SlideShare a Scribd company logo

Data center security

Download as PPTX, PDF
Duressa Teshome
Duressa Teshome

This chapter describes data center security

Devices & Hardware
1 of 43
CHAPTER 5: DATA CENTER ● Data Centers – Desirable features – Planning – Securing Data center ● Hardware Maintenance
Desirable features of a data center – Air conditioning, humidity control – Access to building-wide reliable (uninterruptable) power supply and raw power – Elimination of single points of failure (e.g., network cable) – Provision of hot standby equipment – Hot-swappable parts ● Hard drives, power supplies, UPS batteries – Protection from natural disasters like fire and floods ● Server room should be its own 'fire cell'
Desirable features of a data center – Secure – both the facility (also not easily seen), and individual spaces when multiple organizations use same facility – Easy access to cabling – No flooring that generates static electricity – Well organized – equipment marked, tagged, and mapped
Data Center Needs – Temperature: 64-80F ● Ambient temperature (in room) is usually 40+ degrees lower than inside of computer ● When chips reach ~120F, they may not work correctly; at ~160F, they break (some CPUs can operate up to ~200F) – Humidity: 30-55% ● Too high – condensation, short circuits ● Too low – static electricity, jamming of printers, etc. – Security (theft, vandalism, disaster) – Space for equipment, people (to work on equipment)
Data Center Planning ● What are your present and future needs? – We would like to tire out all resources at the same time ● Security requirements ● Fire/other hazard protection ● How much Heating and Air Conditioning? ● How much raw power? Back-up power? ● How much space?
Security in Data Centers
Fire Hazard Protection – Useful to have early smoke detection so that failing equipment can be turned off before a fire starts
Earthquake Protection?
HVAC for Data Centers Need to account for ● Roof, walls, and windows (HVAC engineer) ● Electronic gear (power consumption) ● Light equipment ● Operators (people) ● Humidity control
Example HVAC Calculation – 25 servers * 450W/server * 3.412 KJ/watt = 38,385KJ – 6 lights * 160W/light * 3.412 KJ/W = 3,276 KJ – 4 humans * 300 KJ/ human = 1,200KJ – 20,000 KJ for roof, walls, and windows (given by HVAC engineer) – Total is 62,861 KJ
Air Cooling is Possible • Facebook data center in Sweden
Power in Data Centers It's a big deal – sometimes difficult to get enough power in a machine room, and the power to individual machines should be remotely controllable (e.g., to power cycle from afar) APCC integrated power, cooling, management
Data Center
Dense Usage – Large enough enterprises may find it useful to do mass customization – Note wheels on racks, no cases, preconfigured in this older Google data center
Buy a pre-built data center
Easy transport by truck or ship • [Rackable is now called SGI...]
Maintenance of Systems ● Keep a log book of failures and replacements ● Shop around for good warranties ● Keep spare replacement systems ● Consider maintenance contracts – For equipment too expensive for holding spares – 4-48 hour response times; often function like an extended warranty
Preventive Maintenance – Vacuum insides of computers in bad locations (lots of dust, carpets)
Preventive Maintenance • Clean filters/vents regularly
Preventive Maintenance – Avoid static electricity ● Be grounded when handling electronics – Periodically check servers for failed fan and power Supplies – Add temperature monitors (internal and external) and water sensors under raised floors – Attach additional fans if noise is not an issue
SECTION 2 Networking System and Network Administration
Networking ● TCP/IP Networking – We will cover just some of the practical issues – Highly recommend taking a networking course ● What is TCP/IP? ● Layers, addresses, NAT ● Protocols: ARP, DHCP System and Network Administration
TCP/IP ● Most common networking protocol suite ● Foundation of the Internet – 2.8B+ users online worldwide (Dec 2013) – 1.01B+ hosts online (Jan 2014) ● Network applications typically use one of two transport protocols: – TCP – Transmission Control Protocol – UDP – User Datagram Protocol ● All traffic carried by IP – Internet Protocol System and Network Administration
Protocols – IP ● Packet-oriented (routers don't care what is in packets or what came before) – TCP ● Connection-oriented, two-way, reliable, in-order transport of stream of bytes. ● Congestion control – slow down when congestion is noticed, speed up when resources available. ● Flow control – don't overwhelm receiver. – UDP: is not connection oriented. System and Network Administration
TCP/IP network stack System and Network Administration
TCP/IP network stack System and Network Administration
Layers + Encapsulation System and Network Administration
Addressing ● Different layers use different addressing – App. layer allows people to use hostnames – IP (network) layer requires IP addresses – Link layer requires MAC addresses ● Ports identify process or service on a host – List of well-known ports in /etc/services – Ports <= 1024 are privileged ports (req. root) System and Network Administration
