A
A resource records, 78
AAAA resource records, 78
AC (alternating current), 47
access control
authentication. See authentication
description, 12
access control lists (ACLs)
file and print servers, 117
restoring, 302–303
access control vestibules, 222
ACK packets
DHCP, 198
TCP, 199
ACLs (access control lists)
file and print servers, 117
restoring, 302–303
active/active clustered services, 326
active/active data copies, 332
Active Directory (AD), 79–80
groups, 229–230
server installation, 113
user accounts, 225
Active Directory Domain Services (AD DS) environment, 9, 76
Active Directory Federation Services (ADFS), 225
active/passive clustered services, 326
administration methods, 94
in-band remote administration, 96–100
KVM, 95
out-of-band remote administration, 95–96
review, 118
scripting, 99–100
Advanced Intelligent Tape (AIT), 340–341
Advanced RISC Machine (ARM) processors, 36
aisles, hot and cold, 51
AIT (Advanced Intelligent Tape), 340–341
Alibaba Cloud, 16
alternate sites in disaster recovery, 325–329
alternating current (AC), 47
Amazon Web Services (AWS)
CloudFormation templates, 92
community clouds, 17
CSPs, 16
S3, 10
Amazon Web Services (AWS) Storage Gateway, 328–329, 341
AMD Virtualization (AMD-V) processors, 36
antimalware products, 300
Anything as a Service (XaaS), 17
APIPA (Automatic Private IP Addressing), 75
applications
hardening, 251–252
servers, 81–82
archive bits, 337–338
archives in data replication, 330
ARM (Advanced RISC Machine) processors, 36
ARPANET, 188
assets
business impact analysis, 349
inventory, 101–102
life cycle, 101
asymmetric encryption, 252
asynchronous replication, 329
authentication
description, 12
identity, 224–228
IPSec, 246–247
KVM, 96
overview, 224
RADIUS, 237–238
RDP, 98
review, 264
SSH, 97
TACACS, 238
VPNs, 248
web servers, 81
Automatic Private IP Addressing (APIPA), 75
automating administration, 99–100
availability, troubleshooting, 293
AWS. See Amazon Web Services (AWS)
Azure cloud
backups, 342
charges, 90
logs, 279
NSGs, 242
templates, 71–72
Azure Information Protection (AIP), 253
Azure Resource Manager (ARM), 92
B
backplanes for blade servers, 33
backups, 335–336
best practices, 343–344
cloud, 342–343
media, 340–341
on-premises, 341–342
review, 350–351
troubleshooting, 293
types, 336–340
bare-metal backups, 339–340
bare-metal hypervisors, 86
bare-metal installations, 91
bare-metal server restoration, 328
base 2 vs. base 10 storage, 144
Bash scripts, 100
basic disks, 148
basic input-output system (BIOS)
overview, 34–35
troubleshooting, 286
WoL support, 183
batch scripts, 100
batteries
CMOS, 292
direct current, 47
UPSs, 48–50
BCPs (business continuity plans), 334–335, 349–350
BetCRIS attacks, 243
BIA (business impact analysis), 325, 332–333
biometric authentication, 227–228
BIOS (basic input-output system)
overview, 34–35
troubleshooting, 286
WoL support, 183
BitLocker encryption, 254–255
black holing traffic, 243
blade servers, 32–33
Blue Screen of Death (BSoD), 287
boot sequence, 286
broad network access in cloud computing, 15
buses
CPUs, 37
description, 4
disk systems, 135
overview, 40–41
PCI, 41–43
business continuity and business continuity plans (BCPs), 334–335, 349–350
business impact analysis (BIA), 325, 332–333
bytes, 188
C
cable
description, 7
labeling, 176
placement, 175–176
review, 207
types, 177–181
cable management arms for racks, 31
caches in CPUs, 37–38
cameras, 222
camouflage, 222
capacity, storage, 143–144
capital expenditures (CAPEX), 16
card-based access, 222–223
CAs (certificate authorities), 244–245
Catx copper cable categories, 179–180
CDP (continuous data protection) replication, 328
central processing units (CPUs)
architecture, 36
buses, 37
caches, 37–38
description, 3
hypervisors, 88
licensing, 90
scaling up, 36
troubleshooting, 286
certificate authorities (CAs), 244–245
certificates in PKI, 224, 244–245
ciphers, 304
CISC (Complex Instruction Set Computing) processors, 3, 38
claims in tokens, 225
clean-agent fire suppression systems, 52
cloning, 92
cloud computing
backups, 342–343
characteristics, 15
deployment models, 16–17
printing, 83
service models, 17
storage, 139
cloud service providers (CSPs), 16
CloudFormation templates, 92
clustered services, 326
CMOS (complementary metal oxide semiconductor)
batteries, 292
BIOS, 34–35
CNAME resource records, 78
CNAs (converged network adapters), 142
cold aisles, 51
cold sites, 328
cold spares, 154
colons (:) in IPv6 addresses, 193
community clouds, 17
CompactFlash storage, 135
complementary metal oxide semiconductor (CMOS)
batteries, 292
BIOS, 34–35
Complex Instruction Set Computing (CISC) processors, 3, 38
