Lesson 3 - ESXI Architecture
Video Activity
Lesson 3 ESXI Architecture This lesson examines ESXI architecture. ESXI comes with a firewall and is a system configured for some level of security. The ESXI Architecture consists of the following: vSphere client vCenter server VCLI (scripting) vSphere API/CDR CIM Participants learn step by step instructions on how to configure an NTP server to con...
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
Lesson 3 ESXI Architecture This lesson examines ESXI architecture. ESXI comes with a firewall and is a system configured for some level of security. The ESXI Architecture consists of the following:
-
vSphere client
-
vCenter server
-
VCLI (scripting)
-
vSphere API/CDR
-
CIM
Participants learn step by step instructions on how to configure an NTP server to control the domain host are in and create a secure environment.
Video Transcription
00:04
welcome to module to Lesson three, and this lesson will be looking at the SX I architecture.
00:10
You can see I've drawn out a lot of the components here,
00:14
So you want to be able to describe the different components in the architecture
00:19
and then be able to understand how a look at certain
00:23
features off the configuration,
00:28
as I mentioned yes, excited in a standard configuration, is free.
00:33
It has some nice features built in. It comes with a
00:36
firewall.
00:37
It has
00:39
certain access features disabled by default, assess age, for instance, or the SX I shell.
00:45
Those are disabled. So you out of the box, you get a system that's
00:49
configured for some level of security. That's a good thing.
00:54
But the software that runs on the actual host
00:58
can manage your memory
01:00
share your resource is
01:00
give you the ability to run and several different
01:07
storage media. For instance, I can stall the SX I on a local disc with within the host.
01:12
I couldn't start on a USB device.
01:17
I could even install us yes, acts I on a SD memory card,
01:22
So a lot of servers have SD memory card slots on the front, so you can actually have your entire host configuration on the car that you can hold in your hand.
01:29
Pretty neat feature.
01:32
But if you look at
01:34
some of the components I spoke about the last chapter. We have our free spirit client giving us access
01:40
center server itself
01:42
interacting with the host
01:45
our BC ally, the command line interface for doing scripting.
01:49
If you're doing development work, you can use the AP are the SDK application programming interface or the software development kit.
01:57
And then we also have
01:59
the simmer. See, I am for hardware management features.
02:04
And as we can see within the green box that comprises the host year, I've got several. VM is running
02:10
potentially 44 of them in this case
02:13
and this V mmm. You're probably wondering what that is.
02:16
And this is the virtual machine manager.
02:21
I'm sorry, virtual machine monitor.
02:23
And what that does is
02:24
looks for activity between the application, the guest OS
02:30
and the hyper visor, which is running on the physical host.
02:35
So the virtual machine monitor
02:37
translates helps to translate those instructions back and forth between the VM Colonel
02:43
and the hyper visor. Another name for that is the um, colonel,
02:46
that's typically what you'll reference on. We'll see why that matters. Because we can create Veum Colonel ports
02:53
with our virtual switches to allow for certain features like the motion and storage of emotion.
03:00
So your next couple of tasks then will be to
03:06
one thing will be to watch a video that I've put together for
03:09
exploring the direct counsel user interface, the D. C. Y.
03:15
So, do you see why
03:17
is a very similar to what you would see if you were to cook up a consul to a physical server and turn it on?
03:24
It's a keyboard interface on Lee.
03:28
In the case of a physical host,
03:30
you have to go to the council to see the D. C. Y
03:34
in the video that I show before we do the lab.
03:38
I've actually got a virtual host, which means that I'm running psx eye on a virtual machine, which is on my physical host.
03:46
This is called a nested
03:49
these fair environment.
03:53
In that case, I could open the consul remotely and look at the D. C. Why in a window, instead of having a walk over to a screen
03:59
and physically log in
04:00
these here. Why has a lot of different features
04:02
that you explore in the lab and I'll show them in the video?
04:06
For instance, Weaken, set our root password
04:11
and you could even disallow the route to log into your host directly
04:16
by using
04:17
ah, lock down mode.
04:19
That's a that's a topic for a more advanced class.
04:24
But lock down restricts people from logging in directly to the host that can only go through
04:30
approved methods through the center and so on to get access. So that gives you an extra layer of security
04:39
within the D. C. Wide. Once you build your host, you can also set your host name.
04:44
And there's a very easy to use men Ewing system
04:47
Again It's keyboard only. There's no mouse required, and you just need a very basic display. If you're using a physical host doesn't have to be high resolution.
04:57
I can set my I P address.
05:00
I can designate my Vienna server primary name server, secondary name server.
05:06
You can also, uh,
05:09
designate
05:11
and TP. We'll see that in a different lab,
05:14
you could pick your keyboard layout, so if you're in the U. S, you would pick the English US option other countries you would choose accordingly.
05:21
There's a section for support info,
05:25
and this shows you things like your serial number of your server. Your *** SL thumbprint and other parameters that you would give to
05:31
of'em were support if you had to call in and identify your system in order to get a problem result.
