This week I learned about client-server architecture, single and bastion host configurations, host workstations, and Linux commands.
Server = remote computer application which finds data that has been requested or performs a service
Client Application = local device that displays the data
Both of these make client-server architecture
Example of client - server are web pages and sending e-mail messages.
Web page uses web browsers are client applications (firefox,chrome, safari, i.e.)
Web client on local device (PC) requests web page from remote server using uniform resource locator or URL.
URL contains two parts:
location of server that contains the data
name of the file with the data
Server can use scripting languages like : PHP or Ruby
These files will have instructions on how to find and create data.
Web server applications like Apache, Nginx, Microsoft IIS accept request for data and retrieves the files or data, formats them according to a set of rules (like HTML) and sends it back to the user.
The client (web page / email) will display information according to rules used to format it.
Email can use Outlook, Entourage, Apple Mail, or web browser for client.
Common server apps are SendMail and Exchange
Other common types of server applications are
File or FTP servers that permit the transfer of files from one computer to another
DHCP servers that distribute IP addresses for computer and other Internet-connected devices on the local area network (LAN)
Database servers like MySQL, PostgreSQL, Oracle, and Microsoft SQL Server which usually communicate with a web server on the same machine or Local area network (LAN)
A remote computer that provides a service such as a web server is said to host the service. If the organization wants to provide a number of different services to Internet users, there are several ways to design the Local network to provide those services.
The design of your network and the manner in which you configure your servers is the web architecture of your organization.
Two common architectures for web services are
Single host: single computer that hosts all server apps the organization manages. This is a low cost solution because only one computer is needed for all services.
The network and server config is simpler. A con is that if the single computer has issues such as hardware fault, all services are unavailable. If a hacker were to gain access to the single host, he would have access to all severs and data on that host.
Bastion Host: Runs only a single service. It may be a web server, an e-mail server, or some other type of server. When a bastion host has a failure or is attacked, only the serve running on that server is affected. This has the potential to increase the reliability and security of an organization's web architecture, but it complicates management of the system. A web architecture comprised of bastion hosts must ensure that network traffic runs smoothly between the hosts and that files and services on one host are available to other hosts that may need them.
For example, the web server must access the database server to retrieve information on a product that was requested by the client. With a bastion host web architecture, there could be several additional machines to administer, update software, and manage users. Some organizations may not have the manpower or experience to reliably manage this type of system.
Each service that we provide in our web architecture has a special language and a set of rules, called a protocol, that it uses to communicate with a client.
Several services have more than one protocol that can be used, but it is important that both the server and any clients use the same protocol. For example, if an email client is using POP3 to access an e-mail server that is running only the IMAP protocol, the client will not be able to connect to the server, even if the username, password and URL are correct. Several protocols offer a secure version. For web servers, HTTPS is the secure version of HTTP, and SFTP is the secure version of the file sharing protocol FTP.
It is possible for a server application and a client application to both support several protocols. The protocol used to receive and send files can be determined by the user or the server. Then the client can negotiate a protocol that will provide the best performance and most reliable, secure connection for the server the user requested.
In addition to those in the table above, there are many other types of services, such as database services, that a host workstation can provide.
The primary purpose of a host workstation is to provide service, and with provided service must come service management. You can manage a server by using a keyboard and a mouse that are directly connection to the host computer, but it is more common to manage a server remotely.
The advantages of this is having a server in a special room that is carefully climate controlled. From a security point of view, this allows the organization to separate employees who need physical access to the server room where all servers are maintained from employees who need access to a specific host to manage the services on it.
There are two primary ways to remotely manage a Linux server:
Both of these need to have an additional service available on the host for the administrator to have remote access.
The SSH service is provided by default on Linux hosts and gives the administrator remote command-line access through a traditional Linux shell or terminal window.
Virtual Network Computer(VNC) provides access to the graphical user interface (GUI) running on the Linux workstation. A VNC server application must be running on the host for the administrator to remotely access it on a VNC client application. Once connected, the administrator can use the host GUI as if working directly in front of the physical machine.
In a professional environment, Linux hosts seldom provide a GUI interface, so you will normally use SSH to manage servers. As mentioned earlier, bastion hosts are more secure than single hosts because they have fewer services that can be vulnerable to attach. This is also the reason that Linux hosts do not run GUI interfaces. A Linux host with a GUI interface has all of the command-line tools installed, but additional GUI applications are provided so that administrators can manage the system using windows and mouse clicks. Each of these additional applications and the libraries they use may have vulnerabilities that can be exploited, this weakening your system's security.
The kernel, or core, of the Linux operating system was developed by Linus Torvalds in the early 1990s from his experience with the GNU and Minix operation systems. Both systems are based on Unix, which was developed at Bell Labs in the 1970s. By making the source code for Linux open source and freely available, Torvalds allowed many other developers to refine the kernel and extend its capabilities. Over more than 20 years, Linux has grown into a robust operating system that provides the backend power for many of the websites and services provided on the Internet.
Because Linux is open source, many organizations and individuals have made slight modifications to kernel or applications so that these better meet the needs of the organization. The result is the availability of hundreds of distributions, or flavors, of Linux. Often, applications can easily be moved from one distribution to another with no problem. When working with servers, it is important to understand that default configurations provided from one distribution to another can vary. Default configurations can also vary from version to version within a distribution. As an administrator, it is important to understand the significance of the many parameters that can be found in a service's configuration file so that you are not dependent on a specific distribution.
There are three main Linux distribution trees. The distributions in each tree are similar to one another and often share similar configuration details and GUI applications. The table below lists the three main family trees of Linux distributions.
There are many operations systems based on Linux that do not fall under one of these trees, such as GenToo and Android.