compression, disk, 146–147
confidentiality, encryption for, 304–305
connectivity troubleshooting, 297
connectors
copper cables, 178
description, 7
fiber-optic cables, 181
review, 207
Continuity Of Operations (COOP), 335
continuous data protection (CDP) replication, 328
converged network adapters (CNAs), 142
copper cables, 177–178
CPUs. See central processing units (CPUs)
crash carts, 285
crossover cables, 178
CSPs (cloud service providers), 16
customer replaceable units (CRUs), 48
D
DaaS (Desktop as a Service), 39
DAC (Dynamic Access Control), 229–230
DACLs (discretionary access control lists), 232–233
DAS (direct-attached storage), 43, 139
data at rest
description, 12–13
encrypting, 253–256
Data Collector Sets (DCSs), 290
data deduplication, 147
data loss prevention (DLP) tools, 253
data replication
archives, 330
disk-to-disk, 329–330
review, 348
server-to-server, 331–332
site-to-site, 332
data security, 252
data at rest, 253–256
media disposal, 257–259
review, 266
tape encryption, 256
DC (direct current), 47
DCSs (Data Collector Sets), 290
dd command, 330
DDoS (distributed denial-of-service) attacks, 242–243
DDR (double data rate) memory, 4, 40–41
deduplication of data, 147
deep packet inspection (DPI), 241–242
default gateways, 195–196
degaussing media, 258
Delisle, Jeffrey, 224
demilitarized zones (DMZs), 243–244
deployment
cloud computing models, 16–17
virtual machine templates, 92–93
Deployment Image Servicing and Management (DISM.exe) tool, 148
Desired State Configuration (DSC), 11
Desktop as a Service (DaaS), 39
DFSR (Distributed File System Replication), 331
DHCP. See Dynamic Host Configuration Protocol (DHCP)
differential backups, 337
Digital Linear Tape (DLT) standard, 340–341
direct-attached storage (DAS), 43, 139
direct current (DC), 47
direct memory access (DMA), 42
directory services (DSs)
Active Directory, 79–80
objects, 79
review, 117
disaster recovery (DR), 325
alternate sites, 325–329
business continuity, 334–335
business impact analysis, 332–333
data backups, 335–344
data replication, 329–332
hands-on exercises, 344–348
questions, 351–359
review, 348–351
sites, 347–348
disaster recovery plans (DRPs)
overview, 334–335
review, 349
discontinuous transmission (DTX), 285
Discover packets in DHCP, 197
discretionary access control lists (DACLs), 232–233
disk-to-disk data replication, 329–330
disks and disk drives
compression, 146–147
DAS, 139–142
data deduplication, 147
data replication, 329–330
disposal, 266
hybrid, 136
I/O optimization, 306
image files, 147–148
interfaces, 137–138
magnetic, 134
optical, 138–139
quotas, 145–146
RAID. See Redundant Array of Independent Disks (RAID)
review, 161
scrubbing, 257
space consumers, 144–145
SSDs, 134–135
troubleshooting, 288
DISM.exe (Deployment Image Servicing and Management) tool, 148
disposal of media, 257–259, 266
distributed denial-of-service (DDoS) attacks, 242–243
Distributed File System Replication (DFSR), 331
DLP (data loss prevention) tools, 253
DLT (Digital Linear Tape) standard, 340–341
DMA (direct memory access), 42
DMZs (demilitarized zones), 243–244
DNS. See Domain Name Service (DNS)
documentation
asset inventory, 101–102
asset life cycle, 101
factors, 104–105
hardware inventory, 102–103
importance, 100–101
problem solution, 284
reading, 281–282
review, 118–119
service level agreements, 104
software inventory, 103
Domain Name Service (DNS), 75–76
configuring, 112
description, 200–201
hierarchy, 197
installing, 110–111
logs, 279–280
overview, 196
resource records, 77–78
review, 116
troubleshooting, 298–299
doors, 222
double data rate (DDR) memory, 4, 40–41
double pumping memory, 39
DPI (deep packet inspection), 241–242
DRAM (dynamic memory)
caches, 37
description, 4
drives. See disks and disk drives
DRPs (disaster recovery plans)
overview, 334–335
review, 349
DSC (Desired State Configuration), 11
DTX (discontinuous transmission), 285
duplexing disks, 148
Dynamic Access Control (DAC), 229–230
dynamic disks, 148
dynamic groups, 229
Dynamic Host Configuration Protocol (DHCP)
description, 201
operation, 197–198
overview, 72–73
PXE operating system installation, 183
review, 116
scope, 73–74
server installation, 114
vendor classes, 73–75
dynamic memory (DRAM)
caches, 37
description, 4
E
ECC (error correcting code) memory, 4, 39–40
EFS (Encrypting File System), 254–255, 261
elasticity in cloud computing, 15
electrostatic discharge (ESD), 5, 47–48
enclosures for blade servers, 32–33
Encrypting File System (EFS), 254–255, 261
encryption
BitLocker, 254–255
for confidentiality and integrity, 304–305
data at rest, 253–256
data security, 253
IIS web server, 262–263
OpenSSL, 261–262
tape, 256
