INDEX

A

A resource records, 78

AAAA resource records, 78

AC (alternating current), 47

access control

authentication. See authentication

description, 12

access control lists (ACLs)

file and print servers, 117

NTFS permissions, 82, 232

restoring, 302–303

access control vestibules, 222

ACK packets

DHCP, 198

TCP, 199

ACLs (access control lists)

file and print servers, 117

NTFS permissions, 82, 232

restoring, 302–303

active/active clustered services, 326

active/active data copies, 332

Active Directory (AD), 79–80

groups, 229–230

server installation, 113

user accounts, 225

Active Directory Domain Services (AD DS) environment, 9, 76

Active Directory Federation Services (ADFS), 225

active/passive clustered services, 326

administration methods, 94

in-band remote administration, 96–100

KVM, 95

out-of-band remote administration, 95–96

review, 118

scripting, 99–100

Advanced Intelligent Tape (AIT), 340–341

Advanced RISC Machine (ARM) processors, 36

air flow, 5–6, 51

aisles, hot and cold, 51

AIT (Advanced Intelligent Tape), 340–341

Alibaba Cloud, 16

alternate sites in disaster recovery, 325–329

alternating current (AC), 47

Amazon Web Services (AWS)

CloudFormation templates, 92

community clouds, 17

CSPs, 16

S3, 10

Amazon Web Services (AWS) Storage Gateway, 328–329, 341

AMD Virtualization (AMD-V) processors, 36

antimalware products, 300

Anything as a Service (XaaS), 17

APIPA (Automatic Private IP Addressing), 75

applications

hardening, 251–252

servers, 81–82

archive bits, 337–338

archives in data replication, 330

ARM (Advanced RISC Machine) processors, 36

ARPANET, 188

assets

business impact analysis, 349

inventory, 101–102

life cycle, 101

asymmetric encryption, 252

asynchronous replication, 329

authentication

description, 12

identity, 224–228

IPSec, 246–247

KVM, 96

overview, 224

RADIUS, 237–238

RDP, 98

review, 264

SSH, 97

TACACS, 238

VPNs, 248

web servers, 81

Automatic Private IP Addressing (APIPA), 75

automating administration, 99–100

availability, troubleshooting, 293

AWS. See Amazon Web Services (AWS)

Azure cloud

backups, 342

charges, 90

logs, 279

NSGs, 242

templates, 71–72

Azure Information Protection (AIP), 253

Azure Resource Manager (ARM), 92

B

backplanes for blade servers, 33

backups, 335–336

best practices, 343–344

cloud, 342–343

media, 340–341

on-premises, 341–342

review, 350–351

troubleshooting, 293

types, 336–340

bare-metal backups, 339–340

bare-metal hypervisors, 86

bare-metal installations, 91

bare-metal server restoration, 328

base 2 vs. base 10 storage, 144

Bash scripts, 100

basic disks, 148

basic input-output system (BIOS)

overview, 34–35

troubleshooting, 286

WoL support, 183

batch scripts, 100

batteries

CMOS, 292

direct current, 47

RAID, 44, 148

UPSs, 48–50

BCPs (business continuity plans), 334–335, 349–350

BetCRIS attacks, 243

BIA (business impact analysis), 325, 332–333

biometric authentication, 227–228

BIOS (basic input-output system)

overview, 34–35

troubleshooting, 286

WoL support, 183

BitLocker encryption, 254–255

black holing traffic, 243

blade servers, 32–33

Blue Screen of Death (BSoD), 287

boot sequence, 286

broad network access in cloud computing, 15

buses

CPUs, 37

description, 4

disk systems, 135

overview, 40–41

PCI, 41–43

business continuity and business continuity plans (BCPs), 334–335, 349–350

business impact analysis (BIA), 325, 332–333

bytes, 188

C

cable

description, 7

labeling, 176

placement, 175–176

review, 207

types, 177–181

cable management arms for racks, 31

caches in CPUs, 37–38

cameras, 222

camouflage, 222

capacity, storage, 143–144

capital expenditures (CAPEX), 16

card-based access, 222–223

CAs (certificate authorities), 244–245

Catx copper cable categories, 179–180

CDP (continuous data protection) replication, 328

central processing units (CPUs)

architecture, 36

buses, 37

caches, 37–38

description, 3

hypervisors, 88

licensing, 90

scaling up, 36

troubleshooting, 286

certificate authorities (CAs), 244–245

certificates in PKI, 224, 244–245

ciphers, 304

CISC (Complex Instruction Set Computing) processors, 3, 38

claims in tokens, 225

clean-agent fire suppression systems, 52

cloning, 92

cloud computing

backups, 342–343

characteristics, 15

deployment models, 16–17

printing, 83

service models, 17

storage, 139

cloud service providers (CSPs), 16

CloudFormation templates, 92

clustered services, 326

CMOS (complementary metal oxide semiconductor)

batteries, 292

BIOS, 34–35

CNAME resource records, 78

CNAs (converged network adapters), 142

cold aisles, 51

cold sites, 328

cold spares, 154

colons (:) in IPv6 addresses, 193

community clouds, 17

CompactFlash storage, 135

complementary metal oxide semiconductor (CMOS)

