Chapter 9 Resilience and Physical Security Flashcards
Redundancy
Having more than one of a system, service, device or component.
Redundancy Design Elements
- Geographic dispersal of systems ensures that a single disaster, attack, or failure cannot destroy a system. Place data centers 90+ miles apart.
- Separation of servers used to avoid single rack being a point of failure.
- use of multiple network paths (multi-path) solutions
-protection of power - Power: UPS (uninterruptible power supply) for short term, generators for long term
Diversity of Technologies (resilient, but costly)
Load Balancer
Device that acts as a reverse proxy and distributes network or application traffic across multiple servers. This increases reliability and capacity of systems.
NIC Teaming
Combines multiple network cards into a single virtual network connection. this balances loads and increases fault tolerance.
RAID (redundant array of inexpensive disks)
Data Striping - spread across disks
Data Mirroring - completely copied
Parity - ensures data is not corrupted or lost
RAID 10 is best when speed and resilience are important and cost is not. RAID 5 and 6 can survive a drive loss but have slow performance.
ADD NOTES
Backup Types:
Full
Incremental
Differential
Full backup copies the entire system or device.
Incremental backup copies everything since the last incremental backup.
Differential backup copies everything since the last full back up.
Snapshot vs. Images
Snapshots capture full state of a system at the time the backup is completed. Common for VMs.
Images are similar, but are a complete copy of a system or server down to the bit level for the drive. Completely match the system, backup method of choice for servers.
Backup storage types: Tape Disks Optical Media Flash Media
Tape is inexpensive
Disks are more expensive but faster than tape
Optical media like Blu-ray and DVD are not common bc capacity reason
Flash media fine for short term copies, not used at enterprise scale
Online vs. Offline backup storage
Online is always available for fast retrieval and access, but require power and expense.
Offline is cheaper but slower to access. can be used to ensure an organization does not have a total data loss.
Cloud Backups and software-defined infrastructure models
systems that would’ve once been backed up aren’t being backed up. Instead, the code that defines them is backed up as well as key data they are designed to access or provide.
Considerations for cloud and offsite backup options
Bandwidth requirements, for backups themselves as well as restoration time.
Time to retrieve files and cost to retrieve files. (Amazon Glacier focuses on low cost storage but high cost retrieval, as well as slower times)
Reliability - some cloud backup providers have higher reliability than local tape or disk options.
New security models - separation of accounts, additional controls, etc.
What is a SAN?
A Storage Area Network is a dedicated, high speed network that provides access to block level storage. CompTIA mentions SANs in two ways:
- As a means of replicating data, where SANs use RAID to ensure that data is not lost.
- SANs as a type of backup, in which they can be looked at as a network attached array of disks.
What is NAS?
Network Attached Storage is a storage server connected to a computer network.
What is nonpersistence?
The ability to have systems or services spun up or shut down as needed.
What do you do when a system has been compromised or the OS is so seriously impacted that it can’t properly function?
Revert back to the last known good configuration. This can be done using live boot media, which is a bootable operating system that can be run from a thumb drive or DVD.
