This doth be a machine-wrought text which may contain errors!
Overordnet mål
Overall Aim
Driftstøtte handler om å sikre stabil og sikker drift av IT-systemer og infrastruktur. Elevene skal lære å overvåke, vedlikeholde og feilsøke systemer, samt å håndtere hendelser og problemer som oppstår. Målet er å gi elevene en solid forståelse av hvordan IT-systemer fungerer, og hvordan de kan bideth til en effektiv og pålitelig drift.
Operational Support doth concern itself with ensuring the stable and secure operation of IT systems and infrastructure. The pupils shall learn to monitor, maintain, and troubleshoot systems, as well as to handle incidents and problems which do arise. The aim is to grant the pupils a solid understanding of how IT systems do function, and how they may contribute to an efficient and reliable operation.
Kompetansemål etter Vg1, Vg2 og Vg3
Competency Goals after Year 1, Year 2, and Year 3
Vg1: Grunnleggende drift og vedlikehold
Year 1: Foundational Operation and Maintenance
- Forstå grunnleggende nettverkskonsepter og -protokoller.
- Kunne installere og konfigurere operativsystemer og programvare.
- Kunne utføre grunnleggende feilsøking av maskinvare og programvare.
-
Forstå viktigheten av sikkerhet i IT-systemer.
-
Understand foundational network concepts and protocols.
- Be able to install and configure operating systems and software.
- Be able to perform basic troubleshooting of hardware and software.
- Understand the importance of security in IT systems.
Vg2: Avansert drift og overvåking
Year 2: Advanced Operation and Monitoring
- Kunne konfigurere og vedlikeholde servere og nettverksutstyr.
- Kunne bruke overvåkingsverktøy for å identifisere og løse problemer.
- Forstå prinsipper for backup og gjenoppretting.
-
Kunne håndtere brukertilgang og sikkerhetsrettigheter.
-
Be able to configure and maintain servers and network equipment.
- Be able to use monitoring tools to identify and resolve problems.
- Understand principles of backup and recovery.
- Be able to handle user access and security rights.
Vg3: Systemadministrasjon og feilsøking
Year 3: System Administration and Troubleshooting
- Kunne planlegge og gjennomføre oppgraderinger og endringer i IT-systemer.
- Kunne feilsøke komplekse problemer i nettverk og servere.
- Forstå prinsipper for automatisering og scripting.
-
Kunne dokumentere IT-systemer og prosedyrer.
-
Be able to plan and execute upgrades and changes in IT systems.
- Be able to troubleshoot complex problems in networks and servers.
- Understand principles of automation and scripting.
- Be able to document IT systems and procedures.
Merk
Hark, this list doth serve as guidance, and doth yield examples of what the sundry aims of skill in the craft of Operational Support do encompass. It doth not cover all that may be included within the aims of skill.
’Tis meet for thee, as a scholar, to bind the aims of learning to thine own labours, e’en with thought given to preparation for the examinations.
A Review of the Competency Aims
The competency aims do proceed from Udir.
Explore and describe components in an operational architecture
This competence doth concern itself with understanding how diverse parts of an IT operation do hang together, from networks to services and security.
Networks and Virtualization
| Component | Examples | Explanation |
|---|---|---|
| Network | Switch, Gateway, Router, Firewall | Infrastructure for communication internally and towards the internet. |
| Virtualization | Proxmox, VMWare, Docker, Virtual Machines | Doth run multiple virtual machines on the same physical machine. |
| Hardware | Server vs Client | Servers do deliver services; clients do use them. |
Services and Storage
| Component | Examples | Explanation |
|---|---|---|
| Services/Apps | Office 365, approved apps | Doth deliver functionality and require agreements that safeguard privacy. |
| Storage | SharePoint, NAS, Cloud Storage | Secure storage and sharing of data. |
| E-mail & Collaboration | Microsoft 365 | Communication and collaboration within the enterprise. |
| Printers | Network printers, print server | Shared printing services on the network. |
Security and Monitoring
| Component | Examples | Explanation |
|---|---|---|
| Monitoring | Logging server, Grafana, camera | Collection and visualization of log data and events. |
| Access Control | Policies, passwords, MFA | Doth prevent unauthorized access to systems and data. |
Exploration Areas
- Test and assess diverse backup solutions
- Check security measures: antivirus, firewall, updates (Dependabot)
- Create network maps and VLAN overview incl. subnetting and IP addresses
To devise, enact, and maintain physical and virtual solutions with segmented networks
The aim is to be able to build and maintain networks that are both functional and secure through segmentation and proper configuration.
