Chapter 14 Windows Operating System s
description
Transcript of Chapter 14 Windows Operating System s
Understanding Operating Systems, Fourth Edition 2
ObjectivesObjectives
You will be able to describe:
• The importance of MS-DOS in early Windows releases
• The design goals for Windows operating systems
• The role of the Memory Manager, especially the Virtual Memory Manager
• The use of the Device, Processor, and Network Managers in recent versions of Windows
• The role of the NT file system in file management
Understanding Operating Systems, Fourth Edition 3
Objectives (continued)Objectives (continued)
You will be able to describe:
• The challenges for Windows system security today
• How the current Windows user interface functions
Understanding Operating Systems, Fourth Edition 4
Windows DevelopmentWindows Development
Table 14.1: Windows Development
Early Windows GUI Products ran “on top of” MS-DOS
Understanding Operating Systems, Fourth Edition 5
Windows DevelopmentWindows Development (continued) (continued)
• Windows for Workgroups:– First Windows product to accommodate the needs of
network users – Could easily share directories, disks, and printers
among several interconnected machines– Allowed personal intercommunication through e-mail
and chat programs– Intended for small or mid-sized groups of PCs for
small businesses or small departments of larger organizations
Understanding Operating Systems, Fourth Edition 6
Operating Systems for Single UsersOperating Systems for Single Users
• Disadvantages of running Windows on top of MS-DOS: – Little built-in security– Couldn’t perform multitasking– Had no interprocess communication capability– Written to work closely with the microcomputer’s
hardware• Making it difficult to move OS to other platforms
• Microsoft developed and released a succession of Windows OSs (not mere GUIs) to appeal to home and office users
Understanding Operating Systems, Fourth Edition 7
Operating Systems for Single UsersOperating Systems for Single Users (continued)(continued)
Table 14.2: Evolution of key Microsoft Windows operating systems for home and professional use
Understanding Operating Systems, Fourth Edition 8
Operating Systems for NetworksOperating Systems for Networks
• Development of Windows NT (more powerful networking products):– Windows NT never relied on MS-DOS for support– Primary market requirements include:
• Portability• Multiprocessing capabilities• Distributed computing support• Compliance with government procurement
requirements• Government security certification
– The finished product was introduced in 1993
Understanding Operating Systems, Fourth Edition 9
Operating Systems for Networks Operating Systems for Networks (continued) (continued)
Table 14.3: Evolution of key Microsoft Windows networking operating systems. All have evolved from Windows NT
Understanding Operating Systems, Fourth Edition 10
Operating Systems for Networks Operating Systems for Networks (continued) (continued)
• Microsoft offered Windows NT in several versions:– Windows NT Workstation for individuals needing a
desktop operating system– Windows NT Server for small to medium-sized
offices, Web servers, and off-site locations– Windows NT Server Enterprise Edition for larger and
more complex networks
Understanding Operating Systems, Fourth Edition 11
Operating Systems for Networks Operating Systems for Networks (continued) (continued)
• In 1999, Windows NT name was changed to Windows 2000 and was available in four packages: – Windows 2000 Professional– Windows 2000 Server– Windows 2000 Advanced Server– Windows 2000 Datacenter Server
• Designed for large data warehouses and other data-intensive business applications
• Supported up to 64 GB of physical memory
• Windows Server 2003 was also released with these same four packages plus a Web edition
Understanding Operating Systems, Fourth Edition 12
Design GoalsDesign Goals
• To accommodate various needs of its users and to optimize resources, the Windows design team identified five design goals: – Extensibility– Portability– Reliability– Compatibility– Performance
Understanding Operating Systems, Fourth Edition 13
ExtensibilityExtensibility
• Allows the system to be easily enhanced• To ensure the integrity of code, designers
separated operating system functions into:– Privileged executive process (kernel mode)
• Refers to a processor’s mode of operation in which all machine instructions are allowed
• System memory is accessible– Nonprivileged processes “protected subsystems”
(user mode):• Certain instructions are not allowed • System memory isn’t accessible
Understanding Operating Systems, Fourth Edition 14
Extensibility Extensibility (continued) (continued)
• Windows designers also included four more features to ensure extensibility:– Modular structure so new components can be
