Server Hardware and OS; Clients CSC 363 18 February, 1999.

Server Hardware and OS; Clients

CSC 363

18 February, 1999

Announcements

• Group Projects---how’s it going?

Server Hardware-Speed is King

• Processor

• Disk

• Memory

• NIC

Processors

• Single-vs. dual/multi processors

• MgHz, Paging and other specs

Processors, cont.

• RISC vs. Wintel

Disk

• Seek time

• Access time

• RPMs

• Partitioning

Disk Management

• RAID Arrays

• Striping

• Mirroring

• Backups

Memory

• How much

• What kind

NICs

• When speed counts

• Selecting

Problem:

• You are planning a network for a medical practice that doesn’t have many client computers to support, but that stores very large graphical files, such as MRI and X-ray images, on their server. Which hardware component will require more than average capacity?

NOS

• Common NOSs– Windows NT– Novell NetWare– OS/2--/Warp– UNIX– LANtastic!– Banyon-Vines

Server Software

• User account management (profiles)

• Security

• Central Licensing

• Data Protection

• Multitasking and Multiprocessing.

User Profiles• NT stores the profile information for each

user - Winnt\Profiles - including:– Network drive mappings– NT Domains/Printers– All icons on the desktop– Contents of all menus reachable from the Start

button– names of recently opened files– Desktop color scheme and configuration

Types of Profiles

• Local Profile – stored on client machine and used when logged

onto that machine

• Roaming Profile– stored on a server and downloaded to local

machine when user logs on to server

Security Model

GOLDMAN: LAN FIG. 12-11

Security Reference

Monitor Sub-System

Local Security Authority

Win32 Subsystem

Security Account Manager

Logon Process

Win32 Application

User Accounts Database

Security Policy

Database

Audit Log

secure communication channel

USER MODE

KERNEL MODE

NT System Security

• NT is Object Oriented– Each user, group, file, etc. is an object– Each user, and group is assigned a unique

Security Identifier (SID) 32 bit random character

– All objects have a security descriptor containing:

NT System Security

– SID of the owner of the object– Discretionary ACL controlled by owner– System ACL controlled by Administrator

• Access Control List (ACL) is associated with each object, indicating what rights other objects have to this object

NT System Security

• NT associates a security Access Token for each running process.– Token determines what access rights the

process has.– Token contains

• SID of the user executing the process

• SIDs of all groups user belongs to

• Possibly SIDs of other (more privileged) users is the process is designed for impersonation

Account Access Token

• The NT key card

• Contains important information about the user, SID (security ID - 32 bit unique #)– Username, encrypted password, group

memberships, profile location, home directory, logon hours, etc.

• Could be local or domain (they don’t cross)

Access to the Server

• Domain– Collection of computers and related resources– At least 1 NT server– No geographical limits– First NT server is established as the PDC at

install– Others will be either BDC or Server– PDC holds the database of resource information


Domain

Workgroup

NT Server

domain security

database

NT Server

NT Server

NT ServerNT Server

Primary Domain

Controller

Backup Domain

Controller

Backup Domain

Controller

All security and access control list information is maintained on the Primary Domain Controller. Copies are stored on Backup Domain Controllers for reliability. Backup Domain Controllers promoted in case of Primary Domain Controller failure. Any Primary or Backup Domain Controller can log you in.

security security

securitysecurity

securitysecurity

Windows for Workgroups


Windows NT Workstation




Files and directories can be shared among the workgroup, but each workstation is responsible for maintaining their own user accounts and access control lists.

Central Licensing

Multitasking

• Multi-CPU

• Single-CPU– Time-Slicing=>

• Pre-emptive Multitasking=>

• Cooperative Multitasking=>

Client Characteristics

• Drive designations/mapping

• Requesters (Novell)

• Redirector (Microsoft/IBM)

Peripherals

• Print requests

• Peripheral Ports

Installing NT Server

• Hardware Compatability List (HCL)

• Server Naming– NetBIOS Names

• 15 characters max length

• Planning naming conventions

• Domain name for server-based network

• Workgroup name for Win95 network


Domain

Workgroup

NT Server

domain security

database

NT Server

NT Server

NT ServerNT Server

Primary Domain

Controller

Backup Domain

Controller

Backup Domain

Controller

All security and access control list information is maintained on the Primary Domain Controller. Copies are stored on Backup Domain Controllers for reliability. Backup Domain Controllers promoted in case of Primary Domain Controller failure. Any Primary or Backup Domain Controller can log you in.

security security

securitysecurity

securitysecurity







Files and directories can be shared among the workgroup, but each workstation is responsible for maintaining their own user accounts and access control lists.

