It takes many different services to keep a data center running. In this video, you’ll learn about services supporting, DNS, DHCP, printing, email, and more.
If you’ve ever worked in a data center or you have an organization that has a data center, then this picture probably looks familiar. It’s row after row after row of 19 inch racks. And those racks have inside of them many different types of computing systems. In this video, we’ll look at many different kinds of network services and see what types of things might be running inside of this company’s data center.
Almost every organization and every data center has inside of it a DNS server. DNS stands for Domain Name System and it’s a service that’s primarily responsible for converting between fully qualified domain names and IP addresses. So if you go into a browser and type www.professormesser.com. That browser will ask the DNS server what’s the IP address of www.professormesser.com? That IP address will be provided to the browser. And from that point forward, the browser uses the IP address of my web server to communicate back and forth to your browser.
DNS is a distributed naming system, which means you might have many different DNS servers in your environment. And outside of your organization, you’re probably communicating with many other DNS servers as well. As you can probably tell, this conversion process between a fully qualified domain name and an IP address is critical for the entire communications process. It’s usually managed by your local IT department or an internet service provider, and they usually have multiple DNS servers to ensure that this service is always available to your users.
Another common service that you’ll find in a data center is a DHCP server. This stands for Dynamic Host Configuration Protocol, and this is the service that automatically assigns and configures IP address settings on your local device. This is a service that we’ve become very accustomed to having. We can plug in or connect to anyone’s network, and we’re automatically provided IP addresses, DNS settings, and everything else. We need to be able to communicate on that network.
If you have a wireless router or a cable modem that’s used for internet connectivity, then that device probably is also running a DHCP server inside of it. If you’re in an enterprise IT department, there will probably be multiple DHCP servers to provide redundancy should one DHCP server become unavailable.
Here’s a very simple DHCP configuration on a home router. You can see that the lease time is set to one week. That’s how long someone can retain a single IP address before they have to check back in and renew that address. And there’s a range of IP addresses that are assigned by this DHCP server starting at 10.1.10.10 all the way through 10.1.10.199.
Now that you can connect to the network, you can also store files on the network in a file server. This is a centralized storage device usually with a set of folders that you can use to store all of your information. And because these are stored on the network, you can log in from any device and have access to your personal files. The operating system you’re using has a common way to communicate to this file server. If you’re in Windows, you’re probably using SMB or the Server Message Block. If you’re using Mac OS, you’re probably using AFP or the Apple Filing Protocol.
From a user’s perspective, they have no idea what protocols are in use on the network. All they see as some type of file management front end, and then they can copy files, delete files, rename files, or do anything else they would do on this file system located on the centralized file server.
If you work in an enterprise environment, we usually connect printers to the network and then we put those printers in centralized areas that are close to the users. We’re able to connect to the network by using a print server. This is usually hardware or software that allows us to connect this printer to the network so that everyone can access that centralized resource. This print server may be software that’s running on a computer that has a printer connected to it and everyone on the network would send their print jobs to this computer so that the print server can then access those jobs and print them on the printer.
Many printers might also have a hardware card like the one you see here that plugs into the back of the printer and allows the printer to connect directly to an ethernet connection. Some printers also have wireless print servers inside, so you can simply connect to the wireless network to provide those print services. There are usually some standardized protocols that allow you to send these print jobs to a print server, and usually you’d be running SMB or Server Message Block, especially if you’re running Windows, but you can also use IPP or the Internet Printing Protocol or LPD or the Line Printer Daemon.
Another important service that often requires 100% uptime and availability is a mail server. This is the server responsible for sending and receiving mail for your organization. Because the service is so critical, it’s often managed by our local IT team or we may be using an ISP or cloud based service to provide these mail services. We often know very quickly if there’s a problem with the mail services, because practically everyone in the organization is using them. That’s why there’s usually a 24 hour a day, seven day a week support service. And if the mail server has a problem, you instantly can have someone connect to that service to see exactly how to troubleshoot the problem.
