2CS-CS

This module is designated as UEF 2.4 within the engineering curriculum. It represents a pivotal transition in the educational trajectory of computer science students by moving beyond the foundational concepts of operating systems and basic networking introduced in previous semesters. This module addresses the complex, integrated reality of modern enterprise IT environments. The curriculum reflects a strategic alignment with industry shifts from manual, server-centric administration to automated, service-centric engineering. This course encompasses rigorous academic definitions with professional best practices, drawing upon the principles of Site Reliability Engineering (SRE), the architectural evolution of Identity and Access Management (IAM), and the deterministic logic of Infrastructure as Code (IaC).
The module is organized into five principal chapters:

1. Modern Administration Methodologies:
In this chapter, we discuss why we need to move from traditional system administration to Site Reliability Engineering (SRE). Additionally, we delve into the quantitative foundations of reliability, including Service Level Indicators (SLIs), Service Level Objectives (SLOs), and Service Level Agreements (SLAs). To balance system stability, we introduce the application of the error budget method. The chapter further explores Infrastructure as Code (IaC), both declarative and imperative approaches, and the adoption of GitOps as a framework for managing infrastructure through version control and continuous delivery pipelines.

2. Advanced Identity and Access Management (IAM)
The following chapter, focusing on identity as a central component of enterprise security, this part examines the architecture of Active Directory and its evolution towards the Enterprise Access Model (Tier 0 strategy). Students review foundational concepts of authentication and authorization, security tokens, and Security Identifiers (SIDs), as well as the structure and management of Active Directory objects and Organizational Units (OUs). This chapter also revisits Group Policy processing and inheritance, along with the role of DNS infrastructure in directory services and authentication. Additionally, it reinforces administrative best practices, including the principle of least privilege, and the use of delegated administration and isolated management environments.
3. Linux Automation and Security Hardening
This module component addresses system security and automation in Linux environments. The chapter focuses on key topics such as privilege management using Pluggable Authentication Modules (PAM). It also covers secure scripting practices. In addition, it examines modern host-based firewall technologies. Special attention is given to the transition from iptables to the more efficient nftables framework.

4. Storage Strategy and High Availability
This chapter examines the design of resilient storage and service architectures using business continuity metrics such as Recovery Time Objective (RTO) and Recovery Point Objective (RPO). The chapter also sheds light on clustering concepts, including quorum-based decision mechanisms to mitigate split-brain scenarios, and provides a comparative analysis of storage technologies such as iSCSI, Fibre Channel, and NFS.

5. Observability and Centralized Logging
The final domain expands monitoring practices into full observability through the integration of logs, metrics, and traces. It highlights the importance of gaining exposure to centralized logging and analysis platforms, including the ELK Stack (Elasticsearch, Logstash, Kibana) and Windows Event Forwarding (WEF), with applications in system auditing and compliance..

Learning Outcome
Upon completion, students are prepared to design and evaluate enterprise systems that are resilient, secure, and observable by design. The course reinforces the principle that infrastructure is defined through code and that reliability constitutes a fundamental characteristic of modern system architecture.