batteries, 292

BIOS, 34–35

Complex Instruction Set Computing (CISC) processors, 3, 38

compression, disk, 146–147

confidentiality, encryption for, 304–305

connectivity troubleshooting, 297

connectors

copper cables, 178

description, 7

fiber-optic cables, 181

review, 207

Continuity Of Operations (COOP), 335

continuous data protection (CDP) replication, 328

converged network adapters (CNAs), 142

copper cables, 177–178

CPUs. See central processing units (CPUs)

crash carts, 285

crossover cables, 178

CSPs (cloud service providers), 16

customer replaceable units (CRUs), 48

D

DaaS (Desktop as a Service), 39

DAC (Dynamic Access Control), 229–230

DACLs (discretionary access control lists), 232–233

DAS (direct-attached storage), 43, 139

data at rest

description, 12–13

encrypting, 253–256

Data Collector Sets (DCSs), 290

data deduplication, 147

data loss prevention (DLP) tools, 253

data replication

archives, 330

disk-to-disk, 329–330

review, 348

server-to-server, 331–332

site-to-site, 332

data security, 252

data at rest, 253–256

media disposal, 257–259

review, 266

tape encryption, 256

DC (direct current), 47

DCSs (Data Collector Sets), 290

dd command, 330

DDoS (distributed denial-of-service) attacks, 242–243

DDR (double data rate) memory, 4, 40–41

deduplication of data, 147

deep packet inspection (DPI), 241–242

default gateways, 195–196

degaussing media, 258

Delisle, Jeffrey, 224

demilitarized zones (DMZs), 243–244

deployment

cloud computing models, 16–17

virtual machine templates, 92–93

Deployment Image Servicing and Management (DISM.exe) tool, 148

Desired State Configuration (DSC), 11

Desktop as a Service (DaaS), 39

df tool, 291, 294–295

DFSR (Distributed File System Replication), 331

DHCP. See Dynamic Host Configuration Protocol (DHCP)

differential backups, 337

Digital Linear Tape (DLT) standard, 340–341

direct-attached storage (DAS), 43, 139

direct current (DC), 47

direct memory access (DMA), 42

directory services (DSs)

Active Directory, 79–80

objects, 79

review, 117

disaster recovery (DR), 325

alternate sites, 325–329

business continuity, 334–335

business impact analysis, 332–333

data backups, 335–344

data replication, 329–332

hands-on exercises, 344–348

questions, 351–359

review, 348–351

sites, 347–348

disaster recovery plans (DRPs)

overview, 334–335

review, 349

discontinuous transmission (DTX), 285

Discover packets in DHCP, 197

discretionary access control lists (DACLs), 232–233

disk-to-disk data replication, 329–330

disks and disk drives

compression, 146–147

DAS, 139–142

data deduplication, 147

data replication, 329–330

disposal, 266

hybrid, 136

I/O optimization, 306

image files, 147–148

interfaces, 137–138

magnetic, 134

optical, 138–139

quotas, 145–146

RAID. See Redundant Array of Independent Disks (RAID)

review, 161

scrubbing, 257

space consumers, 144–145

SSDs, 134–135

troubleshooting, 288

DISM.exe (Deployment Image Servicing and Management) tool, 148

disposal of media, 257–259, 266

distributed denial-of-service (DDoS) attacks, 242–243

Distributed File System Replication (DFSR), 331

DLP (data loss prevention) tools, 253

DLT (Digital Linear Tape) standard, 340–341

DMA (direct memory access), 42

DMZs (demilitarized zones), 243–244

DNS. See Domain Name Service (DNS)

documentation

asset inventory, 101–102

asset life cycle, 101

factors, 104–105

hardware inventory, 102–103

importance, 100–101

problem solution, 284

reading, 281–282

review, 118–119

service level agreements, 104

software inventory, 103

Domain Name Service (DNS), 75–76

configuring, 112

description, 200–201

domains, 76–77, 197

hierarchy, 197

installing, 110–111

logs, 279–280

overview, 196

resource records, 77–78

review, 116

troubleshooting, 298–299

domains in DNS, 76–77, 197

doors, 222

double data rate (DDR) memory, 4, 40–41

double pumping memory, 39

DPI (deep packet inspection), 241–242

DRAM (dynamic memory)

caches, 37

description, 4

drives. See disks and disk drives

DRPs (disaster recovery plans)

overview, 334–335

review, 349

DSC (Desired State Configuration), 11

DTX (discontinuous transmission), 285

duplexing disks, 148

Dynamic Access Control (DAC), 229–230

dynamic disks, 148

dynamic groups, 229

Dynamic Host Configuration Protocol (DHCP)

description, 201

operation, 197–198

overview, 72–73

PXE operating system installation, 183

review, 116

scope, 73–74

server installation, 114

vendor classes, 73–75

dynamic memory (DRAM)