Address types ● IP layer and link layer have multiple address types – Unicast – single host (network interface) – Broadcast – addresses that include all hosts on a particular network ● All bits in host part of address are ones – Multicast – addresses that identify a group of hosts ● IPv4 addresses with first byte in 224-239 System and Network Administration
IP Addresses ● IPv4 address has four bytes – Split into network and host portions – Internet originally used classes of IP addresses System and Network Administration www.ju.edu.et = 10.140.5.20 ● Class A
Address Shortage ● Before CIDR, concern for enough addresses – Class Bs would be gone by 1995 – Router tables were exploding (growing beyond router capacities) ● CIDR + NAT + name-based virtual hosting greatly slowed down IP allocations ● IPv6 solves this (16 byte addresses!) System and Network Administration
NAT ● Network Address Translation – Router intercepts packets, replaces internal network addresses and ports with externally visible addresses and ports – Maintains mapping so that external packets are directed to the right internal host – Typically uses a single public IP address, many ports, but can (in theory) map arbitrary hosts/ports System and Network Administration
NAT: Network Address Translation System and Network Administration
Private Addresses ● While a NAT can protect your internal addresses from being visible in IP headers, it isn't perfect – Some apps will encode addresses in data – What if you really want to connect to the external host with an IP address same as an internal host? ● Most use private address space (unroutable) System and Network Administration
ARP: Address Resolution Protocol – Once the routing of a packet has been determined, it must be transmitted to the next gateway or host on the local network – LAN transmissions use LAN (MAC) addresses – ARP is used to discover the hardware address of the target IP address – ARP sends a LAN broadcast asking who has the desired IP address; the owner responds with a unicast message with answer ● Results cached in a table (also collected via snooping) System and Network Administration
Sample ARP table % /sbin/arp –a davison.cse.lehigh.edu (128.180.121.225) at 00:11:43:A0:0F:D8 [ether] on eth0 wume2.cse.lehigh.edu (128.180.121.222) at 00:08:54:1E:44:D4 [ether] on eth0 pan.cse.lehigh.edu (128.180.120.90) at 00:14:4F:0F:9C:1A [ether] on eth0 wume1.cse.lehigh.edu (128.180.121.221) at 00:08:54:1E:44:D0 [ether] on eth0 chiron.cse.lehigh.edu (128.180.120.87) at 00:14:4F:21:44:D8 [ether] on eth0 xena.cse.lehigh.edu (128.180.120.86) at 00:14:4F:21:52:E0 [ether] on eth0 hydra.cse.lehigh.edu (128.180.120.89) at 00:14:4F:21:53:F2 [ether] on eth0 kato.eecs.lehigh.edu (128.180.120.6) at 08:00:20:C4:20:08 [ether] on eth0 noon.cse.lehigh.edu (128.180.121.219) at 00:0F:1F:F9:C1:68 [ether] on eth0 wume-lab2.cse.lehigh.edu (128.180.122.153) at 00:18:8B:24:5A:F4 [ether] on eth0 lu-gw.eecs.lehigh.edu (128.180.123.254) at 00:00:0C:07:AC:00 [ether] on eth0 nix.cse.lehigh.edu (128.180.120.88) at 00:14:4F:21:44:C4 [ether] on eth0 ceres.cse.lehigh.edu (128.180.120.91) at 00:14:4F:23:F9:80 [ether] on eth0 rosie.eecs.lehigh.edu (128.180.120.4) at 08:00:20:B1:FC:F3 [ether] on eth0 wume-lab1.cse.lehigh.edu (128.180.122.152) at 00:18:8B:24:5D:E2 [ether] on eth0 morning.cse.lehigh.edu (128.180.120.43) at 00:C0:9F:38:CD:51 [ether] on eth0 wume-lab6.cse.lehigh.edu (128.180.122.157) at 00:0A:E6:5D:48:03 [ether] on eth0 System and Network Administration
Network Configuration – Adding a machine to a LAN ● Assign unique IP address and hostname (per interface) ● Set up host to configure network interfaces at boot time ● Set up default route ● Point to DNS name server (resolver) – Files ● /etc/sysconfig/network-scripts/ifcfg-eth0 ● Hostname, default route, IP address, netmask, broadcast – DHCP could do all of this automatically System and Network Administration
Mapping names to IP addresses ● Three choices: /etc/hosts, NIS, DNS ● Simplest: /etc/hosts % more /etc/hosts # # Internet host table # 127.0.0.1 localhost 128.180.120.15 proxima 128.180.120.9 mailhost 128.180.120.103 ariel ● Works when NIS or DNS is broken – e.g., at boot time System and Network Administration
ifconfig • – Configure network interfaces with ifconfig • ● ifconfig eth0 128.138.240.1 netmask 255.255.255.0 up • ● shows configuration, e.g., for Linux: phobos:~% ifconfg -a eth0 Link encap:Ethernet HWaddr 88:51:FB:6F:F3:37 inet addr:128.180.120.85 Bcast:128.180.123.255 Mask:255.255.252.0 inet6 addr: fe80::8a51:fbf:fe6f:f337/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:82607119 errors:0 dropped:0 overruns:0 frame:0 TX packets:52787875 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:23578082323 (21.9 GiB) TX bytes:55411462770 (51.6 GiB) Interrupt:20 Memory:ec100000-ec120000 • ● You've seen the output of ifconfig from your boot logs System and Network Administration
DHCP ● Dynamic Host Configuration Protocol ● Clients lease network config from server – IP addresses and netmasks – Gateways (default routes) – DNS name servers – Syslog hosts – X font servers, proxy servers, NTP servers – and more System and Network Administration
How DHCP works (at a high level) ● Client broadcasts a “Who am I?” message ● Local DHCP server responds with network configuration lease ● When lease is half over, client renews the lease – DHCP server must track lease info (persist through server reboots, etc.) System and Network Administration
??????????

