ITSS Hardware and infrastructure Study guide

Data Center

Large warehouses that store servers, storage, network, and various communication equipment used to manage IT operations. This acts as a support for an organization.

Servers

Run applications, process data and host websites or databases

Storage Equipment

Allows for the retrieval and deposit of data

Networking Equipment

Allows data flow between devices

Firewalls

A method of monitoring data traffic and can help protect against cyber attacks.

Support Infrastructure

Methods of making sure the data center is secure and operational; this includes Generators, Uninterruptible power supply, CCTV Camera, access controls, HVAC, and an operation staff.

Enterprise Data Center

Owned, built, and operated by the company. Allowing for more control and security, however, it is expensive to maintain and is limited in scalability.

Cloud-Based Data Centers

Operated over the internet and built using a CSP allows for on demand scalability, additionally, you can pay as you recieve service and can access from anywhere. However, if the internet fails then there's no service.

Colocation Data Center

Clients can rent out space for storage and the provider is responsible for maintaining the infrastructure. Usually more affordable, however, one needs to travel for access.

Managed Service Data Centers

Operated by a third party for a Company which can help reduce operational costs/burden, however, it's less flexible.

Data Center Design

Determining the business objectives and receiving consults to coordinate with the IT and Facility teams. Needing to consider Location, access, water and fuel, and safety.

ANSI/TIA-942

Telecommunications Infrastructure Standard for Data Centers

Uptime Institute Tiers

Levels of redundancy, availability, and fault redundancy

ISO/IEC 22237

International standard for data centers

ASHRAE TC9.9

Thermal and cooling management guidelines

BICSI 002

Best practices for data centers design and implementation

Availability

refers to the the actual time the data center is operational

Uptime

total time the data center is operational

Downtime

the total time the data center is not operational

Reliability

the ability for a data center to operate without interruptions

Redundancy

A backup to prevent or decrease downtime

N+1, 2N, 2N+1

A system used to determine the degree of redundancy

Preventive Maintenance

consistent check ins to prevent hardware failure; avoids wear and increases hardware life

Scheduled Maintenance

Set intervals to check on equipment regardless of condition

Predictive Maintenance

check ins are done to based on conditions of hardware and predicting failure based on data

CapEx (Capital Expenditure)

Costs associated with assets of the data center that are required for completion or militainment. Usually these are one time costs.

OpEx (Operational Expenditure)

Cost associated with running the data center on a daily basis. Usually reoccuring costs

Top-Down estimate cost

Uses data from past projects to estimate current project costs; estimates are quick but less accurately

Bottom-up estimate cost

Adds costs from individual components and tasks; takes longer for estimates but is more accurate

Parametric estimate cost

Uses past data and statistical models to estimate costs

Three-point estimate cost

Make 3 different estimates - an optimistic, pessimistic, and a most likely.

TCO (Total Cost of Ownership)

the cost of the data center throughout it's life time

ROI (Return on Investment)

Financial gain from investing into a data center

Payback Period

Encryption

converting data into a coded message using algorithms and keys

Plain Text

data before encryption

Ciphertext

Data after encryption

Stateful Packet Inspection

ensures that data packets received in response to internal request are permit

Data Confidentiality

Only authorized parties can access data

Data Integrity

Ensures that data hasn't been modified and comes from a trusted source

Data Availability

Ensures that data is accessible whenever

Data at rest

Data that is stored and encrypted

Data in Transit

Data that is in transit is also encrypted

Intrusion Detection System (IDS)

Detect or block suspicious traffic

Network Segmentation

A security technique that divides the network into segments

Principals of Least Privilege

a user is granted only the minimum permissions to do the job

Defense in Depth

using multiple overlapping security controls to protect a system

Seperation of Duties

critical tasks should be done by at least 2 people to prevent the compromise of a system

Zero Trust Model

Security model that treats everyone as a threat and consistently verifies.

