1 / 52

Chapter 11

Chapter 11. Security through Disaster Recovery. Objectives. Deploy UPS systems Create hardware redundancy and apply fault-tolerance options Deploy RAID Back up data and operating system files. Uninterruptible Power Supply.

ping
Télécharger la présentation

Chapter 11

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 11 Security through Disaster Recovery

  2. Objectives • Deploy UPS systems • Create hardware redundancy and apply fault-tolerance options • Deploy RAID • Back up data and operating system files Guide to Operating System Security

  3. Uninterruptible Power Supply • Best fault-tolerance method to prevent power problems from causing data loss and component damage • Provides immediate battery power to equipment during unexpected power loss • Protects against lost data and downtime Guide to Operating System Security

  4. Uninterruptible Power Supply Guide to Operating System Security

  5. Selecting and Deploying a UPS (Continued) • Online (inline) • Powered directly from batteries • More guaranteed protection • Offline (standby) • Switches to batteries when reduction in city power is detected • Less expensive • Batteries can last longer, but may not switch to battery in time for full protection Guide to Operating System Security

  6. Selecting and Deploying a UPS (Continued) • Provides power for limited time period • Usually guards against power surges • Can communicate information to computers it supports • Requires periodic testing to ensure it is working Guide to Operating System Security

  7. Configuring a UPS inWindows 2000/XP/2003 • All support serial and USB communications with a UPS Guide to Operating System Security

  8. Configuring a UPS inRed Hat Linux • Supported by Red Hat Linux 9.x • Obtain UPS serial or USB communications software from manufacturer • Use configuration software provided by UPS manufacturer Guide to Operating System Security

  9. Configuring a UPS inNetWare 6.x • Communicates through serial port connection and employment of AIOCOMX and UPS_AIO NLMs Guide to Operating System Security

  10. UPS_AIO Configuration Options (Continued) Guide to Operating System Security

  11. UPS_AIO Configuration Options (Continued) Guide to Operating System Security

  12. Configuring a UPS inMac OS X • Obtain UPS serial or USB communications software from manufacturer Guide to Operating System Security

  13. Creating Hardware Redundancy and Fault Tolerance • Hardware redundancy includes • Using redundant components • Employing multiprocessor systems • Clustering services • Placing servers in different locations • Implementing data warehousing Guide to Operating System Security

  14. Using Redundant Components • Network interface cards (NICs) • Power supplies Guide to Operating System Security

  15. Using Redundant NICs • Designed to match particular network transport methods, computer bus types, network media • Network connection requirements: • Appropriate connector for network medium • Transceiver • MAC controller • Protocol control firmware Guide to Operating System Security

  16. Considerations When Using Redundant NICs • Fast speed (up to 100 Mbps for a workstation) • Match network transport method • Support both full-duplex and half-duplex transmissions • Brand-name, high-quality NICs • Latest driver and protocol control firmware Guide to Operating System Security

  17. Using Redundant Power Supplies • Can take over if main power supply fails • Consider for the following: • SMTP mail servers • Servers that authenticate users to a network • Web servers • Database servers Guide to Operating System Security

  18. Employing Multiprocessor Systems • Symmetric multiprocessor (SMP) computers • Two or more computers share the processing load • If one stops working, remaining processors take over • Make sure you understand the specific requirements for adding CPUs to your OS Guide to Operating System Security

  19. Clustering Servers • Links multiple computers and their resources • Two models • Shared disk model • Shared nothing model Guide to Operating System Security

  20. Clustering Servers Guide to Operating System Security

  21. Main connection Backup connection is case of server failure Main connection Figure 11-3 Shared nothing clustering model Shared Nothing Clustering Model Guide to Operating System Security

  22. Placing Servers in Different Locations • Microsoft distributed file system (DFS) • Available in Windows 2000 Server/Server 2003 • Provides fault tolerance by placing copies of the same folders on computers in different locations • Folders appear to exist in one centralized hierarchy of folders • Has many advantages Guide to Operating System Security

  23. Implementing Data Warehousing • Duplicating a main database’s data, typically on another computer • Often created for queries and reporting and to provide backup of the main database Guide to Operating System Security

  24. Fault-Tolerance Options • Disk mirroring • Disk duplexing • Redundant array of inexpensive (or independent) disks (RAID) Guide to Operating System Security

  25. Disk Mirroring Guide to Operating System Security

  26. Disk Duplexing Guide to Operating System Security

  27. Using RAID • Set of standards for lengthening disk life and preventing data loss • Goal: to spread disk activity equally across all volumes Guide to Operating System Security

