A look at IT infrastructure for CompTIA’s Cloud+ exam
In the past two months, we looked at the first two of the seven domains that are on the CompTIA Cloud+ certification entry-level exam (number CV0-001). This month, the focus turns to the third domain — Infrastructure — and the eight topic areas that make it the most heavily weighted on the entire exam:
● Compare and contrast various storage technologies
● Explain storage configuration concepts
● Execute storage provisioning
● Given a scenario, implement appropriate network configurations
● Explain the importance of network optimization
● Given a scenario, troubleshoot basic network connectivity issues
● Explain common network protocols, ports, and topologies
● Explain common hardware resources and features used to enable virtual environments
In order for cloud technology to work, the right infrastructure must be in place. This domain hits on a lot of topics — more than any other domain — and the questions make up 21 percent of the exam. Once again, being an entry-level exam, there is a heavy focus on definitions and knowledge as opposed to actual implementation. That said, each of the eight topic areas are examined in order below.
There are a number of possible solutions when looking for storage technologies. Working from the simplest to the most complex, they are:
● Direct Attached Storage (DAS) offers block level access (as well as file level). It is dedicated storage available to the computer that it is attached to and usually connected via IDE, SATA, or SCSI.
● A Storage Area Network (SAN) offers block level access for high performance. Its shared storage allows more than one computer/more than one user to work with at the same time. HBAs (Host Bus Adapters) are needed to communicate with SAN and each HBA has a World Wide Name (WWN) similar to a MAC address. With LUN masking, disks are divided into logical unit numbers and the client sees it as a disk, not as a file server. Zoning is the fabric underlying it all and Fiber Channel Protocols (FCP) are used by SCSI commands.
● As a sort of hybrid, Network Attached Storage (NAS) is easier to implement/administer than SAN and it uses TCP/IP. With file level access, the client sees it as a file server, and the goal is shared storage.
The different access protocols that can be used include Ethernet, iSCSI (which uses IP to send SCSI commands), FCoE (Fiber channel traffic over Ethernet using high-speed (10GB)), and FC (which provides the highest level of performance). In terms of acronyms, know the following that FCP is Fiber Channel Protocol and iSCSI is Internet Small Computer System Interface.
Know as well that network management needs to be based on the cloud model used and the technologies implemented.
Storage Configuration Concepts
The four storage configuration concepts to be cognizant of for this topic are disk types, tiering, raid levels, and file system types. Disk types can be broken down by three different categories: Spinning/Not Spinning, interface types, and access speed. “Spinning” translates to traditional hard drives (HDD) and moving parts whereas not spinning translates to solid state drives (SSD): know that HDDs use magnetic media (with moving parts) and SSDs use chips similar to flash memory (no moving parts).
All things being equal, SSD drives are faster than HDD and do not suffer the same fragmentation issues, but tend to be more expensive. Interface Types can be IDE/ATA (PATA/SATA), SCSI, or Fibre Channel (FC). Access Speed is usually measured in terms of access time: “seek” is how long it takes to find what you are looking for and “latency” is the time delay. Spin time affects seek and latency.
Tiering is nothing more than segmenting stored data into priorities:
● Tier 1 = mission-critical
● Tier 2 = business apps
● Tier 3 = not needed on daily basis
● Tier 4 = archived
The reason for segmenting the data is that performance levels and policies vary at each tier.
When it comes to data center standards, tiering means something a little different – it is used to define the level of availability and the higher the tier, the higher the amount of availability. In the data center vernacular, Tier 1 availability is 99.671 percent, Tier 2 is 99.741 percent, Tier 3 is 99.982 percent and Tier 4 is 99.995 percent.
