Report

System & Network Administration
1. Introduction to Microsoft Server

The system administrator is sometimes called the sysadmin or the systems administrator. Small organizations may have just one system administrator, whereas larger enterprises usually have a whole team of system administrators. The duties of a system administrator are wide-ranging, and vary widely from one organization to another. Sysadmins are usually charged with installing, supporting, and maintaining servers or other computer systems, and planning for and responding to service outages and other problems. Other duties may include scripting or light programming, project management for systems-related projects, supervising or training computer operators, and being the consultant for computer problems beyond the knowledge of technical support staff. A system administrator must demonstrate a blend of technical skills and responsibility in order to perform their job well.
1.1 What is Server

In most common use, server is a physical computer (a computer hardware system) dedicated to running one or more such services (as a host), to serve the needs of users of the other computers on the network. Depending on the computing service that it offers it could be a database server, file server, mail server, print server, web server, gaming server, or some other kind of server. In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients". The clients either run on the same computer or connect through the network. Servers often provide essential services across a network, either to private users inside a large organization or to public users via the Internet. In the hardware sense, the word server typically designates computer models intended for hosting software applications under the heavy demand of a network environment. Windows Server 2008, built with web and virtualization technologies, is the most robust, secure, and reliable foundation on which to develop, deliver, and manage rich user experiences and applications People drive business results. Amplify their impact and you create greater success. At Microsoft, we believe that people, when properly equipped with the right tools, can surmount even the most complex business challenges. Of the many options available to business, software has demonstrated a unique capacity to amplify the positive impact of people, help them overcome business management challenges and more effectively contribute to the bottom line.
System & Network Administration As part of helping people drive business success, Microsoft is looking to help them to manage complexity and achieve agility, protect information and control access, advance the business with IT solutions, and amplify their impact. By offering a productive platform for powering application networks, Web services and virtualization with Windows Figure 1.1 Server 2008, Microsoft helps you to improve service levels at a lower cost, enables you to build and operate a flexible platform to meet changing business demands, and provides you with capabilities to secure the IT platform on which your organization relies. The better we enable your people to be productive and resourceful, the more we can help you and the individuals in your organization drive business success today and into the future. IT infrastructure is a strategic asset and the critical foundation upon which software can deliver services and user applications that a business needs in order to operate effectively and succeed. Windows Server 2008 enables greater business success by providing a platform that supports mission critical solutions and applications, making them available to your organization when it needs them. Windows Server 2008 is the platform on which you can build your business. Windows Server 2008, built with web and virtualization technologies, enables you to increase the reliability and flexibility of your server infrastructure. New virtualization tools, web resources, and security enhancements help you save time, reduce costs, and provide a platform for a dynamic and optimized datacenter. Powerful new tools like IIS7, Windows Server Manager, and Windows PowerShell, allow you to have more control over your servers and streamline web, configuration, and management tasks. Advanced security and reliability enhancements like Network Access Protection and the Read-Only Domain Controller harden the operating system and protect your server environment to ensure you have a solid foundation on which to build your business. The following figure outlines the technology investments of Windows Server 2008:
Figure 1.2
1.2 Windows Server 2008 Editions

Because different kinds of customers need different features in their operating system, Microsoft offers multiple editions of Windows Server 2008, each oriented to the needs of specific types of customers. The following are summaries of each SKU
1.2.1 Windows Server 2008 Standard

Windows Server 2008 Standard is the most robust Windows Server operating system to date. Built with enhanced Web and virtualization capabilities, it is designed to increase the reliability and flexibility of your server infrastructure while helping save time and reduce costs. Powerful tools give you greater control over your servers and streamline configuration and management tasks. Plus, enhanced security features work to harden the operating system to help protect your data and network and provide a solid, highly-dependable foundation for your business.
1.2.2 Windows Server 2008 Enterprise

Windows Server 2008 Enterprise delivers an enterprise-class platform for deploying business-critical applications. Improve availability with failover clustering. Improve security with consolidated identity management features. Reduce infrastructure costs by consolidating applications with virtualization licensing rights. Windows Server 2008 Enterprise provides the foundation for a highly dynamic, scalable IT infrastructure. 3
1.2.3 Windows Server 2008 Datacentre