Recommended

Building the Internet of Things with Thingsquare and Contiki - day 2 part 1
Building the Internet of Things with Thingsquare and Contiki - day 2 part 1Building the Internet of Things with Thingsquare and Contiki - day 2 part 1
Building the Internet of Things with Thingsquare and Contiki - day 2 part 1Adam Dunkels
 
Sept 2017 boot process
Sept 2017 boot processSept 2017 boot process
Sept 2017 boot processshahin raj
 
Ip tables
Ip tablesIp tables
Ip tablesnavid ashrafi
 
Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...Adam Dunkels
 
Cis cvs risc
Cis cvs riscCis cvs risc
Cis cvs riscMaher Alshammari
 
All Oracle DBAs have to know about Unix Memory Monitoring
All Oracle DBAs have to know about Unix Memory MonitoringAll Oracle DBAs have to know about Unix Memory Monitoring
All Oracle DBAs have to know about Unix Memory MonitoringYury Velikanov
 
Exadata 12c New Features RMOUG
Exadata 12c New Features RMOUGExadata 12c New Features RMOUG
Exadata 12c New Features RMOUGFuad Arshad
 
07 input output
07 input output07 input output
07 input outputdilip kumar
 

Recommended

Building the Internet of Things with Thingsquare and Contiki - day 2 part 1
Building the Internet of Things with Thingsquare and Contiki - day 2 part 1Building the Internet of Things with Thingsquare and Contiki - day 2 part 1
Building the Internet of Things with Thingsquare and Contiki - day 2 part 1Adam Dunkels
 
Sept 2017 boot process
Sept 2017 boot processSept 2017 boot process
Sept 2017 boot processshahin raj
 
Ip tables
Ip tablesIp tables
Ip tablesnavid ashrafi
 
Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...Adam Dunkels
 
Cis cvs risc
Cis cvs riscCis cvs risc
Cis cvs riscMaher Alshammari
 
All Oracle DBAs have to know about Unix Memory Monitoring
All Oracle DBAs have to know about Unix Memory MonitoringAll Oracle DBAs have to know about Unix Memory Monitoring
All Oracle DBAs have to know about Unix Memory MonitoringYury Velikanov
 
Exadata 12c New Features RMOUG
Exadata 12c New Features RMOUGExadata 12c New Features RMOUG
Exadata 12c New Features RMOUGFuad Arshad
 
07 input output
07 input output07 input output
07 input outputdilip kumar
 
oda-x6-2sm-DATA SHEET
oda-x6-2sm-DATA SHEEToda-x6-2sm-DATA SHEET
oda-x6-2sm-DATA SHEETDaryll Whyte
 
IPTables Primer - Part 2
IPTables Primer - Part 2IPTables Primer - Part 2
IPTables Primer - Part 2Nishanth Kumar Pathi
 
ASP: Hosting Solution
ASP: Hosting SolutionASP: Hosting Solution
ASP: Hosting Solutionwebhostingguy
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Oracle 11G SCAN: Concepts and Implementation Experience Sharing
Oracle 11G SCAN: Concepts and Implementation Experience SharingOracle 11G SCAN: Concepts and Implementation Experience Sharing
Oracle 11G SCAN: Concepts and Implementation Experience SharingYury Velikanov
 
Netfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scaleNetfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scalebrouer
 
Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configurationstom123
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through IptablesBud Siddhisena
 
MIgrating to RAC using Dataguard
MIgrating to RAC using Dataguard MIgrating to RAC using Dataguard
MIgrating to RAC using Dataguard Fuad Arshad
 
Not bridge south bridge archexture
Not bridge south bridge archextureNot bridge south bridge archexture
Not bridge south bridge archexturesunil kumar
 
Iptables the Linux Firewall
Iptables the Linux Firewall Iptables the Linux Firewall
Iptables the Linux Firewall Syed fawad Gillani
 
Iptables in linux
Iptables in linuxIptables in linux
Iptables in linuxMandeep Singh
 
IP tables
IP tablesIP tables
IP tablesaamodt
 
Iptables fundamentals
Iptables fundamentalsIptables fundamentals
Iptables fundamentalsram_b17
 