We’ve already mentioned a number of services. For example, the DNS server, the DHCP server, the file server, and others. With all of these systems, there are logs and messages that are important for administrators to be able to have access to. Instead of having the administrator manually access the individual logs that are located on each individual service, we can consolidate all of those logs back to a central database.
One of the protocols that allows us to consolidate these log files is called syslog. This is a very common standard. And if your system collects logs, then it probably has the option to send those logs to a centralized database using syslog. In many organizations, we use a Security Information and Event Manager to collect all of these log files. We usually refer to this as a SIEM. As you can imagine log files take a lot of room, so the SIEM usually has a very large drive array and we’re able to store a large number of files over very extended period of time.
Many organizations will have one or many different web servers, and those servers are responsible for responding to browser requests that you would make from your computer. These use standard protocols such as HTTP or HTTPS and they build pages out using specialized languages such as HTML or HTML5. These pages could be static pages that are simply transferred across the network or the web server may be responsible for dynamically creating the page and then sending that page down to the browser.
In an enterprise, we might often start our day by logging in to our local computer or we may be connecting from a VPN and we would use a username and password to provide that authentication. And often the authentication that we would use between all of these different services is identical. So how does the enterprise use the same authentication method across all of these different servers? In most cases, the organization’s using an authentication server which centralizes all of those usernames and passwords to a single service.
This isn’t something we would commonly use on a home network because we don’t have a lot of services that we’re logging into on our local network. But on an enterprise network, there are many different services that we would want to access, and this centralized authentication server provides us with a way to not only provide access to those services but do it in a way that our usernames and passwords are protected. As you can imagine, if the authentication server is not available, then no one would be able to log in and use any of the resources on your network. For that reason, this is considered to be a very critical resource, and it’s very common for organizations to have multiple authentication servers on their network for redundancy.
Your mail client probably has a separate folder already configured inside of it called spam. That spam folder takes any messages which may be unsolicited attempts at getting your attention and puts all of those messages into a spam folder so that you don’t have to read them. The content of these spam messages can vary widely. These could be commercial attempts to get you to buy something. It might be someone trying to get you to click on a link that sends you to a malicious website. Or it may be a phishing attempt, which is trying to get you to give away some of your personal information.
Managing all of these spam messages can be complex. It’s already difficult to identify the spam message, and then we also have to manage what we do with those messages once they’re identified. There are obviously security concerns. We have to think about where we’re going to store this information and for how long we’re going to keep these spam messages stored in our databases.
Some organizations will have a separate mail gateway in their network. In this example, that mail is being sent and received from the internet through a firewall that then sends it to the mail gateway on a screen subnet. These mail gateways can also be stored in the cloud and there may be a third party provider that’s being used to provide that functionality. Once the mail is scanned, it can then be sent to the internal network and stored on a local internal mail server. This gives us the opportunity to categorize mail as spam or to completely reject the mail and prevent its access to the internal server.
Many organizations have begun consolidating many of their security functions on the network to a single device. Often this is a next generation firewall, but you may find older systems that do this called a Unified Threat Management device or a UTM. Some people often refer to this as a web security gateway. These devices can perform many different security functions. For example, you may have URL filtering or content inspection built into the device. These may be able to identify malware or the transfer of files that may contain malware. These could be a spam filter on their own.
You might also have other networking features such as CSU DSU capabilities which allow you to connect to a wide area network. These devices often act as routers and they usually might also have switch interfaces on the back of these devices. And of course, they act also as a firewall so you can allow or disallow certain traffic flows through your network. These devices can often act as intrusion detection systems or intrusion prevention systems, which can block known attacks from traversing the network. These devices can also act as bandwidth shapers or quality of service devices so that different applications can be prioritized in real time. And if you need people to connect to the network that are outside of your facility, you might want to use an encrypted tunnel through a virtual private network.
In an enterprise environment, we’re very sensitive to downtime. If a server becomes unavailable, the user may not be able to complete certain tasks or they may not be able to buy anything from us because the server is not responding. To be able to provide continuous uptime and availability, we need multiple servers. And the way that you would distribute the load across those servers is with a load balancer. The load balancer is responsible for checking in with all of the servers that are connected to it. And if one particular server becomes unresponsive, it simply removes that server from the load and continues operating with the remaining servers.