added to the executive process– Objects, a group of abstract data types manipulated
by a special set of services • Allow system resources to be managed uniformly
– Drivers for new file systems, devices, and networks that can be added to the system at any time
– Remote procedure call • Allows an application to call remote services
regardless of their location on the network
Understanding Operating Systems, Fourth Edition 15
PortabilityPortability
• Ability to operate on different machines that are based on different processors or configurations with a minimum amount of recoding
• To achieve this goal, Windows development followed certain guidelines:– Written in a standardized, high-level language
available in all machines– System accommodated hardware to which it was
expected to be ported– Minimized code that interacted directly with the
hardware — to reduce incompatibility errors
Understanding Operating Systems, Fourth Edition 16
PortabilityPortability (continued)(continued)
(continued)– Isolation of all hardware-dependent code into
modules - that could be easily modified whenever the operating system was ported
• Windows NT and successors have the following features:– Modular code– Much of Windows is written in C– Contains a hardware abstraction layer (HAL)
• A dynamic-link library that provides isolation from hardware dependencies furnished by different vendors
Understanding Operating Systems, Fourth Edition 17
ReliabilityReliability
• Refers to the robustness of a system and its ability to protect itself and its users from accidental or deliberate damage by user programs
• Following features strengthen the system:– Structured exception handling– Modular design– NTFS File System (NT File System) which can
recover from all types of errors– U.S. government-certifiable security architecture– Virtual memory strategy
Understanding Operating Systems, Fourth Edition 18
CompatibilityCompatibility
• Refers to an operating system’s ability to execute programs written for other operating systems or for earlier versions of the same system– Use of protected subsystems
• Provides execution of applications that are different from its primary programming interface
– Provides source-level compatibility with POSIX applications
– Recent versions of Windows support already-existing file systems, e.g., MS-DOS FAT, CDFS, and NTFS
– Built-in verification of important hardware and software
Understanding Operating Systems, Fourth Edition 19
PerformancePerformance
• Several features that help Windows achieve good performance levels include:– Testing and optimization of system calls, page faults,
and other crucial processes – Incorporation of local procedure call (LPC) — to
guarantee fast communication among the protected subsystems
– Speed of frequently used system services is maximized
– Critical elements of Windows’ networking software are built into privileged portion of operating system
Understanding Operating Systems, Fourth Edition 20
Memory ManagementMemory Management
• Every operating system uses its own view of physical memory and makes its application programs access memory in specified ways
• When physical memory becomes full, the Virtual Memory Manager pages some of the memory contents to disk, freeing physical memory for other processes
• Challenge for all Windows OSs: To run application programs written for Windows, MS-DOS, or POSIX without programs crashing into each other’s memory
Understanding Operating Systems, Fourth Edition 21
Memory Management Memory Management (continued) (continued)
Memory layout in recent versions of Windows:• Operating system resides in high virtual memory
and the user’s code and data reside in low virtual memory
• User process can’t read or write to system memory directly
• All user-accessible memory can be paged to disk, as can the segment of system memory labeled paged pool
• Segment of system memory labeled nonpaged pool is never paged to disk
Understanding Operating Systems, Fourth Edition 22
Memory Management Memory Management (continued) (continued)
Figure 14.1: Layout of Windows memory
Understanding Operating Systems, Fourth Edition 23
User-Mode FeaturesUser-Mode Features
• VM Manager allows user-mode subsystems to share memory efficiently
• Provides services that a process can use to manage its virtual memory in the following ways:– Allocate memory in two stages– Read and/or write protection for virtual memory– Lock virtual pages in physical memory– Retrieve information about virtual pages– Protect virtual pages– Rewrite virtual pages to disk
Understanding Operating Systems, Fourth Edition 24
Virtual Memory ImplementationVirtual Memory Implementation
• Virtual Memory Manager relies on:– Address space management – Paging techniques
