book

Modern System Administration

by Jennifer Davis

November 2022

Intermediate to advanced

325 pages

8h 13m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Who Should Read This Book?What This Book Is NotScope of This BookIf I Could Tell You Only One ThingIf I Could Tell You Only One More ThingConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
Map Your JourneyEmbrace a Mindset ShiftWhat Is the Job?Flavors of System AdministrationEmbrace Evolving PracticesEmbrace CollaborationEmbrace SustainabilityWrapping Up
How to Connect ThingsHow Things CommunicateApplication LayerTransport LayerNetwork LayerData Link LayerPhysical LayerWrapping Up
Common WorkloadsChoosing the Location of Your WorkloadsOn-PremCloud ComputingCompute OptionsServerlessContainersVirtual MachinesGuidelines for Choosing ComputeWrapping Up
Why Care About Storage?Key CharacteristicsStorage CategoriesBlock StorageFile StorageObject StorageDatabase StorageConsiderations for Your Storage StrategyAnticipate Your Capacity and Latency RequirementsRetain Your Data as Long as Is Reasonably NecessaryRespect the Privacy Concerns of Your UsersDefend Your DataBe Prepared to Handle Disaster Recovery SituationsWrapping Up
Caring About NetworksKey Characteristics of NetworksBuild a NetworkVirtualizationSoftware-Defined NetworksContent Distribution NetworksGuidelines to Your Network StrategyWrapping Up
What Is Your Digital Toolkit?The Components of Your ToolkitChoosing an EditorChoosing Programming LanguagesFrameworks and LibrariesOther Helpful UtilitiesWrapping Up

What Is Version Control?Benefits of Version ControlOrganizing Infra ProjectsWrapping Up
You’re Already TestingCommon Types of TestingLintingUnit TestsIntegration TestsEnd-to-End TestsExplicit Testing StrategyImproving Your Tests; Learning from FailureNext StepsWrapping Up
What Is Infrastructure Security?Share Security ResponsibilitiesBorrow the Attacker LensDesign for Security OperabilityCategorize Discovered IssuesWrapping Up
Know Your AudienceDimensions of DocumentationOrganization PracticesOrganizing a TopicOrganizing a SiteRecommendations for Quality DocumentationWrapping Up
Know Your AudienceChoose Your ChannelChoose Your Story TypeStorytelling in PracticeCase #1: Charts Are Worth a Thousand WordsCase #2: Telling the Same Story with a Different AudienceThe Key TakeawaysKnow Your VisualsVisual CuesChart TypesRecommended Visualization PracticesWrapping Up
Why Script Your Infrastructure?Three Lenses to Model Your InfrastructureCode to Build Machine ImagesCode to Provision InfrastructureCode to Configure InfrastructureGetting StartedWrapping Up
Infrastructure as CodeTreating Your Infrastructure as DataGetting Started with Infrastructure ManagementLintingWriting Unit TestsWriting Integration TestsWriting End-to-End TestsWrapping Up
Assessing Attack VectorsManage Identity and AccessHow Should You Control Access to Your System?Who Should Have Access to Your System?Manage SecretsPassword Managers and Secret Management SoftwareDefending Secrets and Monitoring UsageSecuring Your Computing EnvironmentSecuring Your NetworkSecurity Recommendations for Your Infrastructure ManagementWrapping Up
Why Monitor?How Do Monitoring and Observability Differ?Monitoring Building BlocksEventsMonitorsData: Metrics, Logs, and TracingFirst-Level MonitoringEvent DetectionData CollectionData ReductionData AnalysisData PresentationSecond-Level MonitoringWrapping Up
Identify Your Desired OutputsWhat Should You Monitor?Do What You Can NowMonitors That MatterPlan for a Monitoring ProjectWhat Alerts Should You Set?Examine Monitoring PlatformsChoose a Monitoring Tool or PlatformWrapping Up
What Is Monitoring Data?MetricsLogsStructured LogsTracingDistributed TracingChoose Your Data TypesRetain Log DataAnalyze Log DataMonitoring Data at ScaleWrapping Up
Why Should You Monitor Your Work?Manage Your Work with KanbanChoose a PlatformFind the Interesting InformationWrapping Up
What Is Capacity?The Capacity Management ModelResource ProcurementJustificationManagementMonitoringThe Framework for Capacity PlanningDo You Need Capacity Planning with Cloud Computing?Wrapping Up
What Is On-Call?Humane On-Call ProcessesCheck Your On-Call PoliciesPreparing for On-CallOne Week OutThe Night BeforeYour On-Call RotationOn-Call HandoffThe Day After On-CallMonitor the On-Call ExperienceWrapping Up
What Is an Incident?What Is Incident Management?Planning and Preparing for IncidentsSet Up and Document Communication ChannelsTrain for Effective CommunicationCreate TemplatesMaintain DocumentationDocument the RisksPractice FailureUnderstand Your ToolsClearly Define Roles and ResponsibilitiesUnderstand Severity Levels and Escalation ProtocolsResponding to IncidentsLearning from the IncidentHow Deep Should You Dig?Aiding DiscoveryDocumenting Incidents EffectivelyDistributing the InformationNext StepsWrapping Up
Collective LeadershipAdopt a Whole-Team ApproachBuild Resilient On-Call TeamsUpdate On-Call ProcessesMonitor the Team’s WorkWhy Monitor the Team?What Should You Monitor?Measure Impact on the TeamSupport Team Infrastructure with DocumentationBudget a Learning CultureAdapt to ChallengesWrapping Up
Hypertext Transfer ProtocolQUICDomain Name System
Test Failure Type #1: Environment ProblemsTest Failure Type #2: Flawed Test LogicTest Failure Type #3: Changing AssumptionsTest Failure Type #4: Flaky TestsTest Failure Type #5: Code Defects

Content preview from Modern System Administration

Chapter 8. Infrastructure Security

Early in my career as a Unix system administrator, I felt total dread when I saw many failed login attempts coming from external IP addresses outside of the US because we had only two people focused on security, covering everything from the physical network to network and host intrusions for our Unix systems. Seeing the failures made me wonder about other malicious activity we weren’t detecting. Talking through these concerns with the security team helped me better understand the risk and motivations of the attackers, learn about the patterns of behavior and resources, and build up the relationship between groups.

You can’t have perfect security, but you can collaborate with other parts of the organization to establish acceptable levels of security. The amount of security work that every organization needs to do to achieve “acceptable levels of security” cannot be distilled and assigned to one team, especially as the attacks evolve and become more costly to detect or repair. In this chapter, I focus on sharing general security principles so you can define security, explain threat modeling, and have a few methods for communicating security values during architecture planning.

What Is Infrastructure Security?

Infrastructure security protects hardware, software, networks, and data from harm, theft, or unauthorized access. Unfortunately, many people view security as being at odds with desirable features and user convenience, which can exacerbate ...