This is usually the primary reason a load balancer is installed is to have multiple servers and be able to distribute the load across all of those devices. Since the load balancer is sitting in the middle of these conversations, it can also make changes to the way certain protocols might work. For example, it’s common for a load balancer to offload TCP so that it has a constant connection between all of the servers connected to it. This load balancer might also be providing SSL offloading.
So all of the encryption and decryption from these servers is happening on the load balancer instead of having the servers manage that process themselves. These load balancers can commonly cache information so that requests from the internet may not have to go down to a server. Instead the load balancer may already have that information in a cache and can simply respond back to the internet without involving any of the connected servers.
We can also perform some very advanced configurations of the traffic going through this load balancer. So we might configure certain web pages or certain applications to have priority over others. We might also tell the load balancer that certain applications should prioritize to certain servers and other applications or web pages can be moved to other servers. This content switching capability allows the load balancer to optimize communication with the servers that can respond the best.
Some organizations have installed proxy servers to add additional security to their internet communications. As the name implies, a proxy sits in the middle of a conversation. Users will make a request to the proxy. The proxy then makes the request to the third party service, receives a response from that service, and then examines the response to make sure nothing within that response is malicious. Once everything is checked and everything looks OK, that response is then sent to the end user. This means that we can put a lot of security controls into the proxy. The proxy can act as access control, so it may require a username and password to gain access to the internet. It can perform caching. It can filter by URL and many other security capabilities as well.
If you work in an industrial environment, then you’re probably already familiar with SCADA or ICS. The stands for the Supervisory Control And Data Acquisition system. You might also hear this referred to as an Industrial Control system, or ICS. The SCADA systems are responsible for control and management of these industrial machines. So if you are part of a power company and you have power generation equipment or you’re a manufacturing company with these large manufacturing equipment, you might use some SCADA to be able to manage those devices. SCADA allows us to see exactly what’s happening on these devices and to be able to manage and control these devices across the network.
As you can imagine, these power generation systems and manufacturing equipment can be very expensive systems. And an outage of these systems might have a dramatic impact. For those reasons, SCADA systems are usually segmented from the rest of the network, and you very often need additional rights, permissions, and connections to even gain access to these very important systems.
One common theme with data centers is once a service is installed, it’s very difficult to get that service removed from the data center. And often devices and services may sit in the data center for 10 years or even more. We often refer to these systems as legacy systems. And although they’re very old, they usually have an extremely important service that’s running on them. Very often these legacy systems are running on older software or older hardware, and it might be very difficult to resolve a problem with this device just because the software and hardware are not well supported or may be difficult to obtain.
Another type of service you might find in your data center is an embedded system. These are systems where you normally don’t have access to the operating system or any other aspect inside of the device. Instead it is a purpose built device that’s designed for you to only have access to the service or the application that that device provides. This might be something like an alarm system or a door security system or perhaps the time card system that you use to keep track of when people come to work and when they leave. Those devices commonly don’t have an operating system that we can update or even view. Because of that, we rely on the manufacturer of these purpose built systems to be able to provide us with support and ongoing maintenance.
And one of the newest category of systems that you now find in the enterprise are Internet of Things devices or IoT. We’re starting to find an increasing number of IoT devices not only on our enterprise networks but our home networks. It seems that everything we’re connecting to a power plug in our home is also connecting to our network.
For example, we’re starting to see appliances such as refrigerators and ovens connect to the wireless network. We have smart devices like speakers that are responding to our voice commands. Or we might have air control systems that allow us to manage the temperature of a room all from a centralized app on our mobile device. These IoT devices may also be responsible for access at our facilities, so they might be a smart doorbell or they might be responsible for unlocking a door or a garage.
This is another case where the security of these devices is relatively important. We wouldn’t want somebody gaining access to our systems because they have access to these IoT devices. So commonly we segment IoT devices onto their own network where we can have additional security and limit anyone else from accessing those systems.