• Address Space Management: – Upper half of the virtual address space is accessible
only to kernel-mode processes– Code in the lower part of this section, kernel code
and data, is never paged out of memory
Understanding Operating Systems, Fourth Edition 25
PagingPaging
• Pager: Part of VM manager that transfers pages between page frames in memory and disk storage and is a complex combination of:– Software policies
• Determine when to bring a page into memory and where to put it
– Hardware mechanisms • Include the exact manner in which the VM Manager
translates virtual addresses into physical addresses
• Pager is not portable • Windows keeps this code small and well isolated
Understanding Operating Systems, Fourth Edition 26
Paging (continued) Paging (continued)
• Paging policies dictate how and when paging is done and are composed of: – Fetch policy
• Determines when the pager copies a page from disk to memory
– Placement policy• Determines where the virtual page is loaded in
memory– Replacement policy
• Determines which virtual page must be removed from memory to make room for a new page
Understanding Operating Systems, Fourth Edition 27
Processor ManagementProcessor Management
• Windows is a preemptive-multitasking, multithreaded operating system
• Process in Windows NT-derived OS requires at least one thread of execution. By default, a process contains one thread, which is composed of:– A unique identifier– Contents of a volatile set of registers indicating
processor’s state– Two stacks used during the thread’s execution– Private storage area used by subsystems and
dynamic-link libraries
Understanding Operating Systems, Fourth Edition 28
Processor Management Processor Management (continued) (continued)
Threads:
• Thread components are called the thread’s context
• Actual data forming this context varies from one processor to another
• Kernel schedules threads for execution on a processor
• The thread is what actually executes the code
• The overhead incurred by a thread is minimal
Understanding Operating Systems, Fourth Edition 29
Processor Management Processor Management (continued) (continued)
Figure 14.2: Unitasking in Windows
Understanding Operating Systems, Fourth Edition 30
Processor Management Processor Management (continued) (continued)
Multithreading:
• For systems with multiple processors, a process can have as many threads as there are CPUs available
• All threads belonging to one process share its global variables, heap, and environment strings
• Versions of Windows since NT include some synchronization mechanisms to avoid problems with multiple threads
Understanding Operating Systems, Fourth Edition 31
Processor Management Processor Management (continued) (continued)
Figure 14.3: Multitasking using multithreading
Understanding Operating Systems, Fourth Edition 32
Device ManagementDevice Management
• The I/O system in Windows NT and its networking descendents was designed to provide following:– Multiple installable file systems including FAT,
CDFS, and NTFS– Services to make device-driver development as easy
as possible yet workable on multiprocessor systems– Ability for system administrators to add drivers to the
system or remove them from the system dynamically– Fast I/O processing while allowing drivers to be
written in high-level language– Mapped file I/O capabilities for image activation, file
caching, and application use
Understanding Operating Systems, Fourth Edition 33
Device Management Device Management (continued) (continued)
• The I/O system is packet driven i.e., every I/O request is represented by an I/O request packet (IRP)– An IRP is a data structure that controls how the I/O
operation is processed at each step
• I/O Manager – Creates an IRP that represents each I/O operation– Passes the IRP to the appropriate driver– Disposes of the packet when the operation is
complete
Understanding Operating Systems, Fourth Edition 34
Device Management Device Management (continued) (continued)
Table 14.4: Example showing how a device object is created from an instruction to read a file
Understanding Operating Systems, Fourth Edition 35
Device Management Device Management (continued) (continued)
• Tasks of I/O Manager: – Supplies code, common to different drivers– Manages buffers for I/O requests– Provides time-out support for drivers– Records which installable file systems are loaded
into the operating system– Provides flexible I/O facilities
• Allow subsystems such as POSIX to implement their respective I/O application programming interfaces
– Allows device drivers and file systems to be loaded dynamically based on the needs of the user
Understanding Operating Systems, Fourth Edition 36
Device Management Device Management (continued) (continued)
