures higher performance.
RAID 6
 RAID 6 deploys two parity records to different disk drives (double parity)
enabling two simultaneous disk drive failures in the same RAID group to be
recovered.
 RAID 6 where parity updates are allocated separately across multiple disks.
RAID 10
 RAID 1+0 combines RAID 0 and RAID 1.
By configuring both technologies in a single array, both data duplication
and improved access speed can be provided.
 Although this combination makes installation more expensive compared to
other technologies, both reliability and high I/O performance can be
guaranteed.
 Importantly RAID 1+0 on ETERNUS AF/ETERNUS DX provide extra
protection. This is because a single disk failure doesn't prevent striping to
other disks.
RAID 50 (RAID 5 + 0)
 RAID5+0 stripes data across mulitiple RAID5 groups using a front-end
RAID0 method.
 Such multiple RAID5 striping enables one disk per group to be saved in the
event of disk failure. This provides higher reliability in large-capacity
configuration systems compared with a single RAID5 group. In addition, the
rebuilding of transactions, which with RAID 5 and RAID 6 takes an
increasingly longer time as disk capacity grows, can be executed much faster
with RAID5+0 as the amount of data in each RAID group is smaller.
RAID 60 (RAID 6 + 0)
 RAID 60, also called RAID 6+0, combines the straight block-level striping
of RAID 0 with the distributed double parity of RAID 6, resulting in a RAID
0 array striped across RAID 6 elements. It requires at least eight disks
Advantages of RAID include the following:
 Improved cost-effectiveness because lower-priced disks are used in large
numbers.
 Using multiple hard drives enables RAID to improve the performance of a
single hard drive.
 Increased computer speed and reliability after a crash, depending on the
configuration.
 Reads and writes can be performed faster than with a single drive with
RAID 0. This is because a file system is split up and distributed across
drives that work together on the same file.
  There is increased availability and resiliency with RAID 5. With mirroring,
two drives can contain the same data, ensuring one will continue to work if
the other fails.
Disadvantages of RAID
 Nested RAID levels are more expensive to implement than traditional
RAID levels, because they require more disks.
 The cost per gigabyte for storage devices is higher for nested RAID
because many of the drives are used for redundancy.
 Some RAID levels -- such as RAID 1 and 5 -- can only sustain a single
drive failure.
 RAID arrays, and the data in them, are vulnerable until a failed drive is
replaced and the new disk is populated with data.
 Because drives have much greater capacity now than when RAID was first
implemented, it takes a lot longer to rebuild failed drives.
 If a disk failure occurs, there is a chance the remaining disks may contain
bad sectors or unreadable data, which may make it impossible to fully
rebuild the array.
When should you use RAID?
Instances where it is useful to have a RAID setup include:
 When a large amount of data needs to be restored. If a drive fails and
data is lost, that data can be restored quickly, because this data is also
stored in other drives.
 When uptime and availability are important business factors. If data
needs to be restored, it can be done quickly without downtime.
 When working with large files. RAID provides speed and reliability
when working with large files.
 When an organization needs to reduce strain on physical hardware
and increase overall performance. As an example, a hardware RAID
card can include additional memory to be used as a cache.
 When having I/O disk issues. RAID will provide additional throughput
by reading and writing data from multiple drives, instead of needing to
wait for one drive to perform tasks.
 When cost is a factor. The cost of a RAID array is lower than it was in the
past, and lower-priced disks are used in large numbers, making it cheaper.
WEEK#6
Server Racks
 Racks organize IT equipment into standardized assemblies that make
efficient use of space and other resources
 At the most basic level, a rack consists of two or four vertical mounting rails
and the supporting framework required to keep the rails in place.
 The rails and framework are typically made of steel or aluminum to support
hundreds or even thousands of pounds of equipment.
 The width of the rails, the horizontal and vertical spacing of the mounting
holes, the size of the equipment cabinets and other measurements are
standardized
 Rack Standardization
 Most IT equipment is nominally 19 inches wide (including mounting
hardware) and follows a standard set by the Electronics Industry
Alliance (EIA) and now maintained by the Electronic Components
Industry Association (ECIA).