caches, 37

description, 4

E

ECC (error correcting code) memory, 4, 39–40

EFS (Encrypting File System), 254–255, 261

elasticity in cloud computing, 15

electrostatic discharge (ESD), 5, 47–48

enclosures for blade servers, 32–33

Encrypting File System (EFS), 254–255, 261

encryption

BitLocker, 254–255

for confidentiality and integrity, 304–305

data at rest, 253–256

data security, 253

EFS, 254–255, 261

IIS web server, 262–263

OpenSSL, 261–262

tape, 256

environment, 286

controls, 50–52, 57

fire suppression, 6

heat and air flow, 5

static charges, 5

error correcting code (ECC) memory, 4, 39–40

eSATA (external SATA) disk interface, 138

escalating problems, 283

ESD (electrostatic discharge), 5, 47–48

F

fabric switches, 142

FAST (fully automated storage tiering) feature, 136

fiber-optic cables, 180–181

Fibre Channel (FC) interface, 138

Fibre Channel over Ethernet (FCoE) interface, 142

File Transfer Protocol (FTP), 200

File Transfer Protocol Secure (FTPS), 200

files and file systems

access issues, 293

overview, 153–155

permissions, 231–235

restoring, 345–346

review, 162

servers, 82

fire suppression, 6, 51–52

firewalls, 239–240

host-based, 240

Linux, 241

network-based, 241–243

review, 265

rules, 262

Windows Firewall, 240–241

firmware

BIOS, 34–35

description, 33

firewalls, 240

hypervisors, 90

TPM, 254

UEFI, 35

updates, 105

flooding attacks

DDoS, 243

MAC, 239

folder permissions, 233, 260

form factors

blade servers, 32–33

description, 3

hard disks, 134

overview, 27–28

rack-mounted equipment, 29–31

review, 56

tower servers, 28–29

forward lookups in DNS servers, 76, 196

FQDNs (fully qualified domain names), 75–76

fsck tool, 294

FTP (File Transfer Protocol), 200

FTPS (File Transfer Protocol Secure), 200

full backups, 337

fully automated storage tiering (FAST) feature, 136

fully qualified domain names (FQDNs), 75–76

future growth for storage, 143–144

G

gateways, default, 195–196

GCP (Google Cloud Platform), 16

geofencing, 253

get-volume cmdlet, 291

getfacl command, 302–303

GFS (Grandfather-Father-Son) tape rotation strategy, 343–344

GlobalNames zone in DNS, 77

Google Cloud Platform (GCP), 16

GPOs (Group Policy Objects), 301

gpresult command, 301

GPTs (GUID Partition Tables), 34, 152–153, 294

Grandfather-Father-Son (GFS) tape rotation strategy, 343–344

graphics processing units (GPUs), 38–39

Group Policy, 301

Group Policy Objects (GPOs), 301

groups in logical access control, 229

guards, 222

guest configuration for virtual machines, 87–89

GUID Partition Tables (GPTs), 34, 152–153, 294

H

halon fire suppression systems, 52

hard disk drives (HDDs). See disks and disk drives

hard quotas for disks, 145

hardening, 249

applications, 251–252

hardware, 251

operating systems, 250–251

overview, 11

review, 266

hardware, 2–3

BIOS, 34–35

buses, 4, 40–43

CPUs, 3, 36–38

environmental controls, 50–52

environmental factors, 5–6

form factors, 3, 27–33

GPUs, 38–39

hands-on exercises, 53–55

hardening, 251

inventory, 102–103

memory, 3–4, 39–40

network communications, 182–186

NICs, 43

optimizing, 306

power, 46–50

questions, 57–69

review, 56–57

server components, 33

slots, 4

storage, 43–44

troubleshooting, 13, 285–286, 311

UEFI, 35

USB, 44–46

virtualization, 4–5

Hardware Compatibility List (HCL), 285

hashing, 304

HDDs (hard disk drives). See disks and disk drives

Health Insurance Portability and Accountability Act (HIPAA), 254

heat issues, 5–6

HIDs (human interface devices), 45

HIDSs (host intrusion detection systems), 248

hierarchical storage management (HSM), 136

hierarchy in DNS, 197

HIPAA (Health Insurance Portability and Accountability Act), 254

hit rate for caches, 37

hopping in VLAN, 239

horizontal scaling, 307

host-based firewalls, 240

host configuration for hypervisors, 86–87

host intrusion detection systems (HIDSs), 248

host-to-host replication, 331

HOSTS file, 298

hot aisles, 51

hot sites, 327–328

hot spares, 44, 154

hot-swapping, 44

HSM (hierarchical storage management), 136

HTTP (Hyper Text Transfer Protocol)

description, 200

traffic analysis, 205–206

web servers, 80–81

HTTPS (Hyper Text Transfer Protocol Secure), 200

human element in physical security, 223–224

human interface devices (HIDs), 45

humidity controls, 51

hybrid clouds, 17

hybrid drives, 136

Hyper Text Transfer Protocol (HTTP)

description, 200

traffic analysis, 205–206

web servers, 80–81

Hyper Text Transfer Protocol Secure (HTTPS), 200

hypervisors

hardware, 88

host configuration, 86–87

installing, 90–91

types, 85–87

I

IaaS (Infrastructure as a Service), 17

icacls command, 302–303

identifying problems, 278

identity federation

authentication, 224–225

web servers, 81

IDFs (intermediary distribution frames), 29

iDRAC (Integrated Dell Remote Access), 96

IIS web server, encrypting, 262–263

iLO (Integrated Lights Out) management, 96

images

server installation from, 91–92

Windows, 147–148

IMAP (Internet Message Access Protocol)

