System Administration

Essential Storage & SAN Security Interview Questions

Posted on Updated on

Storage Fundamentals & Access Control

What is LUN masking? LUN (Logical Unit Number) Masking is an authorization process that makes a LUN available to specific hosts while hiding it from others.

  • Implementation: Primarily at the HBA (Host Bus Adapter) level, though some storage controllers also support it.
  • Risk: Masking at the HBA level is vulnerable if the HBA is compromised.
  • Importance: Crucial for Windows environments; Windows servers often try to write volume labels to every available LUN, which can corrupt data on LUNs intended for other operating systems.

What is SAN zoning? SAN zoning is the method of arranging Fibre Channel devices into logical groups within the physical fabric. It is used to compartmentalize data for security and performance. A single device can belong to multiple zones.

What are the differences between Hard and Soft Zoning?

  • Hard Zoning: Implemented in hardware. It physically blocks access to a zone from any device outside of it.
  • Soft Zoning: Implemented in software via name servers. It prevents ports from being “seen” by unauthorized devices. However, it is less secure because ports may still be accessible if an attacker correctly guesses the Fibre Channel address.

Port Zoning vs. WWN Zoning

  • Port Zoning: Uses physical switch ports to define zones. It is secure but rigid; moving a cable requires a configuration update.
  • WWN Zoning: Uses World Wide Names (64-bit unique addresses). It is flexible (you can recable without reconfiguring), but it is susceptible to WWN spoofing.

SAN Security & Attack Vectors

Common Attack Classes against SANs:

  1. Snooping: Unauthorized reading of private data.
  2. Spoofing: Impersonating a legitimate node to gain access or destroy data.
  3. Denial of Service (DoS): Flooding the fabric to reduce availability.

Fibre Channel Security Protocols:

  • FC-SP (Fibre Channel Security Protocol): A framework for authentication and cryptographically secure communication. It protects data in transit, not data at rest.
  • DH-CHAP: A secure key-exchange protocol (Diffie Hellman – Challenge Handshake Authentication Protocol) for switch-to-switch and host-to-switch authentication.
  • FCAP & FCPAP: Optional authentication mechanisms using certificates (FCAP) or passwords (FCPAP).

How are iSCSI and FCIP secured over IP? Per RFC 3723, block storage protocols transported over IP are secured using standard IPsec and IKE (Internet Key Exchange) protocols to provide authentication and data confidentiality.

I’ve organized these Q&A into logical categories: General Concepts, Hardware, Networking, Software-Defined/Cloud, and Backup/DR.

🏗️ Part 1: General Storage Concepts & RAID

  1. What is RAID? Redundant Array of Independent Disks; a way to combine multiple physical disks into a single logical unit for redundancy or performance.
  2. What is the difference between Hot and Cold Storage? Hot storage is for frequently accessed data (high performance, high cost); Cold is for archival data (low performance, low cost).
  3. What is RAID 0? Striping. It provides high performance but zero redundancy. If one disk fails, all data is lost.
  4. What is RAID 1? Mirroring. Data is written identically to two disks. High redundancy, but you lose 50% of your total capacity.
  5. What is RAID 5? Striping with distributed parity. Requires at least 3 disks. It can survive a single disk failure.
  6. What is RAID 6? Striping with double parity. Requires at least 4 disks. It can survive two simultaneous disk failures.
  7. What is RAID 10? A stripe of mirrors (1+0). Combines the speed of RAID 0 with the redundancy of RAID 1.
  8. What is a Hot Spare? An idle drive in an array that automatically replaces a failed drive to begin an immediate rebuild.
  9. What is IOPS? Input/Output Operations Per Second; a key performance metric for storage.
  10. What is Throughput? The amount of data transferred over time, usually measured in MB/s or GB/s.
  11. What is Latency? The time delay between a data request and the start of the data transfer.
  12. What is Throttling? Intentionally slowing down I/O to prevent a single application from consuming all resources.
  13. What is Striping? Breaking data into blocks and spreading them across multiple disks to increase speed.
  14. What is Mirroring? Creating an exact copy of data on another disk.
  15. What is Parity? A mathematical calculation used in RAID (like RAID 5/6) to reconstruct data if a drive fails.
  16. What is the “Write Hole” in RAID? A corruption scenario where a power failure occurs mid-write, leaving data and parity out of sync.
  17. What is JBOD? “Just a Bunch Of Disks”; disks are used individually or spanned without RAID protection.
  18. What is Thin Provisioning? Allocating storage on-demand rather than reserving the full capacity upfront.
  19. What is Thick Provisioning? Reserving the entire amount of storage space on the physical disk at the time of creation.
  20. What is a LUN? A Logical Unit Number used to identify a slice of storage presented to a host.

