Guide Examen Infra Télecom PDF
Document Details
Uploaded by UnaffectedHeather6406
Cégep
Tags
Summary
This document is a guide on network infrastructure, covering various topics in telecommunications. It details virtual local area networks, subnet masking, routing protocols, and server services such as DHCP, DNS, NTP, and others.
Full Transcript
## GUIDE EXAMEN INFRA ### Télecom **Virtual Local Area Network (Reseau local virtual)** Technology for managing the network and dividing a local network into multiple logical segments. **Advantages:** - Isolation of traffic between different groups. - Control, limitation of packet diffusion between...
## GUIDE EXAMEN INFRA ### Télecom **Virtual Local Area Network (Reseau local virtual)** Technology for managing the network and dividing a local network into multiple logical segments. **Advantages:** - Isolation of traffic between different groups. - Control, limitation of packet diffusion between devices on the same VLAN. - Security. - Traffic optimization. **Variable Length Soubnet Masking (Masque de sous-réseau de longueur variable)** Technique that allows a network to be divided into subnets of different sizes. **Advantages:** - More efficient use of available addressing. **Default Routing** Technique for specifying the default path that a packet should follow. **Ether Channel (Port Channel)** Cisco technology that allows for multiple physical Ethernet links between two switches to form a single high bandwidth link. **Advantages:** - Fault tolerance. ### Services divers des serveurs (DHCP, DNS, NTP, IIS, FTP, etc) **Port (TCP-Transmission Control Protocol):** A mechanism that allows communication between applications on remote devices. A protocol within the TCP/IP suite that guarantees reliable and ordered communication between computer systems. Guarantees the complete and ordered arrival of packets. **Port (UDP-User Datagram Protocol):** Communication that is neither reliable nor ordered, no guarantee of order or integrity of packet arrival. Used for applications that require faster communication, even if it's less reliable (continuous video or music over the internet). **Small Note:** The UDP protocol is often preferred in applications where latency must be minimized. **DHCP-Dynamic Host Configuration Protocol:** Dynamically assigns IP addresses and sends the necessary configuration information for the device to operate on the network: - Port UDP 67: Used by clients to request configuration. - Port UDP 68: Used by the server to respond to client requests. ### DNS-Domain Name System: Translates domain names into IP addresses. - Port TCP/UDP 53 ### NTP-Network Time Protocol: Provides accurate time to devices on the network. Very important for user authentification, financial transaction applications or logging. - Port UDP 123 ### IIS-Internet Information Services: Used to host websites and provide web services on the internet or on local networks. - Port TCP 80: For non-secure HTTP connections (Port TCP 8080 for alternative connections). - Port TCP 443: For secure HTTPS connections. ### FTP-File Transfer Protocol: Allows file transfer between computers. - Port TCP 21: For connection control (commands). - Port TCP 20: Active mode, for data transfer. ### SSH-Secure Shell: Secure communication protocol. Provides an encrypted connection between a client and a server. - Port TCP 22 ### RDP-Remote Desktop Protocol: Communication protocol developed by Microsoft. - Port UDP 3389 ### Server RDP (Server de bureau à distance): Software that manages incoming RDP connections. Allows users to connect to remote desktop sessions on a computer or server. ### SMTP-Simple Mail Transfer Protocol: Mail server used for sending emails. - Port TCP 25. - Port TCP 587: For encrypted email transmissions, uses the SMTPS protocol. ### IMAP-Internet Message Access Protocol: Server that stores and manages emails on the mail server. Allows users to access and manage their emails directly on the server, without downloading them to their device. - Port TCP 143 ### POP3-Post Office Protocol version 3: Used to retrieve emails, download them locally and delete them from the server. - Port 110 ### SNMP-Simple Network Management Protocol: Communication protocol used to monitor and manage network equipment. - Port UDP 161 ### SQL Servers: Software to store, manage and provide access to relational databases. ### Controllers de domaines, physiques et virtuels (avantages pour chacuns) #### AD (Contrôleur de domaine): LDAP directory service. The primary goal is to provide centralized authentication and authorization services to a network. #### Group Policy Objects (GPO-Group Policy Objets- Gestion des stratégies de groupe) Manages user and computer configuration settings in a centralized way. Within the group policy management editor, create the GPO, configure the parameters, link the GPO (domain, OU or group) and update (gpupdate). #### Objects: - OU, computers, users. #### Groups (types of scopes): - **Local:** Users of the domain, only located in the resources of the domain. Lists domain elements. - **Global:** Mainly used to assign rights to domain resources. Includes users, global or universal groups from all domain. - **Universal:** Allows inclusion of groups and users from other domains. #### Advantages of a physical domain controller: - Physical isolation: Additional security in case of problems or outages. - Better hardware performance. - Management can be simpler. #### Advantages of a virtual domain controller: - Sharing hardware resources. - Easier deployment, movement or cloning (flexibility). - Improved disaster