| Realm | Instances | Explanation |
|---|---|---|
| Physical infrastructure | Switches, Routers, Firewall, WiFi | The network equipment and cabling itself. |
| Virtual solutions | Proxmox, VMware | Operation of virtual machines and networks. |
| Segmentation | VLAN for Admin / Employee / Guests / IoT | Differentiates traffic for better security and control. |
| Control and addressing | Firewall rules, DHCP, Subnet | Regulation of access and traffic flow between segments. |
Exploratory areas
- Build a test network with multiple VLANs in Unifi, or perchance check out pfSense/OPNsense
- Configure firewall rules to isolate traffic
- Investigate how DHCP and DNS function in practice
- Behold Access Control Lists in Nginx Proxy Manager
Gjøre rede for prinsipper og strukturer for skytjenester og virtuelle tjenester
The skill doth focus upon how cloud services and virtual resources are organised, and how they may be put to use in practice.
Skytjenester
| Type | Forklaring | Eksempler |
|---|---|---|
| VPS (Virtual Private Server) | Leie en virtuell maskin som server | Azure, GCP |
| SaaS (Software as a Service) | Ferdige applikasjoner levert over internett | Microsoft 365, OpenAI |
Virtuelle tjenester
| Type | Forklaring | Eksempler |
|---|---|---|
| Virtuelle servere | Maskiner som kjører på virtualiserte plattformer | VM i Proxmox, VMware |
| Containerløsninger | Isolerte applikasjoner i containere | Docker, Kubernetes |
| Virtuelle nettverk | Logiske nettverk som sikrer kommunikasjon | VLAN, VPN |
Utforskingsområder
- Sammenlign ulike typer skytjenester
- Sett opp en enkel VPS og test fjernpålogging med SSH
- Opprett containere med Docker
To govern users, accesses and rights within the relevant systems
The focus doth lie in ensuring that the right person hath the right access to resources in a safe manner.
| Realm | Examples | Explanation |
|---|---|---|
| User Catalogue | Active Directory, Azure AD | The handling of users and authentication. |
| Resource Control | Shared Folders, SharePoint | Governing read/write access. |
| Remote Access | VPN | Securing access to the network from afar. |
| Network Segmentation | VLAN Policies | Diverse accesses by connection point. |
| Role-Based Access | RBAC | Rights according to need/role. |
| Logging | Monitoring Systems | Traceability in case of unwanted events. |
Exploration Areas
- Create multiple local users on one machine and test different rights (standard user vs. administrator).
- Investigate how file and folder rights function (read, write, change).
- Create a simple shared folder in Windows or Linux and test access from another machine.
- Perchance employ a virtual machine to simulate “server” and test simple login from “client”.
Explore and describe relevant network protocols, network services, and server roles
Here one doth learn how communication, services, and server functions do operate within a network.
Network Protocols
There exist many protocols, here are some of the most used:
| Protocol | Explanation | Use Case |
|---|---|---|
| TCP/IP | Standard for communication | Internet and local networks |
| UDP | Sends data without confirmation | Streaming, VoIP |
| DHCP | Assigns IP addresses | Network access |
| DNS | Translates domain names to IP | Web services |
| HTTP/HTTPS | Web traffic | Web-based applications |
| FTP/SFTP | File transfer | Between servers and clients |
| NFS/SAMBA/CIFS | File sharing | Shared folders |
| SMTP/IMAP/POP3 | Communication | |
| SSH | Secure remote control | Administration |
Network Services
By services, we mean the very functions servers do offer:
| Service | Explanation |
|---|---|
| DHCP server | Assigns IP addresses |
| DNS server | Translates domain names |
| VPN server | Secure external access |
| Proxy | Filters traffic |
| File and printer services | Sharing of resources |
| Monitoring servers | Collects log data and statistics |
Server Roles
Server roles do refer to the specific functions a server may have within a network; a working title for a server:
| Role | Explanation |
|---|---|
| Web server | Delivers web pages |
| File server | Stores and shares files |
| App server | Runs applications |
| Print server | Handles printers |
| Domain Controller | Manages users and groups |
Exploration Areas
- Set up a simple web server with Nginx or Apache2
- Create a shared folder with SAMBA
- Make an overview of protocols used in a network
To devise and chronicle labours and IT solutions
The skill doth concern itself with structuring, documenting, and standardising IT work for better operation and maintenance.