description, 200

mail servers, 83

in-band remote administration, 96–100

incremental backups, 338

Infrastructure as a Service (IaaS), 17

infrastructure roles

APIPA, 75

DHCP, 72–75

directory services, 79–80

DNS, 75–77

NTP, 77–79

WINS, 77

infrastructure services in network communications, 195–201

Initialize-Disk cmdlet, 294

initiators in iSCSI, 141, 157–158

input/output operations per second (IOPS), 135, 289

installation, 89

Active Directory Server, 114

DHCP servers, 114

DNS servers, 110–111

hypervisors, 90–91

licensing, 90

operating systems, 91–92, 106–110

review, 117–118

storage devices, 152–156

Ubuntu Linux, 114–116

instances, 3

Integrated Dell Remote Access (iDRAC), 96

Integrated Lights Out (iLO) management, 96

integrity, encryption for, 304–305

Intel Virtualization Technology (Intel VT), 36

Intelligent Platform Management Interface (IPMI), 96

interfaces, disk, 137–138

intermediary CAs, 245

intermediary distribution frames (IDFs), 29

internal IPv4 addresses, 189–190

Internet connectivity issues, 297

Internet Message Access Protocol (IMAP)

description, 200

mail servers, 83

Internet Protocol (IP)

addresses. See IPv4 addresses; IPv6 addresses

description, 7

importance, 188

review, 208

Internet Protocol Security (IPSec)

overview, 246–248

review, 265

Internet Small Computer System Interface (iSCSI)

overview, 140–141

target installation, 156–158

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), 195

intranets, 243

intrusion prevention systems (IPSs)

description, 249

review, 266

inventory

assets, 101–102

hardware, 102–103

software, 103

IOPS (input/output operations per second), 135, 289

iostat tool, 294

IP. See Internet Protocol (IP)

IPMI (Intelligent Platform Management Interface), 96

IPSec (Internet Protocol Security)

overview, 246–248

review, 265

IPSs (intrusion prevention systems)

description, 249

review, 266

iptables for firewalls, 262

IPv4 addresses, 187

configuring, 108–109, 203–204

PAT, 187–188

reserved ranges, 189–190

review, 208

routers, 186

static NAT, 188

subnet masks, 189

subnetting, 190–193

troubleshooting, 298

IPv6 addresses, 193–194

configuring, 202–204

review, 208

settings, 194–195

transition technologies, 195

troubleshooting, 298

ISATAP (Intra-Site Automatic Tunnel Addressing Protocol), 195

iSCSI (Internet Small Computer System Interface)

overview, 140–141

target installation, 156–158

J

jacks for cable, 176

journaled file systems, 154

just a bunch of disks (JBOD), 148

K

Key Management Service (KMS) servers, 90

keyboard, video, mouse (KVM) switches, 95

kill tool, 291

KVM over IP, 96

L

L1, L2, and L3 caches, 37

L2TP/IPSec (Layer 2 Tunneling Protocol with IPSec), 248

labeling cable, 176

LANs (local area networks)

connectivity issues, 297

VLANs, 184, 238–239

large form factor (LFF) hard drives, 134

latency in disk systems, 135

Layer 2 and Layer 3 Switches, 184–185

Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec), 248

layers in OSI model, 173–175

LC (local connector) fiber-optic cables, 181

LDAP (Lightweight Directory Access Protocol)

description, 200

directory services, 79

LFF (large form factor) hard drives, 134

licensing servers, 90

life cycle of assets, 101

lights-out management (LOM), 95–96

Lightweight Directory Access Protocol (LDAP)

description, 200

directory services, 79

linear access tape for backups, 341

Linear Tape-Open (LTO) standard, 340–341

link-local addresses, 193

Linux operating system

ACLs, 303

data replication, 330

file systems, 154

firewalls, 241

logs, 279–280, 310

performance monitoring tools, 309

permissions, 234–235, 260–261, 301–302

privileges, 302

storage troubleshooting tools, 294–295

Ubuntu Linux, 114–116

live failover, 326

LMHOSTS file, 77

local area networks (LANs)

connectivity issues, 297

VLANs, 184, 238–239

local connector (LC) fiber-optic cables, 181

Local Group Policy, 301

local operating system installation, 93–94

locks, 222, 228

logical access control, 228

DAC, 229–230

groups, 229

peripheral devices, 235–237

review, 264

rights and permissions, 231–236

roles, 231

Logical Volume Management (LVM), 153

login failures, 287

logs

Linux, 310

PowerShell, 309

troubleshooting, 288

types, 279–281

LOM (lights-out management), 95–96

lsof tool, 294

LTO (Linear Tape-Open) standard, 340–341

LVM (Logical Volume Management), 153

M

MAC (mandatory access control), 232–233

MAC (Media Access Control) addresses

flooding attacks, 239

NICs, 182

magnetic hard disks, 134

mail servers, 83–84

main distribution frames (MDFs), 29

maintenance

overview, 9–10

patch management, 105

proactive, 106

reactive, 106

review, 119

malware

troubleshooting, 299–300

USB devices, 235–236

mandatory access control (MAC), 232–233

mantraps, 222

masks, subnet, 189

master boot record (MBR), 34, 152–153, 294

mdadm tool, 294

MDFs (main distribution frames), 29

MDM (mobile device management)

mail server tools, 84

remote wipes, 258–259

MDT (Microsoft Deployment Toolkit), 148

mean time between failures (MTBF), 335

mean time to repair (MTTR), 335

measured service in cloud computing, 15–16

media

backups, 340–341

disposal, 257–259, 266

Media Access Control (MAC) addresses

flooding attacks, 239

NICs, 182

memory

DDR, 40

ECC, 39–40

hypervisors, 88

leaks, 287

overview, 3–4

timing, 39

troubleshooting, 286–287

MFA (multifactor authentication), 227

Microsoft Deployment Toolkit (MDT), 148

Microsoft Management Console (MMC), 94

midplanes for blade servers, 33

MMF (multi-mode fiber), 181

mobile device management (MDM)

mail server tools, 84

remote wipes, 258–259

mobile devices

data security, 253

remote wipes, 258–259

monitoring

description, 10

performance, 307–308

UPSs, 50

most recently used (MRU) path selection policy, 326

MTBF (mean time between failures), 335

MTTR (mean time to repair), 335

multi-mode fiber (MMF), 181

multifactor authentication (MFA), 227

multihomed servers, 84

MX resource records, 78

N

NAC (Network Access Control), 237–238

name resolution. See Domain Name Service (DNS)

naming servers, 109

NAS (network-attached storage), 43, 140

NAT. See network address translation (NAT)

