before we get started I want to

00:13
congratulate you on making it to this
00:14
point in the program you're halfway done
00:16
just pretty incredible let's take a
00:19
moment to think about all the skills
00:20
you've learned in your journey so far
00:22
you've learned the fundamentals of
00:24
information technology from how binary
00:26
works to the importance of user support
00:28
in IT to even building your own computer
00:30
you learned the fundamentals of computer
00:32
networking and how the internet really
00:34
works and finally you learned how to
00:36
navigate the windows and linux operating
00:38
systems managing processes and software
00:40
in the command line like a true power
00:42
user great work so far before we dive
00:45
deep into systems administration's and
00:47
infrastructure I'll take this
00:48
opportunity to introduce myself or
00:50
reintroduce myself but those who might
00:52
remember me from way back in course one
00:54
my name is Devin Shree Darin I've been
00:56
working in IT for ten years I'm a
00:58
corporate operations engineer at Google
01:00
where I get to tackle challenging and
01:01
complex IT issues thinking back my first
01:05
experience with tech began when I was
01:06
about nine years old when my dad brought
01:09
home the family's first computer I
01:10
remember my dad holding a floppy disk
01:13
and telling me that there was a game on
01:14
it to my dads amazement I somehow
01:16
managed to copy the game from the disk
01:18
onto the computer's hard drive while it
01:21
may seem like a trivial task now this
01:23
device was just so new to us back then
01:25
sure I love the different games I could
01:28
play but what I really loved was
01:30
tinkering with the machine trying to get
01:32
it to do what I wanted to do what that
01:35
floppy disk and computer might have
01:37
ignited my passion for technology it was
01:39
actually my first few job experiences
01:40
that really started to shape my IT
01:42
career one Joe was in retail selling
01:44
baby furniture and the other was at a
01:46
postal store where I help customers ship
01:48
their package and became the one person
01:50
IT crew it might sound odd that working
01:53
in retail inspired my career but I
01:55
realized that I really enjoyed
01:56
communicating with customers trying to
01:58
understand their needs and offering a
02:00
solution my first experience working
02:03
directly in IT was in college as an IT
02:05
support specialist intern from there I
02:08
worked as an IT consultant to
02:09
decommission an entire IT environment
02:11
this was my first experience working
02:13
directly with a large IT infrastructure
02:15
and pushing myself outside my comfort
02:18
level as a college student I bring these
02:20
first few jobs for a reason these
02:22
experiences helped
02:24
my Korean IT I knew at that time that I
02:26
wanted to go into tech but I struggled
02:28
with where I wanted to focus my career
02:30
starting at Google as an IT journalist
02:33
allowed me to experience many different
02:34
areas of technology it allowed me to
02:37
figure out the jobs I didn't want to do
02:39
and before I was able to identify
02:40
exactly what I did want to do I'm really
02:43
passionate about IT infrastructure this
02:46
program is designed to help prepare you
02:48
for roles in tech support desktop
02:50
support or at a helpdesk but it doesn't
02:52
stop there in this course we're going to
02:54
open up an even wider net of
02:55
possibilities in IT by teaching you the
02:57
skills you need to manage computers for
02:59
a whole organization if you're working
03:01
in a small organization you might need
03:03
to do this from day one if not
03:04
stretching your skill set will make you
03:06
stand out in the field and prepare you
03:08
for potentially taking on this work
03:10
further on in your career in this course
03:12
we're gonna build upon what you learned
03:14
in the operating systems course by
03:15
teaching you system administration
03:16
skills and a high level system
03:19
administration is the field in IT that's
03:21
responsible for maintaining reliable
03:23
computer systems in a multi-user
03:25
environment while systems administration
03:27
responsibilities can overlap with other
03:29
roles in IT a person who works only in
03:31
system administration is colorist
03:33
Systems Administrator systems and Mintz
03:36
traders have a diverse set of roles and
03:38
responsibilities they can range from
03:40
configuring servers monitoring the
03:42
network provisioning or setting up new
03:44
users and computers and more think of
03:47
system administrator as a tech
03:49
generalist they handle many different
03:51
things to keep an organization up and
03:53
running it's actually very similar to
03:55
how IT support specialists work you need
03:58
to apply a diverse set of tech skills in
04:00
different situations to help solve
04:01
problems in an organization as an IT
04:04
support specialist doing systems
04:05
administration tasks might be part of
04:08
the job so we're going to introduce the
04:10
skills and knowledge you need to manage
04:12
organizations and systems to keep your
04:14
skills well-rounded by the end of this
04:17
course you'll learn what services are
04:19
used in IT infrastructure you will also
04:21
learn about essential user software for
04:23
your organization and how to imagine
04:25
entire organizations users and computers
04:27
using directory services finally you'll
04:30
learn the skills you need to backup your
04:32
organization's data and recover it in
04:34
the case of a disaster all right it's
04:36
time to get started so let's die
04:45
you
04:50
before we can get into the nitty-gritty
04:52
of what systems administration is we
04:54
need to talk about what these systems
04:56
are organizations don't just run on
04:58
their own employees need computers along
05:01
with access to the Internet to reach out
05:03
to clients the organization website
05:05
needs to be up and running the files
05:07
have to be shared back and forth and so
05:09
much more all of these requirements make
05:12
up the IT infrastructure of an
05:14
organization IT infrastructure
05:16
encompasses the software the hardware
05:18
network and services required for an old
05:20
station to operate an enterprise IT
05:22
environment without 19:4 structuring
05:24
employees wouldn't be able to do their
05:26
jobs and the whole company will crumble
05:27
before it even gets started so
05:30
organizations employ the help of someone
05:31
like a Systems Administrator to manage
05:33
the company's IT infrastructure system
05:36
administrators or as we like to call
05:38
them sis admins are the unsung here as
05:40
an organization they work in the
05:42
background to make sure a company's IT
05:44
infrastructure is always working
05:46
constantly fighting to prevent IT
05:48
disasters from happening notice all of
05:50
the really hard work that sis admins put
05:52
in so show a little appreciation for
05:54
your sis admin by celebrating system
05:57
administrator appreciation day worldwide
05:58
yes that's a real thing in all
06:01
seriousness sis admins have a lot of
06:03
different responsibilities any company
06:06
that has an IT presence needs a sysadmin
06:08
or someone who handles those
06:10
responsibilities the role of a sysadmin
06:12
can vary depending on the size and
06:14
organization as an organization gets
06:17
bigger you need teams of sis admins
06:19
their responsibilities may be separated
06:21
out into different roles with job tiles
06:23
like network administrators and database
06:24
administrators companies like Facebook
06:27
and Apple don't have a single person
06:29
running the IT show but in smaller
06:31
companies it's usually a single person
06:33
who manages an entire company's IT
06:35
infrastructure in this course will focus
06:38
on how just one person
06:39
you can't single-handedly managing IT
06:41
infrastructure you learn the skills you
06:44
need to manage an organization of less
06:45
than hundred people as a sole IT person
06:48
as you start to scale up to large
06:50
organizations you also need to level up
06:52
your knowledge of systems administration
06:53
you need to pick up skills that allow
06:55
you to automate workflows and manage
06:57
configurations or computer settings
06:59
automatically don't worry we'll discuss
07:01
how to do this in an upcoming course and
07:03
Automation right now let's focus on
07:06
systems administration in a small
07:07
organization in the next couple of
07:09
lessons we're gonna talk in detail about
07:11
the responsibilities of a sysadmin and
07:13
how that relates to a role of an IT
07:15
support specialist who handles system
07:17
administration
07:26
you
07:31
basically a sysadmin is responsible for
07:34
their company's IT services employees
07:36
need these IT services so that they can
07:39
be productive this includes things like
07:41
email file storage running a website and
07:44
more these services have to be stored
07:47
somewhere they don't just appear out of
07:49
nowhere any thoughts on where they're
07:51
stored if the answer servers you're
07:53
correct we talked about servers in an
07:55
earlier course and you've learned that
07:57
the term servers can have multiple
07:59
meanings in one course we discussed how
08:01
servers have web content that they serve
08:03
to other computers in another course we
08:06
talked about how service can be software
08:08
that perform a certain function in this
08:10
video we're going to talk about service
08:12
more in depth because in many cases sis
08:15
admins are responsible for maintaining
08:17
all of the company's servers if you're
08:19
working as an IT support specialist and
08:21
have systems administration
08:22
responsibilities these tasks could be
08:24
something you'll perform a server is
08:27
essentially software or a machine that
08:29
provides services to other software or
08:31
machines for example a web server stores
08:34
and serves content to clients through
08:36
the internet you can access the web
08:39
server through a domain name like Google
08:41
calm would dive deeper into web servers
08:43
in the later course right now let's run
08:46
down some other examples of servers an
08:48
email server provides email services to
08:51
other machines and an SSH server
08:53
provides SSH services to other machines
08:56
and so on and so forth we call the
08:58
machines that use the services provided
09:00
by a server clients clients request the
09:05
services from a server and in turn the
09:07
servers respond with these services a
09:09
server can provide services to multiple
09:12
clients at once and a client can use
09:15
multiple servers any computer can be a
09:18
server I can start up a web server on my
09:20
home computer that would be able to
09:22
serve my own personal website on the
09:23
internet for me but I don't really want
09:26
to do that because I have to leave my
09:27
computer on all the time in order for my
09:29
web site to be available all the time
09:32
industry standard servers are typically
09:34
running 24/7 and they don't run on dinky
09:37
little hardware like my home laptop they
09:39
run on a really powerful and reliable
09:40
hardware server hardware can come in
09:43
lots of different forms
09:44
they can be towers that sit upright that
09:47
look very similar to the desktops we've
09:49
seen those towers can be put in a closet
09:52
or can sit on the table if you want them
09:53
to but what if you needed to have 10
09:57
servers the towers would start taking up
09:59
way too much space instead you can use
10:02
rack servers which lay flat and are
10:05
usually mounted in a 90 inch wide server
10:08
rack if you needed even more space you
10:11
could use blade servers that are even
10:13
slimmer than racks there are other types
10:16
of form factors for servers but these
10:18
are the most common ones you can also
10:21
customize the hardware on your service
10:23
depending on the services for example on
10:26
a file server you'll want more storage
10:29
resources so that you can store more
10:30
files
10:31
what about connecting to our servers
10:33
working in a small IT organization you
10:36
could potentially deal with a handful of
10:38
servers you don't want to have a monitor
10:40
keyboard and a mouse but each of these
10:42
servers do you fortunately you don't
10:44
have to thanks to something we learned
10:46
in an earlier course we can remotely
10:48
connect to them with something like SSH
10:50
even so you should always have a monitor
10:53
keyboard on hand sometimes when you're
10:55
working your network might be having
10:57
issues an SSH won't be an option a
10:59
common industry practice is to use
11:01
something known as a KVM switch KB M
11:05
stands for keyboard video and mouse a
11:08
KVM switch looks like a hub that you can
11:10
connect multiple computers to and
11:12
control them using one keyboard mouse
11:15
and monitor you can read more about
11:17
using KB M's in the next supplemental
11:19
reading okay now that we've got a better
11:22
understanding of servers and what they
11:24
do you can go out and start buying
11:26
server hardware and setting up services
11:28
for your organization or maybe not you
11:31
don't actually have to buy your own
11:33
server hardware or even maintain your
11:34
own services in the next video we're to
11:36
learn about a wave of computing that's
11:38
starting to overtake the IT world cloud
11:40
computing see you there
11:50
you
11:54
oh the cloud the magical wonderful cloud
11:58
that you hear about in the news that
11:59
moves data across the white fluffy
12:01
wonders in the sky the magical cloud
12:03
dispersed bits of data across in the
12:05
world in itty-bitty raindrops right no
12:07
that's not how the cloud works at all
12:09
but you'd be surprised how many people
12:11
believe that there's no doubt you've
12:14
heard the term cloud in the news or from
12:16
other people your photos are stored in
12:18
the cloud your email is stored in the
12:20
cloud cloud computing is the concept
12:22
that you can access your data use
12:25
applications store files etc from
12:27
anywhere in the world as long as you
12:29
have an internet connection but the
12:31
cloud isn't a magical thing it's just a
12:34
network of servers that store and
12:36
process our data you might have heard
12:38
the word data center before a data
12:40
center is a facility that stores
12:41
hundreds if not thousands of servers
12:44
companies with large amounts of data
12:46
have to keep their information stored in
12:48
places like data centers large companies
12:50
like Google and Facebook usually own
12:52
their own data centers because they have
12:54
billions of users that need access to
12:57
their data at all times smaller
12:59
companies could do this but usually rent
13:02
out parts of a data center for their
13:03
needs when you use the cloud service
13:06
this data is typically stored in the
13:07
data center or multiple data centers
13:09
anywhere that's large enough to hold the
13:12
information of millions maybe even
13:13
billions of users it's easy to see why
13:17
the cloud has become a popular way of
13:18
computing in the last few years now
13:21
instead of holding on to terabytes of
13:22
storage space on your laptop you can
13:24
upload that data to a file storage
13:26
service like Dropbox which stores that
13:29
data in a managed location like a data
13:31
center the same goes for your
13:33
organization instead of managing your
13:35
own servers you can use internet
13:37
services that handle everything for you
13:39
including security updates server
13:41
hardware routine software updates and
13:43
more but with each of these options come
13:45
a few drawbacks the first is cost when
13:48
you buy a server you pay upfront for the
13:50
hardware that way you can set up your
13:53
services like a fall storage at
13:55
potentially very little cost because
13:57
you're the one managing it when you use
14:00
internet services like box Dropbox that
14:03
offer file storage online the starting
14:06
cost may be smaller but
14:08
in the long-term costs could add up
14:10
since you're paying a fixed amount every
14:13
month when comparing the cost of
14:15
services always keep in mind what a
14:18
subscription could cost you for every
14:20
user in your organization weigh that
14:22
against me in maintaining your own
14:24
hardware in the long term and then make
14:26
the decision that works best for your
14:28
organization
14:28
the second drawback is dependency your
14:31
data is beholden to these platforms if
14:33
there's an issue with the service
14:35
someone other than users responsible for
14:37
getting it up and running again that
14:39
could cost your company precious lots of
14:41
productivity and data no matter what
14:43
method you choose remember that you're
14:46
still responsible for the problems that
14:47
arise when there's an issue if Dropbox
14:50
is having an issue with your important
14:52
user data it's still your problem and
14:54
you have to get it working again no
14:56
matter what to prevent a situation like
14:58
that from popping up you might consider
15:00
backing up some critical data in the
15:02
cloud and on a physical disk that way if
15:04
one system goes down you have another
15:07
way to solve the problem whether you
15:09
choose to maintain physical servers or
15:10
use cloud services these are the type of
15:13
things you need to think about when
15:15
providing services to your company in
15:17
the next couple of lessons we're gonna
15:19
talk about some of the other
15:20
responsibilities of the sysadmin we'll
15:23
give you a high-level overview of these
15:24
then dive even deeper later in this
15:27
course
15:35
you
15:40
in a small company and usually assists
15:43
Abney's responsibility to decide what
15:45
computer policies to use in larger
15:47
companies with hundreds of employees or
15:50
more this responsibility usually falls
15:52
under the chief security officer but in
15:55
smaller businesses or shops as the IT
15:57
lingo goes the sysadmin
15:59
has to think carefully about computer
16:01
security and whether or not to allow
16:03
access to certain users there are a few
16:06
common policy questions that come up in
16:08
most IT settings that you should know
16:09
should users be allowed to install
16:12
software probably not you could run the
16:15
risk of having a user accidentally
16:16
install malicious software which we'll
16:18
learn about in the upcoming course in
16:20
security should users have complex
16:22
passwords at certain requirements it's
16:25
definitely a good rule of thumb to
16:26
create a complex password that has
16:28
symbols random numbers and letters a
16:30
good guideline for a password length is
16:33
to make sure it has a minimum of 8
16:35
characters that make it more difficult
16:36
for someone to crack should users be
16:39
able to view none work-related websites
16:41
like Facebook that's a personal call
16:44
some organizations prefer that their
16:46
employees only use their work computer
16:48
and network strictly for business but
16:50
many allow other uses so their employee
16:53
can promote their business or goods on
16:55
social media platforms stay up to date
16:57
on current events and so on it would
16:59
definitely be a policy that you and new
17:01
organizations leaders can work out
17:03
together if you hand out a company phone
17:05
to an employee should you set a device
17:07
password absolutely people lose their
17:10
mobile devices all the time if a device
17:13
is lost or stolen it should be
17:15
password-protected at the very least so
17:17
that someone else can easily view
17:19
company emails will dive way deeper into
17:22
the broader impact and implications of
17:24
security and organizational policies in
17:26
the security course that's last up in
17:28
this program these are just a few of the
17:30
policy questions that can come up
17:32
whatever policies are decided upon have
17:35
to be documented somewhere as you know
17:37
from our lesson on documentation in the
17:38
first course it's super critical to
17:41
maintain good documentation if you're
17:43
managing systems you'll be responsible
17:45
for documenting your company's policies
17:46
routine procedures and more you can
17:49
store this documentation on an internal
17:50
wiki site file server software
17:53
wherever the takeaway here is that
17:56
having documentation of policies readily
17:58
available to your employees will help
17:59
them learn and maintain those policies
18:09
you
18:14
we've talked a little bit about the
18:16
services that are potentially used in an
18:18
organization like file storage email web
18:22
content etc but there are many other
18:24
infrastructure services that you need to
18:26
be aware of as an IT support specialist
18:29
doing system administration you'd be
18:32
responsible for the IT infrastructure
18:33
services in your organization spoiler
18:36
alert there are a lot of them ahead as
18:39
always make sure to re-watch any lessons
18:41
if you need some more time for the
18:43
material to sink in rome wasn't built in
18:46
a day you know and neither our IT
18:47
support specialists so how about getting
18:50
network access that's a service that
18:53
needs to be managed
18:54
what about secure connection to websites
18:56
and other computers you guessed it
18:58
that's also a service that has to be
19:00
managed and matching services doesn't
19:03
just mean setting them up they have to
19:05
be updated routinely patched for
19:07
security holes incompatible with the
19:09
computer within your organization later
19:12
in this course we'll dive deeper into
19:13
the essential infrastructure services
19:15
that you might see in an IT support
19:17
specialist for all
19:25
you
19:30
another responsibility sis admins have
19:33
is managing users and hardware sysadmin
19:36
x' have to be able to create new users
19:38
and give them access to their company's
19:40
resources on the flip side of that they
19:43
also have to remove users from an IT
19:45
infrastructure if users leave the
19:47
company it's not just user accounts they
19:50
have to worry about sis admins are also
19:53
responsible for user machines they have
19:56
to make sure a user is able to log in
19:58
and that the computer has the necessary
20:00
software that a user needs to be
20:02
productive sis admins also have to
20:05
ensure that the hardware at their
20:06
provisioning or setting up for users is
20:09
standardized in some way we talked in an
20:12
earlier course about imaging a machine
20:14
with the same image this practice is
20:16
industry standard with dealing with
20:19
multiple user environments not only do
20:21
sis admins have to standardize settings
20:23
on a machine they have to figure out the
20:25
hardware lifecycle of a machine they
20:28
often think of the hardware lifecycle of
20:30
a machine in their literal way when was
20:33
it built
20:33
when was it fresh shoes did the
20:36
organization buy it brand new or was it
20:38
used who maintained it before how many
20:41
users have used it in the current
20:42
organization what happens to this
20:45
machine if someone needs a new one these
20:48
are all good questions to ask when
20:49
thinking about an organization's
20:51
technology sis admins don't want to keep
20:53
a 10 year old computer in their
20:55
organization or maybe they do even
20:58
that's something they might have to make
21:00
a decision on there are four main stages
21:03
of the hardware lifecycle procurement
21:05
this is the stage where hardware is
21:07
purchased or reused for an employee
21:09
deployment this is where hardware is set
21:12
up so that the employee can do their job
21:14
maintenance this is the stage where
21:17
software is updated and hardware issues
21:19
are fixed if and when they occur
21:21
retirement in this final stage Hardware
21:24
becomes unusable or no longer needed and
21:26
it needs to be properly removed from the
21:28
fleet in a small organization a typical
21:31
hardware life cycle might go something
21:32
like this first a new employee is hired
21:35
by the company Human Resources tells you
21:37
to provision a computer for them and set
21:39
up their user account next
21:42
you allocate a computer you have from
21:44
your inventory or you order a new one if
21:47
you need it when you allocate Hardware
21:49
you may need to tag the machine with the
21:51
sticker so that you can keep track of
21:52
which inventory belongs to the
21:54
organization next you image the computer
21:58
with the base image preferably using a
22:00
streamlined method that we discussed in
22:01
our last course operating systems in you
22:03
next you name the computer with the
22:06
sanitized hostname this helps with
22:08
managing machines more on that when we
22:10
talk about directory services later
22:11
regards to the name itself we talked
22:14
about using a format such as username -
22:16
location but other host name starters
22:18
can be used check out the supplemental
22:20
reading to find out more after that
22:23
you install software the user needs on
22:25
their machine then the new employee
22:29
starts and you streamline the setup
22:31
process for them by providing
22:32
instructions on how to log into their
22:34
new machine get email etc eventually if
22:37
the computer sees a hardware issue a
22:40
failure you look into it and think
22:42
through the next steps if it's getting
22:44
too old you have to figure out where to
22:46
recycle it and where to get new hardware
22:48
finally if a user leaves the company
22:51
you'll also have to remove their access
22:53
from IT resources and wipe the machine
22:55
so that you can eventually reallocate it
22:57
to someone else
22:58
Imaging installing software and
23:01
configuring settings on a new computer
23:02
can get a little time-consuming in a
23:05
small company you don't do it often
23:07
enough where it makes much of a
23:09
difference but in a larger company a
23:11
time-consuming process just won't cut it
23:13
you have to learn automated ways to
23:15
provision new machines so that you only
23:18
spend minutes on this and not hours
23:20
luckily for you we discussed how to do
23:22
this in the next course of IT automation
23:23
see we got you covered
23:32
you
23:38
when you manage machines for a company
23:40
you don't just set it and forget it you
23:43
have to constantly provide updates and
23:45
maintenance so that they run the latest
23:46
secure software when you have to do this
23:49
for a fleet of machines you don't want
23:51
to immediately install updates as they
23:52
come in that would be way too
23:53
time-consuming instead to effectively
23:56
update and manage Hardware you do
23:58
something called batch update this means
24:01
that once every month or so you update
24:03
all your servers with the latest
24:05
security patches you have to find time
24:07
to take their services offline perform
24:10
the update and verify that the new
24:12
update works with the service you also
24:15
don't have to perform an update every
24:16
single time a new software becomes
24:18
available but it's common practice to do
24:21
batch updates for security updates and
24:23
very critical system updates and the
24:25
security course we dive deeper into
24:27
security practices but a good guideline
24:29
is to keep your system secure by sawing
24:32
the latest security patches routinely
24:34
staying on top of your security is
24:36
always a good idea
24:44
you
24:50
not only do sis admins in a small
24:52
company work with users and computers
24:54
they also have to deal with printers and
24:55
phones too whether your employees have
24:57
cell phones or desk phones their phone
24:59
lines have to be set up printers are
25:02