environment, 286
fire suppression, 6
heat and air flow, 5
static charges, 5
error correcting code (ECC) memory, 4, 39–40
eSATA (external SATA) disk interface, 138
escalating problems, 283
ESD (electrostatic discharge), 5, 47–48
F
fabric switches, 142
FAST (fully automated storage tiering) feature, 136
fiber-optic cables, 180–181
Fibre Channel (FC) interface, 138
Fibre Channel over Ethernet (FCoE) interface, 142
File Transfer Protocol (FTP), 200
File Transfer Protocol Secure (FTPS), 200
files and file systems
access issues, 293
overview, 153–155
permissions, 231–235
restoring, 345–346
review, 162
servers, 82
firewalls, 239–240
host-based, 240
Linux, 241
network-based, 241–243
review, 265
rules, 262
Windows Firewall, 240–241
firmware
BIOS, 34–35
description, 33
firewalls, 240
hypervisors, 90
TPM, 254
UEFI, 35
updates, 105
flooding attacks
DDoS, 243
MAC, 239
form factors
blade servers, 32–33
description, 3
hard disks, 134
overview, 27–28
rack-mounted equipment, 29–31
review, 56
tower servers, 28–29
forward lookups in DNS servers, 76, 196
FQDNs (fully qualified domain names), 75–76
fsck tool, 294
FTP (File Transfer Protocol), 200
FTPS (File Transfer Protocol Secure), 200
full backups, 337
fully automated storage tiering (FAST) feature, 136
fully qualified domain names (FQDNs), 75–76
future growth for storage, 143–144
G
gateways, default, 195–196
GCP (Google Cloud Platform), 16
geofencing, 253
get-volume cmdlet, 291
getfacl command, 302–303
GFS (Grandfather-Father-Son) tape rotation strategy, 343–344
GlobalNames zone in DNS, 77
Google Cloud Platform (GCP), 16
GPOs (Group Policy Objects), 301
gpresult command, 301
GPTs (GUID Partition Tables), 34, 152–153, 294
Grandfather-Father-Son (GFS) tape rotation strategy, 343–344
graphics processing units (GPUs), 38–39
Group Policy, 301
Group Policy Objects (GPOs), 301
groups in logical access control, 229
guards, 222
guest configuration for virtual machines, 87–89
GUID Partition Tables (GPTs), 34, 152–153, 294
H
halon fire suppression systems, 52
hard disk drives (HDDs). See disks and disk drives
hard quotas for disks, 145
hardening, 249
applications, 251–252
hardware, 251
operating systems, 250–251
overview, 11
review, 266
hardware, 2–3
BIOS, 34–35
environmental controls, 50–52
environmental factors, 5–6
GPUs, 38–39
hands-on exercises, 53–55
hardening, 251
inventory, 102–103
network communications, 182–186
NICs, 43
optimizing, 306
power, 46–50
questions, 57–69
review, 56–57
server components, 33
slots, 4
storage, 43–44
troubleshooting, 13, 285–286, 311
UEFI, 35
USB, 44–46
virtualization, 4–5
Hardware Compatibility List (HCL), 285
hashing, 304
HDDs (hard disk drives). See disks and disk drives
Health Insurance Portability and Accountability Act (HIPAA), 254
heat issues, 5–6
HIDs (human interface devices), 45
HIDSs (host intrusion detection systems), 248
hierarchical storage management (HSM), 136
hierarchy in DNS, 197
HIPAA (Health Insurance Portability and Accountability Act), 254
hit rate for caches, 37
hopping in VLAN, 239
horizontal scaling, 307
host-based firewalls, 240
host configuration for hypervisors, 86–87
host intrusion detection systems (HIDSs), 248
host-to-host replication, 331
HOSTS file, 298
hot aisles, 51
hot sites, 327–328
hot-swapping, 44
HSM (hierarchical storage management), 136
HTTP (Hyper Text Transfer Protocol)
description, 200
traffic analysis, 205–206
web servers, 80–81
HTTPS (Hyper Text Transfer Protocol Secure), 200
human element in physical security, 223–224
human interface devices (HIDs), 45
humidity controls, 51
hybrid clouds, 17
hybrid drives, 136
Hyper Text Transfer Protocol (HTTP)
description, 200
traffic analysis, 205–206
web servers, 80–81
Hyper Text Transfer Protocol Secure (HTTPS), 200
hypervisors
hardware, 88
host configuration, 86–87
installing, 90–91
types, 85–87
I
IaaS (Infrastructure as a Service), 17
icacls command, 302–303
identifying problems, 278
identity federation
authentication, 224–225
web servers, 81
IDFs (intermediary distribution frames), 29
iDRAC (Integrated Dell Remote Access), 96
IIS web server, encrypting, 262–263
iLO (Integrated Lights Out) management, 96
images
server installation from, 91–92
Windows, 147–148
IMAP (Internet Message Access Protocol)
description, 200
mail servers, 83
in-band remote administration, 96–100
incremental backups, 338
Infrastructure as a Service (IaaS), 17
infrastructure roles
APIPA, 75
DHCP, 72–75
directory services, 79–80
DNS, 75–77
NTP, 77–79
WINS, 77
infrastructure services in network communications, 195–201
Initialize-Disk cmdlet, 294
initiators in iSCSI, 141, 157–158
input/output operations per second (IOPS), 135, 289