National Institute of Standards and Technology (NIST)

cloud computing, 15

security guides, 249

near-field communication (NFC), 223

netstat command, 199, 298

Network Access Control (NAC), 237–238

network adapters, adding, 108

network address translation (NAT)

configuring, 204–205

internal hosts, 208

RRAS, 84–85

static, 188

VM setting, 87

network-attached storage (NAS), 43, 140

network-based firewalls, 241–243

network communications, 173

cable labeling, 176

cable placement, 175–176

cable types, 177–181

default gateways, 195–196

DHCP, 197–198

DNS servers, 196–197

hands-on exercises, 202–206

hardware, 182–186

infrastructure services, 195–201

IPv4, 187–193

IPv6, 193–195

NICs, 182–184

OSI model, 173–175

questions, 208–219

review, 207–208

routers, 186

switches, 184–185

TCP, 198–200

UDP, 199, 201

WINS servers, 197

network concepts, 7–8

Network File System (NFS)

file servers, 82

shared files, 140, 155

network interface cards (NICs), 182

common features, 182–184

description, 43

MAC addresses, 182

review, 207

network intrusion detection systems (NIDSs), 249

Network Level Authentication (NLA), 98

network load balancing (NLB), 307

network security, 237

firewalls, 239–243

intrusion detection and prevention systems, 248–249

IPSec, 246–248

NAC, 237–238

PKI, 244–245

RADIUS, 237–238

review, 264

security zones, 243–244

SSL and TLS, 246

VLANs, 238–239

VPNs, 248

Network Security Groups (NSGs), 242

Network Time Protocol (NTP)

description, 201

review, 116

tiers, 78–79

time synchronization, 77–78

networks

hypervisors, 88

optimizing, 306–307

security, 11

troubleshooting, 14, 296–299, 312

new-psdrive cmdlet, 291

New Technology File System (NTFS)

description, 153–154

permissions, 231–233, 259–260

NFC (near-field communication), 223

NFS (Network File System)

file servers, 82

shared files, 140, 155

NICs. See network interface cards (NICs)

NIDSs (network intrusion detection systems), 249

NIST (National Institute of Standards and Technology)

cloud computing, 15

security guides, 249

NLA (Network Level Authentication), 98

NLB (network load balancing), 307

node-locked licenses, 90

NSGs (Network Security Groups), 242

nslookup command, 298–299

NTFS (New Technology File System)

description, 153–154

permissions, 231–233, 259–260

NTP. See Network Time Protocol (NTP)

O

octets in IP addresses, 188

Offer packets in DHCP, 197

on-demand self-service in cloud computing, 15

on-premises backups, 341–342

one-time passwords (OTPs), 227

Open Shortest Path First (OSPF) protocol, 186

open-source licensing, 90

Open Systems Interconnection (OSI) model

layers, 173–175

review, 207

OpenSSL, 255–256, 261–262

operating systems

hardening, 250–251

installing, 91–94, 106–110, 114–116

overview, 8–10

troubleshooting, 288–289

optical drives, 138–139

optical time-domain reflectometers (OTDRs), 296

optimizing performance, 13, 305–307, 313

OSI (Open Systems Interconnection) model

layers, 173–175

review, 207

OSPF (Open Shortest Path First) protocol, 186

OTDRs (optical time-domain reflectometers), 296

OTPs (one-time passwords), 227

out-of-band remote administration, 95–96

P

P2V (physical-to-virtual) cloning, 92

PaaS (Platform as a Service), 17

packet flooding, 243

PAT (Port Address Translation), 187–188

patches

managing, 105

troubleshooting, 288

Payment Card Industry Data Security Standard (PCI-DSS), 254

PBX (private branch exchange) devices, 178

PCI Express (PCIe) bus, 42–43

PCI Extended (PCI-X) bus, 42

PCI (Peripheral Component Interconnect) bus, 41–43

per-user concurrent licensing, 90

performance

Linux tools, 309

optimizing, 13, 305–307, 313

troubleshooting, 288

Windows tools, 307–308

Performance Monitor tool, 305–306

perimeter firewalls, 241

Peripheral Component Interconnect (PCI) bus, 41–43

peripheral devices

printers, 235

projectors, 235

USB, 235–237

permissions, 231–235

Linux, 234–235, 260–261

NTFS, 231–233, 259–260

shared folders, 232–233, 260

troubleshooting, 301–303

personally identifiable information (PII), 254

physical destruction of media, 257

physical security, 221

authentication, 224–228

human element, 223–224

locks, 228

premises, 221–223

review, 264

physical-to-virtual (P2V) cloning, 92

PII (personally identifiable information), 254

PKI. See Public Key Infrastructure (PKI)