still used in companies which means they
25:04
have to be set up so employees can use
25:05
them sis admins might be responsible for
25:08
making sure printers are working or if
25:10
renting a commercial printer they have
25:12
to make sure that someone can be on-site
25:14
to fix it
25:15
what if a company's fax machine isn't
25:18
working if you don't know what a fax
25:20
machine is that's not totally surprising
25:22
they've been slowly dying since the
25:23
invention of email fax machines are
25:25
still alive and kicking at companies and
25:27
they're a big pain to deal with sis
25:30
admins could be responsible for those
25:31
two video audio conferencing machines
25:34
yep they're probably need to handle
25:36
those two in an enterprise setting sis
25:39
admins have to procure this Hardware one
25:41
way or another working with vendors or
25:44
other businesses to buy hardware is a
25:45
common practice setting up businesses
25:48
accounts with vendors like
25:49
hewlett-packard Dell Apple etc is
25:53
usually beneficial since these companies
25:55
can offer discounts to businesses these
25:57
are things that sysadmin have to think
25:59
about it's typically not scalable just
26:02
to go out and purchase devices on Amazon
26:04
although if that's what's decided they
26:06
could do that to you sis admins must be
26:08
sure to weigh their option before
26:10
purchasing anything they need to think
26:13
about hardware supply so if a certain
26:16
laptop model isn't used anymore they
26:17
need to think of a suitable backup that
26:19
works with their organization price is
26:21
also something to keep in mind they will
26:24
probably need formal approval from their
26:26
manager or another leader to establish
26:28
this relationship with a vendor it's not
26:30
just technical implementations of
26:32
hardware that societies have to consider
26:34
it's so many things
26:43
you
26:47
we talked about troubleshooting a lot in
26:50
an earlier course but it's worth
26:52
mentioning again when you're managing an
26:54
entire IT infrastructure you'll
26:56
constantly have to troubleshoot problems
26:57
and find solutions for your IT needs
27:00
this will probably take up most of your
27:02
time as an IT support specialist this
27:05
could involve a single client machine
27:06
from an employee or a server or service
27:09
that isn't behaving normally some folks
27:11
who start their careers in IT support
27:13
deepen their knowledge to become system
27:15
administrators they go from working on
27:18
one machine to multiple machines for me
27:20
I made the leap during my internship as
27:22
an IT support specialist in college at a
27:25
semiconductor lab the lab ended up
27:28
closing and they needed help deprecating
27:30
the environment so what start is an IT
27:32
Help Desk support quickly transition to
27:34
a sysadmin role that opportunity was my
27:37
golden ticket to download into Active
27:39
Directory subnetting and decision making
27:41
which is a core part of this job sis
27:44
admins also have to troubleshoot and
27:45
prioritize issues at a larger scale if a
27:48
server that sysadmin managed stop
27:50
providing services to a thousand users
27:53
and one person had an issue about the
27:55
printer which do you think would have to
27:57
be worked on first whatever the scenario
28:00
there are two skills that are critical
28:03
to arriving at a good solution for your
28:04
users and we already covered them in an
28:07
earlier course do you know what they are
28:09
the first is troubleshooting asking
28:11
questions isolating the problem
28:13
following the cookie crumbs and reading
28:15
logs are the best ways to figure out the
28:17
issue you might have to read logs from
28:20
multiple machines or even for the entire
28:21
network we talked about centralized
28:23
logging a little bit in the last course
28:25
on operating systems and new becoming a
28:28
power user if you need a refresher to
28:31
how centralize logging works check out
28:33
the supplemental reading anyway the
28:35
second super important skill that we
28:37
covered is customer service showing
28:40
empathy using the right tone of voice
28:41
and dealing well with difficult
28:43
situations these skills are essential to
28:46
all IT roles in some companies sis
28:49
admins have to be available around the
28:51
clock if a server or network goes down
28:53
in the middle of the night someone has
28:55
to be available to get it working again
28:56
don't worry
28:57
a sysadmin doesn't have to be awake and
29:00
available
29:01
24/7 they can monitor their service and
29:04
have it alert them in case of a problem
29:06
we'll discuss service monitoring in
29:08
detail in the next course IT automation
29:10
so how do you keep track of your
29:12
troubleshooting a common industry
29:14
standard is to use some sort of
29:16
ticketing or bug system this is where
29:18
users can request help on an issue and
29:20
then you can track your troubleshooting
29:22
work through the ticketing system this
29:24
helps you organize and prioritize issues
29:27
and document troubleshooting steps
29:28
throughout this course will introduce
29:30
types of services that assist admin
29:32
needs to maintain and what
29:34
responsibilities they have in an
29:36
organization we'll also share some best
29:38
practices for troubleshooting when it
29:40
comes to systems administration when you
29:42
work as an IT support specialist systems
29:44
administration can become part of your
29:46
job so it helps to think about all
29:48
aspects of managing an IT infrastructure
29:50
in an organization the more prepared you
29:52
are the better
30:01
you
30:06
let's take a bit of a dark turn and talk
30:09
about disasters like you know not
30:11
something at some point will start
30:13
working no matter how much planning you
30:15
do this happens in both small and large
30:18
companies it's an equal opportunity
30:21
problem
30:21
you can't account for everything but you
30:24
can be prepared to recover from it how
30:27
it's super important to make sure that
30:29
your company's data is routinely backed
30:31
up somewhere preferably far away from
30:34
its current location one if a tornado
30:37
struck your building and your backups
30:39
got swept away with it you wouldn't have
30:41
a building to work in let alone be able
30:44
to recover your data and get people up
30:46
and running again later in this course
30:48
we'll talk more about what methods you
30:50
can use to back up your organization's
30:52
data and to recover from a disaster
30:54
we'll try to keep things a little
30:56
lighter in the meantime so far you've
30:59
learned a lot about the roles and
31:00
responsibilities of a sysadmin some of
31:03
it may seem like a lot of work some
31:05
might even seem scary being responsible
31:08
for keeping data available isn't easy
31:10
but it's rewarding rolling IT and you're
31:13
already building your essay or sysadmin
31:15
skill set by learning the fundamentals
31:16
of IT support next up we're gonna quiz
31:20
for you then in the next module we'll
31:22
discuss the technical details of the
31:24
infrastructure services used in IT see
31:26
you there
31:28
[Music]
31:35
my name is Dion Paul and I am an
31:38
operation specialist with the G Tech
31:40
Chris team gtex hands for Google
31:42
Technical Services I was always too
31:45
familiar with IT but one misconception
31:47
is that you can you can know enough and
31:49
what I found out is that you can never
31:52
know you know if there's never a
31:53
threshold of learning things are always
31:55
gonna be changing especially in IT so
31:57
it's very important to keep learning
31:59
keeping abreast of the latest
32:00
technologies wherever it wherever it
32:03
leads me to I'm never gonna stop
32:04
learning and I'm always gonna be open to
32:06
learning new things and applying those
32:08
in different ways my most memorable
32:10
career moment was actually getting to
32:12
meet the former first lady Michelle
32:14
Obama during our work trip I was
32:17
selected for to participate in a project
32:19
at the White House based on the work
32:21
that my team was doing and we were able
32:24
to not only engage her in a virtual
32:27
reality shoot but I also was tasked with
32:30
ensuring that all the equipment was
32:31
working placing it directly in front of
32:33
her meeting her and the content was
32:36
gonna be ruled out to millions of kids
32:37
around the world being able to operate a
32:39
camera with the first lady right in
32:42
front of me which is a moment I won't
32:44
ever forget success to me is a journey
32:46
and I define it as just peace just being
32:49
at peace with your work career being at
32:51
peace with your family whatever that
32:53
means to you whether that I personally
32:54
means I like being able to have some
32:57
quiet time on the weekends outsider with
32:59
to spend my family and stuff I'm at work
33:01
as being involved in projects that
33:04
you're passionate about and feel like
33:05
you're contributing to just agree to
33:07
agree to thing but to me success is a
33:09
journey and to me it's defined as just
33:11
being at peace with whatever you're
33:13
working at
33:21
you
33:26
welcome back the last module we learned
33:29
that system administrators have lots of
33:30
responsibilities like maintaining
33:32
infrastructure services IT
33:34
infrastructure services are what allow
33:37
an organization to function
33:38
these include connecting to the Internet
33:40
managing networks by setting up the
33:42
network hardware connecting computers to
33:44
an internal network etc in this lesson
33:46
we're going to learn about the common IT
33:48
infrastructure services out there and
33:50
what you need to know to start
33:52
integrating them into an organization
33:54
we'll also dig deeper into each
33:56
infrastructure service individually we
33:58
will focus more on the physical
33:59
infrastructure services like servers
34:01
along with network infrastructure
34:03
services that keep your company
34:04
connected to the Internet in short we'll
34:07
be servicing all infrastructure services
34:09
needs
34:17
you
34:22
there are lots of IT infrastructure
34:24
services that keep a company running in
34:26
a smaller company a single person could
34:28
be responsible for all these services in
34:30
larger companies teams of sis admins
34:32
might manage just one service in this
34:35
course we're going to discuss what
34:37
you'll need to set up these services as
34:38
the sole IT person in a company we'll
34:41
also give you an overview of some of the
34:43
cloud services that you can utilize if
34:44
you wanted another company to run your
34:46
services reminder as we mentioned before
34:49
cloud services are services that are
34:51
accessed through the internet like Gmail
34:53
we can access our Gmail accounts from
34:55
any computing device as long as we're
34:58
connected to the Internet by the end of
35:00
this module you should be well-versed in
35:02
what services you'll need to have a
35:03
functioning IT infrastructure for your
35:05
company
35:14
you
35:18
there are lots of types of IT
35:20
infrastructure services out there we'll
35:22
start by giving you a high-level
35:23
overview of them in this lesson then
35:26
we'll dive into the nitty-gritty details
35:27
on how you configure and maintain these
35:29
services in later lessons sounds good
35:32
let's get started we talked about
35:34
physical infrastructure components of an
35:36
IT environment in an earlier lesson
35:38
remember that you can set up different
35:40
servers to run your services on like a
35:43
server to run your file storage service
35:45
you can buy or rent hardware for these
35:47
servers and setup and store them either
35:50
on-site or at another location
35:52
essentially you manage these servers and
35:54
to end there's another option if you
35:57
don't want to be responsible for
35:58
managing the hardware tasks and updating
36:00
your server operating systems security
36:02
patches and updates you can use the
36:04
cloud alternative to maintain your own
36:06
infrastructure which is called
36:08
infrastructure as a service or IAA si8
36:12
AS providers give you pre-configured
36:15
virtual machines that you can use just
36:17
as if you had a physical server some
36:19
popular IaaS providers are Amazon Web
36:22
Services and their Elastic Compute cloud
36:24
or ec2 instances line ode which runs out
36:27
virtual servers windows Azir and Google
36:30
compute engine which you've been using
36:32
throughout this course you can read more
36:34
about the different IaaS providers in
36:37
the supplemental reading right after
36:38
this video your company's internal
36:41
network is it gonna be like your network
36:42
at home you're going to have multiple
36:44
computers that need to be on a certain
36:46
sub that you have to assign them IP
36:48
addresses statically or using DHCP the
36:52
networking hardware has to be set up
36:54
wireless internet will probably need to
36:56
be available DNS needs to be working etc
36:58
if your company is large networking is
37:01
usually taken care of by a dedicated
37:02
team but in smaller companies you
37:05
probably be responsible for setting up
37:07
the network network can be integrated in
37:09
an ia a s provider but in recent years
37:12
it's also been branched off into its own
37:14
cloud service networking as a service or
37:17
Naas and AAS allows companies to
37:21
offshore their networking services so
37:23
that they don't have to deal with the
37:24
expensive networking hardware companies
37:27
also won't have to set up their own
37:28
network security manage their own
37:30
routing
37:32
set up a wine and private intranets and
37:34
so on
37:35
for more about Naas providers check out
37:38
the supplemental reading let's talk
37:41
about the software that your company
37:43
might want to use do you need a type out
37:46
Word documents use an email client
37:48
communicate with other people use
37:50
operating systems process spreadsheets
37:52
or have any other software needed to run
37:55
a business
37:55
I bet yes the right software has to be
37:59
available to your company's users we've
38:01
already discussed how to install and
38:02
maintain software and machines you have
38:04
to deal with things like licenses
38:06
security updates and maintenance for
38:10
each machine the cloud alternative to
38:12
maintaining your own software is known
38:14
as software as a service or SAS instead
38:17
of installing a word processor on every
38:19
machine you can use Microsoft Office 365
38:21
or Google's G suite these are both
38:24
services that you can purchase that
38:26
allow you to edit Word documents process
38:28
spreadsheets make presentations and more
38:31
all from a web browser you can check out
38:34
the next supplemental reading for more
38:36
about SAS providers some companies have
38:39
a product built around a software
38:40
application in this case there are some
38:43
things that software developers need to
38:44
be able to code build and ship their
38:46
software first specific applications
38:49
have to be installed for their
38:51
programming development environment then
38:53
depending on the product they might need
38:55
a database to store information
38:57
finally if they're serving web content
39:00
like a web site they'll need to publish
39:02
their product on the Internet if you're
39:04
building this entire pipeline yourself
39:06
you may need to set up a database and a
39:09
web server the programming development
39:11
environment will also have to be
39:13
installed on every machine that needs
39:14
that if you want an all-in-one solution
39:17
to building and deploying a web
39:18
application you can use something called
39:20
platform as-a-service or paas this
39:24
cludes an entire platform that allows
39:26
you to build code store information in a
39:28
database and serve your application from
39:30
a single platform popular options for
39:33
paas are Heroku Windows Azure and Google
39:36
App Engine as you might have guessed you
39:39
can read more about paas providers in
39:42
the supplemental reading the last IT
39:44
infrastructure service
39:45
we'll discuss is the management of users
39:47
access and authorization a directory
39:50
service centralizes your organization's
39:52
users and computers in one location so
39:54
that you can add update and remove users
39:57
and computers some popular directory
40:00
services that you can set up are Windows
40:01
Active Directory open LDAP and we'll
40:05
dive a little deeper into both these
40:06
later on in this course directory
40:08
services can also be deployed in the
40:10
cloud using directory as a service or
40:12
daas providers guess we can read more
40:15
about das providers that's right in the
40:18
supplemental reading there you have it
40:20
there's a general overview of the most
40:22
common IT infrastructure services you'll
40:24
encounter when handling system
40:25
administration tasks while cloud
40:28
services are a great option it's super
40:30
important that you understand how a
40:31
service works and how to maintain before
40:34
you employ the help of a cloud service
40:35
even though cloud service are widely
40:38
used in the industry and have a lot of
40:40
pros there are also some cons these
40:43
include recurring cost and the need to
40:44
depend on the providers service we're
40:47
going to teach you about the technical
40:48
details and the implementation of these
40:50
common IT infrastructure services we'll
40:53
cover everything from setting up your
40:55
own server and figuring out which
40:56
applications you need to be productive
40:58
to how to set up multiple users and get
41:00
your network services in order by the
41:03
end of this course you have the
41:05
foundational knowledge required to set
41:06
up the IT infrastructure for small
41:08
organization I grew up in a small town
41:15
in the desert and there wasn't really
41:17
much to do except read play with
41:20
computers and study
41:23
and this is where I really learned to
41:26
love technology to understand how this
41:29
computer worked how it did what it did
41:31
and how I could make it do something
41:32
different and when I went to college I
41:34
began to study the UNIX operating system
41:37
and I learned just enough to get an
41:40
internship at the local ISP and this was
41:44
quite alarming for me because the first
41:46
day of my internship I walked in and
41:49
they said great we're so happy you're
41:51
here
41:52
you know UNIX right yes here's a radius
41:55
server we want you to set it up it needs
41:57
to be done by the end of the week and I
41:59
said how exciting I get to do something
42:01
that will have an impact on our users
42:03
and I will get to learn something there
42:07
was just one problem I didn't know what
42:09
radius was so this is going to be quite
42:12
a difficult challenge for me so I had to
42:15
read the manuals and man pages and I had
42:17
to scour the library for books and it
42:21
took me about three days to learn what
42:23
radius was and how to set it up but in
42:25
the end I knew more about it than anyone
42:27
else at the ISP and that expertise
42:31
really I think drove me to become an
42:36
expert in more areas it gave me a lot of
42:39
confidence that I could do that work and
42:40
it was actually really invigorating and
42:43
so I ended up as a eunuch sysadmin
42:45
and sort of went from there
42:48
you
42:57
you
43:00
when you want to set up a server you
43:02
essentially install a service or
43:04
application on that server like a file
43:06
storage service then that server will
43:08
provide those services to the machines
43:10
that request it maybe you thought you'd
43:12
install services on a user operating
43:15
system like Windows 10 well that's an
43:17
option typically in an organization
43:19
you'll want to install your services on
43:21
a server operating system server
43:23
operating systems are regular operating
43:25
systems that are optimized for server
43:27
functionality this includes functions
43:29
like allowing more network connections
43:31
and more RAM capacity most operating
43:34
systems have versions specifically made
43:36
for servers in Windows you have Windows
43:38
Server in Linux many distributions come
43:41
with server counterparts like computer
43:43
server which is optimized for server use
43:45
Mac OS is also available in Mac OS
43:48
server server operating systems are
43:50
usually more secure and come with
43:51
additional services already built in so
43:54
you don't have to setup these services
43:55
separately you can read more about the
43:57
different server operating systems in
43:59
the next supplemental reading for now
44:01
just keep in mind that when you install
44:03
services on a server you should be sure
44:05
to use a dedicated server operating
44:07
system
44:15
you
44:19
we discussed virtual machines in the
44:21
last course and covered how to set up a
44:23
virtual machine on a personal computer
44:24
in this lesson we're going to talk about
44:27
why virtualization can be an important
44:29
part of infrastructure services and
44:31
systems administration there are two
44:33
ways you can run your services either on
44:36
dedicated hardware or on a virtualized
44:38
instance on a server when you virtualize
44:41
a server you're putting lots of virtual
44:43
instances on one server each instance
44:45
contains a service there are a bunch of
44:48
pros and cons to running your services
44:50
on either of these platforms here's the
44:52
rundown performance a service running on
44:56
a dedicated hardware will have better
44:58
performance than service running in a
45:00
virtualized environment this is because
45:02
you only have one service using one
45:04
machine as opposed to many services
45:06
using one machine costs server hardware
45:10
can be pretty expensive if you put a
45:12
service on one piece of dedicated
45:14
hardware and have to do that for nine
45:16
other services it starts to add up one
45:19
of the huge benefits to realizing your
45:20
service is that you can have 10 services
45:22
running on 10 different virtual
45:24
instances all on one physical server
45:27
here's another way to think about this
45:29
in a typical server if you only have one
45:31
service running it's probably only
45:33
taking up 10 to 20 percent of your CPU
45:35
utilization the rest of the hardware
45:38
isn't being utilized
45:39
you could add plenty more services to
45:41
the physical server and still have a
45:43
good start short for resource
45:44
utilization it's cheaper to run several
45:47
services on one machine than it is to
45:49
run many services on multiple machines
45:51
maintenance service require hardware
45:54
maintenance and routine operating system
45:56
updates sometimes you need to take the
45:58
service offline to do that maintenance
46:00
with virtualized servers you can quickly
46:02
stop your service or migrate them to
46:04
another physical server then take as
46:06
much time as you need for maintenance
46:08
virtualized servers make server
46:10
maintenance much easier to do points of
46:13
failure when you put a service on one
46:15
physical machine and that machine has
46:17
issues you're entering a world of
46:19
trouble with virtualized servers you can
46:21
easily move services off a physical
46:24
machine and spin up the same service on
46:26
a different machine as a backup you
46:28
could also do this with a physical
46:29
server but that could become costly if
46:31
you account from multiple service
46:33
tip you can prevent a single point of
46:35
failure on a physical machine if you
46:37
have a redundant servers set up meaning
46:39
you have duplicate servers as a backup
46:41
you learn about backups in an upcoming
46:43
module as you can see there are lots of
46:46
benefits to using virtualized servers
46:48
just make sure to weigh the pros and
46:50
cons of virtualizing your servers and
46:52
using dedicated server hardware that way
46:55
you can make the right choice for your
46:57
company
47:05
you
47:10
another important part of physical
47:12
infrastructure services is the ability
47:14
to connect to your infrastructure from
47:15
anywhere in the world we talked about
47:18
remote access in an earlier course and
47:20
we've been using it all throughout this
47:22
program to connect to our lab machines
47:24
in this lesson we're gonna discuss
47:26
what's needed to set up for remote
47:28
access for small organization as a
47:31
systems administrator or as anyone in IT
47:33
support you'll want to be able to
47:35
remotely access another server or users
47:37
machine so that you can troubleshoot an
47:39
issue or do maintenance from wherever
47:41
you may be in Linux the most popular
47:44
remote access tool is open SSH
47:46
we've already learned how to SSH into a
47:49
remote computer in the last course we
47:51
talked a bit about what's needed to set
47:53
up SSH but we'll quickly show you how to
47:55
do this to SSH into another machine you
47:59
need to install an SSH client on the
48:01
machine you're connecting from then
48:03
install an SSH server on the machine
48:06
you're connecting to to learn more about
48:08
open SSH you can check out the next
48:11
supplementary reading but let's keep
48:13
rocking and rolling with how to install
48:15
the open SSH client on a machine it's
48:17
super easy what you're gonna do is I
48:20
want to go to my client machine and
48:22
simply run this command sudo apt-get
48:25
install open is a CH client and going
48:35
downloading package and perfect so it
48:38
looks like my client has been installed
48:39
next you need to install the open SSH
48:42
server on the machine you want to access
48:44
remember the SSH server is just a
48:47
process that listens for incoming SSH
48:49
connections so let's go to the server
48:51
and install the open SH server 20
48:55
student ID get install open SSH server
49:06
perfect so it looks like my serve is up
49:08
and running so let's go back to the
49:11
client and do a test I do
49:14
SSH and to my server IP address with my
49:18
username so I ask for my password which
49:28
is a good thing
49:32
perfect so as you can see I'm connected
49:34
to my server and one true way to test
49:36
this is if I go into my desktop of my
49:39
server let me create a folder now if I
49:45
go back to my server which is on this
49:48
window I list the files you can see the
49:52
folder test and that's it they were able
49:54
to SSH into a machine from another
49:56
machine not too complicated right
49:57
Windows has similar tools that you can
50:00
use a popular tool to access the CLI
50:02
remotely is win RM or putty RDP is also
50:05
popular if you want to access the GUI
50:07
remotely we've already discussed how to
50:09
connect to a machine using putty in the
50:11
last course
50:11
just remember to install an SSH server
50:14
on the machine you want to connect to we
50:16
also already discussed how to setup RDP
50:18
in the last cost feel free to review
50:20
those lessons as a refresher you can
50:23
read more about the windows remote
50:24
access tools in the next reading the
50:27
takeaway here is that when you managed
50:29
IT infrastructure you can utilize tools
50:30
like remote access to work on your
50:32
physical infrastructure you'll need to
50:34
do a little bit of setup beforehand like
50:36
installing an SSH client SSH servers and
50:39
allowing remote desktop connections etc
50:41
but it'll be worth it in the long run
50:43
next up we'll tackle a network service
50:45
see you there
50:53
you
50:58
now that we're a little more familiar
51:00
with some of the common aspects of
51:02
physical infrastructure let's move on to
51:04
network services a network service
51:06
that's commonly used in organization is