installation, 89
Active Directory Server, 114
DHCP servers, 114
DNS servers, 110–111
hypervisors, 90–91
licensing, 90
operating systems, 91–92, 106–110
review, 117–118
storage devices, 152–156
Ubuntu Linux, 114–116
instances, 3
Integrated Dell Remote Access (iDRAC), 96
Integrated Lights Out (iLO) management, 96
integrity, encryption for, 304–305
Intel Virtualization Technology (Intel VT), 36
Intelligent Platform Management Interface (IPMI), 96
interfaces, disk, 137–138
intermediary CAs, 245
intermediary distribution frames (IDFs), 29
internal IPv4 addresses, 189–190
Internet connectivity issues, 297
Internet Message Access Protocol (IMAP)
description, 200
mail servers, 83
Internet Protocol (IP)
addresses. See IPv4 addresses; IPv6 addresses
description, 7
importance, 188
review, 208
Internet Protocol Security (IPSec)
overview, 246–248
review, 265
Internet Small Computer System Interface (iSCSI)
overview, 140–141
target installation, 156–158
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), 195
intranets, 243
intrusion prevention systems (IPSs)
description, 249
review, 266
inventory
assets, 101–102
hardware, 102–103
software, 103
IOPS (input/output operations per second), 135, 289
iostat tool, 294
IP. See Internet Protocol (IP)
IPMI (Intelligent Platform Management Interface), 96
IPSec (Internet Protocol Security)
overview, 246–248
review, 265
IPSs (intrusion prevention systems)
description, 249
review, 266
iptables for firewalls, 262
IPv4 addresses, 187
PAT, 187–188
reserved ranges, 189–190
review, 208
routers, 186
static NAT, 188
subnet masks, 189
subnetting, 190–193
troubleshooting, 298
IPv6 addresses, 193–194
configuring, 202–204
review, 208
settings, 194–195
transition technologies, 195
troubleshooting, 298
ISATAP (Intra-Site Automatic Tunnel Addressing Protocol), 195
iSCSI (Internet Small Computer System Interface)
overview, 140–141
target installation, 156–158
J
jacks for cable, 176
journaled file systems, 154
just a bunch of disks (JBOD), 148
K
Key Management Service (KMS) servers, 90
keyboard, video, mouse (KVM) switches, 95
kill tool, 291
KVM over IP, 96
L
L1, L2, and L3 caches, 37
L2TP/IPSec (Layer 2 Tunneling Protocol with IPSec), 248
labeling cable, 176
LANs (local area networks)
connectivity issues, 297
large form factor (LFF) hard drives, 134
latency in disk systems, 135
Layer 2 and Layer 3 Switches, 184–185
Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec), 248
layers in OSI model, 173–175
LC (local connector) fiber-optic cables, 181
LDAP (Lightweight Directory Access Protocol)
description, 200
directory services, 79
LFF (large form factor) hard drives, 134
licensing servers, 90
life cycle of assets, 101
lights-out management (LOM), 95–96
Lightweight Directory Access Protocol (LDAP)
description, 200
directory services, 79
linear access tape for backups, 341
Linear Tape-Open (LTO) standard, 340–341
link-local addresses, 193
Linux operating system
ACLs, 303
data replication, 330
file systems, 154
firewalls, 241
performance monitoring tools, 309
permissions, 234–235, 260–261, 301–302
privileges, 302
storage troubleshooting tools, 294–295
Ubuntu Linux, 114–116
live failover, 326
LMHOSTS file, 77
local area networks (LANs)
connectivity issues, 297
local connector (LC) fiber-optic cables, 181
Local Group Policy, 301
local operating system installation, 93–94
logical access control, 228
DAC, 229–230
groups, 229
peripheral devices, 235–237
review, 264
rights and permissions, 231–236
roles, 231
Logical Volume Management (LVM), 153
login failures, 287
logs
Linux, 310
PowerShell, 309
troubleshooting, 288
types, 279–281
LOM (lights-out management), 95–96
lsof tool, 294
LTO (Linear Tape-Open) standard, 340–341
LVM (Logical Volume Management), 153
M
MAC (mandatory access control), 232–233
MAC (Media Access Control) addresses
flooding attacks, 239
NICs, 182
magnetic hard disks, 134
mail servers, 83–84
main distribution frames (MDFs), 29
maintenance
overview, 9–10
patch management, 105
proactive, 106
reactive, 106
review, 119
malware
troubleshooting, 299–300
USB devices, 235–236
mandatory access control (MAC), 232–233
mantraps, 222
masks, subnet, 189
master boot record (MBR), 34, 152–153, 294
mdadm tool, 294
MDFs (main distribution frames), 29
MDM (mobile device management)
mail server tools, 84
remote wipes, 258–259
MDT (Microsoft Deployment Toolkit), 148
mean time between failures (MTBF), 335
mean time to repair (MTTR), 335
measured service in cloud computing, 15–16
media
backups, 340–341
Media Access Control (MAC) addresses
flooding attacks, 239
NICs, 182
memory
DDR, 40
ECC, 39–40
hypervisors, 88
leaks, 287