plans

BCPs, 334–335, 349–350

DRPs, 334–335, 349

problem solving, 282

Platform as a Service (PaaS), 17

Point-to-Point Tunneling Protocol (PPTP), 248

POP (Post Office Protocol)

description, 200

mail servers, 83

Port Address Translation (PAT), 187–188

ports

overview, 7–8

TCP, 199

Post Office Protocol (POP)

description, 200

mail servers, 83

POST (power on self test)

description, 34

troubleshooting, 286

power, 46

electrostatic discharge, 47–48

review, 57

troubleshooting, 286

UPSs, 48–50

usage calculations, 49–50

USB device requirements, 45–46

voltage, 46–47

wattage, 48

power on self test (POST)

description, 34

troubleshooting, 286

PowerShell

Active Directory, 80

folder sharing, 82

logs, 309

printer sharing, 83

remote administration, 98–100

PPTP (Point-to-Point Tunneling Protocol), 248

Preboot Execution Environment (PXE)

booting from, 93–94, 117

malware removal, 300

NICs, 183

warm sites, 328

premises security, 221–223

printers and printing

access control, 235

servers, 83

troubleshooting, 289

private branch exchange (PBX) devices, 178

private clouds, 16

proactive maintenance, 106

probe generators, 296

processors. See central processing units (CPUs)

projectors, 235

protocols overview, 7–8

proxy servers, reverse, 241, 265

ps tool, 291

PSoD (Purple Screen of Death), 288

PTR resource records, 78

public clouds, 16

Public Key Infrastructure (PKI), 244

authentication, 224

certificates, 244–245

description, 12

review, 265

Purple Screen of Death (PSoD), 288

PXE. See Preboot Execution Environment (PXE)

Q

quotas, disk, 145–146

R

rack-mounted equipment

cable management arms, 31

racks, 30–31

servers, 29–30

space calculations, 53

radiofrequency identification (RFID) chips, 222–223

RADIUS (Remote Authentication Dial-In User Service), 237–238

RAID. See Redundant Array of Independent Disks (RAID)

random access memory (RAM), 39

ransomware, 236–237

rapid elasticity in cloud computing, 15

RAs (registration authorities), 244

RBAC (role-based access control), 231

RDP (Remote Desktop Protocol), 98, 200

reactive maintenance, 106

recovery point objective (RPO), 333, 335, 349

recovery points, 340

recovery time objective (RTO), 325, 327–329, 332–334, 349

Reduced Instruction Set Computing (RISC) processors, 3, 37

Redundant Array of Independent Disks (RAID)

configuring, 148–149, 158–160

controllers, 43–44

description, 6

levels, 149–152

review, 161

ReFS (Resilient File System), 153–154

registration authorities (RAs), 244

Reliability Monitor history, 280–281

remote administration

in-band, 96–100

out-of-band, 95–96

Remote Authentication Dial-In User Service (RADIUS), 237–238

Remote Desktop Protocol (RDP), 98, 200

Remote Installation Services (RIS), 93

Remote Server Administration Tools (RSAT), 94–95

remote wipes, 258–259

removal of malware, 300

Repair-Volume cmdlet, 294

repeaters, 179

replication. See data replication

reproducing problems, 278–279

Request packets in DHCP, 198

reserved IP address ranges, 189–190

Resilient File System (ReFS), 153–154

resizing memory, 3–4

resource pooling in cloud computing, 15

resource records in DNS, 77–78

restores

ACLs, 302–303

best practices, 343–344

files, 345–346

reverse lookups in DNS servers, 76, 196

reverse proxy servers, 241, 265

revolutions per minute (RPMs) in disk systems, 135

RFID (radiofrequency identification) chips, 222–223

rights, 231

RIP (Routing Information Protocol), 186

RIS (Remote Installation Services), 93

RISC (Reduced Instruction Set Computing) processors, 3, 37

role-based access control (RBAC), 231

roles

administration methods, 94–100

application servers, 81–82

documentation, 100–105

file servers, 82

hands-on exercises, 106–116

infrastructure, 72–80

logical access control, 231

mail servers, 83–84

maintenance, 105–106

overview, 8–10, 71–72

print servers, 83

questions, 119–131

review, 116–119

routing and remote access service, 84–85

server installation, 89–94

virtualization servers, 85–89

web servers, 80–81

rollover cables, 179

root cause analysis, 283–284

rotational latency in disk systems, 135

route command, 298

routers, 186

routing and remote access service (RRAS), 84–85

Routing Information Protocol (RIP), 186

RPMs (revolutions per minute) in disk systems, 135

RPO (recovery point objective), 333, 335, 349

RRAS (routing and remote access service), 84–85

RSAT (Remote Server Administration Tools), 94–95

rsync tool, 332

RTO (recovery time objective), 325, 327–329, 332–334, 349

rules for firewalls, 262

S

SaaS (Software as a Service), 17

SANs (storage area networks), 43

backups, 256

overview, 142–143

SAS (serial-attached SCSI) disk interface, 138

SATA (serial ATA) disk interface, 135, 138

SC (subscriber connectors), 181

scaling out CPUs, 36

scaling up CPUs, 36

SCCM (System Center Configuration Manager), 102–103, 148

scope

DHCP, 73–74

problems, 278

SCP (Secure Copy), 200

screened subnets, 243–244

scripting

administration, 99–100

server installations, 93

scrubbing disks, 257

SCSI (Small Computer System Interface), 138

SD (Secure Digital) storage, 135

SDRAM (synchronous DRAM), 37

SECaaS (Security as a Service), 242

Secure Boot, 35

Secure Copy (SCP), 200

Secure Digital (SD) storage, 135

Secure File Transfer Protocol (SFTP), 200

Secure Shell (SSH), 97, 200

Secure Sockets Layer (SSL)