 The current 19-inch rack standard is called EIA-310-E, which is
essentially equivalent to IEC-60297-3-100 or DIN 41494 in other
regions. (There’s also a standard for 23-inch wide telecom
equipment.
Rack Units
 Although 19-inch racks are always the same nominal width, the height and
depth vary.
 The depth of the rack rails is usually adjustable to some degree.
 The height of the rack is divided into standardized segments called rack
units. Each rack unit is 1.75 inches high, and the height of a rack or an
equipment cabinet is expressed as the number of rack units followed by the
letter “U”. For example, a 42U rack contains 42 rack units.
 That does not mean the rack is exactly 42 x 1.75 inches high because racks
usually include at least a little extra space at the top and bottom that isn’t
usable rack space.
 It does mean that the rack will accommodate any combination of standard
rack equipment up to 42U— whether it’s 42 x 1U switches, 14 x 3U servers
or 21 x 1U switches with 7 x 3U servers.
 Remember that the rack also has to be deep enough for the equipment and
rated to support the combined weight of all the equipment.
Rack Types
 Open frame racks are just that—open frames with mounting rails, but
without sides or doors.
 Rack enclosures have removable front and rear doors, removable side panels
and four adjustable vertical mounting rails (posts).
 Wall-mount racks are designed to be attached to the wall, saving floor space
and fitting in areas where other racks can’t. They can be open frame racks
or enclosed cabinets.
 Basic rack options  Factors influencing Rack Choice
  Doors
 Side Panels
 Roof
 Casters and Levelers
 Locks
 Hinged Wall Bracket
 Mounting Holes
 Color
 Toolless Mounting
Rack enclosure and Cooling
 Basic Airflow
 Side Panels
 Airflow Management
 Cable Management
 Thermal Ducts
 Active Heat Removal
 Close-Coupled Cooling
Other Server Selection Factors
Buying Servers - additional features for server hardware
 Extensibility
 More CPU performance
 High-performance I/ORack mountable
 Upgrade options
 No side-access needs
 High-availability options
 Maintenance contracts
 Management options
Server Architecture/Approaches
Primary Approaches
 All eggs in one basket:
One machine used for many purposes
 Beautiful snowflakes:
Many machines, each uniquely configured
 Buy in bulk, allocate fractions:
Large machines partitioned into many smaller virtual machines using virtualization
or containers
Other Approaches
 Grid computing:
Many machines managed one as unit
 Blade servers:
A hardware architecture that places many machines in one chassis
 Cloud-based computer services:
Renting use of someone else’s servers
 Software as a service (SaaS):
Web-hosted applications
Other Considerations  Server appliances:
 Power Distribution Purpose-built devices, each providing a different service
 Battery Backup All in One
 Device Management All in One/ All eggs in one basket
 Patch Panels
 One Main Server
 Environmental Monitoring
 Security  All services like Database, Web, DNS, HTTP, Proxy all runs on same
 Shock Pallet  High End Hardware
 Knockdown  Virtual Machines vs. Containers
 Stability  Complete Failure
 Environmental Protection  Complex process
 Seismic Protection Snowflake
Snowflake Architecture
 A better strategy is to use a separate machine for each service.
 purchase servers as they are needed, ordering the exact model and
configuration that is right for the application
 Each machine is sized for the desired application:
 RAM, disk, number and speeds of NICs, and enough extra capacity, or
expansion slots, for projected growth during the expected life of the
machine.
 Vendors can compete to provide their best machine that meets these
specifications.
 The benefit of this strategy is that the machine is the meets the requirements.
 The downside is that the result is a fleet of unique machines.
 Each is a beautiful, special little snowflake
 While snowflakes are beautiful, nobody enjoys a blizzard. Each new
system adds administrative overhead proportionally.
 For example,
 It would be a considerable burden if each new server required learning an
entirely new RAID storage subsystem.
 Each one would require learning how to configure it, replace disks, and
upgrade the firmware, and so on.