Windows Server 2008 Datacenter delivers an enterprise-class platform for deploying business-critical applications and large-scale virtualization on small and large servers. Improve availability with clustering and dynamic hardware partitioning capabilities. Reduce infrastructure costs by consolidating applications with unlimited virtualization licensing rights. Scale from 2 to 64 processors. Windows Server 2008 Datacenter provides a foundation on which to build enterprise-class virtualization and scale-up solutions.
1.2.4 Windows Web Server 2008

Designed to be used specifically as a single-purpose Web server, Windows Web Server 2008 delivers on a rock solid foundation of Web infrastructure capabilities in the next generation Windows Server 2008. Integrated with the newly re-architected IIS 7.0, ASP.NET, and the Microsoft .NET Framework, Windows Web Server 2008 enables any organization to rapidly deploy Web pages, Web sites, Web applications, and Web services.
1.2.5 Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems is optimized for large databases, line of business and custom applications providing high availability and scalability up to 64 processors to meet the needs of demanding and mission critical solutions.
1.2.6 Windows Server 2008 Standard without Hyper-V

Windows Server 2008 Standard without Hyper-V is the most robust Windows Server operating system to date. It is designed to increase the reliability and flexibility of your server infrastructure while helping save time and reduce costs. Powerful tools give you greater control over your servers and streamline configuration and management tasks. Plus, enhanced security features work to harden the operating system to help protect your data and network and provide a solid, highly-dependable foundation for your business. This product does not include the Hyper-V server role.
1.2.7 Windows Server 2008 Enterprise Without Hyper-V

Windows Server 2008 Enterprise without Hyper-V delivers an enterprise-class platform for deploying business-critical applications. Improve availability with failover clustering. Improve security with consolidated identity management features. Reduce infrastructure costs by consolidating applications with virtualization licensing rights. Windows Server 2008 Enterprise without Hyper-V provides the foundation for a highly dynamic, scalable IT infrastructure. This product does not include the Hyper-V server role.
1.2.8 Windows Server 2008 Datacentre without Hyper-V
System & Network Administration Windows Server 2008 Datacenter without Hyper-V delivers an enterprise-class platform for deploying business-critical applications and large-scale virtualization on small and large servers. Improve availability with clustering and dynamic hardware partitioning capabilities. Reduce infrastructure costs by consolidating applications with unlimited virtualization licensing rights. Scale from 2 to 64 processors. Windows Server 2008 Datacenter without Hyper-V provides a foundation on which to build enterprise-class virtualization and scale-up solutions. This product does not include Hyper-V server role.
1.3 Hardware Requirement
Table 1.1
1.4 Windows Server 2008 Editions - Features
1.4.1 New and Updated Features in Windows Server 2008

Datacenter Enterprise Standard Itanium Covered by server license. No incremental licensing requirements. Covered by server license. No incremental licensing requirements. Covered by server license. No incremental licensing requirements. Covered by server license, but incremental RMS CALs required, similar to Terminal Services. Covered by server license, but incremental TS CALs required, similar to AD Rights Management Services. Covered by server license. No incremental licensing requirements. Covered by server license. No incremental licensing requirements. Covered by server license. No incremental licensing requirements. New/Updated Feature License Requirements Web
Hyper-V
Internet Information Services 7.0
Network Access Protection AD Rights Management Services Terminal Services Gateway and RemoteApp
Server Manager
Windows Deployment Services Server Core
Table 1.2 6
System & Network Administration - Available - Not Available
1.5 Edition Comparison by Server Role

Datacenter Enterprise Server Role Standard Itanium
Web Services (IIS) Application Server Hyper-V* Print Services Active Directory Domain Services Active Directory Services Active Directory Services DHCP Server DNS Server Fax Server UDDI Services Windows Deployment Services Active Directory Certificate Services File Services Network Policy and Access Services Terminal Services Active Directory Federation Services Table 1.3 - Full - Partial/Limited Lightweight Rights
Directory
1 2 3 4
Management
- Not Available
For customers that do not need virtualization, Windows Server 2008 Standard, Enterprise and Datacenter editions are available without Windows Server 2008 Hyper-V Technology Limited to creating Certificate Authorities no other ADCS features (NDES, Online Responder Service). See ADCS role documentation on TechNet for more information 7
Web
System & Network Administration Limited to 1 standalone DFS root -Limited to 250 RRAS connections, 50 IAS connections and 2 IAS Server Groups Limited to 250 Terminal Services Gateway connections
1.6 Edition Comparison by Server Core Installation Option