Oracle Database Appliance - RAC in a box Some strings attached
Oracle Database Appliance - RAC in a box Some strings attached Oracle Database Appliance - RAC in a box Some strings attached
Oracle Database Appliance - RAC in a box Some strings attached Fuad Arshad
 
What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014
What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014
What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014Philippe Fierens
 
Ch6 030702
Ch6 030702Ch6 030702
Ch6 030702jyothi205
 
Introduction to embedded System.pptx
Introduction to embedded System.pptxIntroduction to embedded System.pptx
Introduction to embedded System.pptxPratik Gohel
 
07 input output
07 input output07 input output
07 input outputSher Shah Merkhel
 
Design installation-commissioning-red raider-cluster-ttu
Design installation-commissioning-red raider-cluster-ttuDesign installation-commissioning-red raider-cluster-ttu
Design installation-commissioning-red raider-cluster-ttuAlan Sill
 
Linux network tools (Maarten Blomme)
Linux network tools (Maarten Blomme)Linux network tools (Maarten Blomme)
Linux network tools (Maarten Blomme)Avansa Mid- en Zuidwest
 
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...NETWAYS
 

More Related Content

What's hot

oda-x6-2sm-DATA SHEET
oda-x6-2sm-DATA SHEEToda-x6-2sm-DATA SHEET
oda-x6-2sm-DATA SHEETDaryll Whyte
 
ASP: Hosting Solution
ASP: Hosting SolutionASP: Hosting Solution
ASP: Hosting Solutionwebhostingguy
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Oracle 11G SCAN: Concepts and Implementation Experience Sharing
Oracle 11G SCAN: Concepts and Implementation Experience SharingOracle 11G SCAN: Concepts and Implementation Experience Sharing
Oracle 11G SCAN: Concepts and Implementation Experience SharingYury Velikanov
 
Netfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scaleNetfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scalebrouer
 
Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configurationstom123
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through IptablesBud Siddhisena
 
MIgrating to RAC using Dataguard
MIgrating to RAC using Dataguard MIgrating to RAC using Dataguard
MIgrating to RAC using Dataguard Fuad Arshad
 
Not bridge south bridge archexture
Not bridge south bridge archextureNot bridge south bridge archexture
Not bridge south bridge archexturesunil kumar
 
IP tables
IP tablesIP tables
IP tablesaamodt
 
Iptables fundamentals
Iptables fundamentalsIptables fundamentals
Iptables fundamentalsram_b17
 
Oracle Database Appliance - RAC in a box Some strings attached
Oracle Database Appliance - RAC in a box Some strings attached Oracle Database Appliance - RAC in a box Some strings attached
Oracle Database Appliance - RAC in a box Some strings attached Fuad Arshad
 
What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014
What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014
What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014Philippe Fierens
 

What's hot (16)

oda-x6-2sm-DATA SHEET
oda-x6-2sm-DATA SHEEToda-x6-2sm-DATA SHEET
oda-x6-2sm-DATA SHEET
 
IPTables Primer - Part 2
IPTables Primer - Part 2IPTables Primer - Part 2
IPTables Primer - Part 2
 
ASP: Hosting Solution
ASP: Hosting SolutionASP: Hosting Solution
ASP: Hosting Solution
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
Oracle 11G SCAN: Concepts and Implementation Experience Sharing
Oracle 11G SCAN: Concepts and Implementation Experience SharingOracle 11G SCAN: Concepts and Implementation Experience Sharing
Oracle 11G SCAN: Concepts and Implementation Experience Sharing
 
Netfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scaleNetfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scale
 
Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configuration
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through Iptables
 
MIgrating to RAC using Dataguard
MIgrating to RAC using Dataguard MIgrating to RAC using Dataguard
MIgrating to RAC using Dataguard
 
Not bridge south bridge archexture
Not bridge south bridge archextureNot bridge south bridge archexture
Not bridge south bridge archexture
 
Iptables the Linux Firewall
Iptables the Linux Firewall Iptables the Linux Firewall
Iptables the Linux Firewall
 
Iptables in linux
Iptables in linuxIptables in linux
Iptables in linux
 
IP tables
IP tablesIP tables
IP tables
 
Iptables fundamentals
Iptables fundamentalsIptables fundamentals
Iptables fundamentals
 
Oracle Database Appliance - RAC in a box Some strings attached
Oracle Database Appliance - RAC in a box Some strings attached Oracle Database Appliance - RAC in a box Some strings attached
Oracle Database Appliance - RAC in a box Some strings attached
 
What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014
What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014
What we unlearned_and_learned_by_moving_from_m9000_to_ssc_ukoug2014
 

Similar to Data center security

Introduction to embedded System.pptx
Introduction to embedded System.pptxIntroduction to embedded System.pptx
Introduction to embedded System.pptxPratik Gohel
 
