welcome to module to Lesson three, and this lesson will be looking at the SX I architecture.
You can see I've drawn out a lot of the components here,
So you want to be able to describe the different components in the architecture
and then be able to understand how a look at certain
features off the configuration,
as I mentioned yes, excited in a standard configuration, is free.
It has some nice features built in. It comes with a
certain access features disabled by default, assess age, for instance, or the SX I shell.
Those are disabled. So you out of the box, you get a system that's
configured for some level of security. That's a good thing.
But the software that runs on the actual host
can manage your memory
share your resource is
give you the ability to run and several different
storage media. For instance, I can stall the SX I on a local disc with within the host.
I couldn't start on a USB device.
I could even install us yes, acts I on a SD memory card,
So a lot of servers have SD memory card slots on the front, so you can actually have your entire host configuration on the car that you can hold in your hand.
Pretty neat feature.
some of the components I spoke about the last chapter. We have our free spirit client giving us access
center server itself
interacting with the host
our BC ally, the command line interface for doing scripting.
If you're doing development work, you can use the AP are the SDK application programming interface or the software development kit.
And then we also have
the simmer. See, I am for hardware management features.
And as we can see within the green box that comprises the host year, I've got several. VM is running
potentially 44 of them in this case
and this V mmm. You're probably wondering what that is.
And this is the virtual machine manager.
I'm sorry, virtual machine monitor.
And what that does is
looks for activity between the application, the guest OS
and the hyper visor, which is running on the physical host.
So the virtual machine monitor
translates helps to translate those instructions back and forth between the VM Colonel
and the hyper visor. Another name for that is the um, colonel,
that's typically what you'll reference on. We'll see why that matters. Because we can create Veum Colonel ports
with our virtual switches to allow for certain features like the motion and storage of emotion.
So your next couple of tasks then will be to
one thing will be to watch a video that I've put together for
exploring the direct counsel user interface, the D. C. Y.
is a very similar to what you would see if you were to cook up a consul to a physical server and turn it on?
It's a keyboard interface on Lee.
In the case of a physical host,
you have to go to the council to see the D. C. Y
in the video that I show before we do the lab.
I've actually got a virtual host, which means that I'm running psx eye on a virtual machine, which is on my physical host.
This is called a nested
these fair environment.
In that case, I could open the consul remotely and look at the D. C. Why in a window, instead of having a walk over to a screen
and physically log in
these here. Why has a lot of different features
that you explore in the lab and I'll show them in the video?
For instance, Weaken, set our root password
and you could even disallow the route to log into your host directly
That's a that's a topic for a more advanced class.
But lock down restricts people from logging in directly to the host that can only go through
approved methods through the center and so on to get access. So that gives you an extra layer of security
within the D. C. Wide. Once you build your host, you can also set your host name.
And there's a very easy to use men Ewing system
Again It's keyboard only. There's no mouse required, and you just need a very basic display. If you're using a physical host doesn't have to be high resolution.
I can set my I P address.
I can designate my Vienna server primary name server, secondary name server.
and TP. We'll see that in a different lab,
you could pick your keyboard layout, so if you're in the U. S, you would pick the English US option other countries you would choose accordingly.
There's a section for support info,
and this shows you things like your serial number of your server. Your *** SL thumbprint and other parameters that you would give to
of'em were support if you had to call in and identify your system in order to get a problem result.
We also have a facility for looking at system logs within the D. C. Live.
And this is really handy because
there could be a situation where you've lost connective ity to your host
through the normal methods like the V's Fear Client
And maybe you need to go to the host directly to look at the log files to find out why the problem is happening.
So we'll see in the video what
what the options are for. Looking at the system log or
the V p X a log, the agent log. We'll see what that matters.
There's also a troubleshooting section,
which lets you do things like restart your management agents.
For instance, if you make some changes to the networking configuration, you have to restart some of the configuration
when when the host restarts those service is
selects, um, some choices for your security profile
and the security profile has to do with what kind of access you want to allow for your host.
And then, lastly, in this module will talk about best practices for user account.
So going back to NTP NTP is a
a very good idea for lots of reasons.
So if I have two hosts
let's say they're, they're connected to the center.
As anyone who's managed physical computers knows that clock's on
even very expensive servers will drift over time.
Sometimes they slow down, sometimes they speed up.
So what, you end up with this situation where
you know one system thinks it's a 10:01 a.m.
Another system thinks it's
And you might think that well, 47
uh, seconds of time difference. What's the big deal?
Unfortunately, it is a big deal because certain applications are very sensitive to differences in time.
If, for instance, you were running a client server configuration,
certain applications will will notice at the time. At the client system is different in the time of the server system, and that could cause problems. That's one aspect of it.
correct time matching between these two hosts,
that means that my time stamps for all of my log entries are going to be different as well.
If I'm trying to do an investigation to find out why something's not working, how do I know if an event happens
10 10 and 40 seconds
and something happens a 10 ton
and 40 seconds on this host,
I might think those things happen the same time, but really they're 47 seconds apart. Do you see the problem?
is configure of the hosts to paly cute and T P Server
for best practices reasons. Typically, you want the MTP server to be inside your network.
You don't necessarily want to
You could do that, but there might be some security risks.
So typically within the security perimeter of the environment, you configure
the server on the Internet and then all of your internal systems point to this one.
That way you reduce the security risk,
and it means that all of your internal systems can be synchronized to the same clock, which is this server here.
And configuring Auntie P is very, very trivial. Not very difficult at all.
As we'll see in the lab, we also have to configure D N s.
You need to provide a primary and secondary name server.
In the case of the lab environment that I've built for this class,
I have a server 2012
that actually functions as the NTP server.
it effectively goes out to the Internet and gets its time. Source.
The 2012 server also functions as my active directory and domain controller.
So it's an a d. D. C. For those of you who are familiar with some of the Windows terminology Active directory in the Main Control.
And as we'll see in subsequent labs,
that gives me a lot of functionality because now I could use one virtual machine
act of the time source
control the domain that these hosts Aaron
the actual user accounts that are utilized
when we're accessing those those systems.
So as far as best practices for our controls, typically, we want to restrict root access
from getting directly to our host.
That's a good best practice for any kind of system.
Uh, maybe you allow you access on Lee from the console, in some cases
for the purposes off. Making
the are doing the labs for this course. I've left root access enabled
because it's facilitates building the infrastructure. Once everything is built, then you'd want to remove that access to tighten things down.
So the next lab lab number two,
what you'll be doing is getting connected to your host. Using the V Spear client,
you'll be looking at the hardware configuration
configuring the D. N s and routing will also be setting up the ante pea configuration to point to this server right here.
And then we'll be configuring the host to use directory service is which, in this case, is also this host
and the host. As you'll see it's name is Crux
kind of stands for a cross roads across.
All right, so let's go ahead and do Lab number two for Module two