New SA Training Topic 2: Virtualization
-
Upload
beverly-baldwin -
Category
Documents
-
view
18 -
download
2
description
Transcript of New SA Training Topic 2: Virtualization
![Page 1: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/1.jpg)
New SA TrainingTopic 2: Virtualization
You job requires the use of hardware virtualization
Virtualization allows our company to create virtual computers that act like traditional server and desktop machines
During your training period, you will be using Microsoft’s Virtual PC as your hypervisor
Our training focus is on concepts (thus, you will not necessarily use production tools, OS versions, etc.)
![Page 2: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/2.jpg)
Differencing disks
You will be creating differencing disk images for your hard drives
![Page 3: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/3.jpg)
Creating a differencing disk
Disk Differencing works by storing only the changes to an original image in a new VPC virtual hard-disk. We can create the disk or the machine first.
Steps for creating the disk first follow. They were taken from:http://csciwww.etsu.edu/nielsen/4417/VPC_a.htm.
A machine first example can be found at:http://csciwww.etsu.edu/nielsen/4417/VPC.htm
![Page 4: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/4.jpg)
Creating a differencing disk (cont.)
Create a new Virtual Hard Disk using the Wizard
![Page 5: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/5.jpg)
Creating a differencing disk (cont.)
![Page 6: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/6.jpg)
Creating a differencing disk (cont.)
Create the differencing VHD in a folder of your choice. (This is the disk that will hold the changes made to the parent)
![Page 7: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/7.jpg)
Creating a differencing disk (cont.)
Then select the Parent VHD. (The one with the OS installed on it)
![Page 8: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/8.jpg)
Creating a virtual machine
Create a New Virtual Machine using the Wizard
![Page 9: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/9.jpg)
Creating a virtual machine (cont.)
![Page 10: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/10.jpg)
Creating a virtual machine (cont.)
![Page 11: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/11.jpg)
New SA TrainingTopic 3: User Management
What is a user to you? How do we group classes/categories of
users? Location of information (host or centralized) Home directory Opportunities for pre-login scripting/
initialization Passwords “Object” identifiers (SID, UID, GID)
![Page 12: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/12.jpg)
Windows Specifics
Domain Controllers Active Directory Windows user/group setup:
Local vs. Domain GUI vs. Command line (manage via MMC
vs. “net user”, “addusers”, etc.) Groups: primarily useful for administration Windows groups: complex (stick to domain
groups for now)
![Page 13: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/13.jpg)
Windows Specifics
Where are passwords stored? Local? Network?
What makes a password “acceptable”? “Complex” passwords –
Can’t contain the username or parts of the user's full name
At least six characters long At least three of: uppercase, lowercase, numbers,
special characters/symbols (ex: !, $, #, %) Additional settings – max age, min age,
history, etc. http://technet.microsoft.com/en-us/library/cc264456.aspx
![Page 14: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/14.jpg)
Windows Specifics (cont.)
Windows logon: Computer logon Interactive user logon Network user logon Service logon
Profiles (controls the user desktop environment) Local profiles Roaming profiles Mandatory profiles
![Page 15: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/15.jpg)
Windows Specifics (cont.)
Group policies – Computer or user based; flow down from Site, to Domain, to OU
Example settings: User security Application installation Boot Logon Logoff Shutdown Various “look-and-feel”
![Page 16: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/16.jpg)
Windows Specifics (cont.)
Group Policy Container (GPC) The AD portion of a GPO is called the Group
Policy Container The GPC stores GPO properties, containers
(computer and user), status, version, etc. Group Policy Template (GPT)
The portion of a GPO that is stored as folders and files in SYSVOL directory
The GPT is where the majority of actual settings are stored when you edit a GPO
![Page 17: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/17.jpg)
Windows Specifics (cont.)
While most policy settings are stored in the GPT, some policy areas use both the GPC and GPT, others use only the GPC and some don’t use either the GPC or GPT.
Windows Scripting Host and ADSI: Take a look at Windows 2000 User Management or Windows 2000 Power Toolkit (in Safari, or Microsoft).
![Page 18: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/18.jpg)
Windows User/GP/Profile Exercise
Let’s look at the MMC Users Groups Computer accounts Group Policy View Group Policy Settings with RSoP
Let’s look at a Default Profile
![Page 19: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/19.jpg)
Linux Specifics
Linux user/group setup: Local vs. Network GUI vs. Command line vs. editing files
(Red Hat User Manager vs. “useradd”, “addusers”, etc. vs. edit /etc/passwd)
![Page 20: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/20.jpg)
Linux Specifics
Where are passwords stored? Network? Local?
Where is group information stored?
What makes a password “acceptable” to a Linux system?
![Page 21: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/21.jpg)
Linux Specifics (cont.)
/etc/passwd: username, passwd, uid, gid, GECOS, home directory, login shell/program
GECOS contains general information about the user. The exact type of information depends on the UNIX variant, but for example it may contain real name and phone number.
/etc/group: name, passwd, gid, user list Groups: Avoid user private groups (UPG) as it is
RedHat-specific. Why tie yourself to a vendor if you don't have to?
/etc/shadow: (days, in terms of days since Jan 1, 1970)
![Page 22: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/22.jpg)
Linux Specifics (cont.)
Shadow file format username encrypted passwd date password was last changed days before PW may be changed (minlife) days after which PW must be changed
(maxlife) days before password expires to warn user days after password expires to disable
account day that account expires and is disabled Reserved (i.e., nothing useful)
![Page 23: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/23.jpg)
Linux Specifics (cont.) Shell environments & customizations
/etc/shells - Contains the pathname of every shell available on your system; Some daemons disallow access to users with unlisted shells
/bin/sh – Bourne shell /bin/bash – bash shell /bin/csh – C shell /sbin/nologin – a program to politely disallow
logins /etc/skel - The home directory for each new user is
initialized with files from the /etc/skel directory; The SA can use /etc/skel to provide a default environment for users
![Page 24: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/24.jpg)
Linux Specifics (cont.)
SA Environment settings /etc/profile – System wide environment and startup
programs that are executed at login (default path, umask, terminal type, etc.)
/etc/bashrc, /etc/csh_cshrc, or others– System wide functions, aliases, etc. that are set when shell starts (may update path, modify your prompt, set command aliases, etc.)
User Environment settings – similar to above, but are set by the user in their home directory
.*login / .*profile (.login, .profile, csh.login, .bash_profile, etc.) - Stores settings executed at login
.*rc (.cshrc, .bashrc, etc.) - Stores settings executed at shell session start
![Page 25: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/25.jpg)
Linux Specifics (cont.) NIS (Network Information Service)
Distributed database that allows one configuration to be used for many computers
Assumes a high degree of trust (so can be insecure)
LDAP (Lightweight Directory Access Protocol – not just Linux)
Allows for quick location of information Can provide enterprise-level user
authentication Can provide access control
![Page 26: New SA Training Topic 2: Virtualization](https://reader030.fdocuments.in/reader030/viewer/2022032414/56813328550346895d9a153d/html5/thumbnails/26.jpg)
Linux User/Profile Exercise
Let’s look at the important files passwd group shadow /etc/shells /etc/skel .profile ENV (.bashrc)