overview, 3–4
timing, 39
troubleshooting, 286–287
MFA (multifactor authentication), 227
Microsoft Deployment Toolkit (MDT), 148
Microsoft Management Console (MMC), 94
midplanes for blade servers, 33
MMF (multi-mode fiber), 181
mobile device management (MDM)
mail server tools, 84
remote wipes, 258–259
mobile devices
data security, 253
remote wipes, 258–259
monitoring
description, 10
performance, 307–308
UPSs, 50
most recently used (MRU) path selection policy, 326
MTBF (mean time between failures), 335
MTTR (mean time to repair), 335
multi-mode fiber (MMF), 181
multifactor authentication (MFA), 227
multihomed servers, 84
MX resource records, 78
N
NAC (Network Access Control), 237–238
name resolution. See Domain Name Service (DNS)
naming servers, 109
NAS (network-attached storage), 43, 140
NAT. See network address translation (NAT)
National Institute of Standards and Technology (NIST)
cloud computing, 15
security guides, 249
near-field communication (NFC), 223
Network Access Control (NAC), 237–238
network adapters, adding, 108
network address translation (NAT)
configuring, 204–205
internal hosts, 208
RRAS, 84–85
static, 188
VM setting, 87
network-attached storage (NAS), 43, 140
network-based firewalls, 241–243
network communications, 173
cable labeling, 176
cable placement, 175–176
cable types, 177–181
default gateways, 195–196
DHCP, 197–198
DNS servers, 196–197
hands-on exercises, 202–206
hardware, 182–186
infrastructure services, 195–201
IPv4, 187–193
IPv6, 193–195
NICs, 182–184
OSI model, 173–175
questions, 208–219
review, 207–208
routers, 186
switches, 184–185
TCP, 198–200
WINS servers, 197
network concepts, 7–8
Network File System (NFS)
file servers, 82
network interface cards (NICs), 182
common features, 182–184
description, 43
MAC addresses, 182
review, 207
network intrusion detection systems (NIDSs), 249
Network Level Authentication (NLA), 98
network load balancing (NLB), 307
network security, 237
firewalls, 239–243
intrusion detection and prevention systems, 248–249
IPSec, 246–248
NAC, 237–238
PKI, 244–245
RADIUS, 237–238
review, 264
security zones, 243–244
SSL and TLS, 246
VLANs, 238–239
VPNs, 248
Network Security Groups (NSGs), 242
Network Time Protocol (NTP)
description, 201
review, 116
tiers, 78–79
time synchronization, 77–78
networks
hypervisors, 88
optimizing, 306–307
security, 11
troubleshooting, 14, 296–299, 312
new-psdrive cmdlet, 291
New Technology File System (NTFS)
description, 153–154
NFC (near-field communication), 223
NFS (Network File System)
file servers, 82
NICs. See network interface cards (NICs)
NIDSs (network intrusion detection systems), 249
NIST (National Institute of Standards and Technology)
cloud computing, 15
security guides, 249
NLA (Network Level Authentication), 98
NLB (network load balancing), 307
node-locked licenses, 90
NSGs (Network Security Groups), 242
nslookup command, 298–299
NTFS (New Technology File System)
description, 153–154
NTP. See Network Time Protocol (NTP)
O
octets in IP addresses, 188
Offer packets in DHCP, 197
on-demand self-service in cloud computing, 15
on-premises backups, 341–342
one-time passwords (OTPs), 227
Open Shortest Path First (OSPF) protocol, 186
open-source licensing, 90
Open Systems Interconnection (OSI) model
layers, 173–175
review, 207
operating systems
hardening, 250–251
installing, 91–94, 106–110, 114–116
overview, 8–10
troubleshooting, 288–289
optical drives, 138–139
optical time-domain reflectometers (OTDRs), 296
optimizing performance, 13, 305–307, 313
OSI (Open Systems Interconnection) model
layers, 173–175
review, 207
OSPF (Open Shortest Path First) protocol, 186
OTDRs (optical time-domain reflectometers), 296
OTPs (one-time passwords), 227
out-of-band remote administration, 95–96
P
P2V (physical-to-virtual) cloning, 92
PaaS (Platform as a Service), 17
packet flooding, 243
PAT (Port Address Translation), 187–188
patches
managing, 105
troubleshooting, 288
Payment Card Industry Data Security Standard (PCI-DSS), 254
PBX (private branch exchange) devices, 178
PCI Express (PCIe) bus, 42–43
PCI Extended (PCI-X) bus, 42
PCI (Peripheral Component Interconnect) bus, 41–43
per-user concurrent licensing, 90
performance
Linux tools, 309
troubleshooting, 288
Windows tools, 307–308
Performance Monitor tool, 305–306
perimeter firewalls, 241
Peripheral Component Interconnect (PCI) bus, 41–43
peripheral devices
printers, 235
projectors, 235
USB, 235–237
permissions, 231–235
troubleshooting, 301–303
personally identifiable information (PII), 254
physical destruction of media, 257
physical security, 221
authentication, 224–228
human element, 223–224
locks, 228
premises, 221–223