Design installation-commissioning-red raider-cluster-ttu
Design installation-commissioning-red raider-cluster-ttuDesign installation-commissioning-red raider-cluster-ttu
Design installation-commissioning-red raider-cluster-ttuAlan Sill
 
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...NETWAYS
 
Embedded systems-unit-1
Embedded systems-unit-1Embedded systems-unit-1
Embedded systems-unit-1Prabhu Mali
 
Opportunities of ML-based data analytics in ABCI
Opportunities of ML-based data analytics in ABCIOpportunities of ML-based data analytics in ABCI
Opportunities of ML-based data analytics in ABCIRyousei Takano
 
Maxwell siuc hpc_description_tutorial
Maxwell siuc hpc_description_tutorialMaxwell siuc hpc_description_tutorial
Maxwell siuc hpc_description_tutorialmadhuinturi
 
IBM and ASTRON 64bit μServer for DOME
IBM and ASTRON 64bit μServer for DOMEIBM and ASTRON 64bit μServer for DOME
IBM and ASTRON 64bit μServer for DOMEIBM Research
 
Link i pv4
Link i pv4Link i pv4
Link i pv4NARESH A
 
Development and Applications of Distributed IoT Sensors for Intermittent Conn...
Development and Applications of Distributed IoT Sensors for Intermittent Conn...Development and Applications of Distributed IoT Sensors for Intermittent Conn...
Development and Applications of Distributed IoT Sensors for Intermittent Conn...InfluxData
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PROIDEA
 
High Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisHigh Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisMike Pittaro
 
Mike Pittaro - High Performance Hardware for Data Analysis
Mike Pittaro - High Performance Hardware for Data Analysis Mike Pittaro - High Performance Hardware for Data Analysis
Mike Pittaro - High Performance Hardware for Data Analysis PyData
 
High Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisHigh Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisMike Pittaro
 
High Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisHigh Performance Hardware for Data Analysis
High Performance Hardware for Data Analysisodsc
 

Similar to Data center security (20)

Ch6 030702
Ch6 030702Ch6 030702
Ch6 030702
 
Introduction to embedded System.pptx
Introduction to embedded System.pptxIntroduction to embedded System.pptx
Introduction to embedded System.pptx
 
07 input output
07 input output07 input output
07 input output
 
Design installation-commissioning-red raider-cluster-ttu
Design installation-commissioning-red raider-cluster-ttuDesign installation-commissioning-red raider-cluster-ttu
Design installation-commissioning-red raider-cluster-ttu
 
Linux network tools (Maarten Blomme)
Linux network tools (Maarten Blomme)Linux network tools (Maarten Blomme)
Linux network tools (Maarten Blomme)
 
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
 
java
javajava
java
 
Embedded systems-unit-1
Embedded systems-unit-1Embedded systems-unit-1
Embedded systems-unit-1
 
Opportunities of ML-based data analytics in ABCI
Opportunities of ML-based data analytics in ABCIOpportunities of ML-based data analytics in ABCI
Opportunities of ML-based data analytics in ABCI
 
100 M pps on PC.
100 M pps on PC.100 M pps on PC.
100 M pps on PC.
 
Maxwell siuc hpc_description_tutorial
Maxwell siuc hpc_description_tutorialMaxwell siuc hpc_description_tutorial
Maxwell siuc hpc_description_tutorial
 
03_Buses (1).ppt
03_Buses (1).ppt03_Buses (1).ppt
03_Buses (1).ppt
 
IBM and ASTRON 64bit μServer for DOME
IBM and ASTRON 64bit μServer for DOMEIBM and ASTRON 64bit μServer for DOME
IBM and ASTRON 64bit μServer for DOME
 
Link i pv4
Link i pv4Link i pv4
Link i pv4
 
Development and Applications of Distributed IoT Sensors for Intermittent Conn...
Development and Applications of Distributed IoT Sensors for Intermittent Conn...Development and Applications of Distributed IoT Sensors for Intermittent Conn...
Development and Applications of Distributed IoT Sensors for Intermittent Conn...
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
 
High Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisHigh Performance Hardware for Data Analysis
High Performance Hardware for Data Analysis
 
Mike Pittaro - High Performance Hardware for Data Analysis
Mike Pittaro - High Performance Hardware for Data Analysis Mike Pittaro - High Performance Hardware for Data Analysis
Mike Pittaro - High Performance Hardware for Data Analysis
 
High Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisHigh Performance Hardware for Data Analysis
High Performance Hardware for Data Analysis
 
High Performance Hardware for Data Analysis
High Performance Hardware for Data AnalysisHigh Performance Hardware for Data Analysis
High Performance Hardware for Data Analysis
 

More from Duressa Teshome

Resource Monitoring and Management II
Resource Monitoring and Management IIResource Monitoring and Management II
Resource Monitoring and Management IIDuressa Teshome
 
User administration concepts and mechanisms
User administration concepts and mechanismsUser administration concepts and mechanisms
User administration concepts and mechanismsDuressa Teshome
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System AdministrationDuressa Teshome
 
