Virtualisation concepts, Active Directory(AD) explained, Domain Name System(DNS), Group Policy Objects(GPO), Operating system basics

WK02 C229 Cloud Computing Essentials

What is the primary purpose of Active Directory (AD)?

AD's main purpose is to provide authentication and authorization for users accessing network resources. It acts as a centralized database for user accounts, passwords, and other network information.

How does a hypervisor enable virtualization?

A hypervisor is software that abstracts the underlying server resources. It pools these resources, controls how they are accessed by Virtual Machines (VMs), and allocates resources to each VM as needed, allowing multiple VMs to run on a single physical machine.

Explain the concept of "isolation" in the context of virtualization.

Isolation in virtualization refers to the ability of VMs to be independent of each other. This provides fault and security isolation at the hardware level, meaning a problem or security breach in one VM does not typically affect other VMs on the same host.

What is a Domain Controller (DC) and what is its function within an AD domain?

A Domain Controller is a server that hosts an AD domain. It manages all the centralized directory information for its domain, including user accounts, passwords, and group memberships, and supports administrative functions like authentication and trust relationships.

Describe the difference between Local Policy and Group Policy settings in a Windows environment.

Local Policy settings apply to the individual computer and are the first policies processed. Group Policy settings are applied through Active Directory and can apply to sites, domains, or organizational units, overriding local policy settings in the processing hierarchy.

How is a Globally Unique IDentifier (GUID) used in Active Directory?

A GUID is a 128-bit identifier assigned to each object in Active Directory to ensure it is uniquely identifiable. The GUID remains with the object even if it is renamed or moved within the forest.

What is the purpose of Organizational Units (OUs) within an Active Directory domain structure?

OUs are containers within a domain that are used to group objects for administration, such as applying Group Policies or delegating authority. They allow for a hierarchical structure within the domain.

In the context of Group Policy processing, what does the acronym LSDOU represent?

LSDOU represents the order in which Group Policies are processed: Local Policy, Site Policy, Domain Policy, and Organizational Unit Policy. Policies processed later in the hierarchy override those processed earlier.

Where are Group Policy Object (GPO) instances stored in Active Directory?

GPO instances are stored as groupPolicyContainer instances within a single container in Active Directory located at CN=Policies, CN=System, dc=<organization’s domain components>.

What is the default refresh interval for Group Policies on Windows workstations and member servers?

By default, Windows workstations and member servers refresh their Group Policies every 90 minutes. A random offset interval, up to 30 minutes, is added to avoid all machines refreshing simultaneously.

Active Directory (AD):

A database and set of services developed by Microsoft that connects users with the network resources they need. Its main purpose is to provide authentication and authorization.

Client/Desktop OS

An operating system designed primarily for a single user, typically used on personal computers and workstations.

Domain Controller (DC):

A server that hosts an Active Directory domain and manages the centralized directory information for that domain.

Domain Name System (DNS)

A hierarchical and decentralized naming system for computers, services, or any resource connected to the Internet or a private network. While mentioned in the learning objectives, this specific document does not provide a detailed definition or explanation.

Directory Services Recovery Mode (DSRM)

A special boot mode for a Windows Server acting as a Domain Controller that allows administrators to perform maintenance and recovery operations on the Active Directory database.

Encapsulation (Virtualization)

The property of a Virtual Machine (VM) where its entire state is saved to files, allowing the VM to be moved or copied to other host machines.

Forest (Active Directory)

A collection of one or more Active Directory domains that share a common logical structure, global catalog, schema, configuration, and automatic two-way transitive trust relationships.

Globally Unique IDentifier (GUID)

A 128-bit unique identifier assigned to each object in Active Directory.

Group Policy Object (GPO)

A collection of policy settings used to configure user and computer settings within a Windows domain, applied to sites, domains, or organizational units.

Hardware Independence (Virtualization)

The property of Virtual Machines (VMs) where they are not tied to specific physical hardware, allowing for greater flexibility and portability.

Host Machine/Physical Host

The physical server or machine that hosts the hypervisor and runs the virtual machines.

Hypervisor

Software that enables virtualization by abstracting underlying server resources and managing the allocation of these resources to Virtual Machines.

Isolation (Virtualization)

The property of Virtual Machines (VMs) that provides fault and security separation, ensuring that issues in one VM do not affect others on the same host.

LDAP (Lightweight Directory Access Protocol)

A lightweight protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Active Directory is Microsoft's implementation of an LDAP server.

Local Policy

Security and configuration settings applied to an individual computer, processed first in the Group Policy processing hierarchy.

LSDOU

An acronym representing the processing order of Group Policies: Local, Site, Domain, and Organizational Unit.

Network Virtualization

The process of combining hardware and software network resources into a virtual network, presenting logical networking devices and services to workloads.

Organizational Unit (OU)

A container within an Active Directory domain used to group objects for administrative purposes like applying Group Policies or delegating authority.

Partitioning (Virtualization): The property of a Virtual Machine (VM) that allows it to run multiple operating systems and divide system resources among them.

Relative Distinguished Name (RDN)

The name of an object within its parent container in Active Directory

Server OS

An operating system designed to provide concurrent access and services to multiple clients, typically running on powerful and dedicated hardware with high uptime requirements.

Server Virtualization

A type of virtualization that decouples physical server hardware from the operating system, allowing multiple virtual servers to run on a single physical machine.

Site Policy

Group Policy settings applied to Active Directory sites, less commonly used than domain or OU policies.

Virtual Desktop Infrastructure (VDI)

A type of desktop virtualization that hosts desktop operating systems and applications on centralized servers, allowing users to access them remotely.

Virtual Machine (VM)

A software representation of a physical computer that can run its own operating system and applications, independent of other VMs on the same host.

Virtualization

Technology that decouples physical hardware from the computer operating system, enabling the creation and running of multiple virtual instances of hardware and operating systems on a single physical machine.

VM Sprawl

A potential disadvantage of virtualization where the number of Virtual Machines becomes unmanageable without proper change management processes, leading to unmanaged or "orphan" VMs.