Operating Systems: Virtualization, Cloud Computing & Linux PDF

What is Virtualization Virtualization creates a virtual layer over the hardware using software It creates virtual computing environments that mimic the functions of physical hardware Virtual computing environments are called called Virtual Machines One can create multiple virtual machine(VM) from single physical computer or server All of these VMs can run independently from each other and share the resources of the host machine In the image above, you can think your machine (windows OS) acts as host OS Using the software called hypervisor one can install multiple instances of guest os/virtual systems i.e. Linux, mac, Unix What is virtual Machine (VM) Virtual machine is an emulation of virtual presentation of a physical system They also referred to as guest system/os whereas the physical system they run on is referred to as the host system/os What is HyperVisor Software that makes virtualization possible It forms interface between physical machine and virtual machines and ensures proper access to the resources needed for the working Type of Hypervisor ○ Type-1/Bare Metal Hypervisor Directly interacts with hardware resources Highly efficient ○ Type-2 Runs as an application on Host OS It coordinates with VM for resource management Types of Virtualization Desktop Virtualization ○ Desktop Virtualization allows us to run multiple desktop OS in each VM ○ Types of Desktop Virtualization Virtual desktop infrastructure(VDI) Runs numerous virtual machines on central server and then hosted to the user according to the users requirements User can access any OS without physically installing the particular OS Local desktop virtualization Uses a hypervisor software on a local system to run multiple OS simultaneously without having to affect the host OS Network Virtualization ○ Network virtualization combines multiple physical networks into one virtual, software-based network ○ This simplifies the network management ○ Types of network virtualization Software defined networking (SDN) It virtualizes the hardware that controls the network traffic routing Network function virtualization (NFV) It virtualizes the hardware appliances that provide network specific function Storage Virtualization ○ Storage virtualization uses all the storage devices on the system to be accessed and managed as a single storage unit ○ It collects all the storage into a single pool from which they can allot another virtual machine on the same network as required ○ This makes it easier to assign storage for multiple virtual machine with max efficiency Application Virtualization ○ Application virtualization runs software applications without installing them directly into the hosts OS ○ Types of application virtualization Local/stream application virtualization Runs on host device but runs different virtual environment but on in the hardware Remote application virtualization Runs application on a server so users can interact with them via remote control protocol They require constant internet or local network connection to use Benefits of Virtualization Resource efficiency - using virtualization the maximum computing capacity can be utilized Minimum downtime - issues with application and OS crash can be neglected by running multiple VMS with same OS Time management - setting up whole server from scratch can be avoided by using sufficient hardware devices for virtualization What is cloud computing and why is it needed Before we deep dive to understand what is cloud computing, let’s first understand how the things were implemented before cloud ○ Let say, a General Physician wanted to implement, Patient Management System to keep tracks of patient's appointment, clinical notes, medicine prescribed, and so on… ○ Physician hires an IT Firm to implement all these features.. ○ Before the cloud computing, IT Firm needs to decide what type of system they need to purchase for Doctor’s office, how much is the disk space required, memory, CPU and so on..... ○ Also, this system is only installed into clinic, so it forces doctor to come to clinic and access patient’s record ○ At any given point of time, if disk space is full, IT Firm needs to back up data and add more hard disk space ○ There are so many issues that you can list here, once you have entire setup within the clinic – we call it ON-PREMISE Cloud computing is the delivery of on-demand computing services over the internet on a pay-as-you-go-basis If offers faster innovation, flexible resources and economies of scale Few characteristics are: ○ On-demand self services ○ Broad network access ○ Resources pooling ○ Rapid elasticity ○ Measured services Types of Cloud computing Base of Two categories ○ Deployment model Public Cloud - SImilar to Bus (allow to commute anyone from one place to another place) - Pay for the resource you use Pay for the resource you use for how much time Overall cost is low Don’t have to worry about maintenance of the resource/server etc. You pay more when you use more, you pay less when you use less Private Cloud - Similar to Car (Private car) - Pay huge amount upfront and its all owned by you Cost is huge You need to