review, 264
physical-to-virtual (P2V) cloning, 92
PII (personally identifiable information), 254
PKI. See Public Key Infrastructure (PKI)
plans
problem solving, 282
Platform as a Service (PaaS), 17
Point-to-Point Tunneling Protocol (PPTP), 248
POP (Post Office Protocol)
description, 200
mail servers, 83
Port Address Translation (PAT), 187–188
ports
overview, 7–8
TCP, 199
Post Office Protocol (POP)
description, 200
mail servers, 83
POST (power on self test)
description, 34
troubleshooting, 286
power, 46
electrostatic discharge, 47–48
review, 57
troubleshooting, 286
UPSs, 48–50
usage calculations, 49–50
USB device requirements, 45–46
voltage, 46–47
wattage, 48
power on self test (POST)
description, 34
troubleshooting, 286
PowerShell
Active Directory, 80
folder sharing, 82
logs, 309
printer sharing, 83
remote administration, 98–100
PPTP (Point-to-Point Tunneling Protocol), 248
Preboot Execution Environment (PXE)
malware removal, 300
NICs, 183
warm sites, 328
premises security, 221–223
printers and printing
access control, 235
servers, 83
troubleshooting, 289
private branch exchange (PBX) devices, 178
private clouds, 16
proactive maintenance, 106
probe generators, 296
processors. See central processing units (CPUs)
projectors, 235
protocols overview, 7–8
proxy servers, reverse, 241, 265
ps tool, 291
PSoD (Purple Screen of Death), 288
PTR resource records, 78
public clouds, 16
Public Key Infrastructure (PKI), 244
authentication, 224
certificates, 244–245
description, 12
review, 265
Purple Screen of Death (PSoD), 288
PXE. See Preboot Execution Environment (PXE)
Q
quotas, disk, 145–146
R
rack-mounted equipment
cable management arms, 31
racks, 30–31
servers, 29–30
space calculations, 53
radiofrequency identification (RFID) chips, 222–223
RADIUS (Remote Authentication Dial-In User Service), 237–238
RAID. See Redundant Array of Independent Disks (RAID)
random access memory (RAM), 39
ransomware, 236–237
rapid elasticity in cloud computing, 15
RAs (registration authorities), 244
RBAC (role-based access control), 231
RDP (Remote Desktop Protocol), 98, 200
reactive maintenance, 106
recovery point objective (RPO), 333, 335, 349
recovery points, 340
recovery time objective (RTO), 325, 327–329, 332–334, 349
Reduced Instruction Set Computing (RISC) processors, 3, 37
Redundant Array of Independent Disks (RAID)
controllers, 43–44
description, 6
levels, 149–152
review, 161
ReFS (Resilient File System), 153–154
registration authorities (RAs), 244
Reliability Monitor history, 280–281
remote administration
in-band, 96–100
out-of-band, 95–96
Remote Authentication Dial-In User Service (RADIUS), 237–238
Remote Desktop Protocol (RDP), 98, 200
Remote Installation Services (RIS), 93
Remote Server Administration Tools (RSAT), 94–95
remote wipes, 258–259
removal of malware, 300
Repair-Volume cmdlet, 294
repeaters, 179
replication. See data replication
reproducing problems, 278–279
Request packets in DHCP, 198
reserved IP address ranges, 189–190
Resilient File System (ReFS), 153–154
resizing memory, 3–4
resource pooling in cloud computing, 15
resource records in DNS, 77–78
restores
ACLs, 302–303
best practices, 343–344
files, 345–346
reverse lookups in DNS servers, 76, 196
reverse proxy servers, 241, 265
revolutions per minute (RPMs) in disk systems, 135
RFID (radiofrequency identification) chips, 222–223
rights, 231
RIP (Routing Information Protocol), 186
RIS (Remote Installation Services), 93
RISC (Reduced Instruction Set Computing) processors, 3, 37
role-based access control (RBAC), 231
roles
administration methods, 94–100
application servers, 81–82
documentation, 100–105
file servers, 82
hands-on exercises, 106–116
infrastructure, 72–80
logical access control, 231
mail servers, 83–84
maintenance, 105–106
print servers, 83
questions, 119–131
review, 116–119
routing and remote access service, 84–85
server installation, 89–94
virtualization servers, 85–89
web servers, 80–81
rollover cables, 179
root cause analysis, 283–284
rotational latency in disk systems, 135
route command, 298
routers, 186
routing and remote access service (RRAS), 84–85
Routing Information Protocol (RIP), 186
RPMs (revolutions per minute) in disk systems, 135
RPO (recovery point objective), 333, 335, 349
RRAS (routing and remote access service), 84–85
RSAT (Remote Server Administration Tools), 94–95
rsync tool, 332
RTO (recovery time objective), 325, 327–329, 332–334, 349
rules for firewalls, 262
S
SaaS (Software as a Service), 17
SANs (storage area networks), 43
backups, 256
overview, 142–143
SAS (serial-attached SCSI) disk interface, 138
SATA (serial ATA) disk interface, 135, 138