There are numerous levels of RAID, but the six to know for this exam are:
● RAID 0 = striped and not fault tolerant
● RAID 1 = mirrored/duplexed
● RAID 5 = striped with parity
● RAID 6 = striped with dual parity
● RAID 0 + 1 = mirror of the stripes
● RAID 1 + 0 = stripe of the mirrors
Common file system types include the following, and their respective maximum capacities:
● FAT = File Allocation Table = 2TB
● NTFS = New Technology File System = 256TB
● UFS = Unix File System = 8ZB
● EXT = Extended File System = 1EB
● VMFS = Virtual Machine File System = 64TB
● ZFS = Z File System = 16EB
When looking at capacities, it helps to remember the size chart from smallest to largest: MB -> GB -> TB -> PB -> EB -> ZB
LUN masking was mentioned earlier, but know that Logical Unit Numbers (LUNs) came from the SCSI world and act as unique identifiers. NAS and SAN use “targets” that hold up to 8 devices. Zoning and LUN Masking make it possible to isolate storage devices on a SAN: this is done via FC switches using the WWN (World Wide Name).
Network shares can be created with SMB (Server Message Blocks) or NFS (Network File System).
Multipathing is the opposite of limiting. It creates “multi”ple “path”s to the storage resources and can increase availability AND add fault tolerance.
When configuring the network, you will often use either NAT (Network Address Translation) or PAT (Port Address Translation). NAT allows an organization to present a single address (or set of addresses) to the Internet for all computer connections — acts as a proxy between the local area network (which can be using private IP addresses) and the Internet. NAT effectively hides your network from the world, making it much harder to determine what systems exist on the other side of the router. Not only can NAT save IP addresses, but it can also act as a firewall.
Whereas NAT can use multiple public IP addresses, PAT uses a single one and shares the port with the network. Because it is using only a single address, PAT is much more limited and is typically used only on small and home-based networks. Microsoft’s Internet Connection Sharing is an example of a PAT implementation
Subnetting involves using the subnet mask value to divide a network into smaller components. This gives you more networks but a smaller number of hosts available on each. The two primary reasons for using it:
● to use IP addresses more effectively
● to make the network more secure and manageable
Supernetting is commonly known as CIDR – Classless-Inter Domain Routing. This aggregates multiple networks to appear as one and works with numerous routing protocols:
● RIPv2 EIGRP IS-IS BGP OSPF
● RIPv1 IGRP EGP
A block of addresses using CIDR is known as a CIDR block
A network of hosts that act as if a physical wire connects them, even though there is no such wire between them. A good way to contain network traffic to a certain area in a network. When VLANs span multiple switches, VLAN Tagging is required. VLAN Tagging involves inserting a VLAN ID into a packet header in order to identify which VLAN the packet belongs to. Switches use this VLAN ID to determine which port(s)/interface(s) to send the broadcast packet to.
Port configuration on a router dictates what traffic is allowed to flow through. The router can be configured to enable individual port traffic in, out, or both and is called port forwarding. If a port is blocked, the data will not be allowed through and users will be affected.
Some notes about switching and routing in physical and virtual environments:
● Routers establish communication by maintaining tables about destinations and local connections
● A router contains information about the systems connected to it and where to send requests if the destination isn’t known
● These routing tables grow as connections are made through the router
● Routing can occur within the network (interior) or outside of it (exterior)
● Routes can be configured as static or dynamic
● Switches are multiport devices that improve network efficiency
● A switch typically contains a small amount of information about systems in a network; a table of MAC addresses as opposed to IP addresses
● Switches improve network efficiency over routers because of the virtual circuit capability
● Switches also improve network security because the virtual circuits are more difficult to examine with network monitors
● The switch maintains limited routing information about nodes in the internal network, and it allows connections to systems like a hub or router
Network optimization requires checking measurable and trying to improve their numbers. Measurables can include bandwidth (to measure the speed of the network) and latency (the delay time in terms of high or low). Compression involves reducing the size of the data being sent while caching allows for storing a copy of the data closer to home.
Optimization can be improved by having devices on the same subnet and paying attention to the topology:
● Local Area Network (LAN) = small space
● Metropolitan Area Network (MAN) = combination of LANs in a geographic area
● Wide Area Network (WAN) = contains multiple LANs/MANs and is over large geographic area
Load Balancing allows for the distributing of the load (file requests, data routing, etc.) so no device is overly burdened. This can help with redundancy, availability, and fault tolerance.