 If, instead, the IT organization standardized on a particular RAID product,
each new machine would simply benefit from what was learned earlier.
Snowflake Architecture -> Asset Tracking
 When managing many unique machines it becomes increasingly important
to maintain an inventory of machines
 The inventory should document
 Technical information such as the operating system
 Hardware parameters such as amount of RAM, type of CPU, and so
on.
 It should also track the machine owner (either a person or a
department), the primary contact (useful when the machine goes
haywire),
 The services being used.
 Use automated means
 Makes it less likely the information will become outdated.
 If automated collection is not possible, an automated annual review,
requiring affirmations from the various contacts, can detect obsolete
information that needs to be updated.
 Inventory applications
Snowflake Architecture -> Reducing Variations
 Always be on the lookout for opportunities to reduce the number of
variations in platforms or technologies being supported.
 Discourage gratuitous variations by taking advantage of the fact that people
lean toward defaults.
 Make right easy:
 Make sure that the lazy path is the path you want people to take.
 Select a default hardware vendor, model, and operating system and
make it super easy to order.
 Provide automated OS installation, configuration, and updates.
 Provide a wiki with information about recommended models and
options, sales contact information, and assistance.
Snowflake Architecture -> Global Optimization
 While it sounds efficient to customize each machine to the exact needs of the
service it provides, the result tends to be an unmanageable mess.
 Classic example of a local optimization that results in a global de-optimization.
 For example, if all server hardware is from one vendor, adding a single
machine from a different vendor requires learning a new firmware patching
system, investing in a new set of spare parts, learning a new customer
support procedure, and so on.
 The added work for the IT team may not outweigh the benefits gained from
using the new vendor.
Buy in bulk, allocate fractions
 The next strategy is to buy computing resources in bulk and allocate
fractions of it as needed
 One way to do this is through virtualization.
 That is, an organization purchases large physical servers and divides
them up for use by customers by creating individual virtual machines
(VMs).
 A virtualization cluster can grow by adding more physical hardware
as more capacity is needed.
 Buying an individual machine has a large overhead.
 It must be specified, ordered, approved, received, rack mounted, and
prepared for use.
 It can take weeks. Virtual machines, by comparison, can be created
in minutes.
 A virtualization cluster can be controlled via a portal or API calls, so
automating processes is easy.
 VMs can also be resized.
 You can add RAM, vCPUs, and disk space to a VM via an API call
instead of a visit to the datacenter.
 If customers request more memory and you add it using a
management app on your iPhone while sitting on the beach, they will
think you are doing some kind of magic.
 Virtualization improves computing efficiency.
 Physical machines today are so powerful that applications often do
not need the full resources of a single machine.
 The excess capacity is called stranded capacity because it is unusable
in its current form.
 Sharing a large physical machine’s power among many smaller
virtual machines helps reduce stranded capacity, without getting into
the “all eggs in one basket” trap.
Benefits of Isolation
 Stranded capacity could also be mitigated by running multiple services on the
same machine.
 However, virtualization provides better isolation than simple multitasking. The
benefits of isolation include
 Independence
 Each VM can run a different operating system.
 On a single physical host there could be a mix of VMs running a variety of
Microsoft Windows releases, Linux releases, and so on.
 Resource isolation
 The disk and RAM allocated to a VM are committed to that VM and not
shared.
 Processes running on one VM can’t access the resources of another VM.
 In fact, programs running on a VM have little or no awareness that they are
running on VMs, sharing a larger physical machine.
Stranded Capacity Mitigation
 Granular security
 A person with root access on one VM does not automatically have
privileged access on another VM. Suppose you had five services, each run
by a different team.
 If each service was on its own VM, each team could have administrator or
root access for its VM without affecting the security of the other VMs.
 If all five services were running on one machine, anyone needing root or
administrator access would have privileged access for all five services.
 Reduced dependency hell
 Each machine has its own operating system and system libraries, so they
can be upgraded independently.
VM Management
 Like other strategies, keeping a good inventory of VMs is important.