have expertise to maintain and manage the server Hybrid Cloud - SImilar to Taxi Comfort of both private and public cloud You don’t need to pay anything upfront You don’t have to maintain it by yourself You pay bit more than public cloud, but you enjoy the comfort, things are customized for you Pay only when you use it ○ Service model laaS - Infrastructure As A Service The service provider owns and operates the infrastructure while the customer manages and owns the software. If your business needs a virtual machine On demand access to cloud-hosted machines Benefits ○ Higher availability ○ Lower latency, improved performance ○ Comprehensive security ○ Improved responsiveness PaaS - Platform As A Service The provider manages and delivers hardware and software resources for developing, testing and managing cloud applications Usually for businesses looking to build software products On demand access to complete, ready to use cloud hosted platform for developing,running nad maintaining and managing applications Benefits ○ Faster time to market ○ Low-to-no-risk testing and adoption of new technologies ○ Simplified collaboration ○ Easy to scale ○ Less management SaaS - Software As A Service The provider manages and maintains a full application stake that the customers can access and use If your business simply wants software and no IT equipment management at all Ready to use application software Benefits ○ Minimum risk ○ Accessible at anytime/anywhere ○ Easy scalability Cloud providers Public Cloud Provider ○ It is made available for general public over the internet by cloud provider ○ AWS ○ Microsoft Azure ○ BM’s Blue Cloud ○ Sun Cloud Private cloud provider ○ It can be exclusively operated by single organization or third party ○ It can be On-Premise or Off-Premise ○ It is exclusively operated for single organization ○ In some cases, aws and vmware provide private cloud for some organizations Hybrid cloud provider ○ Federal agencies opt for private clouds for private and sensitive data ○ Use public cloud for non-sensitive data Example cloud providers AWS IBM Cloud Google Cloud Platform Microsoft Azure Vmware Digital Ocean What is Linux Linux is the most popular and well-known open source Os ○ Most widely used operating system in the server and database sector Linus torvalds developed linux in 1991 It includes following components ○ Bootloader Software that controls computers launch procedure In a separate piece of memory to launch the OS ○ Kernel Is responsible for managing system resource and communication with hardware ○ Init System Init system manages the launch process after the bootloader has completed initial booting Starting point of the OS Think like Main function ○ Application Most linux distribution provide a central repository for searching and downloading additional apps Installed by user ○ Daemons Secondary services that start up either during launch of after logging into the desktop Background processes Starts with the operating system ○ Desktop environment Each desktop environment includes pre installed applications per-user ○ Graphical Server Subsystem that displays graphics on the monitor Is commonly known as X server Why Use Linux Cost for Windows server 2025 standard edition is $1176 USD In contrast to this Linux offer free distribution Linux is far less vulnerable for ransomware, malware and virus attacks ○ Active community for patches (kernel other parts of the system) Linux server only requires to reboot when Kernel is updated ○ Doesn’t require reboot when adding packages ○ Does not require reboot when settings are changed ○ Doesn’t need reboot for patches Open-source allows to run program of your choice Freedom to study how program works and can modify it for your custom needs Linux Distribution overview Typical software installation process in Windows OS involved following steps ○ Search for the software on the web ○ Goto download tab on that particular website ○ Download the specific exe/software ○ Double click on the installed exe/software and follow the on-screen instruction Linux distribution also refers as Distro Distro typically includes many components in addition to Linux Kernel It includes package manager, an init system, GNU tools libraries, documentation network configuration utilities. ○ Package manager Can bring small items from large repositories To install the software in linux is different ○ We use the package manager that come switch the specific linux distribution ○ To install new software, you search for it and install it from the OS itself ○ Package manager takes care of downloading the desired software ○ It also installed other required dependencies ○ Package manager also controls the OS ○ Package manager can update and upgrade the system and installed the latest version of the applications Popular Linux Distribution Software and applications are bundled into packages and linux distributions are categorized by these package types There are three basic types of packages Debian(deb) RedHat Packages Manager (RPM) Debian Based Linux Distributions The deb package type was created in 1993 Following distributions use deb packages Debian ○ Supports almost all CPU architectures ○ Few Debian variants are old stable, stable, testing unstable and experimental ○ Debian has two package manages, apt and aptitude Ubuntu ○ Available since 2004, Ubuntu is based on DEbian unstable ○ Ubuntu uses apt and graphical frontend Ubuntu software Center for package management Linux Mint ○ Mint started out simply being Ubuntu with pre-installed multimedia codecs and proprietary drives ○ It’s popular alternative to Ubuntu RPM Based Linux Distributions RedHat created the rpm package format for use in its distribution Following distributions use rpm packages ○ RedHat Enterprise Linux (RHEL) Commercial open-source Linux Distribution It uses yum package manager ○ Fedora It the upstream of the commercial RHEL It uses newer technology and open-source packages It uses yum package manager ○ OpenSuse OpenSuse is known for the KDE desktop and stability OpenSuse uses zypper and its graphical frontend - yast package manager Other Linux Distributions Arch Linux ○ Uses pkg.tar.xa packages and has it’s own package manager called pacman ○ Arch doesn’t come with graphical installer ○ Entire installation is done via a terminal Slackware Linux ○ Founded in 1992, slackware doesn’t have a package manager ○ All software is compiled by the system administrator or normal user of system Gentoo Linux ○ It is based on portage package management system ○ Gentoo can be difficult to install and can take few days to install Linux Graphical User Environment Graphical User Environments Microsoft windows have one desktop manager Linux users can choose wide range of desktop environment Popular desktop managers include KDE, Gnome, Xfce, Cinnamon and LXDE KDE Created in 1996 and one of the most advanced desktop manager By default, it includes several applications that every user needs it KDE workspace is called Plasma Popular distribution that use KDE include ○ OpenSuse ○ Slackware ○ Linux Mint ○ Kubuntu ○ Mageia Gnome Gnome is an desktop manager made for community and by community Gnome doesn’t require a lot of resources Good choice for older and slower hardware Distribution that use Gnome desktop ○ Debian ○ OpenSuse ○ Fedora ○ CentOS ○ RHEL Cinnamon/Xfce/LXDE Cinnamon is a fork of the Gnome desktop manager and is developed by the Linux MInt community Xfce is an excellent choice for older computer Xfce is lightweight and fast ○ Debian, Fedora, OpenSuse includes Xfce LXDE is fast and lightweight desktop manager ○ Lubuntu, Debian, OpenSuse, Linux Mint includes LXDE Linux File System Introduction FileSystem Hierarch Standard Root Filesystem - explore / (root directory) and /usr File Type File permissions and Ownership Filesystem hierarchy Standard FHS defines the directory structure and directory contents in Unix-like OS Maintained by Linux foundation In FHS, all files and directories appear under root directory (/) ○ Files and directories can be stored on different physical or virtual devices ○ Some of these directories only exist on a particular system ○ FHS-compliant file system supports the same basic security found in most UNIX filesystems Linux File System Root File System Content of the root file system is adequate to boot, restore, recover the system Root filesystem contains many system-specific configuration files To change the directory to the root via command ○ cd / ○ Note: /root is the root user’s home directory, which is not the same as / Directories within Root filesystem /bin contains commands that may be used by both the i.e. cat, cp, chmod, chown system administrator and by users /boot Contains everything required for the boot process Bootloader files kernels, initrd expect configuration files not needed to both time and the map installer /dev Includes device files, these include terminal devices, /dev/tty1 , /dev/usbmon0 usb or other attached devices /etc Contains configuration files. A “configuration file” is a /etc/resolv.conf, local file used to control the operation of a program /etc/logrotate.conf /home(o User specific configuration files for applications are /home/staff, /home/students/, ptional) stored in the user’s home directory /lib Contains shared library needed to boot the system and run the commands in the root filesystem, ie. by binaries in /bin and /sbin /media Contains subdirectories which are used as mount points for removable media such as floppy disks cd roms and zip disks /mnt This directory is provided so that the system administrator may temporarily mount a filesystem as needed /opt Reserved for the installation of add-on application /opt/ software packages /root Root user’s home directory /run Run-time variable data, system information data describing the system since it was booted /sbin System binaries, Utilities used for system Fdisk, mkfs, init administration (using root-only commands) /srv Contains site-specific data which is served by this system, such as data nad scripts for web servers /tmp Directory must be made available for programs that require temporary files USR Directory /usr is the second major section of filesystem /usr is shareable, read-only-data ○ It means/usr should be shareable between various FHS compliant host and must not be written to ○ Any information specific to