51:08
a file transfer service so why would you
51:11
want to have a service dedicated file
51:12
transfer well sure you could probably
51:16
carry around a flash drive and copy
51:17
files to each machine you work on or
51:19
even use a remote copy tools we learned
51:21
in the last course or you could
51:23
centrally store your files and transfer
51:25
files from one computer to another using
51:27
the Internet there are a few different
51:29
file transfer protocol services that are
51:31
used today let's take a quick rundown of
51:33
what's out there and what they do FTP in
51:36
the second course of this program the
51:39
bits and bytes are computer networking
51:41
we mentioned FTP aka the File Transfer
51:44
Protocol it's a legacy way to transfer
51:46
files from one computer to another over
51:48
the Internet and is still in use today
51:51
it's not a super secure way to transfer
51:53
data because it doesn't handle data
51:55
encryption the FTP service works much
51:58
like our SSH service clients that want
52:00
to access an FTP server have to install
52:03
an FTP client on the FTP server we
52:06
install the software that allows us to
52:07
share information located in the
52:09
directory on that server FTP is
52:12
primarily used today to share web
52:13
content if you use a website host
52:16
provider you might see that they have an
52:18
FTP connection already available for use
52:20
so they can easily copy files to and
52:22
from your web site SFTP is a secure
52:26
version of FTP so it makes sense to
52:28
choose this option over FTP during this
52:31
SFTP process data is sent through SSH
52:34
and is encrypted TFTP stands for trivial
52:37
FTP it's a simpler way to transfer files
52:40
than using FTP TFTP doesn't require user
52:44
authentication like FTP so any files
52:46
that you store here should be generic
52:48
and not need to be secure a popular use
52:50
of T FTP is to host installation files
52:53
one method of booting a computer that we
52:55
haven't discussed yet is PXE or pixie
52:58
boot which stands for pre-boot execution
53:00
this allows you to boot into software
53:02
that's available over the network a
53:04
common use case for organization that
53:06
want to install software over a network
53:08
is to keep operating system installation
53:09
files a TFTP server
53:12
that way when you perform a network boot
53:14
you can be automatically launched into
53:16
the installer this is a lot more
53:18
efficient than having to carry around a
53:19
USB with an operating system image you
53:22
can learn more about pixie boot in the
53:23
next reading depending on your usage of
53:27
file transferring services you might
53:28
want to weigh the option we mentioned we
53:31
courage you to read about popular FTP
53:33
clients using the Supplemental reading
53:34
if you just want to share files between
53:36
your computers in a secure way and have
53:38
a nice directory where you can access
53:40
all the shared files and is there
53:41
transferring them to your machine
53:43
you'll want to look at network file
53:45
storage services instead we'll discuss
53:47
those in an upcoming module
53:56
you
54:01
one of the oldest internet protocols in
54:03
use today is the network Time Protocol
54:06
or NTP it's used to keep the clock
54:08
synchronized on machines connected to a
54:10
network you've probably seen NTP
54:12
implemented in your personal life if
54:14
you've ever been in an airport airports
54:16
utilize synchronized clock systems and
54:18
many of those systems use NTP this is
54:21
because the information that you see on
54:23
your departure and arrival screen has to
54:25
match the time that the air traffic
54:26
control team seems for their airplanes
54:28
if only NTP could solve for airport
54:31
delays anyway in the IT world machines
54:35
need to have accurate time across a
54:36
network for a lot of reasons there are
54:39
some security service like Kerberos a
54:41
network authentication protocol that
54:43
depend on the time being consistent
54:44
across the network to work you'll learn
54:46
more about that in the IT security
54:48
course coming up it is important to keep
54:50
the time consistent and accurate across
54:52
your company's fleet you can't depend on
54:55
the hardware itself to keep consistent
54:57
time so you might want to setup an NTP
54:59
server there are different ways that the
55:01
90 support specialist or sysadmin can do
55:03
this for an organization you can use a
55:05
local NTP server or a public NTP server
55:08
to set up a local NTP server you can
55:11
install NTP server software on your
55:12
manage server then used all NTP clients
55:16
on your machines until those computers
55:18
which NTP servers to sync their time to
55:20
this is a great option because you can
55:22
then manage the entire process from
55:23
end-to-end the other way to set up NTP
55:26
is to use a public entity server public
55:29
NTP servers are managed by other
55:31
organizations that your client machines
55:32
connect to in order to give synchronized
55:34
time this is an awesome way to utilize
55:37
NTP without having to run a dedicated
55:39
NTP server but if you have a large fleet
55:42
of thousands of machines it's better
55:44
etiquette to be running your own NTP
55:46
servers another good practice is to run
55:48
your own NTP server and then have that
55:50
point to a public entity server this
55:53
makes it so that you don't connect all
55:54
your clients to a public NTP server and
55:56
you don't have to measure time
55:57
synchronization whether you run your own
56:00
NTP server or use a public one
56:02
NTP is an important network service that
56:04
you should definitely integrate into
56:06
your own sleep
56:14
you
56:19
there are a few network services that
56:21
are used internally in an IT Enterprise
56:23
environment to improve employee
56:24
productivity privacy and security while
56:28
they're pretty common you might not
56:29
encounter them in small organizations we
56:32
discussed these services in course to
56:33
our networking but let's do a refresher
56:35
we're sure that you'll encounter them at
56:38
some point in your IT career
56:39
there are Internet's and proxy servers
56:42
an intranet is an internal network
56:44
inside a company it's accessible if
56:46
you're on a company's network intranets
56:49
can provide a wide range of information
56:51
and are meant to improve productivity by
56:53
giving employees and great a medium to
56:55
share information thank you for like the
56:58
company's website that's only accessible
56:59
to people on the company network on this
57:02
site documentation can be centrally
57:04
located teams can post news updates
57:07
employees can write to forms and start
57:09
discussions and more intranets are most
57:12
commonly seen in large enterprises and
57:14
can be incredibly valuable tool for
57:16
employee productivity another internal
57:18
support service that's widely used is a
57:20
proxy server proxy service acts as an
57:23
intermediary between a company's Network
57:25
and the Internet they receive network
57:27
traffic and relay that information to
57:29
the company network this way company
57:33
network traffic is kept private from the
57:35
internet the internet gets traffic
57:37
through a proxy server but it doesn't
57:39
know where it originally came from it
57:42
only knows the proxy proxy servers can
57:44
also be used to monitor and log internal
57:47
company network activity they can be
57:50
configured so certain websites are
57:51
filtered from being accessed proxy
57:54
servers are useful for providing privacy
57:56
and security on the internet and
57:57
regulating access inside a company in
58:00
the next few lessons we'll talk about
58:01
what are probably the most essential
58:03
network services DNS and DHCP
58:13
you
58:18
we did a deep dive on DNS or domain name
58:21
system in the networking course if you
58:23
need a refresher on it make sure to
58:25
review the material there as a super
58:27
quick recap DNS is what Maps human
58:30
understandable names to IP addresses
58:32
it's an important network service to set
58:35
up and maintain when managing a
58:36
company's IT infrastructure you don't
58:39
set up correctly no one will be able to
58:41
access websites by their names we don't
58:44
really have to think about DNS on our
58:46
personal computers when you connect a
58:48
brand-new machine to the Internet and
58:49
start typing in the web address it just
58:51
works automatically you don't have to
58:53
type in IP address or anything but
58:55
something is happening in the background
58:57
when you connect to a network you're
58:59
using the DNS server address that was
59:01
provided by the router you connected to
59:03
it updates your network setting to use
59:05
that DNS server address which is usually
59:08
your ISPs DNS server from there you're
59:10
able to access pretty much any website
59:12
so why do you need to set up your own
59:14
DNS servers that DNS just works out of
59:17
the box well there's two reasons first
59:20
if you're running a web service like a
59:22
website you want to be able to tell the
59:24
internet what IP address to reach your
59:26
website had to do that you need to set
59:29
up DNS the second reason is that you
59:32
probably want to work on your server or
59:34
user machines remotely in theory you
59:37
could remote access into them through an
59:39
IP address but you could also just use
59:41
an easy-to-remember hostname to do that
59:44
you need dns to map the IP address to
59:46
the hostname the next couple of lessons
59:48
we'll discuss what's needed for dns set
59:51
up for websites and internal networks
60:00
you
60:05
you might remember that we can use a web
60:07
server to store and serve content to
60:09
clients that request our services we'll
60:12
probably want to store website content
60:14
on our web server if clients want to
60:16
reach our website we need to set up DNS
60:18
so that they can just type a URL to find
60:21
us so let's talk about how DNS gets set
60:24
up for a website first we need a domain
60:26
name we can buy a domain name like
60:28
setting up DNS is fun at example.com we
60:31
can purchase domain names like this from
60:34
companies called domain registrar's like
60:36
GoDaddy calm or Bluehost calm once we
60:39
have our domain name we want to point
60:41
our website files to this domain name
60:43
our website files can be stored on a
60:46
cloud hosting provider or we can decide
60:48
to control this ourselves
60:49
and store it on our own servers
60:51
typically domain registrar's also
60:54
provide cloud hosting services but they
60:56
can try to a monthly fee to host your
60:58
web files for you Pro sip if you don't
61:01
want to utilize cloud hosting services
61:03
you can just run your own web server
61:04
don't forget there are always pros and
61:07
cons to hosting a service yourself or
61:09
offshoring it somewhere else so if you
61:11
are the sole IT support specialist for
61:13
an organization make sure to wait all
61:15
your options before committing to an
61:17
infrastructure service let's assume that
61:19
we do want to host our website files
61:21
ourselves from here we still need to
61:23
point our new domain name to where web
61:25
content is located we can do this in two
61:28
ways the most domain registrar's can
61:30
provide you with DNS settings and you
61:32
can give the IP address of where your
61:34
content is stored if you decide not to
61:36
use your domain registrar to host DNS
61:38
for you then you have to set up an
61:40
authoritative DNS server for your
61:42
website remember from our discussion and
61:44
course to that authority DNS servers are
61:47
the DNS servers that know exactly what
61:49
the IP address is for the domain name
61:51
since we own the domain name and hosting
61:54
web content ourselves it makes sense for
61:57
us to have the DNS servers that know
61:59
that information
62:07
you
62:12
the other reason we might want our own
62:14
DNS servers is so we can map our
62:16
internal computers to IP addresses that
62:19
way we can reference a computer by name
62:21
instead of IP address there are a few
62:24
ways we can do this one is using a local
62:26
host file which contains static IP
62:28
addresses - host name mappings let's
62:30
take a look at an example of this
62:32
remember that we learned that host files
62:35
in networking allows us to map IP
62:36
addresses - host names manually in Linux
62:40
our host file is called Etsy slash hosts
62:43
it has an IP address that points to
62:46
127.0.0.1 which points to a name called
62:50
local host this just references back to
62:53
the computer local host is commonly used
62:55
as a way to access a local webserver
62:58
we'll talk about web servers in an
63:00
upcoming module so for now let's not
63:02
worry too much about local host instead
63:05
if I change this IP address mapping to
63:07
wwo com then save and open a web browser
63:11
and type wwo com it won't take me there
63:14
let me show you that someone go ahead
63:17
and change my local host to
63:21
www.google.com/mapmaker it just takes me
63:37
back to my local computer this is
63:39
because a DNS query first checks our
63:41
local host file then our local DNS
63:44
servers so if there's an entry for
63:46
google.com in my hosts file you'll go to
63:49
that IP address instead let's say I
63:51
wanted to access Natalie's computer at
63:55
192.168.1.5 and her host name is cat
63:58
lady duck example company comm I would
64:01
have to enter this in my hosts file for
64:03
every single computer in my fleet that's
64:05
definitely not the scalable option ok so
64:08
what's our next choice we can set up a
64:11
local DNS server that contains all the
64:13
organization's computer names mapped to
64:15
their IP addresses this is a most
64:17
central storage location for this
64:19
information then we change our network
64:22
settings for all our computers to use
64:23
this DNS server instead of the one given
64:25
to
64:26
by our ISP finally let's look at one of
64:29
the last DNS option we can use for an
64:31
internal network it can be integrated
64:33
with a directory service which handles
64:35
user and machine information in a
64:37
central location like Active Directory
64:39
and LDAP once we set up DNS and our
64:42
directory service it will automatically
64:44
populate with machine to IP address
64:47
mappings so there's no need to enter
64:49
this information in manually we'll talk
64:52
more about these directory services in a
64:54
later module and voila that's an
64:57
overview of why you need a DNS along
65:00
with your options for configuring them
65:01
we won't dive too deeply into the
65:03
technical details of setting up a DNS
65:05
server but if you're interested in
65:07
learning about which DNS software to use
65:10
there are a few popular options like
65:12
bind or power DNS I bet you can guess
65:15
where you can read more about them in
65:17
the supplemental reading one thing about
65:19
DNS that we haven't discussed is what to
65:22
do if we use something like DHCP which
65:25
doesn't use static IP addresses don't
65:27
worry we'll cover this in the next
65:29
lesson
65:36
you
65:42
another network service that will make
65:43
your job in IT support easier is DHCP a
65:47
dynamic host configuration protocol need
65:50
a refresher on DHCP just check out the
65:52
DHCP lessons the networking course when
65:55
managing IT infrastructure and you want
65:57
to connect a computer on a network you
65:59
have two options you can grant it a
66:01
static IP address or give it a DHCP
66:03
assigned IP address when you use the
66:06
static IP address you have to keep track
66:08
of every IP address you assign a
66:09
computer and manually enter it in the
66:11
network settings if you enable DHCP your
66:15
computers will be leased an IP address
66:17
from a DHCP server will automatically
66:19
get IP addresses and you don't have to
66:22
worry about manually setting addresses
66:23
if you ever decide you need to expand
66:26
your IP address range you don't have to
66:28
change anything on the client machines
66:29
either it just happens automatically to
66:32
configure a DHCP server you'll need to
66:34
figure out which IP range you can use to
66:36
assign IP addresses if you want to
66:38
integrate with DNS you need the address
66:41
of your local DNS servers what gateway
66:44
you should assign and the subnet mask
66:45
that gets used once you saw the DHCP
66:48
server software you have to configure
66:50
the settings with this information
66:51
different DHCP server software
66:53
manufacturers have different
66:54
configuration setting layouts so you
66:57
have to investigate the specific one you
66:59
want to use there are a lot of popular
67:01
DHCP server software you can use for
67:03
this Windows server versions come with
67:05
DHCP service built-in but you can read
67:08
more about the options in the next
67:09
reading once you turn on your DHCP
67:12
server and your clients are set to
67:14
receive DHCP addresses instead of static
67:16
IP addresses you should have working
67:18
DHCP settings in the last lesson we
67:21
talked about how DNS ties in with DHCP
67:24
well in our DHCP configuration settings
67:27
we can specify a DNS server locations
67:29
the two servers then sync up and when
67:32
DHCP leases out new addresses DNS
67:34
updates its IP address mappings
67:36
automatically that's a super quick
67:39
overview how DHCP servers are configured
67:42
hopefully you can now see why DHCP and
67:45
DNS are critical network services for
67:47
your organization
67:55
you
68:00
there will be times when you're working
68:02
in an IT support role and you won't be
68:04
able to resolve or get the IP address of
68:07
a website name this particular problem
68:09
could be tricky to identify when you see
68:11
it you might just think that your
68:13
network connection isn't working let's
68:15
go ahead and try to navigate to Google
68:17
com for my web browser so let me get to
68:20
my web browser and navigate to Google
68:23
com oh it doesn't look like we can get
68:27
to Google com let's go over some of the
68:30
tools that we learned in our networking
68:32
class they can help first up if you're
68:34
unable to resolve a domain name check
68:37
that your network connection is actually
68:38
working you can do a quick check and
68:41
ping a website that you know is
68:43
available an oldie but goodie is to ping
68:46
wo com it's pretty rare that Google be
68:49
down although it can't happen so let me
68:51
go into my terminal and type in ping wwo
68:56
comm looks like we're getting responses
69:01
let's move on to isolating another
69:03
problem DNS to verify that your DNS
69:08
server is giving you a correct address
69:09
for google.com you can use nslookup
69:13
remember that nslookup gives us the name
69:16
server of a host or domain name so let
69:19
me go and do that one on my terminal
69:25
from here we can rule out if DNS is an
69:28
issue by verifying that the host name
69:30
points to a name server if we copy the
69:32
IP address of the result and paste it
69:34
into the web browser it should resolve
69:36
the website name if DNS is working let's
69:39
go ahead and do that so I'm gonna go
69:42
ahead and copy the nun authoritative IP
69:44
address
69:50
open my web browser
69:59
oh I see that's working hmm
70:02
what's going on looks like my DNS
70:05
settings aren't working correctly let's
70:07
look at my ping results again so I'm
70:09
gonna go ahead to my terminal and ping
70:12
wwo com hmm I see that it checks an IP
70:23
address different from what I have here
70:25
if I go to this IP address it doesn't
70:28
take me anywhere so I want to take this
70:34
IP address copy this
70:45
huh remember that when a DNS query is
70:50
performed you compete a first checks
70:51
host file now if I access my hosts file
70:55
here I can see that I'm an entry for
70:57
wwe.com and it points to a fake IP
71:00
address if I remove this line right here
71:03
where it says one two 7.1.1 dot three
71:09
and save that configuration file and
71:14
then restart my browser if I typed me
71:21
wwo com there we go we're there and the
71:26
correct DNS setting should be applied to
71:28
wwo com there are some situations where
71:32
DNS can be tricky to navigate since
71:34
there can be many contributing factors
71:36
but as with any troubleshooting scenario
71:38
remember to keep isolating the problem
71:40
down until you can get to a root cause
71:42
with time and experience you'll learn a
71:44
lot more about DNS and how to
71:46
troubleshoot it in the real world we've
71:48
covered a lot of information in this
71:50
module you learned about all the overall
71:52
services needed in an IT infrastructure
71:54
on top of that you learned about
71:57
physical infrastructure services like
71:58
remote access and virtualization that
72:00
help your organization run more
72:02
efficiently you even learn about
72:04
essential networking services like DNS
72:06
and DHCP along with the overall picture
72:09
of what's needed to set up DNS for an
72:11
organization and why you'd want to do
72:13
that now we're going to test you on all
72:16
that learning and don't forget you can
72:18
always go back and review the material
72:19
again if you need to before you take the
72:21
quiz in the next module we're gonna
72:24
cover two of the other IT infrastructure
72:26
services software and platform services
72:29
I'll see you there
72:37
you
72:42
welcome back in the last module we
72:44
learned about the physical
72:46
infrastructure and network services that
72:48
are used in an IT organization in this
72:51
lesson we're going to discuss the other
72:52
services that make up an IT
72:54
infrastructure the software and platform
72:57
services software services are the
73:00
services that employees use that allow
73:02
them to do their daily job functions
73:04
this can include applications like word
73:07
processors internet browsers email
73:10
clients chat clients and so on platform
73:13
services provide a platform for
73:15
developers to code build and manage
73:16
software applications this way
73:19
developers don't have to deal with
73:20
operating system maintenance and other
73:22
services that are needed to use for the
73:24
platform tools when managing IT
73:27
infrastructure it's important that you
73:29
implement software services for your
73:30
users to enable their productivity
73:32
depending on what type of company you
73:34
might manage you may also need to manage
73:36
platform services for software
73:37
developers
73:46
you
73:51
software services include a wide range
73:54
of functions we'll cover the major ones
73:56
here first up is communication services
74:00
which enable employees in a company to
74:02
talk to one another then the security
74:05
services which add a layer of security
74:06
protection to our IT infrastructure will
74:10
also discuss user productivity services
74:12
and some of the aspects of managing
74:13
software in a business that you'll
74:15
probably have to think about in your
74:16
work there's lots of software out there
74:19
that's used for intercompany
74:20
communication like email or phone
74:22
communication these are important
74:25
communication services but in this video
74:27
we're only going to discuss software
74:29
that's used in instant communication
74:31
instant communication has drastically
74:34
changed how we communicate in both our
74:36
personal lives and in the workplace we
74:39
can have multiple conversations with
74:40
different people in real time using chat
74:42
applications you probably use something
74:44
like facebook Messenger on your
74:45
smartphones to chat with your friends in
74:47
a business setting there are similar
74:49
methods of instant communication the
74:52
first is internet channel relay or IRC
74:54
which is a protocol that's used for chat
74:56
messages IRC operates in a client-server
74:59
model so lots of IRC client software can
75:02
be used to connect to an IRC server IRC
75:06
was widely used in the 1990s as a way to
75:08
facilitate all kinds of chats group
75:10
chats individual chats and more it's not
75:13
as widely used today given the wave of
75:15
social media instant chat messages but
75:17
if you're considering setting up an IRC
75:19
it is a free alternative to other chat
75:21
applications paid for options are
75:24
another method of instant communication
75:26
there are a lot more sophisticated and
75:29
advanced chat applications out there
75:30
that offer enterprise support a few
75:32
popular options are hip chat and slack
75:35
you can read more about these in the
75:37
supplemental reading there are also
75:40
other communication protocols called
75:42
open IEM protocols that are widely used
75:44
and integrated into different
75:46
communication applications one of the
75:48
most popular communication protocol is
75:50
XMPP or extensible messaging and
75:53
presence protocol it's an open source
75:56
protocol used in instant messaging
75:58
applications and social networking
75:59
services XMPP is even used in Internet
76:03
of Things applications and
76:05
other things a few popular and free
76:08
applications that use XMPP are pigeon
76:11
and pay diem feel free to check out more
76:14
about these alternatives in the
76:15
supplemental reading right after this
76:17
video instant communication is a
76:19
fantastic tool you can use to promote
76:21
team collaboration and efficiency when
76:24
managing an IT infrastructure it should
76:26
be one of the communication services
76:27
that you consider implementing for your
76:29
organization they'll definitely thank
76:31
you maybe even over instant
76:32
communication
76:41
you
76:45
one communication service that you're
76:47
almost guaranteed to use today is email
76:50
we use email for a wide range of
76:53
communication in an enterprise setting
76:55
it's important versus admin or a sole IT
76:58
support specialist to be able to
77:00
configure email services for the company
77:02
to do this you need to have a domain
77:05
name set up for your company that you
77:07
can use as your email domain like Devan
77:09
at example.com when you send or receive
77:12
email you want to use this email address
77:15
there are two ways to set up email for a
77:18
company the first is to run your own
77:20
manage server using this option you set
77:24
up the email server software on a server
77:25
then you create a DNS record for your
77:28
mail server there are different DNS
77:31
records remember that the a record is
77:33
used for host names but for email
77:35
servers we use MX for the mail exchange
77:38
record email server setup can be one of
77:42
the most complicated service to set up
77:44
for sysadmin you have to get the email
77:47
to actually work protect your email
77:49
addresses from spam filter out viruses
77:52
and more if you'd like to learn more
77:54
about setting up an email server check
77:56
out the next reading an alternative
77:58
approach to setting up your own email
78:01
servers is to use an email service
78:03
provider like Google suite these service
78:07
providers allow you to create email
78:09
inboxes and more by paying a monthly fee
78:11
for every user in the organization this
78:14
ties you into the Gmail webmail client
78:16
and allows you to access your email from
78:18
anywhere as long as you're connected to
78:20
the internet whatever option you choose
78:23
you'll have to understand the
78:24
differences between email protocols when
78:26
you set up your email accounts there are
78:30
lots of email protocols out there but
78:32
we'll only do a rundown of the more
78:33
common ones you'll hear about pop3 IMAP
78:36
and SMTP post office protocol app up
78:40
version 3 is an email protocol that
