Google IT Cert – Week 20 – Network and Infrastructure Services

This is my evaluation of week 20 (course IV, week 2) of the Google IT support professional certification course from coursera.org.

.   .   . 

 

Intro to IT Infrastructure Services

What are IT Infrastructure Services?

These are all the functions that allow a modern organization to function – connecting to the internet, managing networks, setting up network hardware, everything. This week, we’re going to cover some essential network services, especially physical and network services.

The Role of IT Infrastructure Services in SysAdmin

There are many services employed at any given organization, and a small organization may have one sysadmin managing it all. A larger company, however, could have whole teams responsible only for one service.

We’re also going to cover some cloud services that may be purchased by a company.

Photo by Daniel Falcão on Unsplash

Types of IT Infrastructure Services

Here is a higher-level overview of IT infrastructure services…

You can choose to build and maintain your physical infrastructure, like all your servers and necessary components to run them. But if you can’t or don’t want to handle that much equipment, you can purchase IaaS, or Infrastructure-as-a-Service.

IaaS providers will give your pre-configured virtual machines that will behave just like real servers. These providers include Amazon Web Services (AWS EC2), Linode, Windows Azure, and Google Compute Engine.

Your organizational network is going to be more complicated than what you have at home. You’ll need wireless internet, DNS, DHCP, etc. A smaller company may not be able to handle all this. Networking may be part of an IaaS package, but recently it has been more common for providers to offer Networking-as-a-service, or NaaS.

NaaS allows an organization to avoid maintaining their WAN, routing, or network security.

Companies always need software, and maintaining software means updating, licensing, troubleshooting, etc. The cloud alternative, as you have guessed, is called Software-as-a-Service, or SaaS. This is software that can always be accessed from a device with a web browser.

If your organization needs to build and deploy a web application, and don’t want to build out the entire server/database/network side, there is Platform-as-a-Service, or PaaS. This allows a you to build an app, store data and serve the application from a single platform. Popular PaaS providers include Heroku, Windows Azure, and Google App Engine.

Finally, the last service we’ll cover is user access controls or directory services, which allows the management of users and computers from one central service. Windows Active Directory and OpenLDAp are popular directory services, which we will cover later. And yes, of course there is Directory-as-a-Service, (DaaS) which allows this work to be handled by a cloud provider.

These are just the most common infrastructure services.

Reading: IT Infrastructure Services

Iaas, NaaS, SaaS, PaaS, Amazon DaaS, Jumpcloud, and Azure Active Directory.

>>>quiz

Heather First Job

Heather had an internship where she was challenged by a task and learned a lot.

Physical Infrastructure Services

Server Operating Systems

When you setup a server you install that service (file storage, for example) on the server so that it can extend that service to clients.

A Server Operating System is an OS that is optimized for servers—for delivering services to client machines. This means, among other things, being able to use more RAM and handling more network connections.

Microsoft makes Windows Server, MacOS comes in a server version, and many Linux distributions come in server versions, as well.

Server operating systems usually include more security features and more built-in services.

Reading: Server Operating Systems

Here’s an article from 2002 all about server operating systems. Oh yeah, there was a thing called Windows ME.

Virtualization

Virtualization can be a very important part of an IT infrastructure services setup. Services can be run on dedicated hardware, or as virtual machine instances running on a server. When you decide to services from a virtual machine, you will deploy multiple virtual machines from a server, each running a service.

There are so pros and cons to running virtualized machines vs. dedicated machines.

  • Performance: always going to be better on a dedicated machine, because that machine is only running one service, while a virtual setup will have multiple virtual instances running on one machine.
  • Cost: virtualization can be significantly cheaper than building and maintaining a physical machine for every service you need to offer.
  • Maintenance: servers require hardware maintenance and software updates. A virtual machine can be migrated to another server, which can be shutdown and maintained without bringing any downtime to the service being provided by the VM.
  • Points of failure: if you have one machine running a service, you have a weakness and will lose that service if the machine has trouble. If that service is running in a VM it can be easily moved to another physical server and will minimize downtime.

