ASSIGNMENT 3 CIT210 OP. SYS. MANAGE FALL 2023

docx

School

Santa Monica College *

*We aren’t endorsed by this school

Course

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by josuefig99

CIT210 OP. SYS. MANAG. (Assignment 3) Assignment 3: Operating System: Virtualization, Containers and Cloud Computing, System Monitoring (100 Points) Exercise 1 : (15 Points) 1. What Is The Difference Between Emulation, Native Virtualization, And Para Virtualization ? (3 points) - Emulation: this involves mimicking the entire hardware such that the guest software (which could be an OS or an application) doesn't realize it's not running on actual hardware. It can run unmodified guest OS/software. It's typically slower because of the overhead of emulating hardware. - Native Virtualization: it uses the real hardware to execute guest instructions. A hypervisor sits between the OS and hardware and handles the OS requests to the hardware. The guest OS does not need to be modified. - Para Virtualization: Unlike full virtualization, the guest OS in para-virtualization is aware of the virtual environment and is modified to run efficiently on it. It communicates directly with the hypervisor for critical tasks, improving performance. 2. What is Type-1 and Type-2 hypervisor ? What are different hypervisors available in Linux ? (3 points) The type 1 hypervisor sits on top of the bare metal server and has direct access to the hardware resources. Because of this, the type 1 hypervisor is also known as a bare metal hypervisor. In contrast, the type 2 hypervisor is an application installed on the host operating system. Hypervisors available in Linux: KVM (Kernel-based Virtual Machine) Xen QEMU (used for emulation and also works with KVM for full virtualization) LXC (for container virtualization, not full machine virtualization) Department of Computer Science Fall 2023

3. OpenStack (9 Points) a. Describe OpenStack. OpenStack is an open-source software platform used for building and managing cloud computing platforms for public and private clouds. It's primarily deployed as Infrastructure as a Service (IaaS). b. Explain the benefits of using OpenStack Cloud. Improving business agility Increasing the efficiency of core processes Enhancing the availability of resources Adding flexibility and adaptability to your infrastructure c. What are the key components of OpenStack? - Nova - Object Storage (Swift) - Block Storage (Cinder) - Networking (Neutron) - Dashboard (Horizon) - Keystone - Orchestration (Heat) - Telemetry - Glance Exercise 2 : ( 15 Points 3 Points Each) 1. What are the differences between Qemu and KVM ? Department of Computer Science Fall 2023

QEMU is a type 2 hypervisor that runs within user space and performs virtual hardware emulation, whereas KVM is a type 1 hypervisor that runs in kernel space, that allows a user space program access to the hardware virtualization features of various processors. 2. What is Virtual Machine Snapshots? A VM snapshot captures the entire state of the VM at a particular moment in time, including its current data and the state of its memory. This allows the administrator to revert the VM back to that state when required. It's useful for testing changes without permanent effects or for backups. 3. What is virtual Machine Cloning? What are the types of cloning in virtualization? VM Cloning is the process of creating an exact copy of a virtual machine, including its configuration and the disks. Types of Cloning: Full Clone : A complete and independent copy of a virtual machine including all its disks. It doesn't share anything with the source VM and operates entirely separately. Linked Clone: A reference copy of a virtual machine that shares virtual disks with the source VM. It refers back to the base VM for read operations and uses a delta disk to store its own changes. 4. What are the differences between virtualization and containerization ? Virtualization relies on hypervisors and complete OS instances, providing strong isolation and compatibility with diverse operating systems. Containerization, on the other hand, leverages lightweight containers and shared OS kernels, offering increased agility, portability, and scalability. 5. Explain Docker Architecture? Docker uses a client-server architecture. Docker Client: This is the primary way users interact with Docker. When you use commands like docker run, the client sends them to dockerd (Docker daemon) which carries them out. Docker Daemon (dockerd): Listens to Docker API requests and communicates with other Docker daemons to manage Docker services. Docker Images: Read-only templates used to create containers. They can be shared using Docker Hub or other registries. Department of Computer Science Fall 2023