78:43
downloads email from an email server
78:45
onto your local device and then deletes
78:48
the email from your email server if you
78:50
want to retrieve your email through pop3
78:52
you can only view it from one device
78:55
there are a few reasons why you might
78:58
want to use
78:58
three to get your email if you need to
79:01
keep your email storage under a certain
79:03
quota pop3 is a good way to maintain
79:05
that storage limitation another benefit
79:08
of pop3 is privacy your email can only
79:11
be seen from your local device if
79:13
storage limitations and security are
79:16
concerned for you you might want to
79:17
consider using pop3 over something like
79:19
IMAP
79:21
speaking of IMAP or internet message
79:24
access protocol allows you to download
79:26
emails from your email server onto
79:28
multiple devices it keeps your messages
79:31
on the email server this email protocol
79:34
is one of the more popular ways to
79:36
retrieve email last up is Simple Mail
79:39
Transfer Protocol or SMTP which is a
79:44
protocol used for sending emails while
79:47
pop3 and IMAP and other protocols can be
79:49
used to retrieve email there's really
79:52
only one email protocol for sending
79:53
email SMTP so there are lots of
79:57
different email protocols that can be
79:59
implemented depending on the email
80:01
software you choose you can read more
80:03
about them in the supplemental reading
80:05
email service is critical for any
80:07
organization companies need to be able
80:10
to contact clients and business partners
80:12
and communicate internally if you work
80:15
in an IT support specialist role where
80:17
your handling system administration
80:19
tasks you need to weigh the pros and
80:21
cons of a dedicated email server or
80:23
cloud email service decisions decisions
80:25
decisions
80:35
you
80:39
in any organization the software that
80:42
employees need to do their job is the
80:44
software than IT support specialists
80:46
managing IT infrastructure needs to
80:48
provide depending on the organization
80:51
you might need to get your users things
80:53
like software development programs word
80:55
processing graphical editors finance
80:58
software and so on whatever software you
81:00
provide there are different things to
81:02
consider when using it in a commercial
81:04
setting that might not have crossed your
81:05
mind when you used a similar software
81:07
personally remember when we discuss
81:10
software licensing in an earlier lesson
81:12
when you use software you're doing so
81:15
under the agreement of the developers
81:16
license for example when you use open
81:20
source software the License Agreement
81:21
usually says that it's free to use share
81:24
and modify when software is used as a
81:27
consumer agreements can say that only a
81:29
specific person can use a software in a
81:32
business or commercial setting most
81:34
software distributors will have a
81:36
separate agreement in most cases you can
81:39
buy ten licenses and any ten people in
81:41
your company can use it if someone
81:45
leaves a company or doesn't need the
81:46
software anymore you can take their
81:48
license and give it to someone else in
81:50
the company when considering software
81:53
licenses it's important to review the
81:55
terms and agreements then move forward
81:58
with whatever option works best for your
82:00
company things get a little more
82:02
complicated when it comes to cloud
82:04
software services you might have to deal
82:07
with some of the same stipulations and
82:09
also think through whether to purchase
82:11
added features for businesses and
82:12
enterprises like dedicated customer
82:15
support whatever method you use to
82:17
provide software whether it's installing
82:19
software on every machine or utilizing
82:21
cloud software services there's one
82:23
thing to keep in mind software used as a
82:26
consumer won't be the same as software
82:28
used as a business
82:37
you
82:42
the last software services that we'll
82:44
discuss our security services security
82:47
is super important to all organizations
82:49
it's integrated into pretty much all
82:52
aspects of an IT infrastructure service
82:54
we'll dive deeper into this in the last
82:56
course on IT security for now remember
83:00
that there are lots of different
83:01
security protocols that are put in place
83:03
for all sorts of things keeping data
83:05
encrypted authentication etc if you ever
83:09
manage a web server that serves content
83:11
to other users you want to let them know
83:12
that when they access your website
83:14
you're keeping their interaction with
83:16
you as secure as possible let's say that
83:20
you have an online bank account that
83:21
you're logging into the URL will most
83:24
likely begin with an HTTPS remember that
83:28
HTTP stands for hypertext Transfer
83:32
Protocol which is used to format and
83:34
transfer web content around the internet
83:37
when you enter in a URL you notice that
83:40
the HTTP comes before everything else
83:43
HTTP or hypertext Transfer Protocol
83:47
secure is a secure version of HTTP it
83:51
makes sure the communication your web
83:53
browser has with the website is secured
83:55
through encryption HTTPS is also
83:59
referred to as HTTP over TLS or HTTP
84:05
over SSL this is because there are two
84:08
protocols that enable us to make our web
84:10
servers secure the first is transport
84:14
layer security protocol or TLS which is
84:18
a most popular way to keep communication
84:20
secure over a network TLS is widely used
84:24
to keep web browsing secure but it can
84:27
be used in a lot of other applications
84:28
too we'll do a deep dive into the
84:32
technical details of TLS than later
84:33
course the second protocol is secure
84:36
socket layer protocol or SSL it's a way
84:40
of securing communication between a web
84:42
server and client but it's pretty old
84:44
and insecure so it's been deprecated in
84:47
favor of TLS you may still see its name
84:50
being used to refer to the TLS protocol
84:52
like SSL / TLS
84:55
the two protocols are often used
84:57
interchangeably in fact SSL version 3.0
85:00
was essentially TLS version one point
85:03
now but TLS is new features and updates
85:06
have made it more secure than SSL so if
85:10
you're managing an organization's
85:11
website on a server how do you enable
85:13
TLS on the server so that the site can
85:15
be using HTTPS well you need to get a
85:19
digital certificate of trust from an
85:21
entity called a certificate authority
85:23
the certificate authority grants a
85:26
certificate to your website saying that
85:28
I'd trust that you control the web
85:30
server and verifies that you are who you
85:33
say you are once it does that you can
85:36
install the certificate on your web
85:37
server that way when users visit your
85:40
site they'll see the HTTPS in the URL
85:44
instead of just HTTP you'll learn more
85:47
about certificates and certificate
85:48
authorities in an upcoming course for
85:52
now think of certificates as a way to
85:54
verify that something is trustworthy
85:56
security is an integral part of IT and
85:59
it's not just a responsibility of
86:01
security engineers everyone should be
86:04
thinking about security and all layers
86:06
of your infrastructure should have a
86:08
layer of security built upon them there
86:10
are lots of other security software that
86:12
you could add to your IT infrastructure
86:13
which we'll dive into the last course
86:15
for now it's a good idea to know the
86:18
basics of keeping a web server secure
86:20
with HTTPS
86:26
knowing what I know now the advice I
86:29
would give my younger self is to not be
86:32
afraid to talk to people because I'm
86:34
very shy and I think also you know my
86:39
imposter syndrome tells me don't look
86:42
stupid don't look stupid
86:44
right don't ask dumb questions don't ask
86:46
silly questions don't ask questions at
86:49
all and I think what I would tell myself
86:52
is do your research do your reading
86:55
teach yourself and educate yourself
86:57
continue to do that but it will speed up
87:00
the process so much faster if you can
87:02
find somebody you trust to collaborate
87:05
with to learn and to really find that
87:07
good mentor so that as a student you
87:09
always have somebody that you can lean
87:10
on
87:10
I have impostor syndrome every time I
87:13
walk in the door yeah every morning gosh
87:18
I'm going to work at Google I have a
87:21
meeting with the following people I
87:22
can't believe I'm having a meeting with
87:24
the following people and again I just
87:26
try hard to focus on what I really want
87:28
to get out of it what I want the outcome
87:32
to be because even if it goes
87:34
spectacularly wrong I'm still going to
87:37
have learned something once you have a
87:39
few passed you it's gonna feel better
87:42
and you're gonna understand what what
87:47
the successes look like and how you get
87:49
them and you'll be able to repeat those
87:51
patterns over and over again but in the
87:55
end if you don't like doing that or the
87:57
outcomes don't sound interesting to you
87:58
finding new outcomes because you will
88:00
eventually find that thing that really
88:03
drives you and that you're passionate
88:04
about
88:06
you
88:14
you
88:18
in the operating systems course we
88:20
discussed files in depth and how we use
88:22
and modify them on our OSS in this
88:25
lesson we're gonna run down some of the
88:27
file services we can use that will allow
88:29
us to be productive as an organization
88:32
employees need to be able to share files
88:34
with each other whether that's to
88:36
collaborate or exchange information we
88:38
talked about shared folders in Windows
88:40
in the last course but in this lesson
88:42
we're going to talk about more scalable
88:44
and efficient ways to share data enter
88:47
file storage services file storage
88:50
services allow us to centrally store
88:52
files and manage access between files
88:54
and groups you can set up a file storage
88:56
server that will let users access a
88:58
shared directory to modify or add files
89:00
and much much more in the next lesson
89:03
we'll go into depth on two of the more
89:05
popular ways you can use to manage store
89:07
and share files of our network the other
89:11
way to maintain a faster service is by
89:14
using a cloud file storage provider
89:16
there are lots of providers that offer
89:18
secure and easily managed file storage
89:20
you can read about some of the more
89:23
popular ones in the supplemental reading
89:25
for now let's see how to manage a file
89:27
storage service ourselves
89:37
you
89:41
in the last course we mentioned that
89:44
very few file systems can be used across
89:46
all major operating systems fat32 is a
89:50
popular file system that's compatible
89:52
with Windows Linux and Mac OS --is but
89:55
it has severe limitations on the amount
89:57
of data you can store on a volume what
90:00
happens if you have multiple users that
90:01
want to share files between each other
90:03
well they need to store the file
90:05
somewhere and they need to be able to
90:07
retrieve the files over a network
90:09
network file system or NFS allows us to
90:12
do this it's protocol that enables files
90:16
to be shared over a network the file
90:18
system is compatible on all major
90:20
operating systems the easiest way to set
90:23
up an NFS server is by using a Linux
90:26
environment you can install NFS server
90:28
software then modify the configuration
90:31
files for the directories that you want
90:33
to allow shared access to once you do
90:36
that the NFS service will be running in
90:38
the background of the server on each
90:41
client machine that once acts as a
90:43
server if you just mount the filesystem
90:45
the way you would any other file system
90:47
except you'd use a hostname instead of a
90:50
physical disk device from there you can
90:53
access the shared directory like you
90:54
would any other folder on your computer
90:56
check out the next supplementary reading
90:58
for some examples of NFS server software
91:00
you can configure for Linux NFS is a
91:04
good solution to file sharing within a
91:06
network but as with anything on a
91:08
network heavy usage will slow down the
91:10
file system while NFS works with all
91:13
major operating systems there's still
91:15
interoperability issues with Windows if
91:17
your fleet consists mostly Windows
91:19
machines you might want to look at using
91:21
something like Samba Samba services are
91:24
similar to NFS since you can centrally
91:27
share and manage file services also all
91:30
major operating systems can use a Samba
91:32
file share the only reason you might
91:35
want to consider samba over NFS is
91:37
because it works better with Windows
91:39
operating systems it also includes other
91:42
services that can be integrated with
91:44
your organization like printer services
91:46
will talk about printer services in an
91:49
upcoming lesson one thing to note is
91:51
that you may hear the term Samba or SM
91:55
be these two are different SMB is a
91:59
protocol that samba implements you can
92:02
read more about SMB in the supplemental
92:05
reading fun fact when you create a
92:07
windows shared folder it's actually
92:09
using the SMB protocol some by itself is
92:12
a software service suite used for file
92:14
services which you can also read more
92:16
about in the supplemental reading there
92:18
are lots of other file storage services
92:20
that you can use and you can read more
92:22
about them in wait for it the
92:24
supplemental reading a relatively
92:27
affordable solution for file storage
92:29
hardware is to use a network attached
92:31
storage or mas pronounced nas instead of
92:35
setting up a dedicated server like you
92:37
would other services naz's are computers
92:40
that are optimized for file storage they
92:43
usually come with an operating system
92:44
that stripped down in order just to
92:46
serve files over a network they also
92:48
come with lots of storage space whatever
92:51
method you choose central file storage
92:54
and management is an important part of
92:56
IT infrastructure for any organization
93:06
you
93:11
I told you would cover printing services
93:13
and here we are
93:14
well our world is moving more and more
93:17
into the digital space there are still
93:19
aspects of our lives that require good
93:22
old-fashioned paper many organizations
93:25
still use printers and as an IT support
93:27
specialist you have to manage them as
93:30
you would any other device if you have a
93:32
printer at home you probably connect it
93:35
directly to your computer maybe you even
93:38
print over your home network through
93:39
Wi-Fi some small organizations can get
93:43
away with this type of printer
93:44
management but most large organizations
93:46
have lots of printers I need to be
93:48
managed and large volumes of information
93:50
that need to be printed when managing
93:54
printer IT infrastructure you need to
93:56
have a place to centrally manage all
93:57
your printers you will probably be
94:00
running commercial printers that also
94:02
can report Diagnostics information like
94:04
loeb toner levels along with managing
94:08
printers centrally you'll also need to
94:10
be able to deploy printer drivers
94:12
software so that your users can print
94:14
from their computers there are a few
94:16
different ways that printers can be
94:18
managed setting them up really depends
94:20
on how many printers you have and how
94:22
many people are in your company in a
94:24
small company with less than 100 people
94:26
setting up one or two commercial
94:28
printers should be more than enough to
94:31
set up a print server all you have to do
94:32
is install a print service on a server
94:34
most server operating systems already
94:36
come with the printer service readily
94:38
available for example let's look at
94:40
windows in the windows server operating
94:42
system there's a print and document
94:43
services that can be enabled all you
94:45
have to do is add your network printer
94:47
to the service and install the drivers
94:49
for those printers nice and simple right
94:51
in Linux a common print service usually
94:54
pre-installed on machines as cups or
94:56
common UNIX printing system let me show
95:00
you
95:05
cup's allows you to easily manage
95:08
printers from a simple web URL you can
95:11
read more about both the windows print
95:13
and document services and cups in the
95:15
next reading when your print server is
95:18
set up you need to add the printer to
95:20
the client machine just search by the
95:23
printer server name and connect to the
95:24
device and start printing there are lots
95:26
of ways you can optimize this process
95:28
when you start learning about directory
95:30
services we'll take you through how to
95:32
set rules up on machines so that the
95:35
printer and their drivers are
95:37
automatically installed on a client
95:39
computer another way you can manage
95:42
printers is by using a cloud service
95:44
provider this allows you to manage your
95:47
printers through a web browser
95:48
it also lets your users print through a
95:51
web browser so no setup is involved on
95:54
their machines printer setup is pretty
95:56
easy to do most of it depends on what
95:59
printer service you decide to go with
96:01
we've learnt a lot about software
96:03
services in our IT infrastructure from
96:06
important communication services to
96:08
security and now printing let's keep
96:11
charging ahead in the next lesson we're
96:14
going to discuss platform services
96:23
you
96:28
platform services provide a platform for
96:30
developers to completely build and
96:32
deploy software applications without
96:33
having to deal with our West's
96:35
maintenance server hardware networking
96:37
or other services that are needed to use
96:39
the platform tools a web server that we
96:42
deploy our web applications to all the
96:45
development software that we used to
96:46
code our applications are both examples
96:48
of platform services in this day and age
96:52
most businesses have a digital presence
96:54
whether that's a website that promotes
96:56
their business or even a website that is
96:58
their business businesses that run web
97:01
services keep their services stored on a
97:03
web server a web server stores and
97:06
serves content declines through the
97:08
internet you can access web service
97:10
using a domain name like Google com a
97:12
web server itself stores web bars and
97:15
runs and HTTP service all HTTP server
97:19
that processes HTTP requests
97:22
remember that HTTP is how the web
97:25
formats and transfers web pages you can
97:29
think of the web server as the physical
97:31
server that stores web files and the
97:32
HTTP server software when your web
97:35
browser makes a request to fetch a web
97:37
page from a URL it sends an HTTP request
97:40
that gets processed by the HTTP server
97:44
then the HTTP server sends out an HTTP
97:48
response with the content that you
97:49
requested there are a lot of popular
97:52
HTTP server software out there but the
97:55
most widely used is the apache HTTP
97:57
server most commonly referred to as
97:59
Apache Apache is free and open source
98:03
it helps serve a large percentage of
98:05
webpages on the Internet
98:07
let's actually see how a web server
98:10
serves content to the web I'm going to
98:12
install the Apache web server software
98:13
on my Linux computer here you don't have
98:16
to understand the specifics of the setup
98:18
I just want you to see how easy it is to
98:21
run a web service so let me go ahead and
98:24
install Apache so I'm gonna go ahead and
98:26
do sudo apt-get install Apache to
98:35
and then hit the flag yes to accept all
98:38
my packages perfect now I will web
98:47
server services running on our machine
98:49
we're actually able to start hosting web
98:51
content the machine that we're hosting
98:53
our content on is well this machine
98:55
right here remember that our computer
98:58
has an IP address that's associated with
99:00
itself 127.0.0.1 or a hostname of local
99:06
host local host itself is reserved for
99:09
this purpose so it's not possible to get
99:11
the domain name local host so now that
99:13
we know our machines location let's
99:15
enter it to the web browser
99:30
and here it is our local web server
99:34
content running on our machine the files
99:37
we see here come with the default Apache
99:39
installation but if you wanted to upload
99:42
our own web content we can just navigate
99:44
to the directory where this is stored
99:46
and replace it with our web content
99:48
remember that since this content is
99:50
hosted on our local machine we will need
99:53
to use DNS to let the world know that
99:55
our web server exists if you need a
99:58
refresher on this feel free to go back
100:00
to the lesson on DNS services that's a
100:02
quick rundown of how web servers work
100:04
you can read more about Apache and other
100:07
HTTP servers in the next supplemental
100:09
reading system administrators are
100:12
responsible for creating the content
100:13
that gets served but they might be
100:15
responsible for making sure that content
100:16
is available if you're an IT support
100:19
specialist with a web service that needs
100:21
to be marriage you should have a pretty
100:23
good understanding of how it works
100:33
you
100:37
when you are a service that operates on
100:39
the web you need to have a web server
100:41
that serves web pages two clients are
100:42
requested
100:43
like we just covered but you may also
100:45
need to store information have you ever
100:48
thought about what happens to your
100:49
information when you create an account
100:51
online for a web site where do they
100:53
store that info do they put in a folder
100:55
on a web server if they do you need to
100:57
stop using that service immediately
100:59
customer information like news articles
101:02
videos large amounts of text image or
101:05
audio files generally get stored in a
101:07
database databases allow us to store
101:10
query filter and manage large amounts of
101:13
data when you build a web product you'll
101:16
probably store the data in a database
101:18
database servers consist of database
101:21
software that's running that you're able
101:23
to read and write from common database
101:27
systems like my sequel and Postgres
101:30
sequel are widely used in application
101:33
and web development and data analytics
101:36
these database systems usually require
101:39
knowledge of special languages or
101:40
syntaxes to be able to parse and filter
101:43
through large amounts of data if you
101:46
want to dig deeper into database systems
101:48
check out the next reading
101:50
administrating and managing a database
101:52
can be incredibly complex losing
101:55
precious data could cost a company
101:57
dearly there's actually an entire job
102:00
specialization within IT that deals with
102:02
databases just like that call it
102:04
database administrators we won't talk
102:07
about their role in this program but if
102:09
you're interested in learning more you
102:11
should know where to look the
102:12
supplemental reading
102:21
you
102:26
web servers and servers in general are
102:28
prone to breakage just like any other
102:30
machine troubleshooting the web server
102:32
could involve lots of different
102:33
variables we won't discuss a specific
102:35
troubleshooting scenario in this lesson
102:37
but we'll talk about some easy
102:39
troubleshooting tools you can use to
102:41
diagnose a faulty web server or browser
102:43
caught HTTP status codes when we want to
102:46
go to google.com our browser is sending
102:49
an HTTP request to the HTTP server on
102:52
the web server in turn we get an HTTP
102:56
response sometimes this response returns
102:59
the content that we want almost all the
103:01
time it will return a status message of
103:04
the response HTTP status codes are codes
103:07
or numbers that indicate some sort of
103:09
error or info messages that occurred
103:11
when trying to access a web resource
103:13
knowing common HTTP status code comes in
103:17
handy when you're troubleshooting a
103:18
website error they'll usually tell you
103:20
useful information that can help you
103:22
isolate the root cause here's a common
103:24
HTTP status code you might recognize the
103:27
dreaded 404 not found a 404 error
103:30
indicates that the URL you entered
103:32
doesn't point to anything let's see what
103:35
happens if I type in google.com /a SDF
103:38
let's type that in I get this error
103:44
message the requested URL fourth slash
103:47
asdf was not found on this server that's
103:51
exactly what I expected to happen I
103:53
typed in an address I knew didn't exist
103:55
and the web server confirmed it for me
103:57
but how do we know it's a 404 error code
104:01
depending on the website HTTP error
104:03
messages could be displayed right on the
104:05
page when you try to access it however
104:08
to be absolutely sure you can just view
104:10
the HTTP response itself to do that
104:13
we'll have to do a bit of work browsers
104:16
today have built-in tools that help
104:18
people diagnose issues with the web
104:19
browser or website itself since I'm
104:22
using Chrome I'm going to use a chrome
104:24
developer tools let me go and should do
104:26
that so I'll click on this I get into
104:30
tools
104:34
then click on developer tools this will
104:40
open up the developer tools side-by-side
104:42
to my web browser developer tools is a
104:45
great resource for testing and debugging
104:47
issues with the website or browser we
104:49
won't go through this tool though if you
104:51
want to learn more you can check out the
104:53
supplemental reading for now we just
104:56
want to see the HTTP response code to
104:58
get to that I'm gonna go to the network
105:00
tab here and refresh my page if I try to
105:07
go to google.com for slash asdf I'll see
105:11
the request I made in the left hand side
105:13
here if I click that I'll see the status
105:15
code says 404 not found pretty neat
105:18
right HTTP status codes that start with
105:21
4 X X indicated an issue on the client
105:25
side the client tried to do something
105:27
that I couldn't like enter a bad URL
105:30
access something it wasn't authorized to
105:32
do etc the other common HTTP status
105:35
codes you might see start with 5 X X
105:38
these errors indicate an issue on the
105:41
server side the web server that hosts
105:43
this web content is experiencing issues
105:45
and hopefully the serve administrators
105:47
are looking into it HTTP status codes
105:50
tell us more than just errors they can
105:53
also tell us when our request is
105:54
successful which is denoted by the codes
105:57
that begin with 2 X X HTTP status codes
106:01
can tell us a lot about an issue with
106:03
the website if you encounter one that
106:06
you aren't familiar with just look it up
106:08
it'll probably tell you exactly what the
106:10
issue is for a list of HTTP status codes
106:14
take a look at the Supplemental reading
106:15
well you've done it again you covered a
106:18
lot of information in this module about
106:21
software and platform services you
106:23
learned about IT infrastructure services
106:25
that help a business stay productive
106:26
like communication services you learned
106:29
about security services that keep
106:31
information secure between web browsers
106:33
and servers you also learnt about
106:35
platform services that are used to
106:37
deliver applications to users now you
106:40
can put that knowledge to the test in a
106:42
short test we've cooked up for you in
106:43
the next module we'll talk about
106:45
managing users
106:47
and policy is using directory services
106:49
you're doing an awesome job I know we
106:51
covered a lot but stick with it you got
106:53
this
107:01
you
107:05
congratulations you're almost done
107:07
covering the essential IT infrastructure
107:09
services involved in an organization
107:10
you're so close you got this in the last
107:14
module we learned about the software
107:16
services used in an organization like
107:18
communication software security and file
107:21
storage services then we talked about
107:23
platform services involved in
107:25
organizations that build a software
107:27
product finally we learned about some of
107:30
the servers that support those
107:31
organizations like web and database
107:33
servers in this module we're going to
107:36
learn about the last major IT
107:38
infrastructure service directory
107:40
services it's the beginning of the end
107:43
ready let's jump in
107:52
you
107:54
have you ever looked up someone's phone
107:57
number in a phone directory or use a
107:59
directory listing out of shopping more
108:00
to find a specific store a directory
108:02
server essentially provides the same
108:04
functionality a directory server
108:06
contains a lookup service that provides
108:08
mapping between network resources and
108:11
their network addresses it's used to
108:13
organize and lookup organizational
108:16
objects and entities ranging from things
108:18
like user accounts user groups telephone
108:21
numbers and Network shares instead of
108:23
managing user accounts and computer
108:24
information locally on every machine all
108:27
that information can be stored on a
108:29
directory server for easy access and
108:30
management the ideal enterprise quality
108:33
directory server should support
108:35
replication this means that the stored
108:39
directory data can be copied and
108:41
distributed across a number of
108:42
physically distributed servers but still
108:45
appear as one unified datastore for
108:47
acquiring and administering why is
108:49
replication important it provides
108:51
redundancy by having multiple servers
108:53
available simultaneously so there'll be
108:56
minimal disruption to the service in the
108:58
event that one of the server explodes
109:00
replication also decreases latency when
109:03
you access the directory service by
109:05
having replicas of your directory server
109:07
located in each office you're able to
109:09
answer directory service queries more
109:11
quickly the directory service should
109:13
also be flexible allowing you to easily
109:15
create new object types as your needs
109:17
change access to the information stored
109:20
in the directory server database should
109:21
be accessible from a variety of OS types
109:24
and from the designated areas of the
109:26
corporate network directory services are
109:28
useful for organizing data and making it
109:31
searchable for an organization this is
109:33
achieved through the use of a
109:35
hierarchical model of objects and
109:37
containers the containers are referred
109:39
to as organizational units or I'll use
109:43
and they can contain objects or more
109:46
organizational units this is similar in
109:48
organizational structure to a file
109:50
system
109:51
OU's are like folders which can contain
109:53
individual files or objects for a
109:55
directory service all use can also
109:58
contain additional folders the
110:00
management benefits of this structure
110:02
are pretty clear can you imagine trying
110:04
to keep your music library organized if
110:06
there was no such thing
110:08
sub orders crazy this hierarchal
110:11
structure it can be used to convey
110:12
additional information about what's
110:15
stored within take your directory
110:18
structure as an example you may have a
110:20
know you called users which contains all
110:22
user accounts within this so you there
110:25
could be additional or use which
110:27
represent the actual team structure of
110:29
your organization the users oh you could
110:32
contain additional or use like sales
110:33
engineering and marketing which include
110:36
the user account objects for the
110:37
individuals that belong to these tech
110:39
teams this structure can be used to
110:41
convey differences between these sub
110:43
OU's of users for example we could
110:46
enforce stricter password requirements
110:48
for members of engineering without
110:50
affecting sales or marketing sub members
110:53
inherit their characteristics of their
110:55
parent or you so any changes made to the
110:57
higher level users or you would affect
110:59
all sub well use including sales
111:01
marketing and engineering someone with
111:04
the responsibilities of a systems
111:06
administrator whether that's a system
111:08
admin or IT support specialist would be
111:11
responsible for the setup configuration
111:13
and maintenance of the directory server
111:15
this include z/os itself on which the
111:18
directory service would run standard OS
111:20
management tasks are involved here like
111:23
ensuring that updates are installed in
111:24
configuring standard services other
111:26
responsibilities include the
111:28
installation and configuration of the
111:30
directory service itself so installing
111:33
the service and configuring any related
111:35
services if multiple servers are used in
111:38
a replication setup this needs to be
111:40
configured to it's very likely that the
111:43
hierarchy and overall structure of the
111:44
directory itself would also be up to the
111:47
sysadmin to design and implement well
111:49
that cop is the high level overview of
111:51
what exactly a directory service is
111:52
we'll dive deep into more specific
111:55
details later in this course but for now
111:58
let's review some of the concepts we
112:00
just covered with the short quiz then
112:02
let's meet back at the next video where
112:04
we'll do a more detailed rundown on how
112:06
to implement directory services
112:16
you
112:19
directory services became an open
112:22
network standard for interoperability
112:24
among different software vendors in 1988
112:27
the X dot 500 directory standard was
112:30
approved and included protocols like
112:32
directory access protocol or da P
112:36
directory system protocol or DSP
112:40
directory information shadowing protocol
112:42
or D ISP and directory operational
112:46
bindings management protocol or DOP
112:50
alternatives to da P were designed to
112:53
allow clients to access the extra 500
112:55
directory the most popular of these
112:58
alternatives was lightweight directory
113:00
access protocol or LDAP since these are
113:04
open standards for communication and
113:06
access for directory services a bunch of
113:08
different implementations of these
113:10
services cropped up there are offerings
113:12
from Apache Oracle IBM and Red Hat but
113:16
we'll cover two in more detail later in
113:19
this module the first is Microsoft
113:22
implementation which is referred to as
113:23
Active Directory or ad it has some
113:27
customization and added features for the
113:29
Windows platform
113:30
there are also open source
113:32
implementations of directory services
113:34
using LDAP a popular example of this is
113:38
open LDAP which were also covering
113:40
greater detail open LDAP supports a wide
113:43
range of platforms like Windows Unix
113:46
Linux and various unique derivatives in
113:48
addition to the server software there
113:50
are also client tools used for accessing
113:52
and administering the directory server
113:55
microsoft offers Active Directory users
113:57
and computers or a/d you see which works
114:02
well with Microsoft Active Directory
114:03
server there are also other more open
114:06
tools that can be used to interface with
114:08
a lot of other directory server
114:09
implementations along with clients for
114:12
administering and managing a directory
114:14
server
114:15
there are also client applications that
114:17
can interface with and query a directory
114:19
server all major OS platforms support
114:22
integrating into a directory server for
114:24
login and authentication purposes the
114:27
advantage here is that this allows for
114:29
centralized management of user accounts
114:32
we'll cover the details of centralized
114:33
management in the next lesson so don't
114:35
worry too much about that right now
114:37
when looking at specific implementations
114:39
for your directory server you'll want to
114:41
consider OS support not just a server
114:44
that will be running the directory
114:45
service itself but also what OS is your
114:48
client fleet runs and the compatibility
114:50
or support for your directory services
114:52
you can read more about why this is
114:54
important in the next reading
115:03
you
115:07
the job of assistant administrator is to
115:10
well administer systems sis admins have
115:13
a set of systems they're responsible for
115:15
and they have to manage those systems so
115:17
they're available to serve their
115:19
function to the organization for example
115:21
as a sysadmin I might be responsible for
115:24
making sure that all of the servers in
115:26
my network are kept up-to-date with
115:28
security patches and application updates
115:30
should I go around and log into each
115:32
server checking each one at a time what
115:35
if I need to manage user accounts on
115:36
end-user devices should I go to each
115:38
employees desk and set their account up
115:40
that way I guess I could but that'll be
115:44
super time-consuming and probably
115:46
inconsistent instead what I want to do
115:49
is use centralized management a central
115:52
service that provides instructions to
115:54
all of the different parts of my IT
115:56
infrastructure directory services are
115:59
one of these services remember in
116:01
earlier lessons when you created
116:03
accounts and gave them access to
116:04
resources on your computer imagine that
116:07
you work for an organization that has
116:08
dozens hundreds or even thousands of
116:11
computers and people who use them you
116:13
can't possibly go into each of those
116:15
computers to set them up directory
116:17
services provides a centralized
116:18
authentication authorization and
116:20
accounting also known as eh-eh-eh when
116:24
computers and applications are
116:26
configured to use directory services for
116:28
aaaa services decisions about granting
116:31
or denying access to computers file
116:34
systems and other IT resources are now
116:36
centralized now you can create a user
116:39
account once and it's available for the
116:41
entire network at once easy well sort of
116:45
you'll learn a lot more about aaaa
116:47
services in an upcoming course for now
116:50
you should understand that your
116:52
directory service will be responsible
116:54
for granting or denying access to
116:56
computers file systems and other IT
116:58
resources now let's go one step further
117:01
let's say you have a network file system
117:04
that you need to give everyone in the IT
117:06
department access to you you could set
117:08
up the network share then give it a list
117:10
of user accounts to grant access to the
117:12
share but what happens when someone new
117:15
joins the IT department what about when
117:17
someone leaves instead of granting
117:19
access based on who
117:21
what if you granted access based on what
117:23
you do in most organizations access to
117:26
computer and network resources is based
117:28
on your role in the organization when
117:31
you manage access to resources on a
117:33
computer and on the network you'll often
117:35
grant and deny access based on user
117:37
groups user groups can be used to
117:40
organize user accounts in all sorts of
117:42
ways you might create groups with
117:45
buildings that people work out of or the
117:47
person's role in the organization or
117:49
really almost anything else what's
117:51
important is that you use groups to
117:53
organize accounts based on the way that
117:55
you will manage them if your assistance
117:58
administrator then you might have
117:59
permission to do things like creating
118:01
user accounts and resetting passwords
118:03
you are allowed to do that because of
118:06
your role as a systems administrator if
118:08
you add another assistance administrator
118:10
to your organization you don't want to
118:12
have to find out all of the things that
118:14
a sysadmin should have access to then
118:16
grant them individual account access to
118:18
each of those resources that would just
118:21
take forever
118:22
instead we'll create a group for sis
118:24
admins and add all the system
118:26
administrators to that group then we can
118:29
give the system administrators group
118:30
access to any resources they need if you
118:34
or another person change roles in the
118:36
company then all you have to do is
118:38
change the groups that you're a part of
118:39
not the rights that you have to directly
118:41
access resources we call this role based
118:44
access control or RBAC
118:48
controlling access to resources isn't
118:51
all you can do you can also centralize
118:53
configuration management just like you
118:56
don't want to run around to every
118:57
computer to configure user accounts you
119:00
wouldn't want to do that to set up
119:01
printers configure software or mount
119:04
network file systems by centralizing the
119:06
configuration management of your
119:08
computers and software you can create
119:10
rules about how things should work in
119:12
your organization there are many ways to
119:15
centralize your configuration management
119:16
an easy way to get started is with as
119:19
simple a tool as log on scripts that run
119:21
each time someone logs on to a computer
119:24
later in this module we'll look at
119:27
Active Directory and its group policy
119:29
objects which are a way to keep manage
119:32
the configuration of Windows machines
119:34
there are also dedicated configuration
119:37
management frameworks like chef puppet
119:40
or SCCM that can be used for super
119:43
simple or super powerful configuration
119:45
management these are outside the scope
119:48
of this module so check out the
119:50
supplemental reading right after this
119:51
video for more information
120:01
you
120:04
Before we jump into directory services
120:07
let's talk about the underlaying
120:08
protocol that's used in directory
120:10
services called LDAP or lightweight
120:13
directory access protocol LDAP is used
120:17
to access information in directory
120:18
services like over a network
120:20
two of the most popular directory
120:22
services that use LDAP are active
120:24
directory and open LDAP which we'll talk
120:27
about more in upcoming lessons there are
120:30
lots of different operations you can use
120:32
in LDAP you can add a new entry in the
120:35
directory server database like creating
120:37
a new user objects called Christy you
120:40
can delete an entry in the directory
120:41
server database you can modify entries
120:43
and much much more when we say entry
120:46
we're referring to the LDAP entry format
120:48
or LDAP notation for records in the
120:51
directory service and LDAP entry is just
120:55
a collection of information that's used
120:57
to describe something take a look at
120:59
this example don't worry too much about
121:02
what this says the format of LDAP
121:05
entries basically has a unique entry
121:08
name denoted by DN or
121:10
distinguished name then attributes and
121:13
values associated with that entry so CN
121:16
is the common name of the object in this
121:19
case since it's a person we use Devon
121:22
Sri Darren as the name Oh u is the
121:26
organizational unit such as a group and
121:28
in this case sysadmin is used DC is the
121:32
main component so example.com is split
121:35
into example then come again it's not
121:38
necessary to remember these attributes
121:40
you can reference them in the next
121:42
reading the takeaway here is that LDAP
121:44
notation is used for entries in
121:47
directory services to describe
121:48
attributes using values
121:57
you
122:02
if you were around when phone books were
122:04
used you might remember that these big
122:06
old books contain the names addresses
122:08
and phone numbers of people in your
122:10
neighborhood or community who wanted the
122:12
information to be publicly listed this
122:14
is way different from the phone book or
122:16
contact list you have in your mobile
122:17
phone the people who are in your
122:20
contacts directory gave you then phone
122:22
numbers for your use only when using
122:25
LDAP there are different authentication
122:26
levels that can be used to restrict
122:28
access to certain directories similar to
122:31
those big public phone directories are
122:32
those private mobile phone directories
122:35
maybe you have a directory that you want
122:37
to make public so anyone can read the
122:39
entries in the directory or maybe you
122:41
just want to keep that data private to
122:43
only those who need it we'll discuss how
122:45
LDAP does this authentication and what
122:48
methods it uses we talked about the
122:51
different operations you can do without
122:53
app like add remove or modify entries in
122:56
a directory another operation that you
122:58
can perform is the bind operation which
123:02
authenticates clients to the directory
123:03
server let's say you want to log in to a
123:06
website that uses the directory service
123:07
you enter your account login information
123:09
and password your information is then
123:12
sent back to the website it will use
123:15
LDAP to check if that user account is
123:17
that a user directory and that the
123:19
password is valid if it's valid then
123:21
you'll be granted access into that
123:23
account you want your data to be
123:25
protected encrypted when it's completing
123:27
this process there are three common ways
123:30
to authenticate the first is anonymous
123:32
then simple in the last is sasl or
123:36
simple authentication and security layer
123:39
when using anonymous binding you want
123:41
actually authenticating at all depending
123:44
on how its configured anyone could
123:46
potentially access that directory
123:48
just like our public phone book example
123:49
when you use simple authentication you
123:52
just need the directory entry name and
123:54
password this is usually sent in plain
123:56
text meaning it's not secured at all
123:58
another authentication method that's
124:01
commonly used is sasl authentication
124:04
this method can employ the help of
124:06
security protocols like TLS which we've
124:09
already learned about in Kerberos which
124:11
we'll discuss a minute
124:12
sasl authentication requires a client
124:15
and the directory server to authenticate
124:17
using some method one of the most common
124:20
methods for this authentication is using
124:22
Kerberos Kerberos is a network
124:25
authentication protocol that is used to
124:26
authenticate user identity secure the
124:29
transfer of user credentials and more
124:30
Kerberos by itself can be a complex
124:33
topic that we'll revisit in the IT
124:35
security course if you want to learn
124:38
more about Kerberos right now you can
124:40
check out the supplemental reading by
124:41
after this lesson once the client has
124:43
successfully authenticated with the LDAP
124:45
server or directory service the user
124:48
will be authorized to use whatever
124:49
access levels they have in the next few
124:52
lessons we're gonna go dive deeper into
124:53
two of the most popular directory
124:55
services that use out DAP active
124:57
directory and open LDAP the hardest part
125:04
of my career has easily been joining
125:07
Google I joined in 2002 when the company
125:13
was quite small all men for the most
125:17
part I was the only woman in the room
125:19
most of the time and the way I got
125:22
through it was to find that thing that I
125:26
wanted to be the expert at find the
125:28
thing I wanted to achieve and to really
125:33
focus on that every day break it down
125:36
into small pieces celebrate your
125:38
milestones when you hit them and then at
125:40
the end I had achieved something that no
125:43
one else in the team could have they had
125:45
all tried and I was the one who got it
125:47
done and so I get to seem to reflect on
125:49
that occasionally and think I yeah I did
125:52
that every time a packet passes between
125:56
an end users computer and Google it
125:59
crosses a barrier that I put in place
126:01
for the first time so I got more and
126:03
more interesting projects and people
126:06
began to rely on me more and it really
126:08
helped me overcome the shyness it helped
126:10
me overcome my questioning of whether or
126:14
not I belong here because I actually got
126:15
to contribute and in a meaning
126:17
[Music]
126:19
you
126:27
you
126:31
welcome back in this lesson we'll learn
126:34
more about Active Directory or AD the
126:37
native directory service for Microsoft
126:38
Windows Active Directory has been used
126:42
to centrally manage networks of
126:43
computers since it was introduced with
126:45
Windows Server 2000 if there are
126:47
computers running Windows in your
126:48
organization then ad pro has a huge role
126:51
Active Directory works in a similar
126:53
fashion to open LDAP it actually knows
126:56
how to speak the LDAP protocol and can
126:58
interoperate with Linux OSX and other
127:01
non Windows hosts using that protocol
127:03
when you use Active Directory to manage
127:05
a fleet of Windows service and client
127:07
machines it does a lot more than just
127:09
provide directory services and supplies
127:11
authentication it also becomes the
127:13
central repository of group policy
127:15
objects or GPOs which are ways to manage
127:18
the configuration of Windows machines
127:20
we'll show you how to do this later in
127:23
this lesson now let's take a look at a
127:25
typical Active Directory domain and see
127:27
what it contains Active Directory
127:31
administration relies on a whole suite
127:33
of tools and utilities we're going to
127:36
use a tool call the active directory
127:38
administrative center or a tank a tank
127:41
is a tool that we'll use for lots of the
127:44
everyday tasks that you'll learn in this
127:46
course it's great for getting work done
127:48
and for learning how things work behind
127:50
the scenes as you'll see remember that
127:52
much like file systems directory
127:55
services are hierarchical everything
127:58
that you see in Active Directory is an
127:59
object some objects are containers which
128:02
can contain other objects so several of
128:05
the default containers are just called
128:07
containers and they serve as default
128:09
locations for certain types of objects
128:11
another type of container is called an
128:13
organizational unit or oh you which we
128:16
talked about in an earlier lesson you
128:18
can think of an O you like a folder or
128:20
directory for organizing objects within
128:22
a centralized management system ordinary
128:25
containers can't contain other
128:27
containers but all use can contain other
128:30
oh use that's a little confusing so to
128:32
show you the hierarchical structure of
128:34
AD better click this button of the left
128:36
hand pane to switch Adak to tree view
128:39
there are lots of things listed here a
128:41
DAC tells us what kind of object each of
128:44
these
128:45
are and gives us a description for some
128:46
of them we're not going to work with all
128:49
of these but we want to call out some
128:51
parts of the directory that are more
128:52
common to work with the very first node
128:55
in this tree is our domain a domain will
128:58
have a short name like example and the
129:00
DNS name like example.com objects
129:03
particularly computers in the domain
129:05
will be given a DNS name that lives in
129:08
the domains DNS zone there's actually
129:11
one level of hierarchy above a domain
129:14
that we don't see in this tool and
129:15
that's a forest if you look at the
129:19
logical shape of a domain it looks like
129:21
a tree so the name even makes sense a
129:23
forest contains one or more domains
129:26
accounts can share resources between
129:29
domains in the same forest in our
129:31
example environment example comm is the
129:34
only domain in the forest the next
129:38
example that we look at is computers
129:39
this container is where new ad computer
129:42
accounts are created if I go here you
129:45
can see my computer's computer accounts
129:48
are created when a computer is joined to
129:50
the ad domain the next thing that we'll
129:52
look at is domain controllers this
130:00
container is where domain controllers
130:01
are created by default next we'll look
130:05
at users this container is where new ad
130:11
users and groups are created by default
130:13
the service that hosts copies of the
130:16
Active Directory database are called
130:17
domain controllers or DC's domain
130:21
controllers provides several services on
130:22
the network they host a replica of the
130:25
Active Directory database and group
130:26
policy objects DCs also serve as DNS
130:30
service to provide name resolution and
130:32
service discovery to clients they
130:34
provide central authentication through a
130:36
network security protocol called
130:38
Kerberos as I mentioned we'll talk more
130:41
about cover-ups in the IT security
130:42
course for now what you should
130:44
understand is that domain controllers
130:46
get to decide when computers and users
130:48
can log on to the domain they also get
130:51
to decide whether or not they have
130:53
access to shared resources like file
130:55
systems and Printers
130:56
this allows system administrators to
130:58
make changes to the network really
131:00
quickly and easily if someone new joins
131:02
the organization sis admins can create a
131:05
user account for them and almost
131:06
immediately every device on the network
131:08
knows who that person is if someone
131:11
changes jobs in the org or leaves a
131:13
sysadmin can disable or delete their
131:15
account and within seconds their access
131:17
to devices adjust its common from most
131:21
domain controllers in Active Directory
131:23
Network to be the readwrite in lab
131:25
replicas this means that each have a
131:28
complete copy of the ad database and are
131:31
able to make changes to it those changes
131:33
are then replicated to all other copies
131:35
of the database on other dcs replication
131:38
is usually quick and the last change
131:40
wins in almost all cases this isn't
131:43
perfect but it works for most tasks some
131:46
changes to the ad database can only be
131:48
safely made by one DC at a time
131:50
we task those changes to a single domain
131:53
controller by granting it a flexible
131:55
single master operations or also known
131:57
as feasible
131:59
wrong we won't go into depth here on the
132:02
nitty-gritty details around what each of
132:04
these female roles are responsible for
132:06
and how they operate but you can check
132:08
out the next reading for more if your
132:10
job will involve domain controller
132:12
management you'll need to understand how
132:13
to assign these more roles and recover
132:15
from DC failure in order for computers
132:17
to take advantage of the central
132:19
authentication services of AD they have
132:21
to be joined or bound to Active
132:23
Directory joining a computer to actor a
132:24
directory means two things the first is
132:27
that ad knows about the computer and has
132:29
provisioned a computer account for it
132:31
the second is that the computer knows
132:33
about the Active Directory domain and
132:35