05:39
We also have a facility for looking at system logs within the D. C. Live.
05:43
And this is really handy because
05:46
there could be a situation where you've lost connective ity to your host
05:48
through the normal methods like the V's Fear Client
05:51
or the Web client.
05:55
And maybe you need to go to the host directly to look at the log files to find out why the problem is happening.
06:01
So we'll see in the video what
06:04
what the options are for. Looking at the system log or
06:08
the V p X a log, the agent log. We'll see what that matters.
06:13
There's also a troubleshooting section,
06:15
which lets you do things like restart your management agents.
06:18
For instance, if you make some changes to the networking configuration, you have to restart some of the configuration
06:24
parameters
06:26
so they get updated
06:28
when when the host restarts those service is
06:32
we can also
06:33
selects, um, some choices for your security profile
06:38
and the security profile has to do with what kind of access you want to allow for your host.
06:44
And then, lastly, in this module will talk about best practices for user account.
06:51
So going back to NTP NTP is a
06:55
a very good idea for lots of reasons.
07:01
So if I have two hosts
07:06
and
07:08
let's say they're, they're connected to the center.
07:13
As anyone who's managed physical computers knows that clock's on
07:18
even very expensive servers will drift over time.
07:23
Sometimes they slow down, sometimes they speed up.
07:26
So what, you end up with this situation where
07:30
you know one system thinks it's a 10:01 a.m.
07:33
and three seconds.
07:36
Another system thinks it's
07:39
10 01
07:41
and
07:42
50 seconds.
07:44
And you might think that well, 47
07:46
uh, seconds of time difference. What's the big deal?
07:50
Unfortunately, it is a big deal because certain applications are very sensitive to differences in time.
07:57
If, for instance, you were running a client server configuration,
08:01
certain applications will will notice at the time. At the client system is different in the time of the server system, and that could cause problems. That's one aspect of it.
08:11
Another aspect is
08:13
if I don't have
08:15
correct time matching between these two hosts,
08:18
that means that my time stamps for all of my log entries are going to be different as well.
08:24
If I'm trying to do an investigation to find out why something's not working, how do I know if an event happens
08:30
at
08:31
10 10 and 40 seconds
08:35
on this host
08:35
and something happens a 10 ton
08:39
and 40 seconds on this host,
08:41
I might think those things happen the same time, but really they're 47 seconds apart. Do you see the problem?
08:46
So what we could do
08:50
is configure of the hosts to paly cute and T P Server
08:54
for best practices reasons. Typically, you want the MTP server to be inside your network.
09:01
You don't necessarily want to
09:03
to go out
09:05
to the Internet
09:07
2 20 p server.
09:11
You could do that, but there might be some security risks.
09:13
So typically within the security perimeter of the environment, you configure
09:20
A and T P server
09:22
to get its time
09:26
the server on the Internet and then all of your internal systems point to this one.
09:30
That way you reduce the security risk,
09:31
and it means that all of your internal systems can be synchronized to the same clock, which is this server here.
09:41
And configuring Auntie P is very, very trivial. Not very difficult at all.
09:46
As we'll see in the lab, we also have to configure D N s.
09:50
You need to provide a primary and secondary name server.
09:54
In the case of the lab environment that I've built for this class,
09:58
I have a server 2012
10:03
virtual machine
10:07
that actually functions as the NTP server.
10:11
So
10:13
it effectively goes out to the Internet and gets its time. Source.
10:18
The 2012 server also functions as my active directory and domain controller.
10:26
So it's an a d. D. C. For those of you who are familiar with some of the Windows terminology Active directory in the Main Control.
10:33
And as we'll see in subsequent labs,
10:37
that gives me a lot of functionality because now I could use one virtual machine
10:41
act of the time source
10:43
control the domain that these hosts Aaron
10:46
and control the
10:48
the actual user accounts that are utilized
10:52
when we're accessing those those systems.
10:54
So as far as best practices for our controls, typically, we want to restrict root access
11:01
from getting directly to our host.
11:03
That's a good best practice for any kind of system.
11:07
Uh, maybe you allow you access on Lee from the console, in some cases
11:13
for the purposes off. Making
11:15
the are doing the labs for this course. I've left root access enabled
11:20
because it's facilitates building the infrastructure. Once everything is built, then you'd want to remove that access to tighten things down.
11:28
So the next lab lab number two,
11:31
what you'll be doing is getting connected to your host. Using the V Spear client,
11:37
you'll be looking at the hardware configuration
11:39
configuring the D. N s and routing will also be setting up the ante pea configuration to point to this server right here.
11:48
And then we'll be configuring the host to use directory service is which, in this case, is also this host
11:56
and the host. As you'll see it's name is Crux
12:01
kind of stands for a cross roads across.
12:07
All right, so let's go ahead and do Lab number two for Module two
Up Next
Similar Content