These qualities indicate why virtualization is so popular and a great choice for many applications and organizations.

Remote Access Revisited

As a sysadmin in a small organization, it is going to be necessary to remotely connect to different machines throughout your network.

In Linux, the most popular remote connection tool is OpenSSH. To connect via SSH you must have an SSH client installed on the machine you are connecting from, and an SSH server on the machine you are connecting to.

Here’s how to install OpenSSH on your Linux machine. Run this command on the client:

poochy@poochy-desktop:~$ sudo apt-get install openssh-client

And this on the server:

poochy@poochy-server:~$ sudo apt-get install openssh-server

Once installed you can connect from the client to the server. You’ll need to have a user account on the machine you are connecting to, and you’ll need to know the IP address of that machine as well.

poochy@poochy-desktop:~$ ssh poochy@101.231.89.78
poochy@101.231.89.78’s password:
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.10.0.2 x86_64)
200 packages can be updated.
112 updates are security updates.
Last login: Tue Sep 24 7:34:02 2018 from 131.43.122.23
poochy@poochy-server:~$

Great! You’ve connected to the server.

You can use PuTTY to connect via SSH to a Linux machine (remember to install the SSH server on the machine you’re connecting to), and RDP is popular if you want to use the GUI. Remember to install the SSH server on the machine you’re connecting to.

There is always a little setup for creating remote connections, but it will be worth it.

Reading: Remote Access & SSH

Here’s some info on OpenSSH, Windows Remote Desktop Clients,  Windows Remote Management, and some more on PuTTY.

>>>quiz

Network Services

FTP, SFTP, and TFTP

A common network service is file transfer service, using file transfer protocol, or FTP. This is an older (“legacy”) protocol used to transfer files over the internet. It is not able to handle encryption, so it is not very secure, although it is still in use today, primarily to share web content between web hosts and site admins.

To use an FTP service, the client machine that needs to access the server must have an FTP client installed, and the FTP server must, obviously, be setup to share information from directories on that server.

SFTP is the secure version of FTP—data is sent using encryption and SSH.

TFTP, or trivial FTP, is a simpler version of FTP, but without any encryption or authentication. TFTP is only suitable for public information, a common use being to host installation files. PXE Boot, or preboot execution environment, allows you to boot into software that is available over a network, so by using PXE boot and TFTP, a machine can be booted directly to installation files.

Reading: FTP Clients

Read about PXE boot and FTP clients.

NTP

Network Time Protocol (NTP) is one of the oldest network protocols. It keeps machines time-keeping synchronized. This, according to our presenter, is similar to how airports have to keep their clocks synchronized. I guess that’s true? Not sure why the example, but, okay.

There are many reasons networked devices need to keep synchronized time. Security and authentication processes rely on accurate time-keeping, as we will one day learn.

An NTP server is a common way of ensuring every device on the network is synchronized. A local NTP server can be setup by installing NTP software on your management server, and NTP clients on machines that need to receive NTP from the server.

A public NTP server is managed by another organization, and you can connect your devices to it to receive synchronized time. This is a useful way to get NTP for smaller fleets, but larger fleets may be better served by running their own NTP services.

A common practice is to setup your own NTP server/client configuration and have only your NTP server connect to a public NTP server. That way, you are only connecting one machine to the public NTP server, but you are still synchronizing from it.

Network Support Services Revisited

A quick refresher:

An intranet is a network accessible only from within an organization’s network. This is illustrated by imagining a company’s internal website, that is only available if you are on the company’s network. Intranets are very valuable for large organization.

Proxy servers act as intermediaries between networks and the internet. This server receives outside traffic and relays it to the internal network, keeping the internal network traffic separated from the internet. Proxy servers can also be configured to log activity and traffic and/or block certain websites.

DNS

Here’s a quick recap of DNS:

Domain Name System is the service that translates human-readable addresses into numeric IP addresses. Without proper DNS configuration, you’re not going to be able to access websites by name.

DNS isn’t usually an issue on your personal machine. You can usually just type in an address and the DNS service takes care of it. This is because the router you are connected to is already configured to connect to a DNS server, which is usually provided by your ISP.

