The modern data center contains a number of different services. In this video, you’ll learn about web services, file services, mail services, security services, and much more.
Here’s a picture of a typical data center. You could see aisle after aisle of these racks. And inside the racks are servers and other resources. So, in this video let’s go through some of the services that you might find inside of a typical data center.
One server we’re all familiar with, at least from the user side, is a web server. This is a server that responds to requests that are being made by a browser that we’re running on our workstation, and it uses some very standardized protocols to do this, such as HTML and HTML5. On a web server, we have pages that are stored on the server itself. Our browser requests these pages and they’re downloaded directly to the browser. These might be static pages that exist on the server, or they may be created dynamically in real time when they are requested by the browser.
Another well-known service is a file server. This is where we might store all of our user documents, our videos, our pictures, and anything else that we might want to save for later out on the network drive. This uses a very standardized form of file management. The standardized protocols you’ll often see communicating to and from a file server might be Server Message Block, or SMB, If this is a Windows Server. If this is an Apple server, you may be using Apple Filing Protocol, or AFP.
From our perspective, though, we never see these protocols. What we commonly see is a front-end to the file server, where we can simply move files around in a graphical display. We can rename. We can copy files. And, behind the scenes, it’s this protocol that’s communicating back and forth to the file server to facilitate all of these file system changes.
One network service that we tend to have a love/hate relationship with is the print server. This is usually a device or piece of software where we send our print jobs, and ideally those print jobs then appear on a printer that’s connected on our network. This is sometimes software that’s built into an operating system. We might connect a printer to a person’s workstation and then tell that workstation to enable the print server. Or this might be an adapter card, like this one here, that connects into the back of a printer, and you simply plug in your network connection and all of the print server software is inside of this adapter card.
Most print servers will use some very standardized protocols to be able to send your print job into that print server. Things like SMB for Server Message Block is very common to see on Windows, but you might also see IPP for the Internet Printing Protocol, or LPD for the Line Printer Daemon.
One of those servers in that picture of the data center was probably a DHCP server. DHCP is the Dynamic Host Configuration Protocol, and this is the server that gives us our automated IP addressing for all of the devices on our network. This, of course, is not just a service that you would run in the enterprise, but it’s a service you also run at home. If you have a home router or wireless router, it’s probably running a DHCP service inside of that device to give all of your home devices IP addresses.
Of course, in the enterprise you need to have more than one DHCP server in case something happens to one of the servers. You would have a redundant device that’s also providing IP addresses for the enterprise.
If you’ve typed ProfessorMesser.com into your browser and connected to my web server, then somewhere in between you’ve communicated to a DNS server. DNS stands for Domain Name System, and this is the service that connects the names that we type into our systems with the IP addresses associated with those devices. DNS is a distributed naming system. There are many different kinds of servers all scattered throughout the world, and they’re all providing different parts of the DNS system. If one particular DNS server goes down, there is usually redundant DNS servers to take its place.
It’s very common for organizations to have their own internal DNS servers as well. These are usually in the data center. They’re often managed by the IT department or a group that’s responsible for handling the domain name system.
In the enterprise, security is important, so it’s not uncommon to see services such as a proxy server in use. A proxy server is a go-between between you and the outside world. For instance, if you were performing a Google search, you would provide that search request to the proxy server. The proxy server makes the actual request. It then examines what comes back from the Google server, and then responds back to you on the inside, knowing that the information being sent back and forth is perfectly secure.
Proxy servers are often used for access control to allow or disallow people access to certain categories of web services. It may provide caching to improve the response time of your web services. URL filtering can certainly filter out bad or unknown websites. And you might also provide content scanning on the proxy server to make sure everything that’s being transferred is not malicious software that might harm your device.
Another very visible network service is your mail server. The mail server, of course, is responsible for getting your emails sent to you on the inside and, of course, responsible for sending this information out to other locations. This is usually managed by either your ISP or, if you’re managing this internally in your organization, your IT department is responsible for the mail server. This is usually one of the most important services you have running. It usually has a 24×7 uptime requirement, and it’s one that, when the mail server goes down, everybody is aware of that particular problem.
In the enterprise, you’re accessing many different resources simultaneously. You may be accessing a web server, a file server, you may be connecting in via a virtual private network, and in each of these cases, you need to be able to authenticate yourself to these services. That’s why it’s common in the enterprise to have an authentication server, where you can have a centralized set of credentials that you can use to access any of these resources.
If you’re at home or a very small organization, there may not be a requirement for a centralized authentication server, but once you get to have a number of different resources it makes sense to centralize all of your authentication to one place on the network. These are also a set of redundant services. That’s because it’s important that you have access to the other resources on your network. And, if you’re connecting in through a VPN and you need access to a file server, you want to be sure there’s an authentication server available to authenticate you and then provide you with that access.
Many of the exploits that come into our environment are coming across the network. That’s why it’s important to have a device that’s going to look for these types of exploits, and we can do that with a Network-based Intrusion Detection System or Intrusion Prevention System. Our IDS and IPS services are going to be looking for some very specific intrusion types. For example, there may be some known vulnerabilities in an operating system that someone is trying to exploit, or there may be vulnerabilities in an application that someone’s trying to take advantage of. Of course, these IPS and IDS systems can also look for much broader problems, such as buffer overflows, cross-site scripting, SQL injections, and much more.
If you’re running an IDS, or an Intrusion Detection System, then you’re able to identify one of these intrusions and provide an alarm or an alert, but because you’re just detecting it, you’re not able to stop that intrusion. If you’d like to stop it, you need to use an IPS– the P is for Prevention– and when the IPS identifies a vulnerability that may be coming through the network, it can stop that traffic before it gets on the inside.
When it comes to security, you may have a single device providing the security rather than many separate devices. You’ll sometimes see these referred to as next-generation firewalls, Unified Threat Management devices, or UTM devices, or web security gateways. It’s not uncommon to see these single devices providing many different services– for example, URL filtering or content inspection. They may be inspecting for malware that’s going in and out of the network. It may be checking your email to see if there’s spam coming into your environment. This may also be your entry point from your wide area network, and it may have the WAN hardware you need as a CSU/DSU to connect to the rest of the network.
This could also be routing traffic and switching traffic. There may be a built-in firewall in this device. It’s not unusual to also see an IDS or IPS functionality also built into these all-in-one security appliances. And you might even see bandwidth shapers, VPN endpoints so that you can have all of these different services in a single piece of hardware.
We certainly have a lot of new technology in our data center, but we also have a lot of older systems that continue to run year after year. These legacy systems may be running some software that’s very important to our organization, but because they’re older systems, it may be more difficult to find people that know how to manage these devices. It’s not uncommon, in many environments, that you maintain a group of people that not only know how to run the new systems, but are also very familiar with these older legacy systems.
You probably also have a number of devices in your infrastructure that, at first glance, don’t look like a traditional server, but they are systems that are running operating systems, and they’re also very important to keep running. These embedded systems are usually purpose-built devices, usually don’t have direct access to the operating system or the ability to manage this device. An example of some of these embedded systems might be the alarm system you’re using in your environment. Maybe it’s the card system you use to get in and out of doors inside of your building. Or maybe it’s the timecard system used by hourly workers to clock in and clock out of work.