System

1
System Network Administration

• Chapter 2 Server
• By Chang-Sheng Chen (20080304)

2
Contents of Chapter 2

• 2.1 The Basics
• 2.1.1 By Server Hardware for Servers
• 2.1.2 Vendors Known for Reliable Products
• 2.1.3 Does Server Hardware Really Cost More ?
• 2.1.4 Maintenance Contracts and Spare Parts
• 2.1.5 Data Backups
• 2.1.6 Servers Live in the Data Center
• 2.1.7 Same, Different, or a Stripped-Down OS on
  Clients

• 2.1.8 Remote Administration Access
• 2.1.9 Mirrored Root Disks
• 2.2 The Icing
• 2.2.1 Server Appliance
• 2.2.2 Redundant Power Supplies
• 2.2.3 Full and N1 redundancy
• 2.2.4 Hot-swap components
• 2.2.5 Separate Networks for Administrative
  Functions
• 2.3 Opposing View
• Many Inexpensive Workstations
• 2.4 Conclusion

3
2.1.1 Buy Server Hardware for Servers

• Systems sold as servers are different from
  systems sold as clients (or desktops).
• Server hardware usually costs more, but has
  additional features that justify the cost.
• More internal space
• More CPU performance
• High performance I/O
• More upgrade options (e.g., to add CPU, or
  replace individual CPUs with faster ones)
• Rack-mount efficient space utilization
• No side-access need

4
2.1.2 Vendors Known for Reliable Products

• Pick vendors that are known for reliability.
• Using Customer grade parts vs. MIL-SPEC
  parts
• Vendors with more experiences vs. little or no
  experiences
• Useful to talk with other SAs to find out which
  vendors they use and whom they avoid
• Environment can be homogeneous (all the same
  vendor or product line) or heterogeneous (man
  different vendors and/or product lines).
• Homogeneous maintenance and repair are easier
• Heterogeneous you are not locked into one
  vendor, and the competition between the vendors
  will result in better service to you

5
2.1.3 Does Server Hardware Really Cost More ?

• A server (hardware) cost more than a desktop
  computer ?
• Should be an apples-to-apples comparison
• Most vendors have several different product lines
• home, business and servers, etc.
• Home line
• focusing on being absolute cheapest initial
  purchase price
• Add-ons and expandability are available at higher
  cost
• Business
• Focusing on total cost of ownership
• The initial purchase prices will be higher, but
  it should take longer to become obsolete.
• Server
• Focusing on having the lowest cost per
  performance (i.e., price/performance ratio)

6
2.1.4 Maintenance Contracts (????) and Spare
Parts (??)

• When purchasing a server, one should also
  consider how repairs will be handled.
• For example, on-site service with 4-hour response
  time, 12-hour response time, or next-day options,
  etc.
• Other options include having the customer
  purchase a kit of spare parts and receive
  replacements when a spare parts gets used.
• There is a trade-off between stocking spares and
  having a service contract.
• Small site vs. large site
• Outsourcing (??, Sec. 14.2.2 and Sec. 25.1.8)
• Service Contracts are reactive (????) repairs,
  rather than proactive (??) solutions

7
2.1.5 Data Backup (more details in Ch. 21)

• Servers have critical data and unique
  configurations that must be backed up.
• In theory, clients often are not backup.
• However, people will always store some data on
  their local machines, software will be installed
  locally, and OSs will store some configuration
  data locally.
• In short/reality, it is impossible to prevent
  this on Windows platforms.

8
2.1.6 Servers should live in the Data Center

• Servers should live in an environment with proper
  power, fire protection, networking, and so on.
• Some entire companies are not large enough to
  have data centers.
• However, everyone should have a dedicated room or
  closet with the bare minimums physical security,
  UPS (many small ones if not one large one), and
  proper cooling

9
2.1.8 Remote Administration Access

• SAs need to work in an environment that maximizes
  their productivity.
• Servers need to be maintained remotely.
• Machine rooms (cold, cramp, etc.) are optimized
  for machines, not for human.
• Remote access to servers provides cost saving and
  improves safety.
• Space saving (keyboards, monitors, etc.)
• As SAs packed more into their machine rooms,
  many started consolidating these consoles.
• Serial port Console Server or Serial Consolidator
  
• Cf. Remote Access Server (Console Server for
  Networking Switches and/or Routers)
• KVM ( Keyboard, Video, Mouse) switch for PCs

10
Remote Administration Access (cont.)

• Monitor room temperature to Detect Traffic.
• It is a bad habit to keep leaving the machine
  room door open.
• Security implications must be considered when you
  have a remote console.
• Console systems should have properly considered
  authentication and privacy systems.
• For example, you might permit access to the
  console system only via encrypted channel, such
  as secure shell (SSH), or SSL, and insist on
  authentication by a one-time password system such
  as handheld authenticator.

