Server Operating Systems and Server Roles Flashcards
1
Q
server roles (planning)
A
- determine if multiple roles will be located on the same server or dispersed across multiple servers
- cloud VMs can offer services to other cloud devices/internet consumers/on-premise devices
2
Q
configuring on-premise connections with VMs
A
- site-to-site VPN connections
- dedicated connections from on-premise networks to cloud provider networks (bypass internet)
3
Q
DHCP
A
- dynamic host configuration protocol
- delivers central IP settings to network nodes
- can run on a server OS or as a service on a router
4
Q
DCHP port numbers
A
- UDP 67 (listens for client requests)
- UDP 68 (sends responses to client requests)
5
Q
DHCP scopes
A
- IP settings grouped into a manageable unit
- must be activated before they can be used in DHCP process
- IP address ranges
- IP address exclusions
- IP address lease duration
- default gateway
- DNS servers
- DHCP reservation
6
Q
DHCP vendor classes
A
- apply specific IP settings to certain types of network devices
- must determine what vendor class data is included in network transmission
7
Q
APIPA
A
- automatic private IP addressing
- clients use to assign itself a unique address on the LAN when can’t reach DHCP server
- client not able to communicate outside the LAN
- can only communicate with other APIPA hosts within the LAN
8
Q
link-local address
A
- used in IPv6
- unique self-assigned address
- always bound to network interface whether or not DHCP is reachable
9
Q
considerations for choosing DHCP configuration
A
- determine which valid IP address ranges can be used
- short lease duration in environments where clients connect for short periods of time
- try to specify at least 2 default gateways for redundancy
- try to specify at least 2 DNS servers for redundancy
- configure DHCP bindings for correct network interface in multihomed (multiple network card) DHCP servers
- high availability
10
Q
DNS
A
- find IP address for FQDN (forward lookup)
- find FQDN for IP address (reverse lookup)
11
Q
DNS port number
A
listens on port 53 (UDP/TCP)
12
Q
DNS domains
A
- root domain at top
- TLDs (.com/.org/.net/etc)
- domains can have subdomains
- subdomains may have their own authoritative DNS servers
13
Q
SOA (DNS RR)
A
- start of authority
- contains zone details i.e. serial number/refresh interval
- can exist in forward and reverse lookup zones
14
Q
A (DNS RR)
A
- forward lookup record
- FQDN included in query
- IPv4 address returned
15
Q
AAAA (DNS RR)
A
- forward lookup record
- FQDN included in query
- IPv6 address returned
16
Q
CNAME (DNS RR)
A
- canonical name record/alias record
- additional name for an existing name
- can be used in forward/reverse lookup zones
- return FQDN that can be resolved via an A record
17
Q
MX (DNS RR)
A
- mail exchanger
- used for email domain suffixes to locate an SMTP mail server
- return FQDN that can be resolved via an A record
18
Q
SRV (DNS RR)
A
- service record
- used to locate a network service i.e. AD
- includes TCP/UDP port numbers for service
- clients query DNS SRV records to locate services
19
Q
PTR (DNS RR)
A
- pointer record (reverse DNS record)
- created in reverse lookup zone
- client queries include IP address
- host/DNS domain name returned
- each PTR record should have an associated A record
20
Q
WINS
A
- Windows Internet Name Service
- used in Microsoft TCP/IP networks prior to Windows 2000 to resolve NetBIOS computer names to IP addresses
- replicated database of NetBIOS computer names and their IP addresses
- no naming hierarchy
- installed as a feature on Windows server 2019 for backward compatibility
21
Q
DNS GlobalNames zone
A
- client devices can point to a DNS server where a zone “GlobalNames” exists
- alternative to WINS
- DNS admins create CNAME records that point to A records
- enables older software using flat computer names to function through DNS
22
Q
NTP
A
service running on network host to provide time synchronization
23
Q
NTP port number
A
listens on UDP 123
24
Q
stratum 0 (NTP)
A
time source/reference clock
25
Q
stratum 1 (NTP)
A
NTP server connected to stratum 0 device
26
Q
stratum 2 (NTP)
A
NTP server gets time over network from stratum 1 host
27
Q
directory services (DS)
A