But if you are running a web service or website, you want to setup your own DNS server to tell the internet what IP address can be used to access your website. Another reason you may want to setup DNS is to be able to use your own hostname to connect to other machines remotely, without having to remember IP addresses.

DNS for Web Servers

Let’s say you have a web server setup up for your website, either in the cloud or on your own physical machine. When people want to visit the site, they will need to access the site using the domain name.

Most domain registrars will provide DNS service, and you can direct traffic to the IP address of wherever your content is stored. If you don’t use the registrar’s DNS, you will have to configure your own authoritative DNS server.

DNS for Internal Networks

DNS can also be used to map internal network IP addresses to specific machines, allowing you to reference computers by name instead of IP address.

One way to do this is by using static IP addresses and a localhost file. In Linux, you can find this at /etc/hosts. Localhost is often used to access local web servers.

To use a hostfile to map IP addresses to machines, you have to make an entry on every machine that maps an IP to a specific machine. This will be an enormous amount of work in a large fleet.

Instead, you can setup your own local DNS server, and configure all machines to use that DNS service instead of the default provided by the ISP. An internal DNS setup can be integrated to LDAP or Active Directory to automatically populate the DNS service configuration to all machines automatically.

There will be more on this later.

Reading: BIND/PowerDNS

Reading: BIND/PowerDNS

DHCP

Remember what DHCP is? Dynamic Host Configuration Protocol is the service that hands out IP addresses. IP addresses can be set manually, using static IP, or you can allow a DHCP server to assign IP addresses to machines.

DHCP allows your network to automatically update IP address assignments, even if you expand your IP range.

If you set up a DHCP server, it must be integrated with DNS, given an IP range and subnet mask, and it must also follow specific configurations depending on what software you are using.

Windows Server has a built-in DHCP software, but there are a lot of DHCP programs out there.

Once your DHCP server is configured and your client is set to receive DHCP then your DHCP service should be running. Once DNS and DHCP are working together, new IP addresses can be assigned and the DNS server will update its mapping automatically.

Reading: DNS & DHCP

Read up on DNS software and DHCP software.

>>>quiz

Troubleshooting Network Services

Unable to Resolve a Hostname or Domain Name

This can be a difficult problem to troubleshoot. You type in a web address and can’t connect.

First, check that your network connection is working. Try to ping a website you know is working, like http://www.google.com. Let’s say you are able to ping the website and receive responses. That means the network connection is working.

Next, let’s check DNS. Verify that the DNS server is giving a correct address for a host or domain name using nslookup.

poochy@poochy-desktop:~$ nslookup www.google.com
server:    127.0.1.1
Address: 127.0.1.1#53
Non-authoritative answer:
Name: www.google.com
Address: 216.58.194.164
poochy@poochy-desktop:~$

This verifies that the domain “www.google.com” is resolving to an IP address, so if we enter that IP (216.58.194.164) into a browser it should resolve to the correct page. That means that something is wrong with DNS, even though we just thought we figured it out…

It turns out that when at first we pinged “www.google.com” it resolved to an incorrect IP address. That is because there was an incorrect entry in the local host file, which is consulted before an external DNS server.

This is another one of those lessons in this course that kind of comes around to the solution in a weird way. Almost like it is creating a problem that anyone who already knew how stuff works would not have a problem with. A skilled sysadmin would know to check a local host file if DNS was working properly.

>>>graded quiz

Yes, it is our favorite time of the week. Only 8 questions this week and no assessments. This was a pretty easy week. Enjoy that while it lasts—it looks like week 4 has almost 2 hours of video, compared to this week which had about 40 minutes.

See you next week for week 21.

ASUS GeForce GTX 1080 8GB ROG STRIX Graphics Card 

WD 4TB Black My Passport Portable External Hard Drive - USB 3.0 

Insane Clown President: Dispatches from the 2016 Circus | by Matt Taibbi 

HTML and CSS: Design and Build Websites 1st Edition by Jon Duckett 

The Hapless Rube's Apocalypse Survival Guide | by Jack Barker
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s