ADMIN Network & Security 71 2022.pdf

(62638 KB) Pobierz
FREE
DVD
libiotrace
Kubernetes
ADMIN
Network & Security
ISSUE 71
ADMIN
Kubernetes
Scale up and stay safe with a
containerized environment
Open Policy Agent
A flexible way to
manage user rights
Rancher
A Kubernetes
management platform
Azure AD Guests
Manage guest accounts
with Access Reviews
microVMs
Lightweight VMs with a
reduced resource footprint
Network & Security
VXLAN
libiotrace
Overlay networks in
A ptrace-based tracing
virtualized data centers mechanism for syscalls
DNS over HTTPS
Advantages and
disadvantages
QUIC
UDP-based protocol with
mandatory TLS encryption
SQL Server
2022 and
Azure
WWW.ADMIN-MAGAZINE.COM
Welcome to ADMIN
W E LCO M E
Risky Business
For all the fear, uncertainty, and doubt still surrounding cloud technologies,
you must take a level of acceptable risk to move forward.
I find it infinitely frustrating to hear a technology person complain about cloud computing. They usually state
security as the biggest hurdle to their adoption. I agree that security is a major problem with cloud technologies,
but it’s no more of a problem than with any Internet-exposed service. Every service that “faces” the Internet is
less secure, but you must accept certain risks to be able to function and move forward in business and your
personal life. The cloud is a tool and an asset, but many of you probably disagree.
The cloud, for me, is a means of getting things done no matter where I am or which device I’m using. Cloud ap-
plications allow me to work on any device, even a borrowed one, without having to reset my entire environment
or get used to someone else’s configurations and settings. Before having cloud applications to manage my pass-
words, infrastructure, backups, contacts, mobile applications, and creative application suite, I had to carry around
a fully loaded laptop computer with a local password manager or text file full of credentials rather than a small
netbook or Chromebook containing little more than an operating system.
A few years ago, my wife bought me a Chromebook. Being an experimental type of person, I decided to use only
that Chromebook, and nothing else, for one month to see if someone could truly be 100 percent reliant on it and the
cloud for everything. I’m happy to report that it worked. I edited documents and created and edited images, podcasts,
and video files on the Chromebook with web-based and cloud-based applications. I also had the peace of mind of
knowing that if I lost the laptop, my information would be safe. The opposite would be true with a standard lap-
top. I prefer to “travel light,” and web-based and cloud-based applications allow me to do so with confidence.
Sure, one of the downsides of operating purely in the cloud means you must make some sacrifices, such as hav-
ing limited email-only access to support or giving up control to remote support technicians who may or may
not have a native grasp of the English language. However, these limitations are something you learn to accept.
A friend of mine referred to these constraints as “trade-offs.” The trade-offs for convenience are lackluster sup-
port and a lack of local control. An additional potential downside, some claim, is that my data is less secure in
the cloud than if it were behind a corporate firewall or saved locally on my laptop. Yes, some cloud services have
been compromised. Still, if you take precautions, such as selecting providers that encrypt your data and enabling
multifactor authentication, you have less to worry about. I’m not telling you that cloud-based services are fire-
proof because of encryption and multifactor authentication; however, they’re big steps toward theft prevention
that I might not enjoy otherwise. A virtual private network (VPN) is a good
thing. Encryption is a good thing. Multi-factor authentication is a good
thing. Firewalls are good things. Unique, complex passwords are
good things. Nothing is perfect, but using multiple layers of secu-
rity means you’re less likely to be affected by a negative event
such as a data breach.
Cloud applications aren’t for everyone. I get that. Sensitive
government information, trade secrets, and medical records
might not be cloud-ready, but for almost everything else, it’s
time to migrate to the cloud. Have backups and geographi-
cally diverse disaster recovery available in the rare case that
your cloud provider goes offline or experiences a breach.
In theory, a failure should never happen, but, as you know,
it does. Remember that you keep flashlights, candles, and
spare tires to soften the blow of failures, and you should do
the same whether you’re a cloud convert or not. An ounce
of prevention is worth a pound of cure. Even old Ben
Franklin knew that backups were a good idea, but
Ben also knew that to do anything requires ac-
cepting some risk. Think of how he proved
the electrical nature of lighting – by fly-
ing his kite in the clouds.