- centralized network database containing objects (users/groups/computers/network service locators/shared folders/shared printers/software licenses)
- Microsoft AD DS
- OpenLDAP
- Oracle Directory Services
- IBM Tivoli Directory Server
- based on the same LDAP standards
28
Q
LDAP port numbers
A
- listens on TCP 389 (plaintext)
- listens on TCP 636 (encrypted)
29
Q
AD
A
- Microsoft active directory
- LDAP compliant
- replicated network database
- synchronized between DCs
- group policy
- Windows server role
- installed via Server Manager or PowerShell cmdlets
30
Q
DC
A
- domain controller
- server configured to hold a replica of the AD database
- C:\Windows\Ntds\Ntds.dit
- discovered by clients via DNS queries
- creation of DC creates DNS service location records
31
Q
web server
A
- use HTTP/HTTPS to present content to web browser
- Microsoft Internet Information Services (IIS)
- Apache
- NGINX
32
Q
web server ports
A
- TCP 80 (HTTP)
- TCP 443 (HTTPS)
33
Q
application server
A
- serves data with a specific business purpose
- often combination of web/database servers
- Microsoft SQL Server
- MySQL
- Oracle Database
34
Q
file server
A
- data stored on equipment owned/managed by the organization (legal reasons)
- Windows servers use SMB to make shared folders available over the network
- UNIX/Linux systems use their own network file system (NFS) but can use SMB via Samba
35
Q
print server
A
- manages printers on a network
- spool print jobs from clients using server disk space
36
Q
cloud printing
A
- remove any printing dependencies i.e. OS versions/print drivers/printing devices/etc
- can be used with mobile devices
37
Q
mail server
A
- run as services (daemons)
- enable connections on specific ports
- need to support mobile device connections
38
Q
MDM tools
A
- mobile device management
- mobile device partitioning solutions for personal/work data
- restrict file attachments from corporate messages from being stored on personal cloud storage locations
- can run on-premise or in cloud
39
Q
SMTP
A
- simple mail transfer protocol
- port 25
- used to transfer email between SMTP hosts
40
Q
POP
A
- post-office protocol
- port 110
- enables clients to download email messages from POP server
41
Q
IMAP
A
- internet message access protocol
- port 143
- enables clients to use different email clients running on different devices to access email
- email synchronized between devices
42
Q
multihomed servers
A
servers with more than 1 interface
43
Q
RRAS
A
- routing and remote access service
- Windows server
- configure IPv4/IPv6 routing
- NAT
- VPN
44
Q
UNIX/Linux RRAS services
A
- IP routing via ip command
- NAT configuration via iptables command
- OpenVPN
45
Q
common virtualization solutions
A
- VMWare vSphere Hypervisor
- Microsoft Hyper-V
- Citrix Hypervisor
- Oracle VM VirtualBox
46
Q
host in virtualization
A
hypervisor
47
Q
guest in virtualization
A
VM
48
Q
type 1 hypervisor
A
- hypervisor has direct access to physical hardware
- controls hardware resource access between VMs
- bare-metal hypervisor
- don’t rely on another OS (increased security)
- Microsoft Hyper-V
- VMware ESXi
49
Q
type 2 hypervisor
A
- application that runs on top of existing OS
- doesn’t have direct access to hardware
- VMware Workstation Pro
- Oracle VM VirtualBox
50
Q
hypervisor host configuration
A
type of IT workloads running in each VM is most important consideration
51
Q
VM guest configuration
A
- similar to planning physical hardware for new server
- amount of startup/minimum/maximum/dynamic memory
- number of vCPUs and compatibility settings
- storage
- vNICs/connected virtual switches
- virtual MAC address
- network bandwidth throttling
- VLAN tag settings
- display settings for number of monitors/accelerated graphics
- integration tools with host hypervisor for time synchronization/backup services/etc
- snapshot/checkpoint settings
52
Q
bridging (VLAN tag settings)
A
connects to physical network
53
Q
NAT (VLAN tag settings)
A
uses hypervisor host IP address to access the network
54
Q
VM to VM (VLAN tag settings)
A
enable communication only between VMs
55
Q
VM and host (VLAN tag settings)
A
enables communications between VMs and hypervisor host
56
Q
server installation
A
- hardware compatibility lists (HCLs)
- provide details about which specific hardware is supported by a given server OS
- also have to consider specific drivers/applications