authenticates with it from that point
132:37
forward the computer can authenticate to
132:38
Active Directory just as any users who
132:41
log onto the computers are able to
132:50
you
132:54
managing Active Directory isn't just a
132:57
big topic it's a huge topic there are
133:00
system administrators who spend all
133:01
their time just managing ad we're going
133:04
to spend some time showing you some of
133:06
the most common tasks that assist admin
133:08
will need to do in an Active Directory
133:09
environment when an Active Directory
133:11
domain is first set up it contains a
133:13
default user account administrator and
133:16
several default user groups let's do a
133:18
rundown of the most important groups so
133:21
I want to first get into my Active
133:22
Directory window and because you can see
133:26
I'm an example comm and will run through
133:28
the users domain admins are the
133:30
administrators of the Active Directory
133:32
domain the administrator account is the
133:34
only member of this group in a new
133:36
domain remember how a local
133:38
administrator or root on a computer is
133:40
able to make any changes they want to
133:41
the operating system users in the domain
133:44
admins group can make any changes they
133:46
want to the domain since the domain can
133:48
control the configuration of all of the
133:50
computers that are bound to it domain
133:52
admins can become local administrators
133:54
of all of those machines too this is a
133:56
huge amount of power and responsibility
133:58
so don't add accounts to this group
134:00
lightly Enterprise admins are
134:02
administrators of the Active Directory
134:04
domain they also have a permission to
134:06
make changes to the domain that affect
134:08
other domains in multi-domain forest the
134:10
administrator account is the only member
134:13
of this group in a new domain and to
134:15
price admin accounts should only be
134:17
needed on a rare occasion like when
134:19
Active Directory forest is being
134:21
upgraded to a new version domain users
134:23
is a group that contains every user
134:25
account in the domain if you want to
134:27
give access to a network resource to
134:28
everyone in the domain you don't need to
134:30
grant access to every individual account
134:33
you can use domain users each computer
134:35
thus joined to the domain has an account
134:37
too so we have a default group for them
134:40
also domain computers contains all
134:44
computers joined to the domain except
134:46
domain controllers domain controllers
134:50
contains all domain controllers in the
134:52
domain I'm going to be able to do
134:55
everything in this lesson because I'll
134:56
be playing the role of a domain admin in
134:58
my example organization
135:00
as a Systems Administrator our IT
135:02
support specialist you might also be a
135:04
domain admin or Enterprise admin because
135:06
of the power that gives you to make
135:08
changes in Active Directory you should
135:10
never use a domain admin account as your
135:12
day-to-day user account it's too easy to
135:15
make a mistake that affects the entire
135:16
organization domain admin accounts
135:18
should only be used when you
135:20
deliberately making changes to Active
135:22
Directory got it your normal user
135:24
account should be very much like other
135:26
user accounts in the domain where your
135:28
permissions are restricted just to those
135:30
resources that you need to have access
135:32
to all the time if there are some
135:34
administrative tasks that you need to
135:36
perform a lot as part of your day-to-day
135:38
job but you don't need to have broad
135:40
access to make changes an ad then
135:42
delegation is for you just like you can
135:44
set NTFS decals to give accounts
135:47
permission in the file system you can
135:49
set up Eckles on Active Directory
135:51
objects if you'd like to learn more
135:53
about this more advanced topic check out
135:55
the next reading let's start
135:57
administering Active Directory first up
135:59
we'll take a look at user account
136:01
administration
136:09
you
136:13
if you have systems administrative
136:15
responsibilities you might be involved
136:17
in joining machines to the Active
136:19
Directory domain remember from our
136:21
introduction to AD that computers can be
136:23
joined all balint to Active Directory
136:25
joining a computer to Active Directory
136:27
means two things that ad knows about the
136:30
computer and has provisioned a computer
136:32
account for it and the computer knows
136:34
about the Active Directory domain and
136:36
authenticates with it over here
136:38
I'm logged into a Windows computer that
136:40
isn't joined to a domain this is called
136:43
a workgroup computer the name comes from
136:45
windows workgroups which are a
136:47
collection of stand-alone computers that
136:49
work together Windows work groups aren't
136:51
centrally administered so they become
136:53
harder and harder to manage as the size
136:55
of the network occurs we want central
136:57
administration and authentication in our
136:58
network so let's join this computer to
137:00
the domain let's look at the GUI for
137:02
this first then PowerShell so I'm going
137:04
to go ahead and click computer then
137:06
system properties as you can see this
137:09
computer is under workgroup so what we
137:12
need to do is we need to join this
137:13
machine to the domain to do that I'm
137:15
going to go ahead and click change
137:17
settings click on change in the computer
137:23
name and domain changes window you can
137:26
see the computer can either be a member
137:28
of a domain or a workgroup but not both
137:30
at the same time so I'm going to go
137:32
ahead and select the domain right here
137:33
and I'm going to go ahead and enter our
137:36
domain name which is example.com now
137:39
when I click OK this computer will reach
137:42
out on the network to find a domain
137:44
controller for my ad domain once it
137:46
finds the DC I'll be asked for a
137:48
username and password to authorize the
137:50
computer to be joined to the domain so I
137:53
put in my domain admin username and
137:55
password which I'm gonna do right now
138:03
voila there you go my machine is now
138:06
joined to my domain the domain
138:08
controller creates a computer account in
138:10
the domain for this computer and this
138:12
computer reconfigures itself to use ad
138:15
authentication services this will
138:17
require a reboot so let's jump over to
138:19
the active directory administrative
138:20
center to see what it looks like on that
138:23
end alright so I'm at my active
138:25
directory window and I'm gonna go ahead
138:26
and click
138:27
pootis and all right that is I can see
138:32
my computer in the computers container
138:33
now my new computer will use this Active
138:37
Directory domain for authentication and
138:38
I can use group policy to manage this
138:40
machine we can join computers to the
138:43
domain from PowerShell to I've got this
138:45
computer over here that also needs to be
138:47
joined to the domain so let's use a CLI
138:49
this time so I'm going to go ahead and
138:52
type in add computer then domain name
139:01
example.com and server I'm going to
139:06
connect to you and that knows nice and
139:11
simple now I'm prompted for my
139:13
credentials again which I'm going to
139:15
enter and that's it by default this
139:27
command won't automatically reboot the
139:29
machine to complete the domain join if I
139:31
add the reset parameter the command will
139:33
take care of that too one final thing
139:36
over the years there have been several
139:38
versions of Active Directory we refer to
139:40
these versions as functional levels an
139:43
Active Directory domain has a functional
139:45
level that describes the features that
139:47
it supports if you're interested in
139:49
seeing some of these changes to Active
139:51
Directory over time take a look at the
139:53
next reading on ad functional levels if
139:55
you administer Active Directory you will
139:58
need to know what your domain and forest
140:00
functional levels are and may someday
140:02
need to upgrade your Active Directory
140:03
forest or domain support new features so
140:06
let's look at the properties on this
140:08
domain so this domain is at version 2016
140:13
we can also find this from PowerShell
140:15
like this type in get Ad forest and then
140:27
get
140:27
ad domain see the forest mon and domain
140:32
mode properties now that you know what
140:35
your domains functional level is you can
140:36
find out what ad features it supports
140:38
check out the supplemental reading for a
140:41
whole lot of additional documentation
140:42
and training materials if you want a
140:44
deeper dive into ad administration
140:53
you
140:57
all right now that we've joined all
140:59
these computer started domain what are
141:01
we going to do with them in this lesson
141:04
we're gonna talk about how to use Active
141:06
Directory group policy to configure
141:07
computers and the domain itself like we
141:10
mentioned before directory service are
141:12
databases that are used to store
141:14
information about objects the objects
141:16
represent things in your network that
141:18
you want to be able to reference or
141:20
manage one of these object types in AD
141:23
is Group Policy object or GPO what's a
141:27
GPO it's a set of policies and
141:30
preferences that can be applied to a
141:31
group of objects in the directory GPOs
141:34
contains settings for computers and user
141:37
accounts you may want different software
141:39
preferences for the marketing team the
141:41
legal team and the engineering team
141:43
using group policy would help
141:45
standardize the user preferences for
141:47
each of these teams and help make it
141:49
more manageable for you to configure
141:50
using group policies you can create
141:53
login and lock up scripts and apply them
141:55
to users and computers you can configure
141:57
the event log telling the computer what
141:59
events should be logged and where the
142:01
log should be sent you can say how many
142:04
times someone can enter the wrong
142:06
password before their account is locked
142:07
you can install software that you want
142:10
to be available and block software that
142:12
you don't want to run you heard the boss
142:14
and this is just the beginning you can
142:16
create as many group policy objects as
142:19
you want but they don't do anything
142:22
until they're linked to domains sites or
142:24
OU's when you link a GPO all of the
142:28
computers or users under that domain
142:30
site or oh you will have that policy
142:33
applied you can use other tools like
142:35
security filtering and WMI filters to
142:39
make group policies applying more
142:41
selectively we'll get into that a bit a
142:43
group policy object can contain computer
142:46
configuration use a configuration or
142:48
both these are applied at different
142:51
times computer configuration is applied
142:54
when the computer signs into the Active
142:55
Directory domain this will happen each
142:58
time the computer boots into Windows
143:00
unless it's disconnected from the
143:02
network at the time it's booted up user
143:04
configuration is applied when a user
143:06
account is logged onto the computer in
143:08
each case once it
143:10
gpo is an effect is checked and enforced
143:13
every few minutes remember when I said
143:15
that GPS contained policies and
143:17
preferences what's the difference
143:20
policies are settings that are reapplied
143:23
every few minutes and aren't meant to be
143:25
changed even by the local administrators
143:27
by default policies in the GPL will be
143:31
reapplied on the machine every 90
143:33
minutes this ensures that computers on
143:36
the network don't drift from the
143:37
configuration that system administrators
143:39
defined for them group policy
143:41
preferences on the other hand are
143:42
settings that in many cases are meant to
143:44
be a template for settings system
143:47
administrators will choose settings that
143:48
should be the default on computers that
143:50
apply the GPO but someone using the
143:54
computer can change the settings from
143:55
what's defined in the policy and that
143:58
change won't be overwritten
143:59
how do you do main join computers
144:01
actually get the GPOs
144:02
when a domain joined computer or user
144:05
signs into the domain by contacting a
144:07
domain controller that domain controller
144:10
gives a computer at list of group
144:11
policies that it should apply the
144:13
computer then downloads those policies
144:15
from a special folder called sysvol
144:16
that's exported as a network share from
144:19
every domain controller this folder is
144:21
replicated between all of the domain
144:23
controllers and can also contain things
144:25
like login and logout scripts
144:27
once the computer has downloaded its GPS
144:30
it applies them to the computer we won't
144:32
get into too much detail about the
144:34
sysvol folder but i've included links to
144:36
more information in the next reading
144:38
lastly many policies and preferences in
144:41
GPOs are represented as values in the
144:43
Windows registry the Windows registry is
144:46
a hierarchical database of settings that
144:48
windows and many Windows applications
144:50
use for storing configuration data the
144:53
GPO is applied by making changes to the
144:56
registry the Windows operating system
144:58
and Windows applications read the
145:00
registry settings to determine what
145:02
their behavior should be you can read
145:04
more about the Windows registry in the
145:06
supplemental reading group policy
145:08
management is another huge topic we'll
145:10
only cover the basics of it in this
145:12
course now that you understand a little
145:14
bit about what group policy objects are
145:16
let's dig in and see how you use them to
145:18
manage Active Directory and AD joined
145:20
computers
145:29
you
145:33
the most important tool we'll use for
145:36
creating and viewing crew past the
145:37
object is called the group policy
145:39
management console or gpmc
145:42
you can find this in the Tools menu of
145:45
server manager or by running gpmc MSC
145:50
from the command line you can see that
145:52
the layer of gpmc
145:54
is similar to other management tools
145:56
that we've used in Active Directory on
145:58
the Left we see the structure of Active
146:01
Directory gpmc
146:03
at several containers to its GUI these
146:06
aren't ad containers I will use there
146:08
are management interfaces that only show
146:10
up in gpmc the group policy objects
146:14
container will hold all of the GPOs that
146:16
are defined in the domain the WMI
146:19
filters container is used to define
146:20
powerful targeting rules for your GPOs
146:23
these filters use properties of windows
146:26
management instrumentation or WMI
146:28
objects to decide whether or not a GPO
146:31
should apply to a specific computer this
146:34
is a more advanced topic but if you want
146:36
to dive a little deeper check out the
146:38
link in the supplemental reading group
146:40
policy results is a troubleshooting tool
146:42
that's used to figure out what group
146:44
policies apply to computer and user in
146:47
your network you would use this tool to
146:49
check on group policies that are already
146:51
applied to a computer or user on the
146:54
flipside group policy modeling is used
146:56
to predict which group policies will
146:59
apply to a computer or user in your
147:01
network you use this tool if you wanted
147:03
to test a change to your gpo's or use or
147:06
WMI filters before making real changes
147:09
in your Active Directory we'll go into
147:11
each of these in detail as the lesson
147:13
goes on you might have also noticed that
147:15
there are a couple of things missing
147:18
remember that the users and computer
147:20
containers are not organizational units
147:22
group policy objects can only be linked
147:24
to domain sites and are use if computer
147:28
and news objects are in the default
147:29
containers they can only be targeted
147:32
with GPS that are linked to domains and
147:34
sites it's a good practice to organize
147:36
your user and computer accounts in OU's
147:38
so they can be targeted with the more
147:40
specific group policies now let's get
147:43
started with Group Policy objects note
147:45
in gpmc and take
147:46
quick look at a GPO that already exists
147:49
in a brand-new Active Directory domain
147:51
there'll be two gpo's that are
147:53
automatically created the default domain
147:55
controller policy and the default domain
147:57
policy the default domain policy is as
148:01
you might guess a default GPO that's
148:03
linked to the domain it applies to all
148:06
of the computers and users in the domain
148:08
the default domain controller policy is
148:10
linked to the domain controllers oh you
148:12
and applies you guessed it to the domain
148:16
controllers what we're looking at here
148:18
is the settings report for the default
148:20
domain policy this GPO is designed to
148:23
enforce policy decisions that we want to
148:25
make for the entire domain for example
148:27
the minimum password length policy
148:29
prevents users from setting passwords
148:31
that are too short the audit account
148:32
logon events policy says that the
148:34
computer should create a Windows Event
148:36
for each successful and failed logon
148:38
attempt there are thousands of settings
148:41
that can be controlled with GPO so it
148:43
can take some research to find the right
148:44
setting to change in a group policy
148:46
object to make a change that you want
148:48
group policy has been around through
148:50
several versions of Windows and
148:52
sometimes things aren't exactly where do
148:54
you expect to find that don't despair
148:56
there are lots of documentation online
148:58
about group policies and where to find
149:00
specific settings
149:00
protip something that you might find
149:03
super useful are the group policy
149:05
settings reference that Microsoft
149:07
releases with each new version of
149:09
Windows this reference is a spreadsheet
149:11
that details the GPO policies and
149:13
preferences that are available and where
149:15
to find them next let's try changing one
149:18
of the settings in our default domain
149:20
policy before we get started I'm going
149:23
to make a backup at the GPL all right
149:25
click on the policy and choose backup
149:27
I've created a GPO backup folder on my
149:29
desktop but in a real environment we'd
149:32
want to create a network for it that's
149:33
locked down to only allow domain
149:35
administrators to access it I can add a
149:37
description here too to help me remember
149:39
why I made the backup then I complete
149:41
the backup wizard and I'm done now I
149:44
know that if I make a mistake I can
149:46
restore the policy from backup so I'll
149:48
right-click on the policy again but this
149:50
time I'm choosing edit this will open up
149:53
the default domain policy into the group
149:55
policy management editor you can see
149:57
over in the left hand pane that the GPO
150:00
is due
150:00
into two sections computer configuration
150:03
and user configuration each of these is
150:07
divided into policies and preferences
150:09
inside this tree of policies and
150:11
preferences as every individual GPO
150:14
setting that gpmc knows about whether
150:16
it's been configured or not every GPO
150:19
has access to the same settings at every
150:21
other GPS access to you there aren't
150:24
special GPOs even so it's a good
150:26
practice to make different GPOs that
150:28
each address a specific category of need
150:31
for example you might have a GPO that
150:33
handles all of the settings for a
150:35
specific group of users or one that
150:37
handles security policies for the whole
150:39
domain with specific GPOs for specific
150:42
solutions you can link your GPOs
150:44
to only the computer or users that need
150:46
that policy since you're working with
150:49
the entire universe of group policy in
150:51
every GPO it can be very difficult to
150:54
tell from the editor what settings are
150:56
actually configured in this GPO we refer
150:58
back to the settings report in gpmc for
151:01
that information it looks different but
151:04
you might notice that the Settings
151:06
report is laid out in the same
151:07
hierarchical fashion as a GPIO editor I
151:10
can see that the account lockout
151:11
threshold is configured to zero
151:13
invalid logon chunks let's take a look
151:16
at that policy in the GPIO editor I'm
151:18
going to use a settings report as a row
151:20
map to finding that policy in the editor
151:23
so let me show you how I'm going to go
151:25
ahead and right click default domain
151:27
policy hit edit and I'll have this to
151:31
the side so we can look at our road map
151:33
so as you can see computer configuration
151:35
so I click computer configuration think
151:37
like policies click windows settings
151:41
want to click security settings and then
151:45
account policies because we're
151:47
interested in the lockout policy you can
151:51
see that there are three policies under
151:53
account lockout policy the policy column
151:56
tells us the prime of the policy and the
151:59
policy setting tells us the current
152:01
configuration of the policy if a policy
152:03
is not defined then this GPO won't make
152:06
any changes to that setting on the
152:08
computers that it's applied to the
152:10
policy name is pretty easy to understand
152:12
but I'm not sure that I understand
152:14
all of the consequences of changing
152:16
those values if I double-click on any of
152:19
these policies it will open up the
152:21
properties dialog for that policy oh
152:23
what's this there's an explained tab
152:27
here awesome
152:28
the explain - I would tell us what the
152:30
policy configures it may also tell us
152:32
what to expect if the policy is not
152:34
defined and what the default value of
152:36
the policy is if it's enabled but not
152:39
customized so looking at the explanation
152:42
of the account lockout start short
152:44
policy I see that by having it set to
152:47
zero accounts will never be disabled for
152:50
failed login attempts that's not what I
152:52
want in my domain so I'm gonna change
152:54
this value Oh interesting it looks like
153:01
this policy has some dependencies on
153:03
other policies ok I'm going to accept
153:05
these defaults and now I'll see that all
153:07
three of these policies in the account
153:09
lockout policy have been configured so
153:11
how do we save these changes as soon as
153:14
you hit apply or ok in a group policy
153:17
management and it's a dialogue the
153:18
change is made in the GPO immediately
153:20
almost right away computers can receive
153:23
the update and start applying it that
153:25
might not be what you wanted when you
153:28
need to make changes to a production
153:29
group policy you should test them first
153:32
for example I was playing around with a
153:35
default domain policy which is linked to
153:37
the whole domain so I've just
153:38
immediately made it so all user accounts
153:40
will be locked if they enter their
153:42
password incorrectly once
153:43
whoops what is the undo button guess
153:47
what there isn't one don't worry this is
153:50
why we made a backup before starting to
153:52
work on this policy let's restore the
153:55
policy from backup and undo this
153:56
catastrophe waiting to happen back in
153:59
the group policy management console I'm
154:01
going to right click on default domain
154:03
policy in the group policy objects and
154:05
then select restore from backup this
154:09
wizard remembers the last place that I
154:12
backed up at GPO and assumes that's
154:14
where I want to restore from so
154:16
intuitive now it lists each of the GPO
154:19
backups that are in the folder that we
154:21
choose the name of the policy and the
154:25
time that it was backed up are listed
154:27
here along with any
154:28
descriptions that we provided when we
154:30
did the backup if I click on view
154:32
settings it will launch my web browser
154:35
with the settings report of the backup
154:36
cool right okay I need to get this
154:39
policy restored so my uses tone get
154:41
locked out of their accounts the summary
154:43
dialog shows me what I'm about to do so
154:45
let's go there this all looks right so
154:52
I'm going to click finish and make sure
154:54
that my policy has been restored
155:04
perfect my backup has been restored my
155:07
mistake has been undone as you've seen
155:09
in this example before making changes to
155:12
a GPO you should always back it up but
155:14
what's another way I could have
155:16
prevented this mistake that's right I
155:19
could have tested my changes there are
155:21
lots of ways to do this I'll summarize
155:23
some simple steps here and provide
155:24
additional documentation in the
155:26
supplemental reading some organizations
155:28
will have established best practices for
155:30
testing GPO changes in their environment
155:32
if that's the case then you should
155:34
follow those standards you might need to
155:36
follow a change management process too
155:38
in order to notify others in the
155:40
organization about the changes that you
155:42
are about to make
155:43
what I'm going to show you is just one
155:45
way of adding some safety to GPO changes
155:48
let's say I have a GPO called example
155:51
policy can name right I want to make
155:53
changes to example policy but I want to
155:56
test the changes first to make sure that
155:58
I don't break production machines first
156:00
I set up a testing on you that contains
156:02
test machines or user accounts if
156:04
example policy is usually linked at
156:07
example.com Finance than computers then
156:11
I can create example comm finance
156:13
computers test and put testing machines
156:16
in the tester you this lets the test
156:18
machines keep all of the existing
156:20
production GPOs but gives me a place to
156:23
link a test GPO they'll override
156:25
production let me go and show you how I
156:27
do that it's on a click example click
156:31
new click o you then type in Finance and
156:37
click OK thank her another o you for my
156:41
computers
156:47
and then underneath that I'm gonna go
156:50
ahead and make a test oh you so I can
156:54
test my GPO and hit okay next I make a
157:02
copy of the GPO that I want to change
157:03
and call it something like test example
157:05
policy let me show you how I do that so
157:07
this is one policy that I have and hit
157:09
copy go to my group policy objects hit
157:14
paste now let's say use the default
157:16
permission for the GPO s because we want
157:17
to make a copy of course and hit OK you
157:23
can see it's called copy of master I'm
157:25
gonna rename this to test example policy
157:34
enter now I can make the changes that I
157:39
want to test in test example policy and
157:41
link it to my test oh you and let me
157:44
show you how I link that I'm gonna go
157:45
into my oh you financed computers and
157:50
then test right click test and then I
157:53
say link an existing GPO which is going
157:56
to be my test example policy right here
157:58
and then hit OK after it confirmed that
158:02
my changes were the way that I expected
158:04
I can make a backup of the test policy
158:07
then import the backup of test example
158:09
policy to the production example policy
158:11
this makes some extra work for me since
158:13
I'm a systems administrator but I also
158:15
benefit from added safety and peace of
158:17
mind by testing my changes on a copy of
158:20
the GPO on test machines I make it much
