CIS 303a - Computer Architecture

Chapter 14, System Administration

Objectives:

The last lesson is about IT system administration concerns. Objectives important to this lesson:

  1. Responsibilities and tasks
  2. Acquiring hardware and software
  3. Evaluating resource requirements and system performance
  4. Ensuring system security
  5. Physical environment concerns
Concepts:
Chapter 14

Chapter 14 begins a list of three tasks that a system administrator typically performs.

  • acquire new IT (or IS, the meaning is the same) resources
  • maintain system resources (keep the system running)
  • develop and implement security policy for the system

The first bullet has to do with installing or improving a system. The second has to do with ongoing needs of the system. The third may actually be the responsibility of your organization's security division, but as the administrator of a system you will at least be required to participate in the development of security policies for it, and you may be required to develop them on your own.

The author continues on page 531 with some very high level concepts. He begins by stating that equipment acquisition and deployment must be in done in the context of a strategic plan. Maybe. In some organizations, the strategic plan is very general, such as "we will be the best information technology department in the world". In that example, the plan does not include measures or time frames, so we cannot be sure we are on track to to attain its elusive goal. If the more specific, more localized plan you operate under says something like "we will improve our service time by 25% this quarter by using the new scheduling system", then you have a plan that supports the system you are trying to acquire, you have a time frame to attain it in, and you presumably have a measure for service time already that you will continue to use.

The next high level topic the author hits is part of accounting. The author defines a capital expense as money you pay for something that is expected to last beyond the current fiscal (business) year. He defines an operating expense as money paid for something that lasts only for current fiscal year, or for a portion of that year.

The author further states that capital resources that benefit multiple divisions of a company, and those which serve multiple functions for such divisions can be called infrastructure resources. The text lists four characteristics of such resources:

  • the resource serves a large and diverse population of users
  • the cost of the resource would be difficult to allocate to individual users
  • there is a recurring need to spend money for such resources
  • maintenance costs for the resources can be high (I am in doubt about this one.)

Examples of infrastructure resources would include data and communication wiring, network servers, and network and directory software. You should consider the bullets at the top of page 532 when planning for infrastructure expenditures:

  • What services will be provided and how do we bill the users?
  • What infrastructure does the service require?
  • What are the costs of maintaining, operating, and improving the infrastructure?

The text discusses standardizing services and equipment for the cost savings it will provide. There will be a higher cost to offering a menu of services than there will be to offering only one or two types. Offering a variety of services and equipment to your user population leads to more kinds of maintenance, varying equipment costs, different infrastructure requirements, and a varying budget from year to year.

On page 534, the text moves on to acquisitions. People acquire new hardware, software, and systems for many reasons, not just the three on that page. The better point is that making an acquisition should be done for good business reasons. Creating a business case for a system change is required in most organizations, and having that business case approved does not necessarily end the process. Adding new systems or components for them is more complex than just buying a new printer or a new computer. Often, a bidding process must be followed which can begin with a request for proposal (RFP). See the list of five steps on page 534:

  1. Determine what you want to buy, and what it supports in your enterprise. This is the business case.
  2. Specify what the system or components must do. This is the statement of technical requirements.
  3. Create a request for proposal (RFP). This is an invitation to vendors to bid on the job.
  4. Evaluate the responses to the RFP. This may lead to asking approved vendors for a response to a request for quote (RFQ). The RFQ is a request for an actual price on a system or item.
  5. Evaluate the RFQ responses or proceed with a choice from the RFP responses. Create a contract with the selected vendor.

On page 535, the text begins to elaborate on the steps listed above. You should note the sections on preparing an RFP and on evaluating responses to an RFP.

Components of an RFP:

  • Requester (the entity requesting the bid) identification, address, contact information
  • Required content sections and format for responses
  • Due date for responses
  • Minimum technical requirements
    • hardware and software requirements
    • installation and training requirements
    • maintenance requirements
    • minimum warranty and guarantee requirements
    • service requirements
    • cost and payment requirements
  • Requirements the bidder must meet
  • Evaluation criteria for the responses

The text continues with a discussion about the evaluation process. Proposals must be rated as acceptable or not. Acceptable proposals must be scored. High scoring proposals must be validated: the claims of the bidder must be examined for accuracy and probability of success.

On page 538, the text begins a section on evaluating performance. When a system is installed, it is recommended to begin benchmarking its performance. You will want to know whether it meets the goals set for the system at the outset, whether performance increases or decreases over time, and what effect work load and environmental variables have on it.

Some well known, frequently used applications have established benchmark scores, as noted on page 539. These scores on systems with known configurations and technical ratings can be compared to score on your systems to view your systems in a known context.

The text also discusses using monitoring software to measure the performance of your system over time. Some tools are built in to some versions of Windows, notably the server versions.

On page 542, the text changes topics to discuss security concerns for system administrators. The text explains that security can mean protecting all of the resources in which a company has invested, including hardware, software, facilities, and staff. The text presents an overview of several area of concern.

  • Protect the physical resources of the enterprise, which includes secure rooms and doors, monitored and restricted access, and alarm and containment systems where necessary.
  • Access controls, rules, and policies that require multi-layered authentication and authorization to gain access to enterprise resources.
  • Password requirements and restrictions should include length and complexity, expiration dates, strength analysis, and encryption in packets going across a network.
  • Account lockout restrictions should be applied to prevent automated brute force attacks.