Domains in NT

• Domain Controllers

• Primary Domain Controllers (PDC)

• Backup Domain Controllers (BDC)

Domains• Objects

– Computers• Servers - running NT Server

• Workstations - clients

– Users - people with access rights in the domain– Groups - administrative collective of users

• used to categorize and simplify the management of users

• Can be local or global

– Printers

Problem

• You must install 200 computers in a new network for your new company headquarters. There will be 3 physical LANs there, reflecting the divisions of Acquisitions, Financing, and Operations. All LANs will be connected and each will have its own server and approximately 1/3 of the client computers. Each will have its own set of printers and you expect each will grow in (servers and clients) in the coming years. You also expect to add another LAN for Financing sometime in the near future. Implement a NetBIOS naming scheme for this network.

Domain Database

• User account is basis of security

• Rights are set using the User Manager tool (either local or for the Domain)

• Can set a Policy which creates a “template” for all users created after it

NT Network Configuration

• Server can only hold a single database

• Server can only be PDC OR BDC

• Database can be partitioned– Server can still only hold one partition

9

Configuring the NIC

• Protocol Determination– TCP/IP

– IPX

– NetBEUI

TCP/IP Installation

• IP Address:

• Subnet masks:

• Default Gateways

• Auto vs. manual config:

Problem

• You are installing the first server for your company. Which server role is most appropriate for this server?

Problem

• You are installing a server for a small recycling business. After interviewing the customer, you determine that the network will most likely never grow beyond a single server; that Internet access is not required, and that the company does not want to pay for network administration once the network is installed. Which transport protocol is most appropriate?

Problem

• You are designing a network for a computer software design group with many offices around the country. They tell you they would like to connect the servers in their various offices using the Internet. Which transport protocol is most appropriate?

Problem

• When one of the users on your network prints to the central laser printer, nothing but strange characters appear. The printer works fine for everyone else.

• What is wrong?

• How can you fix it?

Sharing Output Devices

• Print Drivers

• Sharing Printers

• Fax Modems

Messaging/E-Mail

• Clients

• Servers

• Protocols– POP– SMTP– IMAP– MAPI– X.400/X.500

GroupWare

• Calendaring

• Scheduling

• Messaging

• Document and Application Sharing

• Revision tracking

Shared Network Applications

• Licensing advantages

• Maintenance advantages

Client OpSysFeature

Windows '95

NT Workstation OS/2 MS-DOS Macintosh UNIX

Applications16-bit and 32-bit capable

32-bit; Can run '95 or NT apps

32-bit OS; Supports DOS and OS/2 appls, and some Windows software.

8-bit to 32-bit OS capable, though cannot take advantage of 32-bit features.

DOS and Windows emulators allow some DOS/Win apps to run on Mac

Server/client OS. 32- and 64-bit capability

Multitasking

cooperating and pre-emptive multitasking

preemptive multitasking

Preemptive, multithreading.

No multitasking. Only one prg can run at a time.

Cooperative and preemptive multitasking.

Preemptive multitasking with multithreading.

Hardware

386/486/P/Ppro okay; No RISC; Single processor only

486/66 w/16Mb RAM minimum config. Supports RISC processors and dual-processor configurations

Wintel; RISC. 386 w/8Mb RAM min. config. No support for multiple processors

8088/8086 with 640Kb of RAM

Motorola 68000 and RISC (PowerPC/PowerMac). Can support multiple processors but does not do load balancing or multi-processing.

x86 and RISC; SUN (Solaris), SGI (Irix), HP (HP-UX) (all have their own flavors of UNIX)

Drivers

DOS or 95 drivers; NT drivers do not work NT drivers only

DOS and OS/2 drivers DOS drivers only

Mac specific; Network drivers are build into the OS.

Unix drivers only--and flavor/brand specific

Configuring Clients--examples

Troubleshooting Client Connections

• NIC connections– cable mismatch– cable poor connection– duplicate IP address– jumper settings– IRQ and Port problems

10Base2 Problems

• Bus interrupts– disconnection of a PC– damage to cable– faulty connection– exceeded maximum segment length

Frame Types

• Set all devices to use the same frame type

• Set frame types manually– Ethernet_802.2=>recommended by MS and

Novell– Ethernet_802.3– Ethernet_SNAP– Ethernet_II

Cable Testing

• Time-domain reflectometer=>indicates what and where cable problems have occurred

Other Problems

• ResourcesFix Your Own LAN

Server Hardware and OS; Clients CSC 363 18 February, 1999.

Documents

Transcript of Server Hardware and OS; Clients CSC 363 18 February, 1999.