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Docker Containers: Running instances of Docker images. Docker Registries: Store Docker images. Docker Hub and Docker Cloud are public registries that anyone can use, and Docker is configured to look for images on Docker Hub by default. Docker Compose: A tool for defining and running multi-container Docker applications. Exercise 3 : (15 Points 5 Points Each) 1. An increasing number of organizations in industry and business sectors adopt cloud systems. Answer the following questions regarding cloud computing: (5 Points) a. List and describe the main characteristics of cloud computing systems. - On-demand Self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction. - Broad Network Access: Capabilities are available over the network and accessed through standard mechanisms. - Resource Pooling: The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. - Rapid Elasticity: Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. - Measured Service: Cloud systems automatically control and optimize resource use by leveraging a metering capability. Resources are monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. b. Discuss key enabling technologies in cloud computing systems. Moreover, characterize the following three cloud computing models: - Virtualization: Allows multiple virtual servers to run on a single physical server, maximizing resource utilization. - Service-oriented Architecture (SOA): Provides the flexibility to use an application's components through an interface. - Distributed Computing: Cloud computing uses distributed systems to process data and online services. - Broadband Networks: Provides faster data transfer and connection to the cloud. - Advanced Browser Technology: Enables users to access cloud applications and manage tasks using web browsers. - Free and Open Source Software (FOSS): Reduces software costs for cloud computing technologies. Department of Computer Science Fall 2023

a. What is an IaaS (Infrastructure-as-a-Service) cloud? Give one example system. Offers virtualized computing resources over the internet. With IaaS, the cloud provider hosts the infrastructure components that are traditionally present in an on-premises data center. - Example: Amazon Web Services (AWS) EC2. b. What is a PaaS (Platform-as-a-Service) cloud? Give one example system. Provides a platform that allows customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and deploying an app. - Example: Google App Engine. c. What is a SaaS (Software-as-a-Service) cloud? Give one example system. Provides on-demand software over the internet. Users can access SaaS applications right from their web browser, without any installations or downloads. - Example: Microsoft Office 365. 2. Compare the similarities and differences between traditional computing clusters/grids and the computing clouds launched in recent years. Consider all technical and economic aspects as listed below. Answer the following questions against real example systems or platforms built in recent years. (5 Points) a. Hardware, software, and networking support. - Traditional Computing Clusters/Grids: Hardware: Usually consists of homogenous servers in dedicated data centers. Software: Relies on job schedulers (like PBS, SGE), and middleware solutions for grid computing like Globus Toolkit. Networking: Typically high-speed internal networks with potentially slower links between different grid locations. - Cloud Computing: Hardware: Highly scalable and diverse, including commodity hardware to specialized GPUs and TPUs in massive data centers across the world. Software: Managed by hypervisors like Xen, KVM for virtualization, and platforms like OpenStack, Kubernetes for orchestration. Networking: Advanced virtual networking that supports multi-tenancy, and globally distributed content delivery networks (CDN). b. Resource allocation and provisioning methods. - Traditional Computing Clusters/Grids: Resources are generally allocated using job schedulers that queue tasks and run them based on job priorities and available resources. Department of Computer Science Fall 2023

- Cloud Computing: Resources can be provisioned on-demand in real-time. They can be auto-scaled based on the workload, using services like AWS Auto Scaling. c. Infrastructure management and protection. - Traditional Computing Clusters/Grids: Typically managed by institutional IT teams, with manual backups, disaster recovery plans, and security implementations. - Cloud Computing: Providers like AWS, Google Cloud, and Azure offer advanced tools for infrastructure management. They provide automated backups, advanced threat detection, and managed disaster recovery services. d. Support of utility computing services. - Traditional Computing Clusters/Grids: The concept was there, but not as mature. Users would be billed based on the computational time and storage used. - Cloud Computing: Intrinsic support for utility computing. Users pay only for what they use, be it storage, compute, or data transfer. e. Operational and cost models applied. - Traditional Computing Clusters/Grids: High initial capital expenditure (CapEx) for setting up and operational expenditure (OpEx) for maintenance. Costing is based on the estimation of maximum required capacity. - Cloud Computing: Typically follows a pay-as-you-go model. Initial setup costs are low, with costs incurring based on actual usage. This reduces CapEx and transforms costs largely into OpEx. Cloud providers offer calculators to estimate these costs, like the AWS Pricing Calculator. 3. Briefly explain each of the following cloud computing services. Identify two cloud providers by company name in each service category. (5 Points) a. Application cloud services. These services provide end-user applications over the internet, typically through a web browser interface. They are often referred to as Software as a Service (SaaS). - Providers: 1. Department of Computer Science Fall 2023