The Server Core installation option of the Microsoft Windows Server 2008 operating system is a new option for installing Windows Server 2008. A Server Core installation provides a minimal environment for running specific server roles that reduces the maintenance and management requirements and the attack surface for those server roles. A Server Core installation supports the following server roles. Datacenter Enterprise Server Role Standard Itanium Not Available
Web Services (IIS) Hyper-V* Active Directory Domain Services Active Directory Services DHCP Server Server Core DNS Server Print Services File Services Lightweight
Directory
Table 1.4 - Full - Partial/Limited - Not Available
For customers that do not need virtualization, Windows Server 2008 Standard, Enterprise and Datacenter editions are available without Windows Server 2008 Hyper-V Technology Limited to 1 standalone DFS root
1.7 Differentiated Feature Comparison by Edition

Datacenter Enterprise Feature Standard Itanium 8
ADFS WebAgent Directory uIDM
Web
Web
System & Network Administration Desktop Experience Windows Clustering Windows Server Backup Windows Network Load Balancing (WNLB) Simple TCP/IP Services SMTP Subsystem (SUA) Telnet Client Telnet Server Microsoft Message Queuing (MSMQ) RPC Over HTTP Proxy Windows Internet Naming Service (WINS) Wireless Client Windows (WSRM) System Resource for Unix-based Applications Manager
Simple SAN Management LPR Port Monitor
The Windows Foundation Components for WinFX BITS Server Extensions iSNS Server Service BitLocker Drive Encryption Multipath IO Removable Storage Management TFTP SNMP Server Admin Pack RDC
System & Network Administration Peer to Peer Name Resolution Protocol Recovery Disk Windows PowerShell Table 1.5 - Available - Not Available
1.8 Edition Comparison by Technical Specification

Datacenter Enterprise Specification Standard Itanium 64 2 TB 8 2 10
X86 Sockets X64 Sockets IA64 Sockets X86 RAM X64 RAM IA64 RAM Hot Add Memory Hot Replace Memory Hot Add Processors Hot Replace Processors Failover (Nodes) Fault Sync Cluster
8 8 64 GB 2 TB
32 64 64 GB 2 TB 16
4 4 4 GB 32 GB 250 50
4 4 4 GB 32 GB
Nodes 16 Memory
Tolerant
Cross-File (DFS-R)
Replication
Network Access Unlimited Unlimit Connections (RRAS) ed Network Access Unlimited Unlimit Connections (IAS) ed
Web
System & Network Administration Terminal Services Gateway Virtual Image Use Rights Remote Desktop Connections Table 1.6 - Available - Not Available Unlimited Unlimit ed Host + 4 Unlimit VM ed 2 250
Host + 1 Gues Unlimit VM t ed 2 2 2
Admin 2
1.9 Edition Comparison by Distribution Channel

Datacenter Enterprise Channel Standard Itanium
Retail (FPP) FPP
Retail (FPP) EVALUATION EVAL Retail (FPP) NOT FOR SALE Volume Licensing (VL) VL
OEM MNA OEM
IOEM SBS (System Builder / COEM) MSDN TechNet Partner Program
Special Programs
IT Academy Microsoft (MSPP)
Microsoft Action Pack (MAPS)
Table 1.7 - Available - Not Available
Web
11
1.10 Edition Comparison by Language

Datacenter Enterprise Language Standard Itanium
English German Japanese French Spanish Chinese Simplified Chinese Traditional Chinese Hong-Kong Italian Russian Korean Brazilian Portuguese Dutch Swedish Portuguese Polish Turkish Czech Hungarian Table 1.8 - Available
- Not Available
Web
12
1.11 History of Microsoft Server

Windows NT 3.1 released in 1993 Windows NT 3.5 released in 1994 Windows NT 4.0 released in 1996 Windows NT 5.0 released was renamed as Windows Server 2000 Windows .NET Server was renamed as Windows 2003
1.12 Computers can be divided into two models