recovery features. #### Rights Management: - Managed from the AD, not locally. - Assign only the necessary rights to network resources. - Prioritize granting rights to groups. - NTFS authorization only for local users. **Shared Folder Creation:** Creates a shared folder with multiple files for a particular service. **Permissions:** Multiple permissions exist for files, folders and subfolders. Users can have: - **Full Control:** Modify, add, delete, move and delete files and directories. Authorization can be modified for files and subfolders. - **Modify:** View and modify. Delete and add files to a directory or file properties. - **Read & Execute:** Read and execute scripts. - **Read:** View. - **Write:** Write to files and add files into the directories. **Quotas:** Allows for files and storage management. Serves as a role that needs to be added with server management options, to set file and storage services. **Network Drive Mapping:** Maps a shared network drive to a folder on a computer. The shared drive needs to be mapped. This is done by creating a GPO, modifying the GPO (user configuration, preferences, Windows settings and drive mapping, right click new and mapped drive). ### Physical and virtual servers and virtualization VMware and Hyper-V - **rout print:** command used to check routing and connection, if available. - **tracert google.com** or **tracert 8.8.8.8:** command used to check connectivity. - **Jumppoint:** Servers for network management tools. These are accessible from Windows or Linux servers and can be used to manage a wide variety of IT tasks. - **HTTPS:** Secure web protocol used to connect to Jumppoint. ### Hypervisors (VMware, ESXi, Microsoft Hyper-V Server): #### Hypervisor type 1 (bare-metal) IN CORPORATIONS: Runs directly on the physical hardware of a computer, without requiring a host operating system. It manages hardware resources directly and allocates these resources to virtual machines. It offers the best performances and isolation because there is no intermediate operating system. #### Hypervisor type 2 (hosted): Runs on an existing host operating system, such as Windows, MacOS, or Linux.Performance is not as good. **NOTE:** To connect one or more virtual machines to the network, the network interface cards need to be connected. The administrator can decide whether or not to connect virtual cards to the physical network, or to connect a physical network card to the virtual. **Cloud computing Azure (Microsoft technologies and services)** -Azure is a cloud computing platform from Microsoft that offers numerous services, such as: calculation, storage, network, databases, analytics, artificial intelligence and application development. - Azure backup: Reliable, economic and secure. Scales automatically, with unlimited retention time. #### Azure backup configuration steps: - Create a recovery vault. - Create a backup strategy, then implement it on the machines to which the backup will apply. - Create a backup task (apply the defined configuration to the machines). #### Types of Azure backups: - *Instant restore:* A recovery point. - *Virtual machine restore:* Requires a storage account for temporarily saving the last backup of the machine. - **Overwrite:** Restores a virtual machine in place of the existing one. - **Rename:** Restores the virtual machine under a new name (not assigning it to the original machine). - **File restore:** Select the appropriate recovery point, download the executable file to your local computer. This will create a local drive in your computer, giving you access to the content the virtual machine's C drive. Find the desired file and save it to your machine. Don't forget to unmount the drives from the machine that you're using (option available in the Azure portal). - **Note:** If you have a large number of files you need to restore, Windows recommends restoring the whole machine. - **Data Encryption AE256 with HTTPS connection.** The secret decryption key is only known to the company and stored within the company. - Microsoft Hyper-V, SharePoint, Exchange or SQLServer backups are also available. #### Azure backup components: - **Azure backup agent:** Backups files and 3 daily file backups. - **DPM (System center data protection manager):** Backups files, databases, exchange, etc. It supports the backup of virtual machines and VMware environments. Storage is on disk or tape. Creates 2 backups per day. - **Azure backup server:** Provides the same services as DPM, but backups are on tape only. The server does not require a license. A local copy of the data must be taken before sending it to Azure. - **Azure IaaS virtual machine backups:** Backups files, databases, exchange, etc. One backup per day. #### Azure storage types: - **LRS- (Redundant):** Data is replicated three times within the Azure data center. - **GRS- (Geo-Redundant):** Data is replicated 6 times across 2 distant data centers. To connect to your data center, you need to deploy a VPN Gateway (IPSEC-Internet Protocol Security) (VPN tunnel, connection) #### Azure AD: Links a machine to the Azure AD domain (only if there's AD synchronization with Azure). #### Soft Delete: A service that allows you to restore deleted backups (service available for 14 days). ## VPN-Virtual Private Network Allows for secure connection to internal resources. #### Benefits: - Data security, confidentiality. - Secure access from anywhere. - Bypass geographical restrictions. - Wi-Fi network security. ## Disks for servers (SSD SAS SATA) - **SATA:** Magnetic storage media. It can handle only one command at a time, which makes it often