adam's notes

Datacenter Storage Operations

Storage Clusters

  • storage devices are often clustered in groups
    • provide increased performance, flexibility, and reliability
  • 2 types of clustered storage architectures:
    • tightly coupled architecture
      • all storage devices are directly connected to a shared physical backplane
        • connects them all directly
      • each component of the cluster:
        • is aware of the others
        • subscribe to the same policies and rulesets
      • confined to more restrictive design parameters
        • because devices may need to be from same vendor to work
      • enhances performance as it scales
        • performance of each element is added to the overall performance of the cluster
        • allows greater power and it increases in size
    • loosely coupled architecture
      • allows for greater flexibility
      • each node of the cluster is independent of the others
      • new nodes can be added for any purpose as needed
      • are logically connected
        • don’t share same proximate physical framework
        • only distantly physically connected through communication media
      • performance does not necessarily scale
        • because nodes don’t build on one another
        • may not be important for storage architecture

Data Resiliency

  • two ways for creating data protection resiliency in a cloud storage cluster:
    • RAID
      • in most RAID configs, all data is stored across the various disks (striping)
        • allows data to be recovered efficiently
        • if one drive fails, the other drives can fill in the missing data
      • in some RAID schemes, a parity bit is added to raw data to aid in recovery after a drive failure
    • Data dispersion
      • distributes data among multiple datacenters or locations
      • ensures that a disruption in one location does not result in data loss or availability issues
      • may even disperse data across multiple vendors or storage solutions

Access Controls for Local and Remote Access

  • Remote Desktop Protocol (RDP)
    • require strong passwords
    • use MFA
    • restrict which users can use RDP
    • enable account lockout policies
    • ensure updates are installed
    • enable firewalls
  • SSH
    • require SSH certificates
    • use MFA
    • configure proper firewall rules
    • use a bastion host/jump box
  • Secure terminal access and console-based access mechanisms
    • these focus on physical access to terminals
    • don’t allow an individual to plug into the system and gain access without authentication and authorization
  • Jump boxes and bastion hosts
    • are systems or devices placed at the boundary between a lower-security zone and a higher-security zone
    • used as control points between zones
      • uses greater device security
      • enables a single entry point to be highly monitored
  • Virtual clients
    • software tools that allow remote connection to a virtual machine and used like a local system
    • allows additional layers of security to be put in place
      • management, monitoring, and data storage all occur in a trusted datacenter or cloud environment
      • remote PC merely provides a display, keyboard, and mouse for the VM
    • increasingly used by orgs that don’t/can’t provide endpoint security
    • secure practices
      • prevent clipboard access between security zone or systems
      • secure persistent data
      • use endpoint security solutions
      • limit what apps can be launched

Graph View

Backlinks