System Administrator: Phase 1 Guide

Detailed Explanation: Before any hardware is purchased or software is configured, a System Administrator must translate business needs into technical specifications. This involves answering critical questions through stakeholder meetings:

• Capacity Planning: How many concurrent users will the system support? (e.g., 100 vs. 10,000)
• Data Volume: How much storage is needed today, and what is the projected growth over 3 years?
• Service Level Agreement (SLA): What is the acceptable downtime? (e.g., 99.9% uptime means ~8.7 hours of allowed downtime per year).
• Compliance: Does the data fall under specific regulations requiring special encryption?

Based on the requirements, the administrator decides where the infrastructure will live. The primary choice today is between On-Premises (Physical Data Center), Cloud (AWS, Azure, GCP), or a Hybrid approach.

Creating the technical blueprint of how servers, databases, and networks will connect. A highly available (HA) architecture eliminates single points of failure.

Security design relies on "Defense in Depth" (Firewalls, Identity Access, Encryption). Modern system administrators often design network security rules using Infrastructure as Code (IaC).

Code Snippet: Designing Firewall Rules (Terraform / AWS Security Group)

This snippet demonstrates designing a security layer where a Web Server only accepts HTTP/HTTPS traffic, and SSH is strictly limited to an Admin's specific IP address.

# Define Security Group for Web Server
resource "aws_security_group" "web_sg" {
  name        = "web_server_security_guard"
  description = "Allow standard web traffic and restricted SSH"

  # Allow HTTP (Port 80) from anywhere
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # Allow HTTPS (Port 443) from anywhere
  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # Allow SSH (Port 22) ONLY from Admin's Office IP
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["203.0.113.50/32"] # Replace with actual Admin IP
  }

  # Outbound rule: Allow server to access the internet for updates
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1" # All protocols
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Before putting a system into production, the administrator must design scenarios to test if it can handle the load gathered in Step 1. A common scenario is a Stress Test.

Code Snippet: Load Testing Scenario using Apache Benchmark (ab)

The following Bash script automates a scenario where we simulate 1000 users hitting the server, with 100 users accessing it concurrently at the exact same time.

#!/bin/bash
# Server Load Testing Scenario Script

TARGET_URL="http://192.168.1.100/"
TOTAL_REQUESTS=1000
CONCURRENT_USERS=100

echo "========================================="
echo " Initiating Server Load Test Scenario"
echo " Target: $TARGET_URL"
echo " Simulating $TOTAL_REQUESTS total requests"
echo " Concurrency level: $CONCURRENT_USERS"
echo "========================================="

# Run Apache Benchmark tool
# -n = Total number of requests to perform
# -c = Number of multiple requests to make at a time
ab -n $TOTAL_REQUESTS -c $CONCURRENT_USERS $TARGET_URL

echo "========================================="
echo " Test Complete. Review 'Requests per second' "
echo " and 'Failed requests' in the output above."
echo "========================================="