• Windows provides a device-independent model for I/O services– This model takes advantage of a concept called a
“multilayered device driver”
• Each device driver is made up of a standard set of routines including the following:– Initialization routine, dispatch routine, start I/O
routine, completion routine, unload routine, error logging routine
Understanding Operating Systems, Fourth Edition 37
Device Management Device Management (continued) (continued)
• I/O Manager must determine from the file object’s name which driver should be called to process the request of accessing a file. It uses:– Driver object:
• Represents an individual driver in the system• I/O Manager creates it when a driver is loaded into the
system • A driver object may have multiple device objects
connected to it– Device object:
• Represents a physical, logical, or virtual device on the system and describes its characteristics
Understanding Operating Systems, Fourth Edition 38
Device Management Device Management (continued) (continued)
Figure 14.4: The driver object from Table 14.4 is connected to several device objects. The last device object points back to the driver object
Understanding Operating Systems, Fourth Edition 39
Device Management Device Management (continued) (continued)
• The list of device objects represents the physical, logical, and virtual devices that are controlled by the driver
• Advantages to representing devices and drivers with different objects: – Provides portability: Frees the I/O manager from
having to know details about individual drivers• It just follows a pointer to locate a driver
– Allows new drivers to be easily loaded– Easier to assign drivers to control additional or
different devices if system configuration changes
Understanding Operating Systems, Fourth Edition 40
Device Management Device Management (continued) (continued)
Figure 14.5: Interaction of I/O Manager with a layered device driver to write data to a file on a hard disk
Understanding Operating Systems, Fourth Edition 41
Device Management Device Management (continued)(continued)
• The I/O Manager knows nothing about the file system
• Overhead involved when the I/O Manager passes requests for information back and forth– Uses single-layer device driver approach for simple
devices, e.g., serial and parallel printer ports– Uses multilayered approach for more complicated
devices, e.g., hard drives
• Almost all low-level I/O operations are asynchronous
Understanding Operating Systems, Fourth Edition 42
File ManagementFile Management
• Current versions of Windows are designed to be independent of the file system on which they operate
• Windows supports multiple file systems for hard disks including:– MS-DOS’s FAT file system – 32-bit FAT file system– NTFS
• NTFS extends the capabilities of the FAT and FAT32 file systems
Understanding Operating Systems, Fourth Edition 43
File Management File Management (continued)(continued)
• NTFS extends the capabilities of the FAT and FAT32 file systems by adding:– File system recovery – Ability to handle large storage media, on the order of
approximately 17 billion gigabytes in size– Security features, including execute-only files– Unicode filenames– Support for the POSIX operating system
environment– Features for future extensibility
Understanding Operating Systems, Fourth Edition 44
File Management File Management (continued)(continued)
• Primary file handling concept in current versions of Windows is the virtual file
• Programs perform I/O on virtual files, manipulating them by using file handles– An executive file object that represents all sources
and destinations of I/O• Processes call native file object services such as
those to read from or write to a file• I/O Manager directs these virtual file requests to
real files, file directories, physical devices
Understanding Operating Systems, Fourth Edition 45
File Management File Management (continued)(continued)
• File objects:– Have hierarchical names, – Protected by object-based security– Support synchronization– Handled by object services
• When opening a file, a process supplies the file’s name and the type of access required
Understanding Operating Systems, Fourth Edition 46
File Management File Management (continued)(continued)
File objects:
• Help bridge the gap – Between the characteristics of physical devices and
directory structures, file system structures, and data formats
• Provide a memory-based representation of shareable physical resources
• Are created with a new set of handle-specific attributes each time a process opens a handle
Understanding Operating Systems, Fourth Edition 47
File Management File Management (continued)(continued)
Figure 14.6: Illustration of a file object, its attributes, and the services that operate on them