description, 246

VPN tunnels, 248

security, 221

cloud backups, 342–343

considerations, 10

data, 252–259

hands-on exercises, 259–263

hardening, 11, 249–252

logical access control, 228–237

network. See network security

physical, 221–228

questions, 266–276

review, 264–266

troubleshooting, 14, 299–305, 312–313

Security as a Service (SECaaS), 242

Security-Enhanced Linux (SELinux) operating system, 232–233

security guards, 222

security information and event management (SIEM), 249

security zones, 243–244

seek time for disk systems, 135

SELinux (Security-Enhanced Linux) operating system, 232–233

serial ATA (SATA) disk interface, 135, 138

serial-attached SCSI (SAS) disk interface, 138

server components, 33

Server Manager, 80

Server Message Block (SMB) protocol

CIFS, 140

file servers, 82

server overview

cloud computing, 15–17

hardware basics, 2–6

network concepts, 7–8

operating systems and roles, 8–10

optimizing performance, 13

questions, 18–26

review, 18

security considerations, 10–13

storage, 6

troubleshooting, 13–14

server-to-server replication, 331–332

service level agreements (SLAs)

description, 10

documenting, 104

service models in cloud computing, 17

services, troubleshooting, 289

setfacl command, 302

SetUID bit, 302

SFF (small form factor) disks, 134

SFP (small form-factor pluggable) connectors, 181

SFTP (Secure File Transfer Protocol), 200

shared folder permissions, 233, 260

shielded twisted pair (STP) cable, 177–178

side-by-side backups, 336

SIEM (security information and event management), 249

Simple Mail Transfer Protocol (SMTP)

description, 200

mail servers, 83

Simple Network Management Protocol (SNMP)

description, 201

in-band remote administration, 97

single-factor authentication, 225

single-instance storage, 148

single-mode fiber (SMF), 181

Single Sign-On (SSO), 81, 224–225

site-to-site replication, 332

sites for disaster recovery, 325

alternate, 325–327

cold, 328

hot, 327–328

warm, 328–329

6to4 technology for IPv6, 195

sizing virtual servers, 306

SLAs (service level agreements)

description, 10

documenting, 104

slipstreaming, 93

slots, 4

Small Computer System Interface (SCSI), 138

small form-factor pluggable (SFP) connectors, 181

small form factor (SFF) disks, 134

smartcards, 222–223

SMB (Server Message Block) protocol

CIFS, 140

file servers, 82

SMF (single-mode fiber), 181

smoke detectors, 52

SMP (symmetric multiprocessing) CPUs, 37

SMTP (Simple Mail Transfer Protocol)

description, 200

mail servers, 83

snapshots

backups, 338–339

creating, 110

SNMP (Simple Network Management Protocol)

description, 201

in-band remote administration, 97

Snort IDS, 249

SOA resource record, 78

sockets for CPUs, 38

soft disk quotas, 145

software

inventory, 103

optimizing, 306

troubleshooting, 13, 285, 287–291, 311–312

Software as a Service (SaaS), 17

solid-state drives (SSDs), 134–136

solid-state hybrid drives (SSHDs), 136

solutions to problems, 283

something you are authentication factor, 227–228

something you have authentication factor, 226–227

something you know authentication factor, 225–226

speed of CPUs, 36

SRAM (static memory)

caches, 37

description, 4

SRV resource records, 78

SSDs (solid-state drives), 134–136

SSH (Secure Shell), 97, 200

SSHDs (solid-state hybrid drives), 136

SSL (Secure Sockets Layer)

description, 246

VPN tunnels, 248

SSO (Single Sign-On), 81, 224–225

ST (straight-tip) connectors, 181

stateful packet inspection, 241

static charges, 5, 47–48

static memory (SRAM)

caches, 37

description, 4

static NAT, 188

storage, 43

base 2 vs. base 10, 144

capacity and future growth, 143–144

cloud, 139

conserving, 145–148

device installation, 152–156

direct-attached storage, 139

disk interfaces, 137–138

disk space consumers, 144–145

FCoE, 142

hands-on exercises, 156–160

hybrid drives, 136

hypervisors, 88

iSCSI, 140–141, 156–158

magnetic hard disks, 134

network-attached storage, 140

optical drives, 138–139

overview, 6

questions, 162–172

RAID, 43–44, 148–152

review, 160–162

snapshots, 338

solid-state drives, 134–136

storage area networks, 142–143

technologies, 133–134

tiers, 136–137

troubleshooting, 14, 286, 292–295, 312

storage area networks (SANs), 43

backups, 256

overview, 142–143

STP (shielded twisted pair) cable, 177–178

straight-through cable, 178

straight-tip (ST) connectors, 181

stratums in NTP, 78–79

subnets and subnet masks

IPv4 addresses, 189–193

screened, 243–244

subscriber connectors (SC), 181

subscription-based licensing, 90

sudo command, 302

switches

KVM, 95

network, 184–185

symmetric keys for encryption, 253

symmetric multiprocessing (SMP) CPUs, 37

SYN packets, 199

SYN/ACK packets, 199

synchronous DRAM (SDRAM), 37

synchronous replication, 329

System Center Configuration Manager (SCCM), 102–103, 148

T

TACACS (Terminal Access Controller Access-Control System), 238

tailgating, 222

tape

backups, 340–341

encryption, 256

tar command, 330, 347–348

targets in iSCSI, 141, 156–157

TCP. See Transmission Control Protocol (TCP)