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Salesforce: Offers cloud-based customer relationship management (CRM) software. 2. Google Workspace (formerly G Suite): Offers cloud-based productivity tools like Gmail, Google Docs, and Google Sheets. b. Platform cloud services. Provides a platform allowing customers to develop, run, and manage applications without the complexities of building and maintaining the infrastructure. Often referred to as Platform as a Service (PaaS). - Providers: 1. Google App Engine: A platform for building scalable web applications and mobile backends. 2. Microsoft Azure App Service: A platform for building, deploying, and scaling web apps. c. Compute and storage services. Offers virtualized computing resources over the cloud and storage solutions. This category includes both Infrastructure as a Service (IaaS) for compute resources and various storage services. - Providers: 1. Amazon Web Services (AWS): Provides EC2 for compute capacity and services like S3 for storage. 2. DigitalOcean: Offers Droplets for virtual machines and Spaces for scalable object storage. d. Collocation cloud services. Customers rent space for their servers and other hardware in a data center facility. The facility provides power, cooling, and physical security, while customers retain control over their hardware and software. - Providers: 1. Equinix: Offers collocation services in multiple countries around the world. 2. CoreSite: Provides data center collocation across the U.S. e. Network cloud services: Services that offer scalable and virtualized network capabilities, often including functionalities like Content Delivery Networks (CDN), Virtual Private Networks (VPN), and more. - Providers: 1. Akamai: Known for its content delivery network services to speed up & secure web applications. 2. Cisco Meraki: Offers cloud-managed IT solutions including networking, wireless, and security. Exercise 4 : Azure Cloud Platform (15 Points) a. How is Windows Active Directory and Azure Active Directory different? While both platforms share some common features, there are also some differences between them. The core architectural difference between Active Directory is that AD was designed for on-premises data centers and Azure AD was designed for the Microsoft cloud. b. What is the Federation in Azure SQL? It provides tools that allow developers to scale out (by sharding) in SQL Azure. Here are some of the benefits of a sharded database: Taking advantage of greater resources within the cloud on Department of Computer Science Fall 2023

demand. Allowing customers to have their own database, to share databases or to access many databases. c. What are the different types of storage offered by Azure? Azure Storage offers five core services: Blobs, Files, Queues, Tables, and Disks. Exercise 5 : Cloud Security (25 Points) a. Explain with examples what are the Cloud Computing Threats ? Research and list few cloud Computing Attacks. Cloud computing threats refer to security risks that affect the confidentiality, integrity, and availability of cloud-based resources. These threats include data breaches, unauthorized access, denial of service attacks, and insider threats. Some examples of cloud computing attacks include data breaches, DDoS attacks, man-in-the- middle attacks, and injection attacks. b. How we can efficiently implement cloud security, List Security controls we can implement in cloud environment. Taking best practices from security architecture and application security – defining, creating and managing an architecture (from objectives to drivers, attributes, threats and controls). Security Controls Centralized Visibility of Cloud Infrastructure. Native Integration Into Cloud Provider Security Systems. Security Automation. Threat Intelligence Feeds. MITRE ATT&CK Framework. c. What are the security risks of cloud computing that my organization needs to prepare for while migrating to the Cloud? Not having a cloud migration strategy, Complex existing architecture, Selecting the wrong cloud service provider (CSP), Long Migration Process, Data Breach, Unexpected cloud costs or monthly sticker-shock. d. What are the Standards you know for Cloud Security? ISO, PCI DSS, HIPAA, and GDPR e. What are the Compliance issues you need to check in Cloud Security? Security system misconfiguration. Denial-of-Service (DoS) attacks. Data loss due to cyberattacks. Unsecure access control points. Department of Computer Science Fall 2023