11
2.1.9 Mirrored Root Disks

• When purchasing a server, it is often useful to
  consider RAID solutions to maintain data
  integrity.
• Redundant Array of Inexpensive Disks
• If disaster strikes ( a physical problem or human
  error), one can return to previously known-good
  state.
• Hardware RAID vs. Software RAID
• Performance, as a Boot disk ?
• Two ways to mirror a system
• loosely-coupled vs. tightly-coupled approach
• RAID level 1 mirror mode
• Remarks
• A RAID protects against hardware failure, it does
  not protect against software or human error.
• Even mirrored Disks Need Backup (e.g., to
  recovery from software errors)

12
2.2 The Icing-2.2.1 Server Appliances

• An appliance is a device designed specially for a
  particular task.
• E.g., dedicated router/switch, file server
  appliance, e-mail appliances, web appliances, DNS
  appliances, etc.
• A server appliance brings years of experience
  together in one box.
• Physical hardware of a server requirements, plus
  the system engineering and performance tuning
• Software assembling various packages and
  providing a single, unified administration
  interface.
• Purchasing an appliance (e.g., e-mail appliance)
  can free SAs to focus on other tasks.
• Appliances also let organizations without that
  particular expertise to gain access to
  well-designed systems.

13
2.2 The Icing- 2.2.2 Redundant Power Supplies

• N1 redundancy
• The system can be operational if one power supply
  is not functioning.
• Each power supply should have separate power cord
  for at least three reasons
• First, the most common problem power cord being
  kicked out accidentally
• Second, a device must be moved to a different
  power strip, UPS, or circuit.
• Finally, for very-high-availability systems, each
  power supply should draw power from a different
  source, such as separate UPSs.

14
2.2 The Icing (cont.)

• 2.2.3 Full and N1 Redundancy
• N1 Redundancy systems that one of any
  particular components can fail, yet the system is
  still functional.
• Full Redundancy (typical model)
• Primary set of hardware running
• Secondary set of hardware idle waiting,
  failed-over
• Full Redundancy (other minor model)
• Load-sharing (i.e., each fully operational,
  having enough capacity)
• 2.3.5 Separate Networks for Administration
  Functions
• Backup
• Monitoring
• Facilitating SA access

15
2.2 The Icing (cont.)- 2.2.4 Hot-swap components

• The first benefit new components can be
  installed while the system is running
• The real benefit of hot-swap parts is during a
  failure (i.e., N1 redundancy)
• Hot-swappable components increase the cost, when
  is the additional cost be justified ?
• Two key questions while purchasing hot-swappable
  systems
• Which parts are hot-swappable ?
• For example, Router/switch ( NIC, CPU, etc.),
  RAID, etc.
• How and for how long is service interrupted when
  the parts are being hot-swapped ?
• RAID degrade while rebuilding data

16
Appendix

• Background - Internet Applications
• Networking Troubleshooting Process
• Case Study E-mail delivery errors of NCTU-course
  portal

17
Background - Internet Applications
18
Networking Troubleshooting Process
SMTP Filtering
Router/Switch Filtering
DNS Filtering
SMTP_a
Client
Router_a
DNS_a
SMTP Filtering
Router/Switch Filtering
DNS Filtering
SMTP_b
Router_b
DNS_b
19
Port-scanning summary on DNS servers of neighbor
sites
20
???? DNS server ????- Sample scenario

• 2000 ?, ????????, ????? DNS servers
• ??, ????, ??????? server
• ? server-A ? security hole, ??????
• ???, ????? server-A, ????????
• ???????? abuse, postmaster ???????, ????? root
  mail ??????
• ????, ?????????????????? e-mail
• ???? router ????, ?????????? DNS ??
• ????? (??)

21
Multiple outgoing paths and distributed DNS
Layer-1
Layer-2
ISP-1
.com
Internet

• DNS
• Server
• farm

• DNS
• server

• Ordinary
• client

.arpa

• Caching-only

Others
SMTP
www, proxy
ISP-2
22
Discussion

• Cisco 7609 vs. 6509
• IBM servers vs. ASUS servers
• Made in USA, China, etc.