host is store elsewhere /usr/bin Primary directory of executable commands on the system /usr/include Directory for standard include files. This is where all of the systems’ general-use include files for the c programming language should be placed /usr/lib Libraries for programming and packages /usr/local Is use by the system administrator when installing software locally /usr/sbin Contains any non-essential binaries used by the system administrator. System administration programs that are required for system repair, system recovery, mounting / usr or other essential functions must be placed in /sbin /usr/share Is for all read-only architecture independent data files File Types Ordinary or regular files (-) Most common type of files and inc;udes document, scripts, images, executable etc Directory (d) Directories are files that list other files, functioning as containers that organize the file system into a hierarchical structure Symbolic link (l) Files that refer to another or directory Character device files (c) These files represent devices that handle data as characters (bytes), such as keyboards and mice, facilitating input/output operations in character-by-character mode Block device files (b) Correspond to devices that manage data-in blocks, such as hard drives and other storage devices, and are curricula for reading form and writing to these devices Socket (s) Used in network communications to create a link between processes , either within the same system or over a network, allowing for data exchange FIFO (Named Pipes) (P) They are used for inter-process communications, where the data written to them by one process can be read by another On the terminal type command ls -l and verify the output Regular Files Directories Symbolic Links Character device file Block Device File Permission and Ownership -1 Look through the screen and boxes outlined in RED ○ First set of boxes show file Type: d – Directory type, l – link File, (-) Regular File ○ Next nine character – rwxrwxrwx (777) –(Read, Write, Execute) permission for the owner, group and others ○ Next number i.e. 12 – The number of hard links to the file or directory ○ First “root” word indicates the owner, username of the file owner ○ Second “root” word indicated the group associated with file/owner ○ 4096 – size of the directory ○ Jul 21 11:09 – date/time when last modified ○ usr – directory/file name Ls –l new.txt shows file permission (rw-rw-r--) ○ Owner has read, write permission ○ Group has read, write permission ○ Others have only read permission chmod (change mode) 777 new.txt ○ Rwxrwxrwx ○ Owner can read, write, execute ○ Group can read, write, execute ○ Others can read, write, execute chmod [options] permissions file chown – change ownership chown [option] [username] file/directory chown –c root new.txt ○ Changing the ownership to root user chown user:group filename ○ Changing the user and group of the file User and file Permissions in Linux Users Individual or entities that interact with the system ○ Perform logging and various tasks ○ User is associated with user account ○ User account has few properties o.e username, UID (user ID), GID (grou[p ID), home directory, default shell and password Type of Users System Users ○ They are created by the system during the installation ○ Used to run the system services and applications Regular Users ○ They are created by system administrator ○ Can access the system and its resources based on their permission List Users in Linux Less /etc/passwd Loca users informations stored in /etc/passwd file Each line in the file has seven fields delimited by colons (:) UserName : Encrypted password: UserID : User’s GroupID : Full Name of User : User home directory : login shell Printf only UserNAme using cut command Cut -d: f1 /etc/passwd Add Users Sudo useradd -u 1008 -d /home/test -s /bin/bash test ○ Test users added with UID 1008, home directory test and default shell bash Id test - check to see if test user created Sudo passwd test - set the test user’s password Switch User You can switch the user from UI Group Group is collection of users that shares the same access permissions to files and resources Group are essentials for managing user permissions and access control User can belong to one primary group and multiple secondary group Primary Group - ○ Is the group that is assigned to the files that are created by the user ○ Name of the primary group is same as the name of the user Secondary Group - ○ Used to grant certain privileges to a set of users Group - command will list the all the groups the currently logged-in user is a member of less/etc/group - list all groups Getent group sudo - list all the user belongs to sudo group Add Group sudo groupadd TESTGROUP – Add TESTGROUP sudo groupadd –g 1010 TESTGROUP – Create a group with GID 1010 sudo groupmod –g 2020 TESTGROUP – Modify group with GID 2020 sudo groupdel TESTGROUP – Delete the group File Permission and Ownership Ownership permission - The owners permissions determine what actions the owner of the file can perform on the file Group permissions - The groups permissions determine what actions a user, who is a member of the group that a file belongs