CIS 157 Lesson 10 - Managing Servers

CIS 157 Lesson 10 - Managing Servers

This particular lesson covers managing remote servers, delegating administration tasks and updating servers.

Server Manager is a Management Console that contains a collection of snap-ins that are most commonly used by administrators.  Server Manager does by default assimilate ten different individual snap-ins into a unified and categorized interface. There are 2 types of snap-ins, standalone and extension.  

Standalone snap-ins

•A standalone snap-in is a single tool that you can install directly into an empty MMC console.

•Standalone snap-ins appear in the first level directly beneath the console root in the console’s scope pane.

–Extension snap-ins

•An extension snap-in provides additional functionality to specific standalone snap-ins.

•You cannot add an extension snap-in to a console without adding an appropriate standalone snap-in first. Extension snap-ins appear beneath the associated standalone snap-in in the console’s scope pane.

Another interesting subject is Remote Desktop.  Ever since the Windows Server 2003 the components that make up the Terminal Services application are fully integrated into the operating system.  Such that Terminal Services capabilities are present, even if you do not have the Terminal Services role installed on the computer. This is so administrators can use Terminal Services to manage remote computers without having to travel to a distant location.  In Windows, this capability is known as Remote Desktop.

Active Directory Permissions were also covered.  Active Directory has its own permissions system, which functions much like that of the NTFS file system.

This functions by granting users and groups permissions to specific Active Directory objects, you can allow them to perform specific administrative tasks on those objects.

This was a very enlightening chapter and I am sure a thorough understanding of the material in this chapter will be most beneficial in the IT Field.

 

 

 

 

CIS 157 Lesson 9 Securing Infrastructure Services

CIS 157 Lesson 9 Securing Infrastructure Services

 

This was quiet an involved chapter in terms of reading.  Within this chapter I learned that Win Svr 08 provides Remote Access Services which is part of Network Policy.   This enables users to connect to the network via VPN for example.

In a Virtual Private Network (VPN) Connection the remote client and the remote access server are connected to a network via the internet and do not have to a share the same service provider.

I learned about the tunneling process where two computers establish a PPP connection but instead of transmitting PPP packets they encapsulate the packets again using one of the three VPN protocols supported by Win Svr 08.

DIK that Remote Access in Win Svr 08 uses an authentication system that is entirely separate from the Kerberos authentication system that clients on a local network use?  Now you can rest easy at night with that information under your pillow.

Also a digital certificate is a digitally signed document, issued by a third party called a Certification Authority. (CA) This binds a user or service holding a private key with its corresponding public key.

Also Certificated Templates are sets of rules and settings that define the format and content of a certificate based on the certificate’s intended use.

Active Directory Certificate Services supports several certificate enrollment methods such as a client’s choice of enrollment for obtaining certificates is typically dictated by the type of CA the client is requesting the certificate from and whether the client and CA can communicate across a network. 

I found this chapter to be very enlightening and it “Cleared up some misconceptions I had about Infrastructure Hierarchy.

 

 

Lesson 8 - Planning Server and Network Security

It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.

Sun Tzu Chinese General and Strategist.

 

Lesson 8 - Planning Server and Network Security  

Security begins with education, knowing the dangers of your enemy and the really bad people that exist in this world to get what you got. The secondary part of security begins with the physical aspect of server security. You must ensure that servers are warehoused in a sheltered locale that unsanctioned individuals are not able to access.   A firewall for instance does more than stop "fire." It is a software program or carefully crafted hardware program that protects computers by permitting applicable network traffic through the system while denying traffic it deems as haphazard.  It is the checkpoint security guard that sifts and regulates the packets of data and their configurations.

When an individual utilizes Active Directory on a company network, it is in control of two perilous security functions: authentication and authorization. Computers use several set of complicated algorithms and bit oriented security protocols to safeguard data that is stored and transferred over a network.

Have a great week.

 

 

Lesson 7 Planning High Availability

 High availability unto itself gives reference to algorithmic mechanisms enabling the continuance of a resource notwithstanding the occurrence of a catastrophic failure.  In forecasting for high availability you need to consider three primary factors.  These would be fault tolerance, performance and bottom line.  For instance if you have a boundless prerequisite for fault tolerance then your expenses rise by X amount while performance will degrade by Y amount.

 The simplest form of disk redundancy is mirroring and usually has little or no bearing on performance.  This is however; permitting that you utilize technology enabling the computer to concurrently write to both disks. Also parity based RAID is most generally used for data storage in high availability regimes.  This is due to its scalability allowing more effectual utilization of disk storage.
An interesting note is that a Failover Cluster is a consortium of servers that execute the same role and perform on the network as a single unit.

Thanks for Stopping By and "SeeYaLL" next week