Understanding Operating Systems, Fourth Edition 48
File Management File Management (continued)(continued)
Table 14.5: Description of the attributes shown in Figure 14.6
Understanding Operating Systems, Fourth Edition 49
File Management File Management (continued)(continued)
• Mapped file I/O is an important feature of the I/O system – Achieved through the cooperation of the I/O system
and the VM Manager• Memory-mapped files exploit virtual memory
capabilities• Cache manager uses mapped I/O to manage its
memory-based cache• NTFS supports long filenames that can include
spaces and special characters– Automatically shortens filenames when required
Understanding Operating Systems, Fourth Edition 50
Network ManagementNetwork Management
• Networking is an integral part of the Windows NT-based operating systems and provides services such as: – User accounts, resource security– Mechanisms used to implement communication
between computers, such as with named pipes and mailslots
• Named pipes provide a high-level interface for passing data between two processes regardless of their locations
• Mailslots provide one-to-many and many-to-one communication mechanisms
Understanding Operating Systems, Fourth Edition 51
MS-NETMS-NET
• Microsoft Networks(MS-NET) was released in 1984 and became the model for the NT Network Manager
• Three MS-NET components:– Redirector– Server message block (SMB) protocol– Network server
• MS-NET components were extensively refurbished and incorporated into Windows NT and later versions
Understanding Operating Systems, Fourth Edition 52
MS-NET MS-NET (continued)(continued)
• Redirector:– Coded in the C programming language– Implemented as a loadable file system driver – Not dependent on the system’s hardware
architecture– Function: To direct an I/O request from a user or
application to the remote server that has the appropriate file or resource
• A network can incorporate multiple redirectors
Understanding Operating Systems, Fourth Edition 53
MS-NET MS-NET (continued)(continued)
SMB Protocol: • A high-level specification for formatting messages
to be sent across the network • Correlates to the application layer (layer 7) and the
presentation layer (layer 6) of the OSI model • An API called NetBIOS interface is used to pass
I/O requests structured in the SMB format to a remote computer
• Both SMB protocols and NetBIOS API were adopted in several networking products before appearing in Windows
Understanding Operating Systems, Fourth Edition 54
MS-NET MS-NET (continued)(continued)
Windows Server operating systems:
• Written in C for complete compatibility with existing MS-NET and LAN manager SMB protocols
• Implemented as loadable file system drivers
• Have no dependency on the hardware architecture on which the operating system is running
Understanding Operating Systems, Fourth Edition 55
MS-NET MS-NET (continued)(continued)
Figure 14.7: Implementation of the seven layers of the OSI reference model in the Windows Network Manager
Understanding Operating Systems, Fourth Edition 56
Directory ServicesDirectory Services
• Active Directory: Database that stores all types of information so it can be a general-purpose directory service for a heterogeneous network– Built entirely around DNS and LDAP– Groups machines into administrative units called
domains• Each domain gets a DNS domain name (e.g., pitt.edu)• Each domain must have at least one domain controller• A domain can have more than one domain controller
– Active Directory clients use standard DNS and LDAP protocols to locate objects on the network
Understanding Operating Systems, Fourth Edition 57
Directory Services Directory Services (continued)(continued)
Figure 14.8: Active Directory clients use standard DNS and LDAP protocols to locate objects on the network
Understanding Operating Systems, Fourth Edition 58
Security ManagementSecurity Management
• Windows network operating systems provide an object-based security model– A security object can represent any resource in the
system: a file, device, process, program, or user– Allows administrators to give precise security access
to specific objects in the system while allowing them to monitor and record how objects are used
• Biggest concern in Windows OS: Need for aggressive patch management – To combat many viruses and worms that target
these systems
Understanding Operating Systems, Fourth Edition 59
Security BasicsSecurity Basics
• U.S. Department of Defense has identified and categorized OS features into seven levels of security
• To comply with the Class C2 level of security, Windows 2000 and above include the following features:– A secure logon facility– Discretionary access control – Auditing ability – Memory protection
Understanding Operating Systems, Fourth Edition 60