| Theme | Explanation |
|---|---|
| Planning | Tasks, schedules, and responsibilities. |
| Documentation | Network maps, IP plans, backup routines. |
| Standardisation | Common checklists for secure operation. |
Areas of Exploration
- Create a network map for a school or company
- Develop a checklist for security review
Explore perils to data security and account for the present threat landscape and how such threats may affect an open societal discourse and trust in democracy
The focus is to understand which digital threats do exist and how they may impact both enterprises and society.
| Threat | Explanation | Consequence |
|---|---|---|
| Cyber Attacks | Unauthorised access to information | Loss of data and trust |
| Misinformation | False news and manipulated data | Diminished trust |
| Denial of Service (DDoS) | Overloading of services | Unavailable systems |
| Privacy Breach | Sharing without consent | Loss of trust |
Areas of Exploration
- Analyse a known cyber attack (e.g. WannaCry)
- Discuss how misinformation doth spread digitally
- The television series Mr. Robot doth illustrate many data security threats
Perform a risk analysis of networks and services within an enterprise’s systems and propose measures to reduce the risk
The aim is to identify potential problems and suggest solutions to minimise risk in IT operations.
| Step | Description |
|---|---|
| 1. Value Assessment | What must be protected? |
| 2. Risk Identification | What may go awry? |
| 3. Probability and Consequence | How grievous is the risk? |
| 4. Measures | Backup, firewall, training |
| 5. Documentation | Record improvements |
See a separate Excel template from the instructor, or view the Risk Analysis page at NDLA
Exploration Areas
- Perform a simple risk analysis of a fictitious company
- Use the NDLA template for risk analysis
- Propose measures based on findings
Simplify and automate work processes in the development of IT solutions
This competence objective doth concern the use of tools and scripting to save time and reduce errors in IT work.
| Area | Examples | Benefit |
|---|---|---|
| Scripting | PowerShell, Bash, Python | Automation of repetitive tasks |
| CI/CD | GitHub Actions | Automatic testing and deployment |
| Configuration | Winget, Chocolatey, Ansible | Rapid setup from templates |
| Monitoring | Email notifications, Grafana | Detect errors early |
Docker doth also function excellently for automating (simplifying) the deployment of applications.
Exploration areas
- Create a PowerShell or Bash script for user creation or machine configuration
- Automate a backup process and have it run regularly via cron or Task Scheduler
- Test GitHub Actions with simple CI/CD workflow
To devise, manage, and enact IT solutions which do safeguard information security and current statutes for privacy.
A focus upon ensuring that information and systems be secure, whilst privacy and the law are upheld.
| Principle | Explanation | Example |
|---|---|---|
| Confidentiality | Only the authorised have access | Encryption, access control |
| Availability | Systems shall function when needed | Redundancy, backup |
| GDPR | Rules for personal data | Data processing agreements |
Areas of Exploration
- Investigate how GDPR doth affect IT operation
- Compose a simple plan for backups
- Discourse measures to ensure confidentiality
To muse upon and describe how breaches of privacy may affect single persons, enterprises, and the commonwealth.
The aim is to comprehend the true consequences of data breaches for humankind, businesses, and society as a whole.
| Perspective | Consequence |
|---|---|
| Individual | Fear, identity theft |
| Enterprise | Loss of repute, fines |
| Commonwealth | Lower trust in democracy and technology |
Fields for Exploration
- Discourse upon well-known privacy breaches (e.g. Facebook leakages)
- The television series Black Mirror doth address themes concerning privacy and technology
Explore the data industry’s environmental footprint and consider measures to ensure sustainable choices in IT solutions
The competence doth focus on how the IT industry doth affect the environment and how one may make more sustainable choices.
| Theme | Measure |
|---|---|
| Energy Usage | Green energy, energy-efficient data centres |
| Hardware Waste | Reuse, repair, lifecycle management |
| Software | Optimal resource usage, virtualisation |
| Procurement | Environmentally certified suppliers |
Exploration Areas
Create an overview of the power consumption of various IT components in a home network, such as routers, servers and computers.
Investigate how virtualisation can reduce the number of physical machines that must be on at the same time.
Divers Subjects Interwoven
The Arts of Development, User Support, and Operational Support do overlap in sundry ways. Here doth one behold how these Arts are linked, and wherefore ‘tis profitable to comprehend the whole.