In computer security, auditing is tracking the actions of users and processes on a network. The text explains that an OS may include the ability to track the actions of any user or process, but the feature is usually turned off due to the size and number of the log files that are generated. It requires judgment on the part of a good administrator to decide how and when to enable auditing controls.

The text spends a page on virus protection, and lists some classic virus types that concern system and network administrators. His discussion is brief, so I will add a few notes from ITS 305 about two types of infecting software. (ITS 305 is a class for next term.)

Infecting software is divided into viruses and worms. A virus typically requires a carrier to infect a system, like an email, an instant message, or a program that the user runs. A virus typically has two tasks: replicate and damage. Some viruses have historically been rather benign, just displaying a message to the user. The ones that cause damage to a system are categorized by the method they use or the damage they cause:

  • file infector - the virus attaches itself to an executable file; it is triggered when that file is run
  • resident (aka terminate and stay resident) virus - loads into RAM, then does its damage based on actions the user takes through the operating system
  • boot virus - infects the Master Boot Record of a hard disk, which means the virus will load and run the next time the hard drive is used to boot the computer; typically the virus will trash the hard drive
  • companion virus - found more on pre-Windows systems, loads a program with a name similar to that of a real program, but with a preferred extension so the companion (malware) program is run when the user tries to run the real program from a command line; this seems like it might have a resurgence in Windows Server 8 which has more command line features
  • macro virus - a script virus that is typically placed in a Microsoft Office file, or runs in a language that a Windows system will understand

Virus protection programs typically recognize viruses by signatures, the way they look and act. This recognition method is complicated by metamorphic viruses that change the way they look over time, and polymorphic viruses that change their signature and their encryption methods.

Worms have a major difference from other viruses. Once it is started, a worm can replicate itself across connected computer systems by itself. It does not need a carrier. A worm can attack any running computer that is connected to a network that an already infected computer is on: it does not require cooperation from the user. Worms are more dangerous due to their self-driven nature. Once a worm is detected in a system, each device on the network must be scanned for it, cleaned if necessary, and prevented from accessing the network until this is done.

The text tells us that we must protect the network as well as individual devices on it from virus attacks, and we must make sure that we are using the most up to date versions of protection that we can obtain. Recently updated and automated protection are phrases to make part of your plan.

The text continues the topic of updating protection with a discussion of updates to applications and operating systems. A balance must be reached between allowing constant automated updates and examining each update before we allow our users to have it. In a complex environment, typically one that contains legacy applications, it is often necessary to determine that a security update or patch will not cause a problem for our users. This should be a regular process done by staff who are familiar with the products we use and familiar with examining updates for trouble. A managed environment will prevent users from having the most recent protection, but it will also be less vulnerable to attacks that depend on users having administrative rights to their devices.

The text moves on to a brief discussion of firewalls. The author's discussion is a bit longer here. Firewalls can be implemented as network firewalls (hardware or software) or host-based firewalls (software). Their purposes are similar, but a network firewall must handle much more traffic. Since they are meant to protect a large number of devices, a network firewall is typically placed at a traffic choke point, a part of the network through which most of your packets will pass. A good place to put a firewall is between the main switch for a network and the router that provides access to the Internet. It should be monitoring traffic flowing into and out of our network.

The text reminds us that firewalls may be stateless or stateful. The difference is that stateful firewalls will not allow traffic between devices unless a proper communication session has been established between them. This prevents attacks that begin with an uninvited transmission.

There are several common actions that a firewall may take based on the rules set by an administrator. Simple firewalls may have fewer options:

    • allow - allow the traffic to continue
    • drop - deny the traffic, and send no response to the sender
    • reject - deny the traffic, but send a response that the destination cannot be reached
    • ask - alert an administrator, asking what to do

Most firewalls will follow rules based on the properties of received packets, such are where the traffic is from, where it is going, and what protocol is being used.

Firewalls may also be application aware, which means they can make decisions about packets based on the application they are trying to access on the receiving device.

The author finishes the chapter with a discussion of physical aspects of a work site that affect health and safety as well as effective use of equipment. He lists most of his concerns in the bullets at the bottom of page 551:

  • electrical power - protect equipment from power variances with surge suppressors and Uninterruptible Power Supplies that provide filtered current to the devices
  • heat dissipation - computer rooms typically require more cooling than other rooms in an office, due to the heat generated by concentration of electronic devices
  • moisture - humidity is a problem and a blessing; high humidity is bad for electronics, but good for suppressing static electricity; low humidity leads to static charge accumulation; a balance must be maintained, typically through your heating and cooling system; water itself can cause damage when it is applied and corrosion after it dries (depending on the mineral content) so equipment should be protected from spills and exposure to liquids
  • cable routing - the text's discussion of cable routing, specifically using raised floors, addresses safe routing of cables as well as added protection from minor flooding; the text also mentions using proper conduits for separately routing power and communication/data lines
  • fire protection - there is a great deal to be said about fire protection: let's have a sidebar here.


  • disaster recovery - the last topic in the chapter is often given one or more chapters in a text instead of three paragraphs; the author lays out the basic ideas behind several kinds of disaster plans.
    • back up your data regularly and often
    • store your backup copies at alternate sites, not at your main locations
    • have alternate operational sites where your data can be restored and operations can continue during a disaster
    • have a plan for using alternate locations or leasing equipment and space in which to operate during a disaster