used for backups. - **SAS:** Simultaneous access for multiple commands is enabled. Mainly used for server virtualization, databases and applications. - **SSD:** More resistant to shocks and vibrations, as they don't have any moving parts, which makes them better performers. ## RAID-1, RAID-5 - **RAID-1:** Data mirroring, ensures that the data is the same in both disks. It's highly reliable and can be used in external hard drives. - **RAID-5:** Uses a minimum of 3 disks, and the data is organized in blocks before distribution across multiple disks. This allows for data recovery in case of a single disk failure. This type of RAID offers a better read speed. You can lose 1 disk, without data loss. Data is not stored on all disks at the same time, the information is distributed over the disks and part of the information is saved as parity. Data blocks are distributed across two different disks and the information is stored across a third drive (parity information). ## Tape backup (LTO tape backup) Technology for saving huge amounts of data on magnetic tapes, for backup and long-term archiving. - The lifespan of each tape is between 15 and 30 years. Tape storage is economically advantageous. - Tape cartridges are equipped with a WORM (Write Once Read Many) function. This means that the files can only be written once and the data cannot be edited or deleted, after that. ## Network switches vs. storage technology SAN (Storage Area Network) #### Types of backups: - **SAN-Storage Area Network:** A rack with multiple disk bays, connected to the system via fiber optic network. The hardware is connected to a fiber channel switch. Each disk can be linked to multiple machines simultaneously and is used for application data. Management is done at server level, and data is transmitted in blocks. - It offers the possibility to divide the SAN into multiple networks. **LUN (Local Unit Number):** Divides the SAN storage into multiple logical units. It allows you to decide what LUN needs to be displayed to which server. The Thin Provisioning function minimizes the disk space by dividing the SAN into multiple LUNs. - **Network switch:** A network switching device used to control data flow between the devices connected to a LAN or WAN. - **NAS-Network Attached Storage:** A bay of storage with its own operating system for data management. It is connected to the company’s network working as file server. - **DAS-Direct Attached Storage:** The storage disks are directly connected to the server. Data is transferred to the disks using the block access method from a NAS server or a SAN. ### NTBACKUP, SCDPM or DPM: - **NTBACKUP:** A backup utility included in older versions of Windows. It allows for backup scheduling. - **SCDPM (System Center Data Protection Manager) or DPM:** Created by Microsoft and used for backup, restoration and data protection for critical data on disks. It supports several storage destinations (local disks, NAS, cloud) and central management. - It supports backing up file servers, databases, virtual machines, Exchange servers, SharePoint and Windows clients. It also helps to schedule and manage the granular recovery of data. Encrypts data during transfer and when at rest. ## Clusters de basculement (Fail-over clusters) It is a configuration of several interconnected computers (nodes) that provides high availability and fault tolerance for services and applications. The main objective is to ensure the continuity of operations in the event of a hardware or software failure on one of the nodes. The strengths are resource redundancy, fault detection and automatic failover and load balancing. They are used for databases, web servers and critical business applications. ### Disaster Recovery (ransomware, fire, terrorism, etc.) To minimize downtime in the event of a major outage, consider the following: - Offsite backups. - Secure and frequent backups scheduling. - Developing a Business Recovery Plan (PRA): Outline the steps to take with specific instructions for restoring affected parts. The plan should include prioritizing servers, including steps for restoring domain controllers. - Data redundancy: Failover clusters, data replication. - Threat monitoring and detection. - Training and awareness: For example: Training for users. - Coordination with local authorities. ## Update Services (WSUS, Intune, etc.) ### WSUS-Windows Server Update Services: A built-in component of Windows Server, that manages and distributes updates. It is a dedicated role for Windows operating systems and Microsoft products. Requires an on-premise infrastructure. ### Key Features: - Centralized update management: - Control over updates: Download, approve and distribute updates. - Scheduling of updates. - Reporting and monitoring tools. - Bandwidth optimization. ### INTUNE: A cloud-based service for managing updates that also supports iOS and Android devices, not just Windows or Microsoft products. ### Key Features: - Update distribution. - Control. - Tracking and reporting. - Automation. - Compatibility. ## How to create a topology: - **Logical topology:** Describes how information flows through the network. - **Physical topology:** Describes how devices are interconnected: - **Star topology:** Computers are connected to a central device (switch). Each computer has one port. The switch should support sufficient port configuration, for features such as VLANs and port security. - **Meshed topology:** Devices are connected to each other. - **Routers:** With configuration - **Network Cables:** - **Network adapters:** For routers. - **Switch:** With configuration.