TDRs (time-domain reflectometers), 296

teaming, NIC, 43, 183–184

Telnet, 200

temperature controls, 50–51

templates for virtual machine deployment, 92–93

Teredo technology, 195

Terminal Access Controller Access-Control System (TACACS), 238

testing problem theories, 282

TFTP (Trivial FTP), 201

theories for problem causes, 282

thin provisioning, 146

three-way handshakes, 199

tiers

NTP, 78–79

storage, 136–137

time-domain reflectometers (TDRs), 296

timing

memory, 39

NTP. See Network Time Protocol (NTP)

TLS (Transport Layer Security), 246

tokens in authentication, 225, 227

tone generators, 296

top tool, 291

tower servers, 28–29

TPM (Trusted Platform Module), 254

traceroute command, 296

tracert command, 296

transfer rate in disk systems, 135

Transmission Control Protocol (TCP)

common services, 201

overview, 198–199

ports, 8

review, 208

Transport Layer Security (TLS), 246

transport mode for IPSec, 248

Trivial FTP (TFTP), 201

troubleshooting, 13

hands-on exercises, 307–310

hardware, 13, 285–286

methodology, 277–284, 310–311

networks, 14, 296–299

permissions, 301–303

questions, 313–324

review, 310–313

security, 14, 299–305, 312–313

software, 13, 285, 287–291

storage, 14, 286, 292–295

Trusted Platform Module (TPM), 254

tunnel mode in IPSec, 247

Type 1 hypervisors

configuring, 86–87

installing, 90–91

Type 2 hypervisors, 86

U

Ubuntu Linux 20.04.1 operating system, 114–116

UDP (User Datagram Protocol)

description, 199, 201

ports, 8

review, 208

UIDs (unit identifications) for racks, 29

Unified Extensible Firmware Interface (UEFI)

features, 35

WoL support, 183

uninterruptible power supplies (UPSs), 48–50

unit identifications (UIDs) for racks, 29

Universal Serial Bus (USB)

access control, 235–237

disk interface, 138

drives, 135–136

ports, 44–46

Unix operating system

file systems, 154

logs, 279–280

permissions, 234–235

unshielded twisted pair (UTP) cable, 177–178

UPSs (uninterruptible power supplies), 48–50

USB. See Universal Serial Bus (USB)

User Account Control settings, 289–290

User Datagram Protocol (UDP)

description, 199, 201

ports, 8

review, 208

UTP (unshielded twisted pair) cable, 177–178

V

VBS (Visual Basic Script), 100

vCPUs (virtual CPUs), 4–5

vendor classes in DHCP, 73–75

verifying problem solutions, 283

virtual CPUs (vCPUs), 4–5

virtual hard disk (VHD) files, 43

virtual local area networks (VLANs), 184, 238–239

Virtual Machine File System (VMFS), 154

virtual machines

configuration, 53–55

creating, 110

deployment templates, 92–93

guest configuration, 87–89

virtual NICs (vNICs), 43

virtual private networks (VPNs)

review, 265

types, 248

virtualization overview, 4–5

virtualization servers

hypervisors, 85–88

review, 117

virtual machine guest configuration, 87–89

Visual Basic Script (VBS), 100

VLANs (virtual local area networks), 184, 238–239

VMFS (Virtual Machine File System), 154

vNICs (virtual NICs), 43

Voice over Internet Protocol (VoIP), 178

voltage, 46–47

Volume Shadow Service (VSS)

backups, 145

configuring, 344–345

snapshots, 339

VPNs (virtual private networks)

review, 265

types, 248

W

Wake-on-LAN (WoL) feature in NICs, 183

warm sites, 328–329

water sprinkler systems, 52

wattage, 48

WDS (Windows Deployment Services), 93

Web-Based Enterprise Management (WBEM), 95

web servers, 80–81

well-known ports, 8

Windows

ACLs, 302–303

image files, 147–148

performance monitoring tools, 307–308

permission issues, 301–302

storage troubleshooting tools, 292–294

Windows Deployment Services (WDS), 93

Windows Firewall, 240–241

Windows Internet Name Service (WINS), 77, 197

Windows Management Instrumentation (WMI), 301–302

Windows Remote Management (WinRM), 98–99

Windows Server Backup, 346–347

WINS (Windows Internet Name Service), 77, 197

Wireshark for HTTP traffic analysis, 205–206

WMI (Windows Management Instrumentation), 301–302

WMI Query Language (WQL), 302

WoL (Wake-on-LAN) feature in NICs, 183

World Wide Node Names (WWNNs), 142

World Wide Port Names (WWPNs), 142

WQL (WMI Query Language), 302

Write Once Read Many (WORM) media, 138

X

X.509 certificates, 244–245

XaaS (Anything as a Service), 17

xfs_repair tool, 294–295

Z

zones, security, 243–244

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.238.195.81