📄 Documentation (Development + User Support + Operational Support)
All three disciplines do concern themselves with the crafting of good documentation, albeit with differing focus:
- In Development are writ README files and API documentation. In User Support doth the selfsame information become a user’s guide. In Operational Support is it employed to set up the application upon a server.
- A README which doth describe environment variables and
requirements.txtis technical documentation, yet also operational documentation. - Network diagrams and IP plans from Operational Support do aid the developers in understanding the network environment, and User Support in explaining unto the users when troubles arise.
🔐 Security and Privacy (Development + User Support + Operational Support)
Security doth appear in all three disciplines, yet on divers levels:
- In Development, one doth hash passwords and validate input. In User Support, one guideth users in strong passwords and MFA. In Operational Support, the firewall and HTTPS upon the server are configured.
- Nginx as a reverse proxy with SSL (Operational Support) and HTTPS support in the Flask code (Development) must work in concert. Both disciplines labour with encryption, but in their own layers.
- All three disciplines work with GDPR, but from each their own angle: code, communication, and infrastructure.
🧪 Troubleshooting (Development + User Support + Operational Support)
Troubleshooting doth lie at the heart of all three disciplines. The methods differ, yet do complement one another:
- In User Support, the method of bisection is employed to discern the source of the failing. In Development, application logs and stack traces are perused. In Operational Support, servers are monitored with tools such as Grafana.
- The selfsame fault may appear diverse from each perspective: the user doth behold an error message, the developer a bug within the code, and Operational Support doth observe the server to be overburdened.
docker logsdoth reveal application faults (Development), whilst Grafana doth display server resources (Operational Support). Both tools are needful to discover the cause.
🔄 Version Control and Deployment (Development + Operational Support)
Git is employed in both disciplines, yet for divers purposes:
- In Development, Git doth serve for branching, pull requests, and collaboration upon the code. In Operational Support, server configuration and scripts are version controlled.
- CI/CD doth bind the disciplines together: the developer doth merge code, GitHub Actions doth run tests, and a pipeline doth deploy the new version upon the server.
- Both disciplines do employ commit messages and change logs to track what hath been altered and wherefore.
📡 Troubling of Infrastructure (User Support + Operational Support)
User Support and Operational Support do share many a method for discerning faults:
- The Halving Method from User Support is no less helpful for network failings in Operational Support: doth other networks function? Doth it serve other users well?
- In User Support, one doth learn to distinguish ‘twixt user error and system fault. In Operational Support, one doth learn to distinguish ‘twixt network failing and server failing. Both concern systematic fault-finding.
- Information such as time, the number affected, and error messages are of import in both crafts, to narrow what doth ail.
⚖️ Laws and Privacy (Operational Support + Development)
GDPR and the Personal Data Act do affect both the code and the infrastructure:
- In Development, the deletion of user data is built into the code. In Operational Support, one doth ensure that the data truly vanish from database and backup.
- Data minimisation is a principle in Development (gather only necessary data). In Operational Support, ‘tis about logs and backup not storing more than need be.
- Both disciplines must document which personal data are processed, yet in Development ‘tis concerning the code, and in Operational Support, the infrastructure.
Overarching Themes
Within the Curriculum (LK20), there be three overarching themes which shall shape the instruction across all subjects. Here are examples of how they do pertain to Operational Support.
🏥 Of Public Health and the Mastery of Life
The infrastructure thou dost maintain doth affect the daily lives of all who employ the systems. Security and stability do create assurance.
- A secure infrastructure, with systems updated, firewall established, and access controlled, doth protect the users’ digital identity.
- Good documentation and routines do lessen stress in times of fault, for one need not then improvise.
🏛️ Demokrati and Civic Duty
Stable IT operation is a prerequisite that digital services be accessible unto all.
- Uptime and availability doth assure that all users have equal access to digital services
- Network segmentation with VLAN doth provide just and secure resource allocation ‘twixt user groups
- Logging and traceability doth enable the verification of events, which is of import for accountability
🌱 Sustainable Development
IT operation doth bear a direct impress upon the environment, through the consumption of power and hardware. The choices thou makest do influence the usage of resources.
- Virtualisation with Proxmox or Docker doth allow thee to run many services upon fewer physical machines, which doth reduce power consumption.
- Maintenance and upgrading of existing hardware doth prolong its life and reduce e-waste.
- Proper capacity planning doth avoid overprovisioning which doth waste resources.