Windows Network concepts
Windows Network conceptsWindows Network concepts
Windows Network conceptsDuressa Teshome
 
Resource Monitoring and management
Resource Monitoring and management Resource Monitoring and management
Resource Monitoring and management Duressa Teshome
 

More from Duressa Teshome (6)

Resource Monitoring and Management II
Resource Monitoring and Management IIResource Monitoring and Management II
Resource Monitoring and Management II
 
User administration concepts and mechanisms
User administration concepts and mechanismsUser administration concepts and mechanisms
User administration concepts and mechanisms
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System Administration
 
Windows Network concepts
Windows Network conceptsWindows Network concepts
Windows Network concepts
 
Resource Monitoring and management
Resource Monitoring and management Resource Monitoring and management
Resource Monitoring and management
 
Course Outline
Course OutlineCourse Outline
Course Outline
 

Recently uploaded

Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...Suhani Kapoor
 
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...ranjana rawat
 
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...Pooja Nehwal
 
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
9004554577, Get Adorable Call Girls service. Book call girls & escort service...
9004554577, Get Adorable Call Girls service. Book call girls & escort service...9004554577, Get Adorable Call Girls service. Book call girls & escort service...
9004554577, Get Adorable Call Girls service. Book call girls & escort service...Pooja Nehwal
 
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Call Girls in Nagpur High Profile
 
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...Call Girls in Nagpur High Profile
 
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...Call Girls in Nagpur High Profile
 
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...Call Girls in Nagpur High Profile
 
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查awo24iot
 
Thane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsThane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsPooja Nehwal
 
Call Girls in Vashi Escorts Services - 7738631006
Call Girls in Vashi Escorts Services - 7738631006Call Girls in Vashi Escorts Services - 7738631006
Call Girls in Vashi Escorts Services - 7738631006Pooja Nehwal
 
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样qaffana
 
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Call Girls in Nagpur High Profile
 
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...Naicy mandal
 
Call Girls In Andheri East Call 9892124323 Book Hot And Sexy Girls,
Call Girls In Andheri East Call 9892124323 Book Hot And Sexy Girls,Call Girls In Andheri East Call 9892124323 Book Hot And Sexy Girls,
Call Girls In Andheri East Call 9892124323 Book Hot And Sexy Girls,Pooja Nehwal
 

Recently uploaded (20)

young call girls in Sainik Farm 🔝 9953056974 🔝 Delhi escort Service
young call girls in Sainik Farm 🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Sainik Farm 🔝 9953056974 🔝 Delhi escort Service
young call girls in Sainik Farm 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escorts
 
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
 
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...
(MEGHA) Hinjewadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune E...
 
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
 
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service
 
9004554577, Get Adorable Call Girls service. Book call girls & escort service...
9004554577, Get Adorable Call Girls service. Book call girls & escort service...9004554577, Get Adorable Call Girls service. Book call girls & escort service...
9004554577, Get Adorable Call Girls service. Book call girls & escort service...
 
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
 
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Ravet ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
 
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...
 
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Thane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsThane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call Girls
 
Call Girls in Vashi Escorts Services - 7738631006
Call Girls in Vashi Escorts Services - 7738631006Call Girls in Vashi Escorts Services - 7738631006
Call Girls in Vashi Escorts Services - 7738631006
 
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
 
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Chakan ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
 
Call Girls In Andheri East Call 9892124323 Book Hot And Sexy Girls,
Call Girls In Andheri East Call 9892124323 Book Hot And Sexy Girls,Call Girls In Andheri East Call 9892124323 Book Hot And Sexy Girls,
Call Girls In Andheri East Call 9892124323 Book Hot And Sexy Girls,
 