158:22
harder to accidentally break production
158:24
with machines your organization might be
158:27
using advanced group policy management
158:28
or AG p.m. which is a set of add-on
158:32
tools from Microsoft that give you some
158:34
added revision control abilities in gpmc
158:36
if you do use AG p.m. in your
158:40
organization you should follow best
158:41
practices for GPO version control using
158:44
AG p.m. I've included a link to those
158:47
best practices in the next reading we've
158:49
edited a GPO and seen some ways to make
158:51
editing GPO safe now we need to know a
158:55
bit more about how to understand all of
158:57
the policies that are applied to a
158:58
specific machine or a user account
159:00
next up GPO inheritance and precedents
159:04
I'll see you there
159:12
you
159:16
if you follow the practice of creating
159:18
specific GPOs to address specific
159:21
categories of needs you can end up with
159:23
a whole lot of policies linked at many
159:25
levels of your active directory
159:26
hierarchy group policy objects that
159:29
control security settings are a really
159:31
common place where this can happen
159:33
systems administrators are responsible
159:36
for protecting the security of the IT
159:37
infrastructure so it's a good practice
159:40
to create a very restrictive GPO that
159:42
uses very secure conservative security
159:44
policies and link that to the whole
159:46
domain this gives you a secure default
159:49
policy but some uses all computers might
159:52
not be able to do what they need to with
159:54
those very conservative policies in
159:56
place the finance department might need
159:58
to use Excel macros that are disabled in
160:00
your default security policy for example
160:02
so we can create GPOs that relax some of
160:05
the security settings or policies in the
160:07
OU's that contain those computers or
160:09
users another example might be that we
160:12
have a group policy object that
160:13
standardized the desktop wallpaper of
160:15
all computers but we have computers that
160:17
are public access kiosks that need to
160:20
have a different wallpaper in any of
160:22
these cases you can have computers or
160:24
user accounts with multiple GPS assigned
160:26
to them that contradict one another by
160:28
design so what happens when there are
160:31
two or more contradictory group policy
160:32
objects that apply to the same computer
160:34
when computers processing the group
160:37
policy objects that apply to it all of
160:39
these policies will be applied in a
160:40
specific order based on set of
160:42
precedence rules gpo's are applied based
160:45
on the containers that contain the
160:47
computer and user account GPOs that are
160:50
linked to the least specific or largest
160:52
container are applied first gpo's are
160:56
linked to the most specific or smallest
160:58
container or applied last first any GPO
161:02
is linked at the ad site are applied
161:04
then any linked at the domain and then
161:07
any OU's in order from parent to child
161:10
if more than one policy tries to set the
161:13
same policy or preferences then the most
161:16
specific policy wins - see what I mean
161:19
let's look at this ad structure as you
161:21
can see my structure I've multiple I'll
161:23
use we have my IT oh you we have my
161:26
sales are you I also have my research
161:29
you and I also have my sites in
161:32
Australia India and North America if you
161:36
have a computer in the India site and
161:38
the example.com sales computer are you
161:42
then active directory would apply group
161:45
policy objects that are linked to the
161:47
India cite the example comm domain the
161:50
sales are you and the computers are you
161:52
in that order that's on although you can
161:56
actually link multiple GPOs to the same
161:58
container
161:59
how does ad decide which order to apply
162:01
the GPO is in if there are more than one
162:03
in a container each container has a link
162:06
order for the GPS are a link to it so
162:09
let's look at ourselves are you the
162:10
sales are you in our example domain has
162:12
a GPO for a network drive mapping and a
162:15
GPO for configuring network printers the
162:18
link order of each policy determines
162:20
which GPO takes precedence the highest
162:23
number is the lowest ranked GPO so its
162:25
settings are applied first Network
162:28
printers sales is applied first and
162:31
network drives sales is applied last if
162:35
anything the network drive policy
162:37
contradicts the network printer policy
162:39
and the drives policy wins out les
162:42
summarizes so far the highest numbered
162:45
link order in the least specific
162:46
container is applied first and the
162:49
lowest numbered link order in the most
162:51
specific container is the last GP
162:54
applied the last GPO to modify any
162:56
specific setting wins in the group
162:59
policy management console we can see the
163:02
president's rules in action I'm going to
163:05
switch to the computers are you in group
163:07
policy management I can see that there's
163:09
a policy linked here called computer
163:12
security policy will increase this by
163:15
switching from the linked group policy
163:17
objects tab to the group policy
163:19
inheritance like so I can see that
163:22
objects in this oh you will actually
163:24
have a quite a few policies applied the
163:27
precedents column tells us which policy
163:29
will win if there are conflicting
163:30
settings and the location column tells
163:33
us where the policy was linked you might
163:35
have noticed that there are no site link
163:37
policy listed here that's because you
163:40
can have computers from many different
163:41
ad sites in the same
163:43
you so site-based GPO links aren't
163:46
represented in the summary when you add
163:49
all of the group policies together for a
163:51
specific machine and apply precedence
163:53
rules to them we call that the resultant
163:55
set up our C o RS LP for that machine
163:59
when you troubleshooting Group Policy
164:01
who often compared an our SOP report
164:03
pronounced horse up to what you expect
164:07
to be applied to that computer there are
164:09
a lot of ways to get at our self report
164:11
we'll use the group policy management
164:13
console for now and look at the other
164:15
methods when we start troubleshooting
164:16
let's check on what group policy objects
164:19
will apply when one of our cell staff
164:21
logs on to their computers or
164:22
right-click on the group policy results
164:24
not in gpmc and select group policy
164:27
result Wizards let me go and do that
164:31
this wizard will walk me through
164:34
generating a resultant set of policy
164:36
report for the computer and user my
164:37
choice the computer that I'm using to
164:40
run this report will make a remote
164:41
connection to that computer and ask you
164:43
to run the report the report will then
164:45
be visible in my local gpmc
164:47
I like to see the arse up when Emmett is
164:50
logged into his computer which is Emmett
164:52
pcs zero one let me go and do that so
164:55
I'm hitting next I wanna search for his
164:57
computer so I hit another computer hit
165:00
browse Naughton type in Emmett PC zero
165:06
one and hit OK the group policy results
165:12
in wizard is super simple
165:13
first I enter Hemet PC 0 1 as a computer
165:17
that I want to run the report on by
165:19
default the wizard will only run in our
165:21
sub report for computer configuration
165:23
since I want to see the user
165:25
configuration for Emmett - I'll select
165:27
display policy setting for him which is
165:29
actually already selected by default
165:30
so what I'm gonna do is I'm gonna hit
165:32
next and it's gonna take us to the
165:35
summary of selections and then we're
165:40
gonna hit next and to generate the
165:42
report we hit finish you can only select
165:46
users from this list you've already
165:47
logged on to this computer in the past
165:49
that's it I review my selection in the
165:52
summary dialog then finish the wizard
165:54
I'm
165:55
for the new item under the group policy
165:57
resultant nod in gpmc and it contains a
166:00
resultant sent the policy report that
166:02
just requested great this are self
166:06
report contains everything that we need
166:08
to understand what policies apply to a
166:10
computer or user it includes a whole lot
166:13
of detail about where the computer and
166:14
user are located in AD what their
166:16
security group memberships are and more
166:18
I'm going to set that aside for them up
166:20
for the moment and focus on the setting
166:22
sections of the report which I once
166:24
brought down to this looks a lot like
166:29
the information you see in the settings
166:31
tab of a GPO but instead of only showing
166:33
you these settings modified by single
166:35
GPO you can see the combined effect of
166:38
all of the applied GPOs the winning GPO
166:41
column tells you which GPO ultimately
166:43
took precedence for each policy and
166:44
preference amazing right
166:46
remember I'm making a remote request
166:48
from my group policy management console
166:50
to emit species 0 1 to run this report
166:52
there are a bunch of reasons that this
166:54
could fail to work I'm at PC zero one
166:57
may be powered off
166:58
it could be disconnected from the
167:00
network or my firewall rules that
167:02
prevent me from running the report
167:03
remotely if I'm not a local
167:05
administrator on the machine I won't be
167:07
able to run the report in any of these
167:10
cases if I need that R sub report for
167:12
troubleshooting I might have to run
167:14
commands locally on Emmett's PC zero one
167:16
will cover additional troubleshooting
167:18
techniques in a future lesson
167:27
you
167:31
as a Systems Administrator nor IT
167:34
or specialist you might be called on to
167:36
troubleshoot issues related to Active
167:38
Directory let's go through some of the
167:40
most common troubleshooting tasks that
167:42
you may encounter this lesson will
167:44
introduce you to tools that will help
167:45
you troubleshoot these scenarios keep in
167:48
mind these are only examples since we're
167:51
working with complex systems there are
167:54
lots and lots of ways for things to not
167:56
work your greatest tool is to learn
167:58
about these systems and understand how
168:00
they function don't for troubleshooting
168:02
and research are your friends one of the
168:05
most common issues you might encounter
168:07
is when a user isn't able to log in to
168:09
their computer or isn't able to
168:11
authenticate to the Active Directory
168:12
domain there are many reasons this might
168:14
happen they may have typed the password
168:16
with cap locks button on they may have
168:19
locked themselves out of the computer
168:21
accidentally changed a system setting or
168:23
it could be a software bug it's
168:25
important to think about the steps to
168:27
troubleshoot and remember to ask
168:29
questions about what happened make sure
168:32
to look at the exact conditions under
168:34
which of the failure occurs and any
168:36
error message that accompanied the
168:38
failure this should be enough
168:40
information to get you started down the
168:42
right path to troubleshoot let's just
168:44
talk for a moment about the most common
168:46
types of failures that can lead to a
168:47
user account authentication issue as we
168:50
discussed in an earlier lesson if a user
168:52
enters a wrong password several times in
168:54
a row their account may be locked out
168:55
people sometimes just forget their
168:57
passwords and need the assistance of an
168:59
administrator to sort things out make
169:00
sure to review our earlier lesson on
169:02
managing user and groups in Active
169:04
Directory if you need a refresher on
169:05
resetting user passwords if a domain
169:07
computer isn't able to locate a domain
169:09
controller that it can use for
169:11
authentication then nothing that relies
169:13
on Active Directory authentication will
169:14
work if you remember from the customer
169:16
support module in the first course any
169:18
time you troubleshoot an issue start
169:20
with the simplest solution first this
169:23
could be a network connectivity issue
169:24
and nothing specific to Active Directory
169:26
at all if the computer isn't attached to
169:28
a network that can route communications
169:30
to the domain controller then this must
169:33
be fixed you also learnt about network
169:36
troubleshooting techniques in an earlier
169:37
module so we won't repeat any of them
169:39
here any networking issue that would
169:41
prevent the computer from contacting the
169:43
domain controller or its configured DNS
169:45
servers
169:46
which is used to find domain controller
169:47
could be an issue now why is DNS so
169:50
important in order for the computer to
169:53
contact a domain controller it needs to
169:55
find one first this is done using DNS
169:58
records the domain computer will make a
170:01
DNS request for the SRV records matching
170:03
the domain that has been down to if the
170:06
computer can't contact its DNS service
170:08
or if those DNS servers don't have the
170:10
SRV records that the computer is looking
170:12
for then it won't be able to find the
170:14
domain controller the SRV record that
170:17
we're interested in are under school
170:19
LDAP dot underscore tcp dot d c-- dot
170:25
underscore em s d c-- s dot domain dot
170:31
name where domain name is the dns name
170:36
of our domain so i'm gonna go ahead to
170:39
my partial and i want to go ahead and
170:41
type in resolved - dns name type s RV
170:52
name
170:55
paladin dot underscore TCP dot d c-- dot
171:02
underscore mas d c-- has dot example.com
171:12
well that looks good i should see an SRV
171:15
record for each of my domain controllers
171:17
and i do
171:18
perfect now if i can't resolve the SRV
171:22
records for my domain controllers then
171:24
my dns servers may be misconfigured how
171:28
might they be misconfigured well my
171:30
domain computers need to use the dns
171:32
service that hosts my Active Directory
171:34
domain records this will often be one or
171:38
more of my domain controllers but it can
171:39
be a different domain server either way
171:42
the appropriate DNS service to use for
171:44
your deep domain computers should be
171:46
known and documented compare the
171:48
configuration of the machine to the
171:50
known good configuration and see if it
171:52
needs to be adjusted on the flip side if
171:55
your resolving some SRV records but they
171:57
appear to be incomplete or incorrect
171:59
then in-depth troubleshooting may be
172:01
required I've included a link to more
172:04
information about this in the next
172:05
reading one more thing to call out
172:08
depending on the configuration of your
172:10
domain and new computers it's common
172:12
that local authentication will continue
172:15
to work for a little while at least once
172:18
someone logs into a domain computer
172:20
information required to authenticate
172:21
that user is copied to the local machine
172:24
this means that after the first login
172:27
you'll be able to login to the computer
172:29
even if the network is disconnected you
172:32
won't be authenticate to the domain or
172:34
authorized to access any domain resource
172:35
like shared folders just because someone
172:38
is able to login doesn't mean that
172:40
they're able to find a domain controller
172:41
another issue that can prevent users
172:43
from authenticating has to do with the
172:45
clock Kerberos is the authentication
172:48
protocol that anyd uses and it's
172:50
sensitive to time differences I'm not
172:52
talking about local time zones here I
172:54
mean the relative UTC time if the domain
172:57
controller and computer don't agree on
172:58
the UTC time usually within five minutes
173:01
the authentication attempt will fail
173:03
domain computers usually synchronize
173:06
their time with domain controllers with
173:08
the
173:08
windows time service but this can
173:10
sometimes fail if the computer is
173:12
disconnected from a domain network for
173:14
too long or if the if the time has
173:16
changed by software or a local
173:18
administrator to be too far out of sync
173:21
then the computer may not automatically
173:23
resync with a domain controller you can
173:25
manually force a domain computer to
173:27
resync by using the w 32 t m4 /r sync
173:32
command I've included links with more
173:34
information about this in the next
173:36
reading now let's talk a bit about
173:38
troubleshooting group policy issues a
173:41
common issue that you might have to
173:44
troubleshoot is when a GPO defined
173:45
policy or a preference fails to apply to
173:48
a computer you might learn about this
173:50
failure in a number of ways like a
173:52
person in your organization telling you
173:54
that something on their computer is
173:55
missing or not working if you're using
173:58
GPO to manage configuration on your
174:00
machines then maybe there will be a
174:02
piece of software that should be present
174:04
or there may be a map network drive
174:07
that's missing or a number of things the
174:10
common factor will be that something
174:12
that you created a GPO to configure
174:14
won't be configured on one or more
174:16
computers let's look at the three most
174:19
common reasons that this might happen
174:21
the first and possibly most common type
174:23
of GPO failure has to do with the way
174:25
crew pulses are applied depending on how
174:28
your domain is configured the group
174:30
policy engine that applies policy
174:31
settings to a local machine many
174:33
sacrifice the immediate application of
174:35
some types of policies in order to make
174:38
Oakland faster this is called fast logon
174:42
optimization and it can mean that some
174:44
GPO changes take much longer to be
174:46
automatically applied than you might
174:48
expect
174:49
also the group policy engine usually
174:52
tries to make GPO application faster by
174:54
only applying changes to a GPO instead
174:58
of the whole GPO in either of these
175:00
examples you can force or GPOs to be
175:03
applied completely and immediately with
175:05
gpupdate
175:07
slash force if you want to be really
175:09
thorough you can run a GP update slash
175:12
force slash sync adding the slash sync
175:16
parameter will make you log off and
175:17
reboot the computer some types of group
175:20
policy can only
175:21
when the computer is first booted or
175:24
when a user first logs on so a logoff
175:27
and reboot is the only way to make sure
175:29
that a forced update to GPO has a chance
175:31
to apply all of the settings replication
175:34
failure is another reason that a GPO
175:36
might fail to apply is expected remember
175:39
that when changes are made to Active
175:41
Directory those changes usually take
175:43
place on a single domain controller
175:45
those changes then have to be replicated
175:47
out to other domain controllers if
175:49
replication fails then different
175:52
computers on your network can have
175:53
different ideas about the state of
175:55
directory objects like policy objects
175:57
the logon server environment variable
175:59
would contain the name of the domain
176:01
controller that the computer used to log
176:03
on remember that you can see the
176:05
contents of the variable with this
176:07
command in power shell which is dollar
176:09
sign environment : log on server and
176:12
shows me DC one you can also get the
176:14
same results using command prompt which
176:16
uses percentage log on server percentage
176:21
knowing which domain controller you are
176:23
connected to is useful information to
176:25
have
176:25
if you suspect a replication issue from
176:27
the group policy management console we
176:29
can check on the overall health of the
176:31
group policy infrastructure I'm going to
176:33
select my domain and take a look at the
176:35
Status tab this tab will summarize the
176:37
Active Directory and sysvol replication
176:40
status for the domain it may be showing
176:42
result from a recent test so I'm going
176:44
to force it to run a new enough analysis
176:46
by clicking on detect now what we want
176:50
to see is that all of our domain
176:51
controllers are listed under domain
176:53
controllers with replication in sync if
176:55
they are then we can be sure that there
176:58
are no replication issues that will
177:00
affect our group policy objects if we do
177:02
see any domain controllers in the domain
177:04
controller with replication and progress
177:06
list then we may have a replication
177:08
issue depending on the size and
177:11
complexity of your Active Directory
177:12
infrastructure and the reliability and
177:14
throughput of the network links between
177:16
your ad sites it's possible for a
177:18
replication to take a few minutes to
177:20
complete
177:21
if replication doesn't complete in a
177:22
reasonable amount of time you may need
177:24
to troubleshoot Active Directory
177:25
replication in the Supplemental reading
177:28
you'll find a handy guide to help you
177:30
through this more advanced topic we
177:31
focused on the simplest cases for
177:33
managing Group
177:34
Parsi but the reality is that
177:35
controlling the scope of a group policy
177:37
object can get super complicated take a
177:40
look at the supplemental reading to
177:42
learn more about this topic - if you're
177:44
trying to work out why a particular GPO
177:47
is supplying to a computer the first
177:49
thing to do is to run the resultant set
177:51
a policy or horse up you can use the
177:54
group policy management console like we
177:56
did in an earlier lesson or you can run
177:58
the command on a computer directly to
178:00
generate the report the GP result
178:02
command will help us out there if I run
178:06
GP result for /r you can see that I get
178:09
a summary report in my terminal let me
178:10
go and show you that so I'm switching to
178:14
my powershell GP result for slash our
178:22
reports been created and I get this
178:24
report if I want the full report like I
178:29
get for my GP MC I can run a GP result
178:32
for /h filename HTML undo GP result /h
178:40
and then test dot HTML this will give me
178:46
a report that's an HTML web page that I
178:49
can open in my browser and then we go
178:50
and get that
179:01
okay so with this report in hand I want
179:04
to look for some things is the GPO that
179:06
I want to apply listed what was it
179:08
linked to annoy you that contains the
179:10
computer that I'm troubleshooting is the
179:11
GPO that I care about listed under ply
179:13
gpo's or under deny GPIOs if it was
179:16
denied what was the denied reason did
179:19
another GPL win for the policy of
179:21
preference that I'm trying to configure
179:23
each GPO can be configured with an echo
179:26
called a security filter is the security
179:29
filter set to something besides
179:30
authenticated users if so then that may
179:33
mean that you have to be in a specific
179:35
group in order to read or apply the GPO
179:38
each GPO can also be configured with the
179:40
WMI filter a WMI filter that she applied
179:44
a GPO based on the configuration of the
179:46
computer Delta here my filters are
179:48
powerful but expensive and easy to miss
179:50
configure this is because they look at
179:52
windows management instrumentation
179:53
values to decide if a policy should
179:55
apply or not for example you can create
179:58
a GPO that installs a piece of software
180:00
but only if a.w in my reports that a
180:03
specific piece of hardware is present
180:05
these filters are expensive because they
180:07
require the group pass engine to perform
180:09
some sort of query or calculation on
180:11
every computer let's make to the policy
180:13
but then only apply the GPO to computers
180:16
that match the filter many policies and
180:18
prophecies can be configured to apply to
180:20
the computer or to use as a logon did
180:23
you meet a configure a computer setting
180:24
but accidentally configure a user
180:26
setting or the reverse there's a really
180:29
in-depth group policy troubleshooting
180:30
guide in the supplemental reading that
180:32
you should refer to if you get into a
180:34
really tricky GPO troubleshooting
180:36
session ok we've really covered a lot
180:39
out here if you aren't clear on any of
180:41
the concepts we've covered that's ok
180:43
just make sure to re-watch the lessons
180:46
remember though that the more you work
180:48
with Active Directory and the group
180:50
policy the more familiar you become with
180:51
them if you use what you've learned
180:54
about these systems combined with your
180:55
research skills you can troubleshoot
180:57
just about anything
181:06
you
181:09
in the last lesson you don't head first
181:12
into the popular directory service
181:14
active directory you learnt how to add
181:17
users password groups and even modify
181:20
access level for groups using group
181:22
passes another popular directory service
181:24
that's used today is the free and open
181:26
source service open LDAP which stands
181:29
for lightweight directory access
181:30
protocol operates very similar to Active
181:33
Directory using LDAP notation or LDAP
181:37
data interchange format or LD if' you
181:40
can authenticate add/remove users groups
181:43
computers and so on in a directory
181:45
service open LDAP can also be used on
181:48
any operating system including Linux Mac
181:51
OS even Microsoft Windows however since
181:54
Active Directory is Microsoft's
181:56
proprietary software for directory
181:57
services we recommend that you use that
182:00
on Windows instead of open in LDAP but
182:02
it's helpful to know that open LDAP is
182:04
open source so it can be used on a
182:06
variety of platforms there are a few
182:09
ways you can interact with an open LDAP
182:11
directory first you can use the command
182:13
line interface and passing commands to
182:15
create and manage directory entries you
182:18
can also use a tool like PHP LDAP admin
182:21
which offers you a web interface that
182:23
you can use to manage your directory
182:24
data much like the at Windows Active
182:27
Directory GUI that you're familiar with
182:28
you can read more about how to set up
182:30
open LDAP and PHP LDAP admin in the next
182:34
reading in this lesson we'll give you a
182:36
high-level overview of the operations
182:38
you can do in open LDAP via commands and
182:40
how they work to begin we'll just open
182:43
the open LDAP package using this command
182:46
I want to get into my Linux environment
182:48
and type of this command sudo apt-get
182:54
install slap D held app utils
183:05
my password in and except once you
183:12
install the packages it'll prompt you to
183:14
enter in an administrator password for
183:16
alle dot so let's go ahead and do that
183:17
and then hit OK
183:21
then confirm your password then hit OK
183:31
now that its installed we're actually
183:34
going to reconfigure the snap D package
183:36
so that we can fine-tune our setting to
183:39
do that we're gonna run the following
183:40
command I'm gonna clear my window and
183:44
then run sudo dpkg reconfigure slap D
183:56
this is gonna ask us a bunch of
183:58
questions about our new setup we won't
184:00
cover all of these options but you can
184:02
learn more about them and you guessed it
184:04
the Supplemental reading for now let's
184:07
just fill out the settings with these
184:08
values so the first option is omit open
184:12
LDAP server configuration I'm gonna go
184:14
ahead and say no next DNS domain name is
184:18
similar to Windows ad this is our
184:20
organization domain let's use example