Network Connectivity Issues
There are a number of tools available for use when troubleshooting connectivity. Chief among these are:
ping: Start by pinging the loopback address (127.0.0.1), then ping the default gateway, stopping at the first sign of trouble to figure out what may be causing the problem. If there is no issue locally, then ping beyond the network.
tracert/traceroute: This goes beyond ping to show how the routes are arranged allowing you to get from one host to another.
telnet: While not highly recommended due to security concerns (hopefully, it is blocked at the firewall), this tool does exist and allow you to remotely connect to another host. The default port it uses is 23.
netstat: As the name implies, this will show network statistics. When used without any switches, it will show a list of the active connections. The -n switch will show active connections without doing any name resolution while the –b switch will show the executable that was used to create each connection. The –a switch is the most powerful one and it shows “all”: connections that are listening, established, waiting, etc.
nslookup/dig: These tools can be used to show DNS resolution. If you give an IP address, it will tell you the host(s) names and if you give the host name, it will report the IP address(es).
ipconfig/ifconfig: These tools will show the IP-related information such as the IP address, subnet mask, and default gateway as well as other networking related values such as the MAC address. With the /all switch, ipconfig will expand the display even further. The /? switch will show all the options available, but two to know are /release to release DHCP values (and its IPv6 counterpart /release6) and /renew to lease, or update, DHCP values (along with /renew6).
route: This tool is used to interact with the routing table and route print will display it. Giving no switches with the command brings up the list of all the options possible.
arp: The address resolution table can be displayed or modified with this tool and an options must be used with it, otherwise it will list the options possible. Using the –a option allows you to view the current table entries.
As you study, know that device configuration settings are available through tools such as ipconfig/ifconfig/route/arp as well as graphical interface tools unique to each operating system: the control panel in Windows, YaST in SuSE Linux, etc.
Know as well that system logs are of the best tools you have to see what is going on. These can be viewed with graphical interface tools like the Event Viewer or System Log Viewer as well as with command line tools such as: tail; grep; cat; more; and less.
Network Protocols, Ports, and Topologies
A port that is assigned to carry traffic for a specific switch is known as a trunk port (for all VLANs). This is used to interconnect switches to make a network; to interconnect LANs to make a WAN; etc. Usually it is a fiber optic connection and the opposite of this is an access port.
Port binding determines if and how a port is bound. In the Virtual Machine world, it can be static, dynamic, or ephemeral. Port aggregation, on the other hand, is the combining of multiple ports on a switch. There are usually three settings – it can be auto, desirable, or on.
Ports and protocols are also discussed in other domain, but know the following common ports and their associated protocols:
● 80 – HTTP
● 443 – HTTPS
● 21 – FTP
● 22 – SSH/SFTP
● 25 – SMTP
● 53 – DNS
● 68 –DHCP/BOOTP
● FTPS – 989 and 990
Every network can be broken into one of three types:
● Internet: open to the world
● Intranet: closed to the world
● Extranet: open to only some of the world
At the most rudimentary level, BIOS determines what a machine can do. Hardware virtualization needs to be supported by the BIOS and it may require a firmware update. Firmware, overall, is used to configure what hardware (motherboard, hard drive, etc.) can do and may need updated depending on what you are intending to implement.
When it comes to memory capacity and configuration:
● The more the better
● The faster the better
● It is difficult to have too much
● There are limits on the amount of RAM per host recognized by virtual machine (VMware vs Hyper-V, etc.)
When selecting CPUs, you have to have the underlying infrastructure to support virtualization. You can choose processors with many cores and can have more vCPUs than there are actual CPU cores. Select network interface cards (NICs) based on the speeds and configuration options they offer.
Summing it Up
There are seven domains on the CompTIA Cloud+ certification exam (CV0-001) and this month we walked through the topics covered by the third one. Next month, the focus will move to the fourth domain, Network Management, and what you should know about it as you study for the exam.