🔌 Part 2: Connectivity & Networking (SAN/NAS)

  1. What is the difference between SAN and NAS? SAN is block-level (Fibre Channel/iSCSI); NAS is file-level (NFS/SMB).
  2. What is iSCSI? Internet Small Computer System Interface; carries SCSI commands over IP networks.
  3. What is an IQN? iSCSI Qualified Name; a unique identifier for iSCSI initiators and targets.
  4. What is a Target? The storage resource (the “server” side of a storage connection).
  5. What is an Initiator? The host/server that consumes the storage (the “client” side).
  6. What is Fibre Channel (FC)? A high-speed network technology used primarily for SANs.
  7. What is FCoE? Fibre Channel over Ethernet; encapsulates FC frames into Ethernet packets.
  8. What is Multi-pathing? Using multiple physical paths between a server and storage to provide redundancy and load balancing.
  9. What is an HBA? Host Bus Adapter; a circuit board/adapter that connects a host to a storage network.
  10. What is a Fabric? A network of switches, hubs, and devices connected via Fibre Channel.
  11. What is an N_Port? A Node Port used to connect a host or storage device to the fabric.
  12. What is an F_Port? A Fabric Port on a switch that connects to an N_Port.
  13. What is an E_Port? An Expansion Port used to connect two switches (Inter-Switch Link).
  14. What is ISL? Inter-Switch Link; a connection between two SAN switches.
  15. What is Oversubscription? Assigning more logical storage to hosts than is physically available (common in thin provisioning).
  16. What is SMB/CIFS? Server Message Block; a file-sharing protocol primarily used by Windows.
  17. What is NFS? Network File System; a file-sharing protocol primarily used by Linux/Unix.
  18. What is an Alias in SAN zoning? A user-friendly name given to a WWN to make management easier.
  19. What is a Zone Set? A collection of zones that are activated together on a fabric.
  20. What is Jumbo Frames? Ethernet frames with more than 1500 bytes of payload (usually 9000), used to improve iSCSI performance.

💾 Part 3: Hardware (SSD, HDD, NVMe)

  1. What is an SSD? Solid State Drive; uses flash memory with no moving parts.
  2. What is an HDD? Hard Disk Drive; uses rotating magnetic platters.
  3. What is NVMe? Non-Volatile Memory Express; a high-performance protocol designed specifically for SSDs.
  4. What is NVMe-oF? NVMe over Fabrics; extending NVMe performance across a network (FC or TCP).
  5. What is SLC? Single-Level Cell flash; 1 bit per cell. Fastest and most durable.
  6. What is MLC? Multi-Level Cell flash; 2 bits per cell.
  7. What is TLC? Triple-Level Cell flash; 3 bits per cell. Common in enterprise storage.
  8. What is QLC? Quad-Level Cell flash; 4 bits per cell. High density, lower endurance.
  9. What is Wear Leveling? A technique to ensure data is written evenly across all flash cells to extend SSD life.
  10. What is Over-provisioning in SSDs? Reserving extra flash capacity to improve controller performance and endurance.
  11. What is a SAS drive? Serial Attached SCSI; enterprise-grade drives known for reliability.
  12. What is a SATA drive? Serial ATA; consumer-grade drives used for bulk high-capacity storage.
  13. What is an M.2 drive? A small form factor for SSDs, commonly used for boot drives.
  14. What is “Tiering”? Automatically moving data between different types of disks (e.g., SSD for “hot” data, HDD for “cold”).
  15. What is Caching? Using a small amount of fast storage (RAM or SSD) to temporarily hold data for faster access.
  16. What is Write-Back Cache? Data is written to cache and acknowledged to the host immediately, then written to disk later.
  17. What is Write-Through Cache? Data is written to the disk and cache simultaneously before acknowledging to the host.
  18. What is a Battery Backed Module (BBM)? Protects data in the controller cache during a power failure.
  19. What is DWPD? Drive Writes Per Day; a measurement of an SSD’s endurance.
  20. What is MTBF? Mean Time Between Failures; a statistical estimate of a drive’s reliability.

☁️ Part 4: Modern Tech (SDS, Cloud, Object)

  1. What is SDS? Software-Defined Storage; storage software that is independent of the hardware it runs on.
  2. What is Object Storage? Storage that manages data as objects with metadata (e.g., Amazon S3).
  3. What is a Bucket? A logical container for objects in Object Storage.
  4. What is Metadata? Data about data (e.g., creation date, file type, custom tags).
  5. What is a Flat Namespace? Used in object storage; unlike hierarchical folders, all objects exist at the same level.
  6. What is Hyperconverged Infrastructure (HCI)? Combines compute, storage, and networking into a single software-defined node (e.g., Nutanix, vSAN).
  7. What is Unified Storage? A system that supports both Block (SAN) and File (NAS) protocols.
  8. What is Data Deduplication? Removing redundant copies of data to save space.
  9. What is Compression? Reducing the size of data by removing repetitive patterns.
  10. What is an “All-Flash Array” (AFA)? A storage system that only contains SSDs.
  11. What is Hybrid Storage? A system that mixes SSDs and HDDs.
  12. What is REST API in storage? An interface used to manage storage programmatically (common in cloud/SDS).
  13. What is Data Immutability? Data that cannot be modified or deleted once written (key for Ransomware protection).
  14. What is WORM? Write Once, Read Many; a type of immutable storage.
  15. What is S3? Simple Storage Service; the industry-standard protocol for object storage created by AWS.
  16. What is Data Sovereignty? The concept that data is subject to the laws of the country where it is physically stored.
  17. What is Cold Tiering? Automatically moving aged data from expensive cloud storage to cheaper archive tiers (e.g., S3 Glacier).
  18. What is a Storage Gateway? A device that connects on-premises apps to cloud storage.
  19. What is “Egress Fees”? Costs charged by cloud providers for moving data out of their network.
  20. What is Scale-Out Storage? Adding performance and capacity by adding more nodes to a cluster.

🛡️ Part 5: Backup, Recovery & Management

  1. What is a Snapshot? A point-in-time “picture” of a LUN or file system.
  2. What is a Clone? A full, independent copy of a volume or LUN.
  3. What is Replication? Copying data from one storage array to another (local or remote).
  4. What is Synchronous Replication? Data is written to both sites simultaneously (zero data loss, but limited by distance).
  5. What is Asynchronous Replication? Data is written to the primary site and then copied to the secondary site after a delay.
  6. What is RPO? Recovery Point Objective; the maximum amount of data loss acceptable (measured in time).
  7. What is RTO? Recovery Time Objective; the maximum time allowed to restore service after a failure.
  8. What is an Incremental Backup? Backs up only the data that has changed since the last backup of any type.
  9. What is a Differential Backup? Backs up data that has changed since the last full backup.
  10. What is an “Air Gap”? A security measure where a backup copy is physically or logically disconnected from the network.
  11. What is Disaster Recovery (DR)? A plan for restoring IT infrastructure after a major failure or catastrophe.
  12. What is Business Continuity? The broader plan to keep a business running during a disaster.
  13. What is a Quorum Disk? A disk used in clusters to maintain configuration info and help decide which nodes are active.
  14. What is Data Scrubbing? An automated background process that checks for and repairs “bit rot” or silent data corruption.
  15. What is “Bit Rot”? The slow deterioration of data on storage media over time.
  16. What is a Consistency Group? A collection of LUNs that are snapshotted or replicated at the exact same moment to ensure write-order consistency.
  17. What is Redirect-on-Write (RoW)? A snapshot method where new writes are sent to a new location, leaving the original data as the snapshot.
  18. What is Copy-on-Write (CoW)? A snapshot method where original data is copied to a snapshot reserve before being overwritten.
  19. What is 3-2-1 Backup Rule? 3 copies of data, on 2 different media, with 1 copy off-site.
  20. What is a Storage Controller? The “brain” of the storage array that manages I/O, RAID, and features like deduplication.

StorageAdmin #SAN #CyberSecurity #DataCenter #SysAdmin #TechInterview #LUNMasking #Networking #CloudInfrastructure #LazyAdmin

This entry was posted in Interview Questions and tagged , , , , , , , , , .

Restore Missing “Help and Support” Service in Windows Server 2003

Posted on Updated on

In Windows Server 2003, you might occasionally encounter a scenario where the Help and Support service is completely missing from the services.msc console or simply refuses to start. This is usually due to a corruption in the registration of the Help Center binaries.

Instead of a full OS repair, you can re-register and re-install the service directly from the command line.

The Fix: Re-registering via Command Prompt

Follow these steps to force the system to rebuild the service entry:

  1. Open a Command Prompt (Start > Run > cmd).
  2. Switch to your system drive (usually C:):DOS%SystemDrive%
  3. Navigate to the Help Center binaries directory:DOScd %windir%\PCHealth\HelpCtr\Binaries
  4. Run the registration and installation command:DOSstart /w helpsvc /svchost netsvcs /regserver /install Note: The /w switch tells the command prompt to wait for the process to finish before returning to the prompt.

Verification

Once the command finishes, the service should start automatically. You can verify it by running:

  1. Type services.msc in the Run box.
  2. Look for Help and Support.
  3. Ensure the Status is Started and the Startup Type is Automatic.

#WindowsServer2003 #SysAdmin #LegacyIT #WindowsFix #TechSupport #ServerAdmin #ITPro #LazyAdmin #Troubleshooting #RetroIT

This entry was posted in Windows and tagged , , , , , , , .

How to Uninstall Internet Explorer 8 on Windows Server 2003 (The Hard Way)

Posted on Updated on

Sometimes you need to roll back to a previous version of Internet Explorer on Windows Server 2003, but the standard “Add/Remove Programs” fails or the uninstaller is missing. If you find yourself in this position, you can trigger the uninstaller manually—even if the files are missing.

The Standard Manual Uninstall

If your system still has the uninstallation files, you can run the following command:

  1. Click Start > Run.
  2. Type or paste: %windir%\ie8\spuninst\spuninst.exe
  3. Follow the prompts to remove IE8.

What if the “spuninst” folder is missing?

If you navigate to C:\Windows\ie8 and the spuninst folder is nowhere to be found, you aren’t out of luck.

  1. Find a Donor: Locate another Windows Server 2003 machine that still has the folder.
  2. Copy the Structure: Copy the entire spuninst folder from the donor machine to the same path on the target server.
  3. Run the EXE: Execute the spuninst.exe as mentioned above.

The “Missing File” Trick (IEENCODE.DLL.000)

During the uninstallation process, the wizard may stop and ask for specific files. A common culprit that goes missing is IEENCODE.DLL.000.

If you cannot find this file anywhere, here is the workaround:

  1. Search for the existing file IEENCODE.DLL on your system.
  2. Copy IEENCODE.DLL to a temporary location (like your desktop).
  3. Rename the copy to IEENCODE.DLL.000.
  4. When the IE8 uninstaller asks for the file, point it to your newly renamed file.

The uninstaller will accept the file, proceed with the cleanup, and successfully remove Internet Explorer 8 from your system!

#WindowsServer #InternetExplorer #SysAdmin #LegacyIT #TechHacks #ServerAdmin #Troubleshooting #LazyAdmin #WindowsFix #RetroComputing

This entry was posted in Windows and tagged , , , , , , , .

How to Change the Default Snapshot Location in VMware ESXi 5

Posted on Updated on

By default, VMware ESXi stores virtual machine snapshots in the same directory as the parent VM. If your primary datastore is running low on space, taking a new snapshot can fail or, worse, cause the VM to hang.

snapshot

Fortunately, you can redirect these snapshots (and swap files) to a different datastore with more “breathing room.”

Phase 1: vSphere Client Configuration

Before modifying files, we need to tell the VM not to store redo logs with the parent.

  1. Power OFF the Virtual Machine (This is mandatory for the changes to take effect).
  2. Right-click the VM and select Edit Settings.
  3. Go to the Options tab > General > Configuration Parameters.
  4. Click Add Row and enter:
    • Name: snapshot.redoNotWithParent
    • Value: true
  5. Click OK to save and exit.

Phase 2: CLI Configuration (.vmx Modification)

Now we define exactly where those snapshots should go.

  1. Log into the ESXi host via SSH or the local console.
  2. Navigate to your VM’s home directory:Bashcd /vmfs/volumes/[DatastoreName]/[VMName]
  3. Open the .vmx configuration file using the vi editor:Bashvi VMName.vmx
  4. Add the following line to the file, specifying your secondary datastore path:PlaintextworkingDir = "/vmfs/volumes/Secondary-Datastore/snapshots" (Press i to insert text, then Esc followed by :wq to save and exit.)

Phase 3: Reloading the VM

Changes to the .vmx file aren’t picked up until the VM is reloaded in the inventory.

  1. Find your VM’s ID:Bashvim-cmd vmsvc/getallvms | grep [VMName]
  2. Note the ID number (e.g., 13) and run the reload command:Bashvim-cmd vmsvc/reload 13

💡 Pro Tip: Keeping Swap Files in the Original Directory

By default, the workingDir parameter also moves the VM’s .vswp (Swap) file. If you only want to move the snapshots and keep the swap file with the parent VM for performance reasons, add this extra parameter in the Configuration Parameters (Phase 1):

Name: sched.swap.dir

Value: "/vmfs/volumes/Original-Datastore/VM-Directory"

#VMware #ESXi #StorageAdmin #SysAdmin #Virtualization #vSphere #TechTutorial #LazyAdmin #DataCenter #CloudComputing

This entry was posted in VMware and tagged , , , , , , , , .

Understanding Processor Queue Length

Posted on Updated on

In simple terms, Processor Queue Length is the “waiting room” for your CPU. It represents the number of threads that are ready to be processed but are currently stuck waiting because the CPU is already busy handling other tasks.

🚦 The Core Concept: Threads in Waiting

Every action on your server—whether it’s a database query or a system background task—is broken down into threads. The CPU can only handle a certain number of threads at once. When more threads arrive than the CPU can handle, they line up in the Processor Queue.

📉 Identifying a Bottleneck

A high CPU utilization percentage (e.g., 90%) doesn’t always mean there is a problem. The true indicator of a performance bottleneck is a sustained or recurring queue.

  • The Golden Rule: A sustained queue of more than two threads per processor is a clear symptom of a bottleneck.
  • The Exception: Queues can develop even when CPU utilization is below 90% if the requests are random and the processing time for each thread varies wildly.

🔍 How to Troubleshoot a High Queue

If you notice frequent queueing, you need to dig into the specific processes causing the backup.

  1. Check % Processor Time: Identify which specific processes are eating up CPU cycles.
  2. Monitor Thread Patterns: Use Performance Monitor (PerfMon) to see if a single process is spawning too many threads.
  3. Evaluate Priorities: Check if certain low-priority tasks are holding up high-priority ones. While you can adjust base priorities in Task Manager, this is usually a “band-aid” fix, not a permanent solution.

🖥️ Multiprocessor Systems: Calculating the Limit

The acceptable queue length scales with your hardware. To find your target range, multiply your number of physical processors (or cores) by the thread threshold.

System TypeTypical Usage (0–10% CPU)Busy System (80–90% CPU)
Single Processor0 to 1 threads1 to 3 threads
Dual Processor0 to 1 threads2 to 6 threads
Quad Processor0 to 1 threads4 to 12 threads

Note: For servers, also keep an eye on the Server Work Queues\Queue Length counter, which specifically tracks requests waiting for the server service.

#WindowsServer #SysAdmin #PerformanceTuning #ITPro #TechTips #CPU #DataCenter #ServerManagement #LazyAdmin #PerfMon

This entry was posted in Windows and tagged , , , , , , , .