- server OS minimum requirements
57
Q
server licensing
A
- open source (Ubuntu Linux)
- per server models
- per instance models
- per core models
- volume licensing (Microsoft Key Management Service)
- subscription based licensing (AWS/O365/cloud)
- per user concurrent licensing
- node-locked (tied to specific device)
- digital rights management (signature-based used for gaming/use of media files)
58
Q
installing type 1 hypervisor
A
- most modern type 1 hypervisors require 64-bit architecture/virtualization support
- not an issue with server class hardware
- firmware updates (BIOS/UEFI) may be required before installation
- may have to change boot order is installing from DVD/USB
59
Q
common server OS’s
A
- Microsoft Windows Server
- Microsoft Windows Server Embedded (purpose specific hardware appliances)
- UNIX BSD/AIX/Solaris
- Linux Red Hat/Ubuntu/SUSE
60
Q
server installation from an image
A
- apply already created image to new physical server or VM
- capture server OS image by booting from alternative media and using DISM
- multiple images can be stored via Windows Imaging Format (WIM)
- specify image with index DISM parameter
61
Q
server installation from image tools
A
- Ghost Solution Suite
- Microsoft System Center Configuration Manager
- Microsoft Deployment Toolkit
- Microsoft DISM.exe command line tool
62
Q
server cloning
A
- option to create linked clone (uses minimal disk space/linked to original VM)
- linked clone changes made after the clone is created are independent
- option to create fully independent clone (uses more disk space)
- work well when multiple VMs with same standard initial OS configuration are needed
- physical-to-virtual (P2V) cloning uses physical server as the source/results in a VM with same settings
63
Q
VM deployment templates
A
- can be used to partially/fully automate VM deployment
- specify hardware details/OS options/network settings/etc
64
Q
scripted server installations
A
- create answer file to automate some/all of the OS installation
- unattend.xml file created via Windows System Image Manager (SIM)
- name answer file tounattend.xml and place on root of removable media to be automatically read
65
Q
PXE booting
A
- boot over network from a PXE
- enables OS installation from image/installation files
- can apply updates to source installation files before install via slipstreaming
- must be supported by physical/VM BIOS/UEFI settings and NIC
- must have PXE boot server listening on the network
- relies on DHCP to assign IP settings to PXE clients
- uses trivial file transfer protocol (TFTP) to download a small boot image OS used for installation/imaging
- Microsoft Remote Installation Services (RIS)
- Windows Deployment Services (WDS)
- don’t have to carry around storage devices containing installation media
- demanding on network bandwidth
66
Q
installation details
A
- disk layout (partioning/file system formats/swap file/partition)
- server name
- IP configuration settings
- administrative user credentials
- additional drivers for nonstandard hardware
- product key or subscription details to activate installation/receive updates
- additional software that should be installed
- all of these can be included in Windows unattend.xml/autounattend.xml files
67
Q
server administration methods
A
- GUI (MMC)
- command line
- physical serial ports
- remote server administration tools (RSAT)
68
Q
KVM
A
- switches connect servers to a single keyboard/video/mouse
- KVM solution has to match connectors for devices
69
Q
out-of-band remote administration
A
- provides hardware-level remote access to a host
- doesn’t rely on OS software running
- more secure than software-based tools
70
Q
WBEM
A
- web-based enterprise management
- standardized way of managing/monitoring servers/devices from different vendors
71
Q
LOM
A
- lights out management
- remote management solution supported by most vendors
- monitoring of server components i.e. CPU use/temperature/OS health/etc
72
Q
KVM over IP
A
- enables remote server access even over internet
- can enable hardware level remote access if supported by server hardware
- not dependent on underlying OS
- TCP/IP settings must e configured at hardware level to enable remote access across WANs
73
Q
KVM-over-IP switches
A
hardware appliances with centralized management/auditing tools