SC (subscriber connectors), 181
scaling out CPUs, 36
scaling up CPUs, 36
SCCM (System Center Configuration Manager), 102–103, 148
scope
DHCP, 73–74
problems, 278
SCP (Secure Copy), 200
screened subnets, 243–244
scripting
administration, 99–100
server installations, 93
scrubbing disks, 257
SCSI (Small Computer System Interface), 138
SD (Secure Digital) storage, 135
SDRAM (synchronous DRAM), 37
SECaaS (Security as a Service), 242
Secure Boot, 35
Secure Copy (SCP), 200
Secure Digital (SD) storage, 135
Secure File Transfer Protocol (SFTP), 200
Secure Sockets Layer (SSL)
description, 246
VPN tunnels, 248
security, 221
cloud backups, 342–343
considerations, 10
data, 252–259
hands-on exercises, 259–263
logical access control, 228–237
network. See network security
physical, 221–228
questions, 266–276
review, 264–266
troubleshooting, 14, 299–305, 312–313
Security as a Service (SECaaS), 242
Security-Enhanced Linux (SELinux) operating system, 232–233
security guards, 222
security information and event management (SIEM), 249
security zones, 243–244
seek time for disk systems, 135
SELinux (Security-Enhanced Linux) operating system, 232–233
serial ATA (SATA) disk interface, 135, 138
serial-attached SCSI (SAS) disk interface, 138
server components, 33
Server Manager, 80
Server Message Block (SMB) protocol
CIFS, 140
file servers, 82
server overview
cloud computing, 15–17
hardware basics, 2–6
network concepts, 7–8
operating systems and roles, 8–10
optimizing performance, 13
questions, 18–26
review, 18
security considerations, 10–13
storage, 6
troubleshooting, 13–14
server-to-server replication, 331–332
service level agreements (SLAs)
description, 10
documenting, 104
service models in cloud computing, 17
services, troubleshooting, 289
setfacl command, 302
SetUID bit, 302
SFF (small form factor) disks, 134
SFP (small form-factor pluggable) connectors, 181
SFTP (Secure File Transfer Protocol), 200
shared folder permissions, 233, 260
shielded twisted pair (STP) cable, 177–178
side-by-side backups, 336
SIEM (security information and event management), 249
Simple Mail Transfer Protocol (SMTP)
description, 200
mail servers, 83
Simple Network Management Protocol (SNMP)
description, 201
in-band remote administration, 97
single-factor authentication, 225
single-instance storage, 148
single-mode fiber (SMF), 181
Single Sign-On (SSO), 81, 224–225
site-to-site replication, 332
sites for disaster recovery, 325
alternate, 325–327
cold, 328
hot, 327–328
warm, 328–329
6to4 technology for IPv6, 195
sizing virtual servers, 306
SLAs (service level agreements)
description, 10
documenting, 104
slipstreaming, 93
slots, 4
Small Computer System Interface (SCSI), 138
small form-factor pluggable (SFP) connectors, 181
small form factor (SFF) disks, 134
smartcards, 222–223
SMB (Server Message Block) protocol
CIFS, 140
file servers, 82
SMF (single-mode fiber), 181
smoke detectors, 52
SMP (symmetric multiprocessing) CPUs, 37
SMTP (Simple Mail Transfer Protocol)
description, 200
mail servers, 83
snapshots
backups, 338–339
creating, 110
SNMP (Simple Network Management Protocol)
description, 201
in-band remote administration, 97
Snort IDS, 249
SOA resource record, 78
sockets for CPUs, 38
soft disk quotas, 145
software
inventory, 103
optimizing, 306
troubleshooting, 13, 285, 287–291, 311–312
Software as a Service (SaaS), 17
solid-state drives (SSDs), 134–136
solid-state hybrid drives (SSHDs), 136
solutions to problems, 283
something you are authentication factor, 227–228
something you have authentication factor, 226–227
something you know authentication factor, 225–226
speed of CPUs, 36
SRAM (static memory)
caches, 37
description, 4
SRV resource records, 78
SSDs (solid-state drives), 134–136
SSHDs (solid-state hybrid drives), 136
SSL (Secure Sockets Layer)
description, 246
VPN tunnels, 248
SSO (Single Sign-On), 81, 224–225
ST (straight-tip) connectors, 181
stateful packet inspection, 241
static memory (SRAM)
caches, 37
description, 4
static NAT, 188
storage, 43
base 2 vs. base 10, 144
capacity and future growth, 143–144
cloud, 139
conserving, 145–148
device installation, 152–156
direct-attached storage, 139
disk interfaces, 137–138
disk space consumers, 144–145
FCoE, 142
hands-on exercises, 156–160
hybrid drives, 136
hypervisors, 88
magnetic hard disks, 134
network-attached storage, 140
optical drives, 138–139
overview, 6
questions, 162–172
review, 160–162
snapshots, 338
solid-state drives, 134–136
storage area networks, 142–143
technologies, 133–134
tiers, 136–137
troubleshooting, 14, 286, 292–295, 312
storage area networks (SANs), 43
backups, 256
overview, 142–143
STP (shielded twisted pair) cable, 177–178