to, can perform on the file. Other permissions - The permissions for others indicate what action all other users can perform on the file Changing Permission In the previous chapter we saw how to modify the permission on the file, let’s look few more ways to change permission chmod o+wx test.txt – [+ adds the designated permission] chmod u-x test.txt – [- removes the designated permission] chmod g=rx test.txt [= sets the designated permission ] Chmod o+wx, u-x, g=rx test.txt [combine all commands in single line] We already saw this but little more in detail, modify permission using numbers 0 – No permission – [- - -] 1 – Execute permission - [- - x] 2 – Write Permission – [- w -] 3 – Execute and write Permission – [- w x] 4 - Read permission – [r - -] 5 – Read and execute permission – [r - x] 6 – Read and write Permission - [r w - ] 7 – All permission – [r w x] Windows Access security Control Types of Authentication Basic Authentication Most simple and straightforward authentication mechanism ○ Similar to lock and key. ○ Every lock has a key. User provides username and password to gain access to a system or service ○ Nothing more complex than this Does not require additional infrastructure or complex setups ○ Doesn’t used token based systems Widely supported across various protocols, including HTTP, FTP, and API’s Credentials are included with every request, making it stateless ○ As long as you have the key your good to go ○ Everytime you send packages you most use credentials No session tracking required on the server side ○ Current work isn’t transferred between sessions ○ However history is shared if logged in Advantage Ease of Use: simple setup and operation. Compatibility: works with most HTTP clients and APIs Stateless Nature: Reduces server-side complexity Disadvantage Lack of Security - vulnerable to interception if transmitted over encrypted channels No Expiry - Credentials are valid indefinitely unless explicitly revoked ○ As long as you login there is no time limit No Multifactor Support - Does not inherently support multi factor authentication Replay Attacks - Attackers can reuse intercepted credentials unless protected by HTTPS NTLM protocol NTLM (New Technology LAN Manager) is suite of microsoft security protocols intended to provide authentication, integrity and confidentiality to users ○ Confidentiality: Is private to the user ○ Integrity: remains intact. Does not get jumbled It is primarily used in legacy systems and is often replaced by KERBEROS in modern setup Primarily used in windows environments for authenticating users and computers based on challenge/response mechanism ○ This mechanism consists of three messages ○ Negotiation message from client ○ Challenge message from server ○ Authentication message from client Limitations with NTLM protocol ○ Single Authentication - single authentication method. It relies on a challenge-response protocol to establish the user ○ Security Vulnerabilities - relatively simplistic form of password hashing makes NTLM systems vulnerable to several modes of attacks ○ Outdated cryptography - it does not leverage the latest advances in algorithmic thinking or encryption to make passwords more secure. Advantage No Plaintext Passwords - Passwords are not sent over the network in plaintext form Compatibility - Works with older Windows systems and legacy applications Ease of Use - Automatic when using Windows-integrated authentication Disadvantage Security Vulnerabilities - No Mutual Authentication - NTLM does not authenticate the server to the client Performance - NTLM is less efficient than modern authentication protocols Advance Authentication Techniques Microsoft recommends passwordless authentication methods because they provide the most secure sign-in experience User can still sign-in using other common methods such as username and password Password should be replaced with more secure authentication methods Multi Factor authentication adds another layer of security over only using a password Few of the advance authentication techniques are Credential Guard, Kerberos authentication, MFA (multi-factor authentication), certificate-based authentication (CBA), Pass-through authentication (PTA), OAuth and OpenID connect (OIDC), Credential Guard CG is a security feature in Microsoft windows OS It isolates user credentials i.e login information, from rest of the OS Its purpose is to prevent common credential theft attacks Credential guard was introduced in Windows 10 Enterprise and Windows Server 2016 It is enabled by default on all system running Windows 1, version 22H2 and later Credential Guard uses hardware-backed, virtualization-based security (VBS) and a Local Security Authority (LSA) to store "secrets," i.e., credentials in protected containers Containers are isolated environments separate from the OS "separate" means that the containers, and the credentials stored in them, are not accessible to the rest of the OS Local Group Policy Editor Local Group Policy Editor Window key + R (Msinfo32.exe) System information -> Systenm Summary

Operating Systems: Virtualization, Cloud Computing & Linux PDF

Document Details

Tags

Related

Summary

Full Transcript