Security Basics Security Basics (continued)(continued)
• Windows strives to prevent access by unauthorized users by supporting a multilayered security system– Password management is the first layer of security– In NTFS, users encounter a second layer of security
that deals directly with file access security– Windows makes distinctions between owners and
groups– Users can decide what type of operations a person
is allowed to perform on a file– Gives the user auditing capabilities that
automatically keep track of who uses files and how
Understanding Operating Systems, Fourth Edition 61
Security TerminologySecurity Terminology
• Built-in security for recent Windows network OS is a necessary element for managers of Web servers and networks– Requires an authentication mechanism that allows a
client to prove its identity to a server– Client needs to supply authorization information
• Server uses it to determine which specific access rights have been given to client
– Needs to provide data integrity using a variety of methods
• Windows provide this with Kerberos security
Understanding Operating Systems, Fourth Edition 62
Security Terminology Security Terminology (continued)(continued)
Kerberos Security:• Provides authentication, data integrity, data
privacy, and mutual authentication• Each domain has its own Kerberos server• Microsoft has implemented the standard Kerberos
protocol• Microsoft has separated the users of distributed
security services from their providers– Allows support for many options without creating
unusable complexity
Understanding Operating Systems, Fourth Edition 63
Security Terminology Security Terminology (continued)(continued)
Figure 14.9: Requests from an application flow through a series of security providers, as do the responses from the network back to application
Understanding Operating Systems, Fourth Edition 64
User InterfaceUser Interface
• Desktop contains the icons for the tools and applications one can use to get work done– Users can use mouse, light pen, or stylus to move
around the desktop
• To start an application, users double-click an application icon or select it from the Start menu
• To quit an application, they can select Exit from the File menu or click the “x” in the top-right corner of the window
Understanding Operating Systems, Fourth Edition 65
User Interface User Interface (continued)(continued)
• Start Menu divides functions into logical groups and from here users access common functions including the following:– All Programs – My Documents, My Pictures, My Music, My
Computer– Control Panel, Help and Support – Search, Run, Log Off, Turn Off Computer
Understanding Operating Systems, Fourth Edition 66
User Interface User Interface (continued)(continued)
Figure 14.10: A typical Windows Start Menu
Understanding Operating Systems, Fourth Edition 67
User Interface User Interface (continued)(continued)
• The Windows Task Manager:– Opened by pressing and holding the Ctrl, Alt, and
Delete keys– Allows user to view running applications and
processes, and set the priorities of each– Allows user to view information about performance,
networking, and other users logged into system• Windows Explorer: Contains directory and file
display tools and a file-finding tool– Features a series of pull-down menus: File, Edit,
View, Favorites, Tools, Help, etc.
Understanding Operating Systems, Fourth Edition 68
User Interface User Interface (continued)(continued)
• My Network Places: helps users identify and access network resources such as folders, printers, and connections to other nodes
• Command interface that resembles MS-DOS is available from most Windows desktops
• Keyboard shortcuts: e.g., Ctrl+C for copy• Built-in input methods and fonts for many
languages. – e.g., Administrator can select one or several
languages during installation• Windows also offers an on-screen keyboard
Understanding Operating Systems, Fourth Edition 69
SummarySummary
• Current Windows operating systems incorporate ease-of-use with the technical power to operate a network across several existing platforms
• Windows systems are designed to evolve modularly and consistently over time
• Portability feature eases the difficulty of migrating OS to new hardware platforms
• Security controls in Windows have helped OS gain inroads with organizations requiring consistent protection for their data and applications
Understanding Operating Systems, Fourth Edition 70
Summary (continued)Summary (continued)
• Windows’ authentication models support new user interfaces from bank teller machines to fingerprint or retinal scanners
• Allow the implementation of different security architectures, further extending the reach of Windows into the market
• Require aggressive patch management to combat viruses and worms