1.12.1 Workgroup Model
A workgroup model has not dedicated servers to track users and such, its all done via each client machine on the LAN, and this includes shared objects and user logons. Advantages, cheaper to run and maintain as we only need two machines running in the same workgroup to be called a workgroup. 1.12.1.1 Advantages of workgroup - Useful for small networks - Very easy to setup -No additional knowledge required -No server required -Disadvantages of workgroup -Need to setup account and password on each and every machine. -Password can become out of sync, if changed on one computer and not others -No easily scalable, if using more than 10 computers, the numbers of accounts to set up increases a lot more. -More time required to setup for new users! -If using file sharing, you may reach the 10 max simultaneous connections limit. 1.12.1.2 Workgroup-based networks Workgroup based networks are a more simplified approach to server-based networking,which are often much faster to setup for the average user in the short-term, but may require more time for administrative tasks in the long-run. Workgroup networks consist of any logical collection of workstations and workgroup servers.
13
System & Network Administration Any computer on the network can join an existing workgroup as long the workgroup naming convention is maintained for each member throughout resources so long as the user supplies authenticated credentials for server login. Although not performed through Active Directory, Workgroup Servers contain a standard set of centralized management tools for the administration of security policies which individual, or groups of users may require in order to gain authenticated login access to resources located on the workgroup server itself. Any workgroup server with windows 2000 server installed, can be promoted to take on the role of a domain controller if a network administrator changes the network model from a workgroup to a domain based topology.
1.12.2 Domain Model

A domain is a specific name given to a LAN that includes one or more domain controllers( Servers). The advantage is that you have a dedicated server to log/track all users and shares via Active Directory and you can also use this server for other things such as SQL server and/or BS etc. the disadvantage to this is that cost and maintenance required to keep this configuration running. 1.12.2.1 Advantages of Domain - One location for all users accounts, Groups, computers. -Passwords are same for all computers. - Easier and quicker to maintain. - Scales easier of you add more users and computers. - Very high security in sharing an personal settings. 1.12.2.2 Disadvantages of Domain - require a windows server - Complex to set up. 1.12.2.3 Domain-based networks Domain-based networks are vastly more complex to setup for the average user in thr shortterm, partly due to the more highly technical nature inherent to server role promotion, but may ultimately save in administrative time over the long-run if the users manage to learn how to make more effective use of active directorys robust management features. Domain networks can be created and managed by promoting any workgroup server to the role of a domain controller on primary domain controller. Server designed as primary domain controllers contain a more thorough and complex set of security and administrative properties which the simplified workgroup server does not have.
14
System & Network Administration Each domain must have at least one designated PDC server within its forest for centralized user account management through the AD. Domains share a hierarchal directory of database, security policies, and common security relationships with other sub-domains. A PDC provides access to a centralized user account and workgroup account policy as maintained by the domain administrator predominantly from the AD server itself. Because domains use a hierarchy of parent-child relationships within a domain forest, AD domains are generally recommended and most effectively used by larger organizations where collaborative computing between numerous workgroups much span multiple departmental servers with common sets of relational security policies in place.
2. Active Directory
A structure supported by Windows 2003 & 2008 that lets any object on a network be tracked and located. Active Directory is the directory service used in Windows 2003 Server& 2008 and provides the foundation for Windows Server distributed networks.
A directory service provides the methods for storing directory data and making this data available to network users and administrators. For example, Active Directory stores information about user accounts, such as names, phone numbers, and so on, and enables other authorized users on the same network to access this information.
The AD, or Active Directory, is a database based on the LDAP (Lightweight Directory Access Protocol) standard, which makes the information contained within the AD easily available to other applications across different platforms.
Structure of Active Directory
Logical Structure
Physcial strucure
Domain
Tree
Forest
Domain Controllers
Sites
Figure 2.1 15
2.1 Domain
Domain is a logical secure administrative boundary. Creating the initial domain controller in a network also creates the domain. We cant have a domain without at least one domain controller. Each domain is identified by a DNS domain name.
2.2 Trees
A tree is a group of domains that shares a contiguous namespace. In other words, a tree consists of a parent domain plus one or more sets of child domains whose name reflects that of a parent. For example, a parent domain named www.examcram.com can include child domains with names such as products. www.examcram.com, www.sales.examcram.com,and www.manufacturing.examcram.com. Furthermore, the tree structure can contain grandchild domains such as www.america.sales.examcram.com or europe.sales.examcram.com, and so on, as shown. All domains in a tree are linked with two-way, transitive trust relationships; in other words, accounts in any one domain can access resources in another domain and vice versa
2.3 User management

2.3.1 Local User
-A user account created in local database of a computer. -Local users are generally used in WORKGROUP model. -Local users can login only on the respective computers.
2.3.2 Domain User

