Digging into the Network Management domain of CompTIA’s Cloud+ exam
In the past few months, we looked at the first three of the seven domains that are on the CompTIA Cloud+ certification entry-level exam (number CV0-001). This month, the focus turns to the fourth domain — Network Management — and its four topic areas:
● Given a scenario, implement and use proper resource monitoring techniques
● Given a scenario, appropriately allocate physical (host) resources using best practices
● Given a scenario, appropriately allocate virtual (guest) resources using best practices
● Given a scenario, use appropriate tools for remote access
These four topic areas combine to total 13 percent of the exam weighting. Once again, being an entry-level exam, there is a heavy focus on definitions and knowledge as opposed to actual implementation. That said, each of the four topic areas are examined in order below.
Resource Monitoring Techniques
It is sometimes interesting to note the wording that CompTIA uses in the creation of exam objectives: In this case, it is not just resource monitoring techniques they are focused on, but “proper” resource monitoring techniques. Given that, the first thing to note is that a number of protocols, or techniques, can be used for monitoring and the primary four are:
SNMP (Simple Network Management Protocol) — This is supported just about everywhere. The managed devices run an agent that reports to a manager and all monitoring works with alerts and traps. The current version is SNMPv3 and the default ports are 161 and 162. An excellent tutorial on SNMP, that includes the difference between the various versions, can be found here.
WMI (Windows Management Instrumentation) — This is a Microsoft script-based method for collecting info about OS, software and hardware. A good overview of WMI, and all of its capabilities, can be found here.
IPMI (Intelligent Platform Management Interface) — This is used for remote monitoring of devices (and is often referred to as out-of-band management). A discussion of IPMI from Intel, complete with animation, can be found here.
The syslog service — This is the most basic and is nothing more than the logging of collected events. There is no polling involved. The various message components of syslog are discussed here.
Methods of finding out about alerts when they arise range from SMTP (Simple Mail Transfer Protocol) sending you a message to a text coming from SMS (Short Message Service). You can also be notified via SNMP (Simple Network Management Protocol), web services, or by reading through the syslog entries.
To know that something is amiss, it is important to compare current conditions to baselines and thresholds. The baseline is important because it allows you to define normal and look for deviations. The problem with creating baselines, however, is that they consume time and resources and you have to be sure to use multiple samplings.
Thresholds can allow a response to occur when a condition is met. For example, when utilization reaches 90 percent, an alert is sent, another server is added to the cluster, and so forth. Automated responses should be configured to occur based on specific events — in other words, not everything needs to be an alert and not everything requires a manual response.
While there is almost no limit to what you can monitor, as an administrator it is important to look at process/resource usage. Resource and process usage are critical items to monitor, to create baselines of, to set thresholds on, and so forth.
Computing resources are like money in that it is difficult to have too much of them (or it). Two key areas to focus on are memory and the CPU. When it comes to memory, size is always a limitation and memory ballooning is one possible answer. Anytime you run out of size, swap space is invoked and it is never as efficient as memory itself. With the CPU, the goal is always to reduce wait times and scaling can help with this.
When it comes to storage and network allocation, try to avoid having multiple machines competing for resources at the same time. Hardware pooling is intended to add flexibility and help with this. Pooling can be done with memory, storage, CPUs, and so on. A look at VMware Resource Management configuration basics, including pooling, can be found here.
Entitlement/Quotas are typically used to keep individual users from negatively affecting all other users by hogging resources. Limits can be set up that are either hard or soft. A hard limit means that the values given cannot be exceeded (such as maximum amount of hard drive space that can be used). A soft limit means that an alert is registered but the user is allowed to exceed (such as bandwidth usage).
Reservations can be thought of as complements to quotas. They set aside resources for users or machines. Whereas quotas set upper limits, reservations set lower limits and are intended to make sure that there is always needed resources available.
One critical detail to pay attention to with resources is licensing: Be sure to read and understand all licensing agreements and not exceed the maximums or conditions governing usage agreed upon with the vendor(s).
When it comes to the virtual CPU, the number of vCPUs per host is limited by the vendor (VMware versus Hyper-V, and so forth). A rule of thumb is that there can be between four and six vCPUs for each physical CPU, but you need to always take into account what you are running — how resource intensive it may be — and plan accordingly.
The amount of RAM available per host is limited by the vendor as well (VMware versus Hyper-V, etc.), and Hyper-V offers largest at 4TB RAM per host.
Dynamic resource allocation can be accomplished with resource pooling and CPU affinity. You can also employ physical resource redirection similarly. Good resource management guidelines from VMware can be found here.
Tools for Remote Access
To implement remote hypervisor access, you typically install the console on a machine that is not the hypervisor: this is known as a “jump” machine and from here, you can create, modify, etc. Information on remotely managing the ESXi host from Cisco — but similar to any other hypervisor — can be found here.
The default port for the Remote Desktop Protocol is 3389. The default port for the Secure shell (SSH) is 22. The default port for HTTP is 80, and for HTTPS is 443. A good overview on how to enable SSH remote access on a VMware hypervisor can be found here.
A console port is often a serial/parallel port. Virtual ports can connect to physical ports. Connecting to a virtual machine console through the firewall is explained here. Configuring for a Cisco wireless controller is addressed here. It is highly recommended that both documents be scanned — not dissected — to walk through the steps of configuring/working with the console port in each instance.
Summing It Up
There are seven domains on the CompTIA Cloud+ certification exam (CV0-001) and this month we walked through the topics covered on the fourth one. Next month, the focus will move to the fifth domain, Security, and what you should know about it as you study for the exam.