  28. Essential RAID levels • RAID level 0 (striping) • RAID level 1 (mirroring and duplexing) • RAID level 2 • RAID level 3 • RAID level 4 • RAID level 5 (striping combined with error correction and checksum verification) Guide to Operating System Security

  29. RAID Support in Windows 2000 Server/Server 2003 • Support only RAID levels 0, 1, and 5 for disk fault tolerance • Levels 1 and 5 recommended • Recognize two types of disks • Basic • Dynamic Guide to Operating System Security

  30. RAID Support in Windows 2000 Server/Server 2003 (Continued) • Configuration considerations • Boot and system files can be placed on RAID level 1, but not on RAID level 5 • RAID level 1 uses two hard disks; RAID level 5 uses from 3 to 32 • RAID level 1 is more expensive to implement than RAID level 5 Guide to Operating System Security

  31. RAID Support in Windows 2000 Server/Server 2003 (Continued) • Configuration considerations • RAID level 5 requires more memory than RAID level 1 • Disk read access is faster than write access in RAID level 1 and RAID level 5 • RAID level 5 has much faster read access than RAID level 1 Guide to Operating System Security

  32. Creating a RAID Volume in Windows 2000 Server/Server 2003 Guide to Operating System Security

  33. RAID Support inRed Hat Linux 9.x • Supports RAID levels 0, 1, and 5 • Configured at installation when using GUI installation mode • First install all disks and associated hardware • Plan for the number of spare partitions • Choose Disk Druid from Disk Partitioning Setup screen Guide to Operating System Security

  34. RAID Support in NetWare 6.x • Supports RAID levels 0, 1, and 5 • Can manage RAID using Novell Storage Services (NSS) tools from ConsoleOne • NetWare 6.5 offers iManage, a browser tool for managing objects Guide to Operating System Security

  35. RAID Support in Mac OS X • Supports RAID levels 0 (striping) and 1 (mirroring) • Apple recommends not placing boot files on RAID disks Guide to Operating System Security

  36. Software RAID versus Hardware RAID • Software RAID • Implements fault tolerance through computer’s operating system • Hardware RAID • Implemented through RAID hardware (eg, adapter) • Independent of operating system • More expensive than software RAID Guide to Operating System Security

  37. Advantages of Hardware RAID • Faster read and write response • Ability to place boot and system files on different RAID levels • Ability to “hot swap” a failed disk with one that works or is new • More setup options to retrieve damaged data and to combine different RAID levels within one array of disks Guide to Operating System Security

  38. Backing Up Data • Binary backup • Full file-by-file backup • Partial backups • Differential • Incremental Guide to Operating System Security

  39. Advantages of Local Backups over Remote Backups • No extra load on network • Enable backups on multiple computer network • Provide more assurance that the Registry is backed up (Windows 2000/XP/2003) • Attacker using a sniffer cannot intercept backup traffic over a network Guide to Operating System Security

  40. Tape Rotation • Ensures alternatives in case there is a bad or worn tape • Tower of Hanoi procedure Guide to Operating System Security

  41. Tape Rotation Guide to Operating System Security

  42. Windows 2000/XP/2003 Backups • Normal • Incremental • Differential • Copy • Daily Guide to Operating System Security

  43. Backup Options Guide to Operating System Security

  44. UNIX and Red Hat Linux Backup Tools • volcopy (not available in Red Hat Linux) • Sometimes used with labelit utility • Sometimes tar utility is used • dump • Commands used to restore • restore (Red Hat Linux) • ufsrestore • restor Guide to Operating System Security

  45. NetWare 6.x Backup Options • Uses Storage Management System (SMS) • NLMs are loaded at Server Console prior to starting backup – TSAs designed to read and back up specific types of data Guide to Operating System Security

  46. Target Service Agents (TSAs) • TSA600 for NetWare 6.x • TSANDS to back up NDS database and eDirectory • GWTSA for GroupWise information • Windows NT TSA to back up Windows NT, 2000, and XP data • W95TSA to back up Windows 95/98 data Guide to Operating System Security

  47. Starting a backup in Netware 6.0 Guide to Operating System Security

  48. Choosing What to Backup in Netware 6.0 Guide to Operating System Security

  49. NetWare 6.x Backup Options Guide to Operating System Security

  50. Mac OS X • Supports use of dump and tar • From the terminal window, or • Obtain a third-party utility that uses these utilities for backup • Can also use Copy utility on Edit menu Guide to Operating System Security

More Related