straight-through cable, 178
straight-tip (ST) connectors, 181
stratums in NTP, 78–79
subnets and subnet masks
IPv4 addresses, 189–193
screened, 243–244
subscriber connectors (SC), 181
subscription-based licensing, 90
sudo command, 302
switches
KVM, 95
network, 184–185
symmetric keys for encryption, 253
symmetric multiprocessing (SMP) CPUs, 37
SYN packets, 199
SYN/ACK packets, 199
synchronous DRAM (SDRAM), 37
synchronous replication, 329
System Center Configuration Manager (SCCM), 102–103, 148
T
TACACS (Terminal Access Controller Access-Control System), 238
tailgating, 222
tape
backups, 340–341
encryption, 256
targets in iSCSI, 141, 156–157
TCP. See Transmission Control Protocol (TCP)
TDRs (time-domain reflectometers), 296
Telnet, 200
temperature controls, 50–51
templates for virtual machine deployment, 92–93
Teredo technology, 195
Terminal Access Controller Access-Control System (TACACS), 238
testing problem theories, 282
TFTP (Trivial FTP), 201
theories for problem causes, 282
thin provisioning, 146
three-way handshakes, 199
tiers
NTP, 78–79
storage, 136–137
time-domain reflectometers (TDRs), 296
timing
memory, 39
NTP. See Network Time Protocol (NTP)
TLS (Transport Layer Security), 246
tokens in authentication, 225, 227
tone generators, 296
top tool, 291
tower servers, 28–29
TPM (Trusted Platform Module), 254
traceroute command, 296
tracert command, 296
transfer rate in disk systems, 135
Transmission Control Protocol (TCP)
common services, 201
overview, 198–199
ports, 8
review, 208
Transport Layer Security (TLS), 246
transport mode for IPSec, 248
Trivial FTP (TFTP), 201
troubleshooting, 13
hands-on exercises, 307–310
permissions, 301–303
questions, 313–324
review, 310–313
security, 14, 299–305, 312–313
Trusted Platform Module (TPM), 254
tunnel mode in IPSec, 247
Type 1 hypervisors
configuring, 86–87
installing, 90–91
Type 2 hypervisors, 86
U
Ubuntu Linux 20.04.1 operating system, 114–116
UDP (User Datagram Protocol)
ports, 8
review, 208
UIDs (unit identifications) for racks, 29
Unified Extensible Firmware Interface (UEFI)
features, 35
WoL support, 183
uninterruptible power supplies (UPSs), 48–50
unit identifications (UIDs) for racks, 29
Universal Serial Bus (USB)
access control, 235–237
disk interface, 138
drives, 135–136
ports, 44–46
Unix operating system
file systems, 154
logs, 279–280
permissions, 234–235
unshielded twisted pair (UTP) cable, 177–178
UPSs (uninterruptible power supplies), 48–50
USB. See Universal Serial Bus (USB)
User Account Control settings, 289–290
User Datagram Protocol (UDP)
ports, 8
review, 208
UTP (unshielded twisted pair) cable, 177–178
V
VBS (Visual Basic Script), 100
vCPUs (virtual CPUs), 4–5
vendor classes in DHCP, 73–75
verifying problem solutions, 283
virtual CPUs (vCPUs), 4–5
virtual hard disk (VHD) files, 43
virtual local area networks (VLANs), 184, 238–239
Virtual Machine File System (VMFS), 154
virtual machines
configuration, 53–55
creating, 110
deployment templates, 92–93
guest configuration, 87–89
virtual NICs (vNICs), 43
virtual private networks (VPNs)
review, 265
types, 248
virtualization overview, 4–5
virtualization servers
hypervisors, 85–88
review, 117
virtual machine guest configuration, 87–89
Visual Basic Script (VBS), 100
VLANs (virtual local area networks), 184, 238–239
VMFS (Virtual Machine File System), 154
vNICs (virtual NICs), 43
Voice over Internet Protocol (VoIP), 178
voltage, 46–47
Volume Shadow Service (VSS)
backups, 145
configuring, 344–345
snapshots, 339
VPNs (virtual private networks)
review, 265
types, 248
W
Wake-on-LAN (WoL) feature in NICs, 183
warm sites, 328–329
water sprinkler systems, 52
wattage, 48
WDS (Windows Deployment Services), 93
Web-Based Enterprise Management (WBEM), 95
web servers, 80–81
well-known ports, 8
Windows
ACLs, 302–303
image files, 147–148
performance monitoring tools, 307–308
permission issues, 301–302
storage troubleshooting tools, 292–294
Windows Deployment Services (WDS), 93
Windows Firewall, 240–241
Windows Internet Name Service (WINS), 77, 197
Windows Management Instrumentation (WMI), 301–302
Windows Remote Management (WinRM), 98–99
Windows Server Backup, 346–347
WINS (Windows Internet Name Service), 77, 197
Wireshark for HTTP traffic analysis, 205–206
WMI (Windows Management Instrumentation), 301–302
WMI Query Language (WQL), 302
WoL (Wake-on-LAN) feature in NICs, 183
World Wide Node Names (WWNNs), 142
World Wide Port Names (WWPNs), 142
WQL (WMI Query Language), 302
Write Once Read Many (WORM) media, 138
X
X.509 certificates, 244–245
XaaS (Anything as a Service), 17
xfs_repair tool, 294–295
Z
zones, security, 243–244
3.238.195.81