Data center security

  • 1. CHAPTER 5: DATA CENTER ● Data Centers – Desirable features – Planning – Securing Data center ● Hardware Maintenance
  • 2. Desirable features of a data center – Air conditioning, humidity control – Access to building-wide reliable (uninterruptable) power supply and raw power – Elimination of single points of failure (e.g., network cable) – Provision of hot standby equipment – Hot-swappable parts ● Hard drives, power supplies, UPS batteries – Protection from natural disasters like fire and floods ● Server room should be its own 'fire cell'
  • 3. Desirable features of a data center – Secure – both the facility (also not easily seen), and individual spaces when multiple organizations use same facility – Easy access to cabling – No flooring that generates static electricity – Well organized – equipment marked, tagged, and mapped
  • 4. Data Center Needs – Temperature: 64-80F ● Ambient temperature (in room) is usually 40+ degrees lower than inside of computer ● When chips reach ~120F, they may not work correctly; at ~160F, they break (some CPUs can operate up to ~200F) – Humidity: 30-55% ● Too high – condensation, short circuits ● Too low – static electricity, jamming of printers, etc. – Security (theft, vandalism, disaster) – Space for equipment, people (to work on equipment)
  • 5. Data Center Planning ● What are your present and future needs? – We would like to tire out all resources at the same time ● Security requirements ● Fire/other hazard protection ● How much Heating and Air Conditioning? ● How much raw power? Back-up power? ● How much space?
  • 7. Fire Hazard Protection – Useful to have early smoke detection so that failing equipment can be turned off before a fire starts
  • 9. HVAC for Data Centers Need to account for ● Roof, walls, and windows (HVAC engineer) ● Electronic gear (power consumption) ● Light equipment ● Operators (people) ● Humidity control
  • 10. Example HVAC Calculation – 25 servers * 450W/server * 3.412 KJ/watt = 38,385KJ – 6 lights * 160W/light * 3.412 KJ/W = 3,276 KJ – 4 humans * 300 KJ/ human = 1,200KJ – 20,000 KJ for roof, walls, and windows (given by HVAC engineer) – Total is 62,861 KJ
  • 11. Air Cooling is Possible • Facebook data center in Sweden
  • 12. Power in Data Centers It's a big deal – sometimes difficult to get enough power in a machine room, and the power to individual machines should be remotely controllable (e.g., to power cycle from afar) APCC integrated power, cooling, management
  • 14.
  • 15. Dense Usage – Large enough enterprises may find it useful to do mass customization – Note wheels on racks, no cases, preconfigured in this older Google data center
  • 16. Buy a pre-built data center
  • 17. Easy transport by truck or ship • [Rackable is now called SGI...]
  • 18. Maintenance of Systems ● Keep a log book of failures and replacements ● Shop around for good warranties ● Keep spare replacement systems ● Consider maintenance contracts – For equipment too expensive for holding spares – 4-48 hour response times; often function like an extended warranty
  • 19. Preventive Maintenance – Vacuum insides of computers in bad locations (lots of dust, carpets)
  • 20. Preventive Maintenance • Clean filters/vents regularly
  • 21. Preventive Maintenance – Avoid static electricity ● Be grounded when handling electronics – Periodically check servers for failed fan and power Supplies – Add temperature monitors (internal and external) and water sensors under raised floors – Attach additional fans if noise is not an issue
  • 22. SECTION 2 Networking System and Network Administration
  • 23. Networking ● TCP/IP Networking – We will cover just some of the practical issues – Highly recommend taking a networking course ● What is TCP/IP? ● Layers, addresses, NAT ● Protocols: ARP, DHCP System and Network Administration
  • 24. TCP/IP ● Most common networking protocol suite ● Foundation of the Internet – 2.8B+ users online worldwide (Dec 2013) – 1.01B+ hosts online (Jan 2014) ● Network applications typically use one of two transport protocols: – TCP – Transmission Control Protocol – UDP – User Datagram Protocol ● All traffic carried by IP – Internet Protocol System and Network Administration
  • 25. Protocols – IP ● Packet-oriented (routers don't care what is in packets or what came before) – TCP ● Connection-oriented, two-way, reliable, in-order transport of stream of bytes. ● Congestion control – slow down when congestion is noticed, speed up when resources available. ● Flow control – don't overwhelm receiver. – UDP: is not connection oriented. System and Network Administration
  • 26. TCP/IP network stack System and Network Administration
  • 27. TCP/IP network stack System and Network Administration
  • 28. Layers + Encapsulation System and Network Administration
  • 29. Addressing ● Different layers use different addressing – App. layer allows people to use hostnames – IP (network) layer requires IP addresses – Link layer requires MAC addresses ● Ports identify process or service on a host – List of well-known ports in /etc/services – Ports <= 1024 are privileged ports (req. root) System and Network Administration
  • 30. Address types ● IP layer and link layer have multiple address types – Unicast – single host (network interface) – Broadcast – addresses that include all hosts on a particular network ● All bits in host part of address are ones – Multicast – addresses that identify a group of hosts ● IPv4 addresses with first byte in 224-239 System and Network Administration