Ken Hess
ADMIN Senior Editor
Lead Image © Oksana Stepanenko, 123RF.com
W W W. A D M I N - M AGA Z I N E .CO M
ADMIN 71
3
S E RV I C E
Table of Contents
ADMIN
Network & Security
Features
We show you how to get started with
Kubernetes, and users share their
insights into the container manager.
10
Introduction to Kubernetes
Many admins find themselves struggling
to get started with Kubernetes. We
present the basic architecture and the
most important components and terms.
The Kubernetes Experience
Users in corporate and government
agencies that have successfully
switched to Kubernetes share their
positive experiences and the stumbling
blocks to avoid.
22
Tools
Save time and simplify your workday
with these useful tools for real-world
systems administration.
Ceph 17.2
A robust update offers increased stability
and more features with little overhead.
libiotrace
This library monitors running, static, and
dynamically linked programs and collects
detailed data for many file-I/O-related
function calls.
Open Policy Agent
This open source policy engine
offers a flexible way to manage user
rights, especially in the challenging
environments of the cloud and
infrastructure as code.
SQL Server 2022
The focus is on closer collaboration
between on-premises SQL servers
and SQL functions in Azure, including
availability and data analysis.
50
Containers and Virtualization
Virtual environments are becoming
faster, more secure, and easier to set
up and use. Check out these tools.
Rancher 2.5
An agile alternative to Red Hat
OpenShift, Rancher is an efficient way
to manage Kubernetes clusters, and
the setup is significantly different from
classic Kubernetes.
28
18
36
56
42
VXLAN
VXLAN addresses the need for overlay
networks within virtualized data centers
accommodating multiple tenants.
Security
Use these powerful security tools
to protect your network and keep
intruders out in the cold.
60
Detect Signs of Attacks
Deal with threat intelligence on the
corporate network when the existing
security tools are not effective.
DNS over HTTPS
Now that web content is encrypted by
HTTPS, the underlying name resolution is
often unprotected. We look at the classic
DNS protocol and investigate whether
DNS over HTTPS could be the solution to
ensure the confidentiality of DNS requests.
News
Find out about the latest ploys and
toys in the world of information
technology.
8
News
• CIQ secures VC funding, forms new
leadership team
• Learn DevSecOps basics through free
training course
• GitLab survey reflects shifting roles in
DevSecOps
• New report examines the current state
of ITOps and SecOps
• Top universities lack proper email
security measures
64
46
migrate2rocky
The migrate2rocky script automatically
migrates your CentOS 8 system
to Rocky Linux – an enterprise
RHEL derivative created by CentOS
co-founder Greg Kurtzer.
4
ADMIN 71
W W W. A D M I N - M AGA Z I N E .CO M
Table of Contents
S E RV I C E
78
22
Ceph 17.2
Ceph developers got rid of some
historic clutter and added new
features for improved performance
and built-in automation.
microVMs
You can have your cake and eat it,
too: Ignite virtual machine manager
combines Firecracker with Docker and
OCI images to provide the best from
both the container and VM worlds.
Management
Use these practical apps to extend,
simplify, and automate routine admin
tasks.
66
Azure AD Guest
Cross-tenant access settings and user-
friendly Access Reviews simplify the
management of guest accounts in Azure
Active Directory.
74
Nuts and Bolts
Timely tutorials on fundamental
techniques for systems
administrators.
Apache OpenMeetings
The free video conferencing platform
has comprehensive collaboration tools
and can be hosted locally, so sensitive
corporate data is not exposed to cloud
services.
microVMs
Get the strong isolation of virtual
machines and lightweight behaviors of
containers.
PowerShell Storage Automation
PowerShell succeeds when it comes
to comprehensive automation where
other tools that manage the hard
drive inventory of Windows servers
fall short.
SystemRescue 9.04
64 bit
Live rescue disk
Administer and
repair Linux and
Windows systems
Linux kernel
5.15.58
Expandable with
system rescue
modules
78
84
71
Roll Back Windows 11
If you want to try Windows 11 but keep
your options open, we show you how
to install it, restore it to its factory
settings if it’s misbehaving, or roll it
back to Windows 10.
90
QUIC
The Quick UDP Internet Connections
protocol comes with mandatory TLS
encryption and promises faster speeds.
Performance Tuning Dojo
Defining I/O baselines helps you
determine the highest performance
you can expect from your system when
configured properly.
See p 6 for details
Service
3
6
97
98
Welcome
On the DVD
Back Issues
Call for Papers
94
W W W. A D M I N - M AGA Z I N E .CO M
ADMIN 71
5

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin