System Administrator: Phase 3 Guide

Detailed Explanation: Out-of-the-box operating systems are configured for general use. A system administrator must tune the OS specifically for its role as a server. This involves kernel tuning (via sysctl in Linux), setting up static networking, and configuring log rotation to prevent disks from filling up.

Code Snippet: Kernel Tuning for a High-Traffic Web Server (sysctl.conf)

This snippet modifies the Linux kernel parameters to handle thousands of concurrent connections efficiently by adjusting the TCP stack.

# Edit /etc/sysctl.conf

# 1. Increase the maximum number of open file descriptors
fs.file-max = 2097152

# 2. Increase the maximum number of connections allowed in the backlog queue
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 65535

# 3. Protect against SYN flood attacks (Security Configuration)
net.ipv4.tcp_syncookies = 1

# 4. Decrease the time default for keeping connections alive (frees up resources)
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 300

# Apply changes immediately without rebooting
# Command: sudo sysctl -p

Detailed Explanation: After installing a service like DNS (BIND9) or DHCP, the administrator must write the configuration files that dictate how the service behaves. For DNS, this means creating "Zone Files" that map human-readable domain names to IP addresses.

Code Snippet: Configuring a BIND9 Forward Lookup Zone

This is a standard forward lookup zone file (/etc/bind/db.company.local) mapping hostnames to IP addresses within an internal company network.

; BIND data file for local company domain
$TTL    604800
@       IN      SOA     ns1.company.local. admin.company.local. (
                              2         ; Serial (Increment after edits)
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
; Name Servers
@       IN      NS      ns1.company.local.
@       IN      NS      ns2.company.local.

; A Records (Mapping Names to IPv4)
ns1     IN      A       192.168.1.10
ns2     IN      A       192.168.1.11
router  IN      A       192.168.1.1
web     IN      A       192.168.1.50
db      IN      A       192.168.1.60

; CNAME Records (Aliases)
www     IN      CNAME   web

Detailed Explanation: Configuring application services involves setting up Web Servers (like Apache or Nginx) to serve specific websites, enforcing HTTPS encryption, and tuning Database Servers (like MySQL/PostgreSQL) to allocate enough RAM for query caching.

Code Snippet: Nginx Server Block with Reverse Proxy & SSL

This Nginx configuration securely listens on port 443 (HTTPS), applies SSL certificates, and forwards the web traffic to a backend Node.js application running locally on port 3000.

# /etc/nginx/sites-available/myapp.conf
server {
    listen 80;
    server_name myapp.company.com;
    
    # Force redirect from HTTP to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name myapp.company.com;

    # SSL Certificate Configuration
    ssl_certificate /etc/letsencrypt/live/myapp.company.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/myapp.company.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;

    # Reverse Proxy to backend application
    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Detailed Explanation: Virtual Server configuration extends beyond just creating the VM. It involves configuring the Hypervisor's Virtual Networking (Virtual Switches), adjusting resource limits (vCPUs/RAM on the fly), and setting up shared storage volumes for the VMs.