74
Q
IPMI
A
- intelligent platform management interface
- remote server management solution
- commonly used with various vendor blade enclosures
- remote power on/off
- disk access
- server monitoring/inventory functionality
75
Q
BMC
A
- baseboard management controller
- interface between server management tools and physical hardware being managed
76
Q
iLO
A
- integrated lights out
- secure remote management capabilities
- server monitoring/alert capabilities
77
Q
iDRAC
A
- integrated Dell remote access
- Dell servers
- connect to servers at hardware level
- web browser interface
- remote power on/off
- access to server storage media
78
Q
in-band remote administration
A
relies on software running within OS
79
Q
SSH
A
- needs server-side listener for clients to be able to connect
- standard listening port = TCP 22
- typically used for command line management
- can use public key authentication
80
Q
X-forwarding
A
can be enabled within SSH to redirect graphical UNIX/Linux applications to show on client computer
81
Q
RDP
A
- listens on UDP/TCP 3389
- newer versions of Windows server supported network level authentication (NLA) for RDP sessions
- get command prompt when RDP into server with core OS installed
82
Q
benefits of NLA
A
- entering username/password uses client resources (not server)
- RDP sessions are encrypted with SSL certificate
83
Q
powershell
A
- depends on Windows remote management (WinRM) service to be configured
- desired state configuration (DSC) enables configuring/managing Windows/Linux hosts centrally via a declarative syntax
84
Q
WinRM port numbers
A
TCP 5985/5986
85
Q
using winrs command outside of powershell
A
- execute commands remotely on Windows host
- need to ensure WinRM has been enabled
86
Q
automating server administration via scripting
A
- placing commands in 1 or more script files
- invoking the script file
- have script invoked automatically during machine bootstrap process
87
Q
server documentation
A
- each server needs documentation and change log
- ideally automated/inventoried in a database
- vendor manuals
- how solutions have been implemented
- keep documentation secure/encrypted
88
Q
asset life cycle
A
- complete process of establishing new server/resource all the way to decommission/upgrade
89
Q
asset inventory
A
- modern systems for inventory are automated
- physical equipment needs to be labeled or inscribed
- RFID tags easier in large environments
90
Q
hardware inventory components
A
- make/model/serial number
- physical server owned/leased
- motherboard/device serial numbers
- physical/digital asset tag
- RAM
- storage
- network interfaces
- peripherals
91
Q
reasons for hardware inventory
A
- inventory audits
- asset tracking
- determine asset use
- asset repair/warranty
- asset recall
- asset security
92
Q
software inventory
A
- specific version of OS/drivers/applications in use
- software license compliance
- should be automated on scheduled basis
93
Q
SLA
A
- service level agreement
- contract outlining expected service from a provider to consumer
- uptime
- response time
- providers may offer credits when SLA isn’t met
94
Q
other documentation
A
- network infrastructure diagrams
- workflow/dataflow/application architecture diagrams
- baseline documentation
- recovery documentation
95
Q
maintaining servers
A
- automation
- firmware/software updates timely deployed
- reports to confirm patches deployed successfully
96
Q
patch management
A
- critical security updates
- functionality updates
- centralized update management
- Windows Server Update Services (WSUS)
- Microsoft System Center Updates Publisher (SCUP)
- vendor specific patch management solutions
- test updates in controlled environment before deploying them into production
97
Q
proactive maintenance
A
- keep servers clear of dust
- keep obstructions away from intake fans
- keep servers cool
- plug servers in UPS to ensure graceful shutdown
98
Q
reactive maintenance
A
- LED indicators on equipment indicate potential issues
- Error/beep codes
99
Q
DNS server root hints
A
allow for internet name resolution
100
Q
how to encrypt communications between web clients/server
A
- issue PKI certificate for web server
- install certificate on web server
- clients don’t need PKI certificate for secured web server traffic