184:22
calm and then hit OK organization name
184:29
let's use example administrator password
184:34
just the same thing that we entered
184:36
before for the database let's use MD be
184:43
do you want the database to be removed
184:46
when Slappy's purged let's go ahead and
184:48
say you know that's asking us if you
184:51
would like to move the old database
184:52
we're gonna say yes for now and they'll
184:55
say allow LDAP version 2 protocol I'm
184:57
gonna say no that's it now you have a
185:02
running open LDAP server we're really
185:04
cooking now let's keep going
185:13
you
185:18
it's easier to manage open LDAP through
185:21
a web browser and tool like PHP LDAP
185:23
admin but you can also use command line
185:26
tools to achieve the same result I'd
185:28
recommend you look into setting up a PHP
185:31
l-dub admin if this is your first setup
185:33
with open LDAP for instructions about
185:36
how to set up PHP a Badman
185:38
check out the supplementary reading in
185:39
this lesson we're gonna quickly run down
185:42
a few of the commands that will allow
185:44
you to add modify and remove entries in
185:47
your directory to begin using
185:49
command-line tools you need to use
185:51
something known as LD if' files
185:54
pronounced out if we've already seen LD
185:58
format or LDAP notation in action it's
186:01
just a text file that lists attributes
186:03
and values that describe something
186:05
here's a simple example of an LD file
186:07
for a user even without understanding
186:10
what the syntax of this file is saying
186:12
we can infer that it's talking about an
186:15
employee named Cindy who works in the
186:17
engineering department of the company
186:19
example.com
186:20
we've talked a little bit about what the
186:22
attributes are referring to in an
186:24
earlier lesson but you can refer to the
186:26
Supplemental reading if you want to know
186:28
what the specific fields mean for our
186:31
purposes here though we just want to see
186:33
a high-level overview of how this works
186:35
once you've written your LD files you
186:37
practically done depending on what task
186:40
you want to do to your directory you'd
186:42
run commands like these l-dub ad this
186:46
takes the input of an LD file and adds
186:48
the context of the files l adapt modify
186:51
as you can guess this modifies an
186:53
existing object I'll adapt delete this
186:56
will remove the object that the LD fr
186:58
refers to LDAP search this will search
187:02
for entries in your directory database
187:04
it's not important to know the syntax of
187:07
these commands you can always look up
187:08
the syntax on official documentation but
187:11
as you can see it's not scary to work
187:13
for the open LDAP it operates in a very
187:15
similar way to Windows Active Directory
187:16
or AD you can take this knowledge and
187:19
populate your directory just like you
187:21
did in Windows ad if you're curious
187:23
about the syntax of these commands check
187:25
out the supplemental reading on using
187:27
out diff files and adapt commands
187:29
again if you're considering open LDAP as
187:32
your solution to your directory service
187:34
needs I'd recommend looking into the web
187:36
manager tool PHP LDAP Mad Men that we've
187:39
included a link to in the next reading
187:41
just like windows ad this topic can be
187:44
pretty extensive so think about which
187:46
directory solution best fits the IT
187:48
needs for your organization there are
187:51
lots of reasons why you might want to
187:52
deploy the help of a directory service
187:54
like open LDAP or Active Directory or
187:56
working in a systems administration role
187:58
directory services are great for
188:01
centralized authentication keeping track
188:03
of what computers are in your
188:04
organization who can access them and
188:06
more make sure to play around and
188:08
familiarize yourself with open LDAP or
188:10
PHP LDAP admin to get a better sense of
188:13
how these our tree services work
188:15
checking out the official documentation
188:17
is always a good place to start by now
188:20
you've learned about all the essential
188:22
IT infrastructure services the next
188:24
topic will shift to is how to make sure
188:26
all the hard work you put into your IT
188:28
infrastructure doesn't go to waste by
188:30
learning about disaster recovery and
188:32
backups your hard work is really paying
188:33
off high five to that now take a moment
188:37
to complete the quiz we put together for
188:39
you then we'll meet you back in the next
188:41
video
188:49
you
188:54
have you ever had something unexpected
188:56
and catastrophic happened to a piece of
188:58
tech you owned maybe you dropped your
189:00
cell phone in a shattered or split a
189:02
glass of water all over your laptop I
189:03
know it's happened to me and no it's not
189:06
fine
189:06
well Hardware may be hard to replace
189:08
data can be even harder to get back
189:11
especially those photos of special
189:13
moments important documents are more in
189:15
this module we're going to arm you with
189:18
tools you need to be prepared for these
189:19
accidents so you can minimize the impact
189:22
and loss of data all right let's get
189:24
right into it
189:25
data recovery
189:34
you
189:39
what exactly is data recovery if you've
189:42
ever broken a cell phone you probably
189:43
lost some good pictures along with the
189:45
phone itself data recovery is a process
189:48
of attempting to recover the data that's
189:50
lost from the broken phone but this is
189:53
just one example attempting to recover
189:55
from unexpected data loss data recovery
189:58
in general terms is the process of
190:00
trying to restore data after an
190:02
unexpected event the results in data
190:04
loss or corruption may be a device that
190:07
contains data was physically damaged or
190:09
attacker perform malicious actions or
190:11
malware deleted critical data whatever
190:14
the cause the effect is the same you've
190:17
suddenly lost some really important data
190:18
and you need to figure how to get it
190:20
back how you go about trying to restore
190:23
this lost data depends on a few factors
190:25
one is the nature of the data loss if
190:28
the device has been damaged you might be
190:30
able to recover data from the damaged
190:31
Hardware this could involve using data
190:34
recovery software which can analyze
190:36
failed hard disks or flash drives and
190:38
try to locate and extract data files
190:41
another factor that would affect your
190:43
data recovery is the presence of backups
190:45
if you're lucky or you had the foresight
190:47
to plan for the unexpected you have data
190:50
backed up and you can restore the data
190:52
that was lost data recovery is an
190:55
important part of an IT system or
190:57
organization since data is critical
191:00
component of any business operations as
191:02
an IT support specialist part of your
191:05
role is to ensure that this data is
191:06
available and protected from corruption
191:08
or loss so if something goes wrong the
191:11
organization can continue with their
191:13
business operations with minimal
191:15
disruptions that's why it's critical to
191:17
be able to recover from unexpected
191:19
events that could impact your business
191:21
data when an unexpected event occurs
191:24
your main objective is to resume normal
191:26
operations as soon as possible
191:28
while minimizing the disruption to
191:30
business functions by the end of this
191:32
module you'll have practical tools and
191:35
methods that you can use to protect your
191:36
data one of the most important
191:39
techniques you'll learn is how to
191:40
effectively backup your data the best
191:43
way to be prepared for a data loss event
191:45
is to have a well-thought-out disaster
191:47
plan and procedure in place disaster
191:50
plans should involve making regular back
191:53
of any and all critical data that's
191:55
necessary for your ongoing business
191:56
processes this includes things like
191:59
customer data system databases system
192:01
configs and financial data you learn
192:04
more about how to design and implement a
192:06
data disaster plan throughout this
192:08
module and lastly you'll learn more
192:10
about what IT folks call a post mortem
192:13
imagine that something did go wrong with
192:16
your systems and you had to use a
192:17
disaster plan you might have discovered
192:20
issues when recovering your data that
192:22
wasn't covered in the disaster plan a
192:24
post mortem is a way for you to document
192:26
any problems you discovered along the
192:28
way and most importantly the ways you
192:30
fix them so you can make sure they don't
192:32
happen again being unprepared for a
192:35
major data loss event can and has really
192:38
impacted businesses in the upcoming
192:40
lessons you'll learn how to prepare for
192:42
data loss which is a key part of any IT
192:44
role if you're interested in hearing
192:46
more about how real companies have been
192:49
impacted by unexpected data loss check
192:51
out the supplementary reading otherwise
192:53
we're going to kick start our journey of
192:55
data recovery with learning how to
192:57
backup data ready let's get started
193:07
you
193:12
so you want to protect your organization
193:14
from critical data loss good instincts
193:17
but where do you start let's run down
193:20
some of the key things to keep in mind
193:21
when designing a data backup and
193:23
recovery plan the first thing to figure
193:25
out is what data you need to backup in a
193:28
perfect world you should only be backing
193:30
up data that's absolutely necessary for
193:32
operations and can't be found in another
193:34
source so things like emails sales
193:38
databases financial spreadsheets server
193:40
configurations and databases should all
193:42
be included but what about the Downloads
193:45
directory on your laptop is it really
193:47
necessary to backup all those cat
193:49
pictures - probably not backing up data
193:53
isn't free every additional file you
193:56
backup takes up a little more disk space
193:58
increasing the overall costs of your
194:00
backup solution once you figured out
194:02
what data do you like to backup you
194:05
should find out how much total data you
194:07
currently have but it's not enough just
194:09
to think about what your backup storage
194:11
requirements are right now your
194:13
organization may continue to grow and
194:15
your backup niece should grow with it
194:17
make sure that you account for future
194:19
growth and choose a solution that's
194:21
flexible enough to easily accommodate
194:23
increases in data backups data can be
194:26
backed up either locally to systems on
194:28
site or the backup data can be sent
194:30
off-site to remote systems both
194:33
approaches have positives and negatives
194:35
and can help reduce different risks the
194:38
advantage of on-site backup solutions is
194:40
that the data is physically very close
194:42
this makes accessing the data a lot
194:45
quicker
194:45
you won't need as much outbound
194:47
bandwidth since you aren't sending the
194:49
data out of your internal network if you
194:51
need to restore data from backups that
194:53
should happen pretty quickly since the
194:55
data is close at hand but what if the
194:58
unexpected event is a building fire now
195:00
the systems we were backing up along
195:02
with the backup server have been lost in
195:03
the fire yikes we've lost everything
195:06
this is why off-site backups are
195:08
strongly recommended this involves
195:10
making backups of critical data than
195:12
sending the backed up data off-site to
195:14
remote systems in a different physical
195:16
location this could be another backup
195:18
server that you control in a different
195:20
office or a cloud hosted backup service
195:22
but there are trade-offs
195:24
yeah off-site
195:25
helps better prepare us for catastrophic
195:27
events that can wipe out data from an
195:29
entire office but sending data off-site
195:32
means that you need to transmit the data
195:34
outside of your network this means you
195:36
need to consider things like encryption
195:38
and bandwidth your internet connection
195:40
will be used to transmit the backup data
195:42
depending on how much data you're
195:44
sending off-site and how fast the
195:46
internet connection is this could take a
195:48
lot of time another important thing to
195:51
consider is encryption of backups since
195:54
backups will often contain sensitive and
195:56
confidential business data it's
195:57
important the data is handled securely
196:00
and stored in a way that prevents
196:02
unauthorized access when sending data
196:04
off-site is especially important to make
196:07
sure that data is being transmitted
196:09
securely preferably encrypted via TLS
196:11
but that's not all the resulting backup
196:14
data that stored should also be
196:16
encrypted at rest this is just good
196:18
security practice in the next video
196:20
we'll discuss some of the practical
196:22
tools that you can use to backup your
196:24
data
196:32
you
196:37
so you're looking to bring a backup
196:39
solution into your organization but how
196:42
do you choose between a DIY backup
196:44
system or one of the many cloud
196:45
providers well let's start by looking at
196:48
the trade-offs between the two on-site
196:51
or self-managed backups could be as
196:53
simple as buying commercial NAS device
196:55
loading it with a bunch of hard drives
196:57
and sending data to it over the network
196:58
this would definitely work but it might
197:01
not be the best long-term solution how
197:04
do you grow the disk capacity when you
197:06
need more storage space how do you
197:08
handle the failed hard disk because hard
197:10
disks will fail eventually by the way
197:12
it's important to call out these options
197:14
aren't mutually exclusive there's
197:16
nothing stopping you from implementing
197:18
both on-site and off-site backups
197:20
actually it's often recommended to have
197:23
both if it's within your organization's
197:25
budget one more thing that you should
197:27
consider when evaluating the backup
197:29
strategy for an organization is backup
197:31
time period how long do you need to hang
197:33
on to backups for this answer will
197:36
impact your long-term storage needs and
197:38
overall cost to maintain a backup system
197:40
one approach which balances cost with
197:43
convenience is to archive order data
197:46
using a slower but cheapest storage
197:48
mechanism the standard media for
197:50
archival backup data storage is data
197:52
tapes these are a lot like audio
197:54
cassette tapes since the use pools of
197:57
magnetic tape run through machines that
197:59
allow data to be written to and read
198:01
back from the tape tape storage is
198:03
pretty cheap but isn't as easier quick
198:05
to access as data stored on hard drives
198:07
for solid-state drives this storage
198:09
system is usually used for long-term
198:11
archival purposes where data isn't
198:14
likely to be needed if it is needed some
198:16
delay in getting the data isn't a
198:18
concern there are dozens and dozens of
198:20
backup solutions available we won't
198:22
cover specific ones since there are way
198:24
too many but we'll cover some common
198:26
tools and give you some examples of
198:28
backup solutions available one is the
198:31
command-line utility our sink our sink
198:33
isn't explicitly a backup tool but it's
198:35
very commonly used as one it's a file
198:38
transfer utility that's designed to
198:39
efficiently transfer and synchronize
198:42
files between locations or computers our
198:44
sink supports compression and can use
198:46
SSH to securely transfer data over a
198:48
network
198:49
using SSH it can also synchronize files
198:51
between remote machines making it super
198:54
useful for simple automated backups
198:56
Apple has a first-party backup solution
198:58
available for their Mac operating
199:00
systems called Time Machine it operates
199:03
using an incremental backup model time
199:05
machine supports restoring an entire
199:07
system from backup or individual files
199:09
it even allows restoring older versions
199:12
of backed up files Microsoft also offers
199:14
a first-party solution called backup
199:16
install this has two modes of operation
199:18
is a file based version where files are
199:21
backed up to a zip archive or there's
199:23
the system image where the entire disk
199:25
saved block-by-block to a file file
199:28
based backup support either complete
199:30
backups or incremental ones system image
199:33
backup support differential mode only
199:35
backing up blocks on the disks that have
199:37
changed since the last backup if you
199:40
want to learn more about these tools for
199:41
their links in supplemental readings
199:43
after this lesson
199:52
you
199:57
there's one last super important topic
200:00
when it comes to backups testing them
200:02
the field of I t's littered with tragic
200:05
tales of IT support specialists and
200:07
society means attempting to restore data
200:09
from a backup after a data loss incident
200:11
only to discover that their backups are
200:14
invalid that's not just embarrassing
200:16
it's completely terrifying the takeaway
200:19
here is that it isn't sufficient to just
200:21
set up regular backups there's only half
200:23
of the equation the other half is a
200:25
recovery process and that process needs
200:27
to be tested regularly recession
200:30
procedures should be documented and
200:31
accessible so that anyone with the right
200:33
access can restore operations when
200:35
needed you don't want your time off to
200:37
be interrupted because your colleague
200:38
back at the office doesn't know how to
200:40
restore the sequel database from the
200:42
backup right of course not so document
200:45
the procedure and make sure you
200:46
regularly test the documentation to make
200:48
sure it works now and in the future this
200:51
process is called disaster recovery
200:52
testing and it's critical to ensuring a
200:54
well-functioning recovery system
200:56
disaster recovery testing should be a
200:58
regular exercise that happens once a
201:00
year or so it should have different
201:02
teams including IT support specialists
201:04
going through simulations of disaster
201:06
events they'll test and evaluate how
201:09
well prepared or unprepared your
201:11
organization is for lots of unexpected
201:13
events these scenarios can be anything
201:15
from a simulated natural disaster like
201:17
an earthquake
201:18
to a fictional event like a hoard of
201:20
zombies shutting down an office if
201:22
that's the case backups would be the
201:24
least of your worries but it's still
201:25
important whatever the scenario you'll
201:28
help your IT team to test their
201:29
emergency procedures and figure out what
201:31
works and most importantly what doesn't
201:33
these simulated events are the perfect
201:36
way to discover any gaps in your
201:37
planning if you discover that you aren't
201:40
protected from data loss in any given
201:42
scenario it's an opportunity to learn
201:44
and fix this gap without risking real
201:46
data loss sounds like a win-win doesn't
201:49
it
201:57
you
202:02
so we talked about how important backups
202:05
are and why you should be backing up any
202:07
important data and some tools that can
202:09
use to help you backup data but how
202:12
exactly do you decide when and how to
202:14
backup data well let's explore those
202:16
options there's a couple of ways to
202:18
perform regular backups on data that's
202:20
constantly changing you can do a full
202:23
backup on a regular basis which involves
202:25
making a copy of the data to be fully
202:27
backed up the full unmodified contents
202:30
of all files to be backed up is included
202:32
in this backup mechanism whether the
202:34
data was modified or not in the case of
202:37
data that doesn't change very often like
202:39
operating system configuration files
202:41
this approach can be inefficient you're
202:43
backing up multiple copies of data that
202:45
isn't changing which wastes space and
202:48
users bandwidth unnecessarily that
202:49
doesn't seem like the best idea does it
202:51
a more efficient approach is to only
202:54
backup files that have changed or been
202:55
created since the last full backup this
202:58
is called a differential backup the
203:00
advantage is that you aren't storing
203:02
back to some duplicated unchanging data
203:04
only the files that changed are backed
203:06
up saving us some storage space and time
203:09
to form the backup but you wouldn't want
203:11
to completely stop taking full backups
203:13
all the time you wind up tracking and
203:16
storing lots of copies of files that
203:17
change a lot which will also take up
203:19
more and more disk space over time to
203:22
avoid this it's a good practice to
203:23
perform infrequent full backups while
203:26
also doing more frequent differential
203:28
backups how often you perform a full
203:30
backup will depend on how far back you
203:32
want changes to be tracked let's say we
203:34
perform full backups once every week and
203:36
differential backups daily in the worst
203:39
case scenario would lose close to 24
203:41
hours of data changes that's not bad
203:43
another efficient way to backup changing
203:46
data is to perform regular incremental
203:48
backups while the differential backup
203:50
backs files that have been changed or
203:52
created an incremental backup is when
203:54
only the data has changed in files is
203:56
backed up this is even more efficient in
204:00
terms of both disk space and time
204:02
required compared to differential
204:03
backups again you'll want to use
204:06
frequent incremental backups along with
204:08
less frequent full backups but because
204:11
this approach only saw differences in
204:13
the files that have changed since
204:15
the last incremental backup it's
204:17
possible that all incremental backups
204:20
are needed to fully reconstruct the
204:22
files if one of these incremental
204:24
backups is missing or corrupt it might
204:26
not be possible to recover data any more
204:29
recently than the last full backup
204:31
another drawback is that recovery might
204:34
be more time-consuming this is because
204:36
the most recent version of backed up
204:38
data and has to be recreated by
204:40
integrating the last full backup with
204:42
each incremental backup that follows the
204:44
super large files that are changing
204:46
frequently this could require a lot of
204:49
time to process one more thing backup
204:52
systems can do to help save space is
204:54
bulk compression when creating a backup
204:57
or the files and folder structures will
204:59
be copied and put into an archive
205:01
archives are useful for keeping files
205:03
organized and preserving folder
205:05
structure Bucyrus archiving the files
205:07
backups can also be compressed this is a
205:10
mechanism of storing the same data or
205:12
requiring less to space by using complex
205:15
algorithms those are way too complicated
205:17
to go into detail here but it's
205:19
important to call out that not all data
205:22
types lend themselves to being
205:23
compressed
205:24
this means that space savings from
205:27
compression will depend on what you're
205:28
backing up another thing you should know
205:31
about compressing backups is the expense
205:33
of restoration to recover data from the
205:36
backup it needs to be decompressed first
205:39
depending on the size of your backups
205:41
this could take a lot of time and
205:43
displace expand we touched on backup
205:45
storage location a bit in the last
205:47
lesson but let's dive into a little more
205:50
detail good news there's a pretty cheap
205:53
and easy to maintain option out there
205:54
for storing backup data on site you can
205:57
use a commercial nas device or configure
205:59
a false server with a large amount of
206:01
disk space wherever you choose to store
206:04
your backup data you need a lot of space
206:06
you could go out and buy a giant 10
206:08
terabyte hard disk which could work for
206:11
a little while but what do you do once
206:13
your backup data grows to fill that one
206:15
disk are they even making disks larger
206:18
than 10 terabytes yet another thing to
206:20
worry about is what you do if that one
206:22
disk coding or your backed up data fails
206:25
yikes that wouldn't be good these are
206:28
issues a radar
206:29
I can address raid stands for redundant
206:32
array of independent disks it's a method
206:36
of taking multiple physical disks and
206:38
combining them into one large virtual
206:40
disk there are lots of types of raid
206:43
configuration called levels depending on
206:47
the characteristics desired from the
206:48
array various raid levels prioritize
206:50
features like performance capacity or
206:53
reliability raid arrays are a great
206:56
inexpensive way of printing a lot of
206:58
data capacity or minimizing risk of data
207:01
loss in the event of disk failure they
207:03
can't even be flexible enough to allow
207:05
feature growth in disk capacity we won't
207:08
go into the nitty gritty details of the
207:10
different raid levels available but if
207:12
you want to learn more check out the
207:14
supplemental readings at the end of this
207:15
lesson I want to stress the fact that
207:18
raid isn't a backup solution it's a data
207:21
storage solution that has some hardware
207:24
failure redundancy available in some of
207:26
the raid levels but storing data on a
207:28
raid array doesn't protect against
207:30
accidentally deleting files or malware
207:32
corrupting your data this is so
207:34
important that I'm going to say one more
207:36
time raid is not a replacement for
207:39
backups
207:48
you
207:53
as an IT support specialist working
207:56
closely with users in your organization
207:58
the topic of user backups is sure to
208:01
come up we've already covered backing up
208:03
mission-critical
208:04
operational data but what about des
208:07
spreadsheets and PDFs on Carley's laptop
208:09
she's going to want to make sure that
208:12
she doesn't lose those if her laptop
208:14
gets stolen while it's important to have
208:17
a backup solution for infrastructure and
208:18
critical systems you also have to think
208:20
about your users and their valuable
208:22
files ensuring reliable backups for
208:25
client devices it's a bit more
208:27
challenging than infrastructure devices
208:29
there are likely to be lots of more
208:31
client devices to backup compared to
208:33
infrastructure ones plus there are
208:35
laptops phones and tablets that won't be
208:37
in the office all the time
208:39
one solution to user backups is to use a
208:42
cloud service designed for syncing and
208:44
backing up files across platforms and
208:46
devices some examples of these are
208:48
things like Dropbox Apple iCloud and
208:51
Google Drive which are simple and
208:53
straightforward to use there's no
208:55
complicated scheduling or configuration
208:57
compared to infrastructure backups they
209:00
make it easy for users to configure what
209:02
files or folders they want to have
209:05
backed up and then ensure the files are
209:07
synchronized with what's stored in the
209:08
cloud as an IT support specialist this
209:11
is especially relevant when users
209:14
accidentally spilled a cup of coffee on
209:16
their laptop they're going to come to
209:17
you hoping their precious family photos
209:19
can be saved getting users set up with
209:22
an easy to use and effective backup
209:24
system for their files is a great way to
209:26
avoid this situation