Authentication

being able to prove identity

Authorization

resources used to prove their identification

Accounting

tracking the actions of the user

Something you are

fingerprints, retinal patterns, hand geometry

Something you have

ID badge, swipe card, OTP

Something you Know

passwords, account logon identifiers

Identify Federation

Allows customers to retain their on-premise credentials to access from cloud services from CSP

SSO (Single Sign-On)

Allows users to log in only once to access multiple applications

Discretionary Access Control (DAC)

the data owner decides who has permissions to the data

Mandatory Access Control (MAC)

Permissions are controlled by central authority and requires security labels

Role-Based Access Control (RBAC)

Permissions are tied to their job and do not receive more data than needed

Vulnerability scanning

process of discovering flaws or weaknesses in systems and applications by gathering information and attacking your own system to figure out weaknesses

Penetration testing

Attacking a system as if it was an outsider to document what attacks were successful, how the system was exploited, and how which vulnerabilities were utilized

Virtual firewall appliance (vFA)

Performs traffic filtering at the perimeter of the VPC

Network ACLs

specifies what traffic is allowed in and out of subnets

Security Groups

Control traffic to and from the individual VMs

Identity and Access Management (IAM)

Constantly making sure that there is no unauthorized users that can reach the data

Data protection

Enforce encryption whether the data is at rest or in transit

Monitoring and logging

Check user activity and identify who performed which action and monitoring solutions in a cloud environment

Compliance requirement

Organizations make sure their CSP can meet their data locality, privacy and security

Security testing and audit

Organizations must constantly check their system to make sure that their systems are not vulnerable

Multitenancy

an type of architect that CSP use where cloud users share resources without knowledge of one another

Vendor Lock-in

Reliance on proprietary software or tech that prevents organizations from adopting new forms of tech/software easily or without significant costs

Economies of scale

the relationship between the unit cost and the production volume

Organizational Agility

the ability for a business to adapt to new changes quickly in the market.

Vertical Scaling

Adding more resources to a server such as memory and processing power

Barrier to entry

the obstacles for a company to be competitive in a market

Microservices-based application

a type of architecture that breaks down applications into loosely coupled services that interact

Cloud Computing

An on demand delivery method of servers, storage, databases, apps, and other IT resources as a service

On-demand self-service

Users can automatically access resources as needed without needing human interaction

Broad Network access

Access to resources is available via end devices

Resource pooling

The CSP pools resources to server multiple people

Rapid Elasticity

Resources are able to be accessed or released to match demand

Measured service

Resource use is monitored, controlled and reported allowing for full transparency between the provider and consumer.

Public Cloud Deployment Model

Generally used for the public, it offers services via the internet and is very scalable and cost effective. Enterprises tend to not be in control of this data.

Private Cloud Deployment Model

Exclusively for a single organization and infrastructure is owned and managed by the organization. This method allows for better control and security of data but is more expensive and requires more expertise.

Hybrid Cloud Deployment Model

This method enables sensitive data to be sent through a private cloud and less sensitive data through a public cloud. This method is harder to manage but allows for better business alignment.

cloud bursting

When a private cloud's resources are exceeded it uses resources from the public cloud

Community Cloud Deployment Model

Infrastructure used by multiple organizations with shared concerns, usually owned by all the organizations involved

IaaS (Infrastructure as a Service)

allowing fundamental hardware resources to be used by system admins

SaaS (Software as a Service)

ready to use applications hosted in the cloud for end users

PaaS (Platform as a Service)

allows developers to make, test, and deploy applications over the cloud and not worry about infrastructure

Greatest barrier to entry for startups? What cloud deployment model should they use?

Capital and public cloud to reduce costs

What deployment cloud model should small to medium sized use?

These types of businesses might prefer hybrid clouds to have their sensitive data in a private cloud and less sensitive data in a public cloud

What type of deployment model should enterprises use?

Since enterprises usually have customers around the world, they are capable and SHOULD prefer private cloud models.

Rehosting (Lift and Shift)

Deploying all on-premise applications into an IaaS environment

Re-platforming

Optimizing the application without changing the core architecture

Repurchasing

Investing a transitioning into a cloud-native application

Re-architecting

Changing the core of the application to achieve better performance, scale, agility, and/or new features

Service Level Agreement (SLA)

Ensuring adequate availability of resources for everyone involved

Metadata

gives and stores information about data