 The cluster management software will keep an inventory of which VMs
exist, but you need to maintain an inventory of who owns each VM and its
purpose.
 Some clusters are tightly controlled, only permitting the IT team to create
VMs with the care and planning reminiscent of the laborious process
previously used for physical servers.
 Other clusters are general-purpose compute farms providing the ability for
customers to request new machines on demand.
 provide a self-service way for customers to create new machines
 The process can be fully automated via the API to avoid delays VM
creation
 In addition to creating VMs, users should be able to reboot and delete
their own VMs
 There should be limits in place so that customers can’t overload the system
by creating too many VMs.
 Typically limits are based on existing resources, daily limits, or per-
department allocations.
 Users can become confused if you permit them to select any amount of disk
space and RAM.
 They often do not know what is required or reasonable.
 One strategy is to simply offer reasonable defaults for each OS type.
 Another strategy is to offer a few options: small, medium, large, and
custom.
 As in the other strategies, it is important to limit the amount of
variation.
Live Migration
Most virtual machine cluster management systems permit live migration of VMs,
which means a VM can
be moved from one physical host to another while it is running.
Aside from a brief performance reduction during the transition, the users of the VM
do not even know they’re being moved.
Benefits of Live Migration
 Live migration makes management easier.
 It can be used to rebalance a cluster, moving VMs off overloaded physical
machines to others that are less loaded.
 It also lets you work around hardware problems.
 If a physical machine is having a hardware problem, its VMs can be
evacuated to another physical machine.
 The owners of the VM can be blissfully unaware of the problem. They
simply benefit from the excellent uptime.
 Shared Storage
 The architecture of a typical virtualization cluster includes many
physical machines that share a SAN for storage of the VM’s disks.
 By having the storage external to any particular machine, the VMs
can be easily migrated between physical machines.
Buy in bulk, allocate fractions Other Aspects
Buy in bulk, allocate fractions – VM Packing
 VMs can reduce the amount of stranded compute capacity, they do not
eliminate it.
 VMs cannot span physical machines.
 As a consequence, we often get into situations where the remaining
RAM on a physical machine is not enough for a new VM.
 The best way to avoid this is to create VMs that are standard sizes that pack
nicely
 Example
 Define the small configuration
 Define the medium configuration
 Large configuration to fit two VMs
Buy in bulk, allocate fractions – Spare Capacity for Maintenance  Containers are much lighter weight and permit more services to be packed
 If a physical machine needs to be taken down for repairs, there has to be a on fewer machines.
place where the VMs can be migrated if you are to avoid downtime  Docker,
 Always reserve capacity equivalent to one or more physical servers.  Mesos
 N+1 redundancy : Reserving capacity equivalent to one physical  Kubernetes
server
 N+2 redundancy : Reserving capacity equivalent to two physical
server
 N+x redundancy: higher redundancy if there is a likelihood that
multiple physical \machines will need maintenance at the same time.
 One strategy is to keep one physical machine entirely idle
 spare machine is entirely unused
 Another strategy is to distribute the spare capacity around the cluster
Buy in bulk, allocate fractions – Unified VM/Non-VM Management
 Most sites end up with two entirely different ways to request, allocate, and
track VMs and non-VMs.
 It can be beneficial to have one system that manages both.
 Some cluster management systems will manage a pool of bare-metal
machines using the same API as VMs.
 Creating a machine simply allocates an unused machine fromthe
pool.
 Deleting a machine marks the machine for reuse.
 Another way to achieve this is to make everything a VM, even if that means
offering an extra-large size, which is a VM that fills the entire physical
machine.
 While such machines will have a slight performance reduction due to the
VM overhead, unifying all machine management within one process benefits
customers, who now have to learn only one system, and makes management
easier.
Buy in bulk, allocate fractions – Containers
 Containers are another virtualization technique.
 Process level instead of the machine level.
 VM is a machine that shares physical hardware with other VMs, each
container is a group of processes that run in isolation on the same
machine.
 All of the containers run under the same operating system, but each
container is self-contained as far as the files it uses.
 Therefore there is no dependency hell.