Exercise 6 : Linux Monitoring (10 Points) a. You need to track events on your system. What will you do? Syslogd is responsible for tracking system information and save it to the desired log files. It provides two system utilities which provide system logging and kernel message tracking.It provides two system utilities which provide support for system logging and kernel message trapping. Support of both internet and unix domain sockets enables this utility package to support both local and remote logging. b. How will you restrict IP so that the restricted IP’s may not use the FTP Server? Command to restrict IP so that the restricted IP’s may not use the FTP Server iptables -I INPUT -s IP_ADDR/24 -p tcp --dport 20,21 -j REJECT To save the new rules: service iptables save c. What is the difference between name based virtual hosting and IP based virtual hosting? IP-based virtual hosts use the IP address of the connection to determine the correct virtual host to serve. Therefore you need to have a separate IP address for each host. With name-based virtual hosting, the server relies on the client to report the hostname as part of the HTTP headers. d. After upgrading kernel the machine fails to boot, what will you do? Step 1: Boot the system normally with your given kernel version. Step 2: Reboot your machine again and select the rescue prompt. Step 3: Go to /boot and list all files. Here you will see there is no initramfs file for your kernel, but there is an initramfs file for rescue by which you have booted your system, and another is for kdump. Step 4: You will need to create a new initramfs file that corresponds to your kernel version. Step 5: First check your kernel version Step 6: Next, run the dracut command Step 7: List the /boot directory contents again. The initramfs file for the kernel is now created. Step 8: Now, when you boot normally, your machine starts without a kernel panic error. Step 9: There might be a situation that occurs when you boot your system with a rescue image with creating a new initramfs file where you couldn't make a new file because it was already present. Step 10: Check your kernel version first using the uname -r command. Step 11: Run the mkinitrd command with the --force option and your kernel specification: Department of Computer Science Fall 2023

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

e. On my Centos setup the rsyslog service fails to start but the problem is once the rsyslog server fails I do not get any messages in /var/log/messages hence I am unable to debug or find the problem why the rsyslog service is failing. Where should I check my system messages in such scenarios? 1. Systemd Journal (journalctl): Use the `journalctl` command to access systemd's journal for system logs, especially related to the rsyslog service. 2. System Log Files: Check alternative log files like `/var/log/syslog`, `/var/log/secure`, or `/var/log/audit/audit.log` for rsyslog-related messages. 3. Rsyslog Configuration: Review the rsyslog configuration files in `/etc/rsyslog.conf` and `/etc/rsyslog.d/` for potential errors or misconfigurations. 4. Service Status: Use `systemctl status rsyslog` to check the current status of the rsyslog service and identify any error messages. 5. Log Rotation: Investigate log rotation configuration in `/etc/logrotate.conf` and `/etc/logrotate.d/` for log file management. 6. Permissions: Ensure correct permissions on log files and directories and confirm that the rsyslog service has write permissions. 7. SELinux: If using SELinux, check SELinux policies and logs to ensure it's not blocking rsyslog. 8. Third-Party Logs: If there are other installed applications or services, check their log files in non-standard locations for related error messages. By examining these sources and log files, you can troubleshoot the rsyslog service issue on your CentOS system. Exercise 7 : Windows Monitoring ( 5 Points) a. What do you understand by the SYSVOL folder? What is EDB.Log? What is Res in Res1.log and Res2.log. - The sysvol folder stores a domain's public files, which are replicated to each domain controller. Department of Computer Science Fall 2023

- edb is a kind of Windows log file that's located under the software distribution folder. This file is used to keep the history of all Windows updates. - Res1. log and Res2. log These files are known as the reserved (Res) log files. b. Define NTDS.DIT and EDB.Che. NTDS. DIT stands for New Technology Directory Services Directory Information Tree. It serves as the primary database file within Microsoft's Active Directory Domain Services (AD DS). Essentially, NTDS and EDB.Che is the checkpoint file used to trace the data not yet written to database file this indicate the starting point from which data is to be recovered from the log file in case if failure. German Landaverde 11/19/2023 Department of Computer Science Fall 2023

ASSIGNMENT 3 CIT210 OP. SYS. MANAGE FALL 2023

Related Documents