  • 31. IP Addresses ● IPv4 address has four bytes – Split into network and host portions – Internet originally used classes of IP addresses System and Network Administration www.ju.edu.et = 10.140.5.20 ● Class A
  • 32. Address Shortage ● Before CIDR, concern for enough addresses – Class Bs would be gone by 1995 – Router tables were exploding (growing beyond router capacities) ● CIDR + NAT + name-based virtual hosting greatly slowed down IP allocations ● IPv6 solves this (16 byte addresses!) System and Network Administration
  • 33. NAT ● Network Address Translation – Router intercepts packets, replaces internal network addresses and ports with externally visible addresses and ports – Maintains mapping so that external packets are directed to the right internal host – Typically uses a single public IP address, many ports, but can (in theory) map arbitrary hosts/ports System and Network Administration
  • 34. NAT: Network Address Translation System and Network Administration
  • 35. Private Addresses ● While a NAT can protect your internal addresses from being visible in IP headers, it isn't perfect – Some apps will encode addresses in data – What if you really want to connect to the external host with an IP address same as an internal host? ● Most use private address space (unroutable) System and Network Administration
  • 36. ARP: Address Resolution Protocol – Once the routing of a packet has been determined, it must be transmitted to the next gateway or host on the local network – LAN transmissions use LAN (MAC) addresses – ARP is used to discover the hardware address of the target IP address – ARP sends a LAN broadcast asking who has the desired IP address; the owner responds with a unicast message with answer ● Results cached in a table (also collected via snooping) System and Network Administration
  • 37. Sample ARP table % /sbin/arp –a davison.cse.lehigh.edu (128.180.121.225) at 00:11:43:A0:0F:D8 [ether] on eth0 wume2.cse.lehigh.edu (128.180.121.222) at 00:08:54:1E:44:D4 [ether] on eth0 pan.cse.lehigh.edu (128.180.120.90) at 00:14:4F:0F:9C:1A [ether] on eth0 wume1.cse.lehigh.edu (128.180.121.221) at 00:08:54:1E:44:D0 [ether] on eth0 chiron.cse.lehigh.edu (128.180.120.87) at 00:14:4F:21:44:D8 [ether] on eth0 xena.cse.lehigh.edu (128.180.120.86) at 00:14:4F:21:52:E0 [ether] on eth0 hydra.cse.lehigh.edu (128.180.120.89) at 00:14:4F:21:53:F2 [ether] on eth0 kato.eecs.lehigh.edu (128.180.120.6) at 08:00:20:C4:20:08 [ether] on eth0 noon.cse.lehigh.edu (128.180.121.219) at 00:0F:1F:F9:C1:68 [ether] on eth0 wume-lab2.cse.lehigh.edu (128.180.122.153) at 00:18:8B:24:5A:F4 [ether] on eth0 lu-gw.eecs.lehigh.edu (128.180.123.254) at 00:00:0C:07:AC:00 [ether] on eth0 nix.cse.lehigh.edu (128.180.120.88) at 00:14:4F:21:44:C4 [ether] on eth0 ceres.cse.lehigh.edu (128.180.120.91) at 00:14:4F:23:F9:80 [ether] on eth0 rosie.eecs.lehigh.edu (128.180.120.4) at 08:00:20:B1:FC:F3 [ether] on eth0 wume-lab1.cse.lehigh.edu (128.180.122.152) at 00:18:8B:24:5D:E2 [ether] on eth0 morning.cse.lehigh.edu (128.180.120.43) at 00:C0:9F:38:CD:51 [ether] on eth0 wume-lab6.cse.lehigh.edu (128.180.122.157) at 00:0A:E6:5D:48:03 [ether] on eth0 System and Network Administration
  • 38. Network Configuration – Adding a machine to a LAN ● Assign unique IP address and hostname (per interface) ● Set up host to configure network interfaces at boot time ● Set up default route ● Point to DNS name server (resolver) – Files ● /etc/sysconfig/network-scripts/ifcfg-eth0 ● Hostname, default route, IP address, netmask, broadcast – DHCP could do all of this automatically System and Network Administration
  • 39. Mapping names to IP addresses ● Three choices: /etc/hosts, NIS, DNS ● Simplest: /etc/hosts % more /etc/hosts # # Internet host table # 127.0.0.1 localhost 128.180.120.15 proxima 128.180.120.9 mailhost 128.180.120.103 ariel ● Works when NIS or DNS is broken – e.g., at boot time System and Network Administration
  • 40. ifconfig • – Configure network interfaces with ifconfig • ● ifconfig eth0 128.138.240.1 netmask 255.255.255.0 up • ● shows configuration, e.g., for Linux: phobos:~% ifconfg -a eth0 Link encap:Ethernet HWaddr 88:51:FB:6F:F3:37 inet addr:128.180.120.85 Bcast:128.180.123.255 Mask:255.255.252.0 inet6 addr: fe80::8a51:fbf:fe6f:f337/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:82607119 errors:0 dropped:0 overruns:0 frame:0 TX packets:52787875 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:23578082323 (21.9 GiB) TX bytes:55411462770 (51.6 GiB) Interrupt:20 Memory:ec100000-ec120000 • ● You've seen the output of ifconfig from your boot logs System and Network Administration
  • 41. DHCP ● Dynamic Host Configuration Protocol ● Clients lease network config from server – IP addresses and netmasks – Gateways (default routes) – DNS name servers – Syslog hosts – X font servers, proxy servers, NTP servers – and more System and Network Administration
  • 42. How DHCP works (at a high level) ● Client broadcasts a “Who am I?” message ● Local DHCP server responds with network configuration lease ● When lease is half over, client renews the lease – DHCP server must track lease info (persist through server reboots, etc.) System and Network Administration

Editor's Notes

  1. heating, ventilation, and air conditioning. The system is used to provide heating and cooling services to buildings. HVAC systems have become the required industry standard for construction of new buildings.