-A user account created in ACTIVE DIRECTORY database. -Domain users are used in DOMAIN model. -Domain users can login to any computer in the DOMAIN. -The domain users can login to any system in the domain by default except the domain controller. -The administrator has to allow the user from group policy management console.
2.4 Password Policy

16
System & Network Administration Whenever a password is being given for the user, the database will verify whether the new password is matching with the default password policy setting like length, complexity etc. To give a password according to the user requirement the default setting should be change.
2.4.1 Account Lockout Policy

This policy is used for restricting the users from guessing the password. If the user is giving a wrong password in all the attempts, then the account will be locked for some time based on the policy settings.
2.5 Forest
-Multiple domains trees within a single forest do not form a contiguous namespace. -Although tree in a forest do not share a namespace, a forest will have a single root domain, called the forest root domain. -The forest root domain is the first domain created in the forest. These two forest-wide predefined groups reside in forest root domain. -Enterprise admins -Schema admins
Figure 2.2 Differences between All Versions of Windows Server Directory Services NT NTDS 2000 ADS 2003 ADS 2008 ADDS
17
System & Network Administration DATABASE Size of Database Authentication Protocol Forest Server Backup Table 2.1 SAM 40MB NTLM N/A PDC BDC NTDS.dit 16MB Kerberos Yes DC ADC NTDS.dit 12MB Kerberos Yes DC ADC NTDS.dit 12MB Kerberose Yes DC ADC
2.6 Roles of Active Directory

2.6.1 Naming Master
-Checks and maintain the uniqueness of the domain name in the whole forest. -It is responsible for adding, removing and renaming the domain names in the whole forest.
2.6.2 Schema Master

-Schema is a set of rules which is used to define the structure of AD. -Schema contains definition of all objects which are stored in AD. Schema is further classified into -Classes -Attributes
2.6.3 RID Master

-It assigns unique ID (RIDs) to the objects which are created in the domain. -Allocates pool of relative IDs (RIDs) to all Domain Controller within a Domain.
SID ( Security Identifier) = DID (Domain Identifier) + RID ( Relative Identifier)
2.6.4 PDC Emulator

-Acts as a PDC for Windows NT 4.0. -Process all password updates for clients. -Receives immediate updates from other domain controllers when a users password is changed. -It synchronizes time between Domain Controllers.
18
2.6.5 Infrastructure Master

Infrastructure master manipulates & updates Universal Group Membership Information. It is used for Inter-Domain operations.
2.6.5 Global Catalog

The global catalog is the set of all objects in an Active Directory Domain Services (AD DS) forest. A global catalog server is a domain controller that stores a full copy of all objects in the directory for its host domain and a partial, read-only copy of all objects for all other domains in the forest. Global catalog servers respond to global catalog queries.
2.7 Group Policy

-Group policy is a collection of settings which can be applied on computers and users. -With group policy administrator can centrally manage the computers and users. -It eases administration. -Group Policy can be defined in 3 levels:-
2.8 Sites
-Sites are just two different geographical areas.
2.9 Domains
If the policies are defined at the domain level, then the policies will be applied to every object in the domain including the administrator by default.This policies will be by default applied to OUs.
2.10 Organizational units (OUs)

Organizational units form the basis for a lot of our work as administrators because they are the most easily mutable form of object collection available. OUs can comprise accounts, groups, computers, printers, or various other objects and can be very robust in their composition. Theyre generally implemented for one of two reasons: delegation or Group Policy.
19
Figure 2.3
2.10.1 Delegating Group Policy Administration

With Windows Server 2008, administrators can delegate many Group Policy tasks as defined in the Microsoft Group Policy deployment guidelines, including the following:
-Managing GPOs -Managing GPO links -Performing tasks on GPOs -Creating GPOs -Creating and editing WMI filters
Table 2.2
2.11 Trust relationship

20
System & Network Administration Trusts are connectionsbetween either domains or foreststhat allow various objects within Active Directory to access, modify, and utilize resources. In general, trusts exist on two levels: forest and domain.
2.12.1 Forest Trusts

Forest trusts can be one-way, two-way, or transitive. In a two-way transitive forest, each forest trusts the other completely. Forest trusts offer several benefits, such as simplified resource access, improved authentication, improved security, and improved administrative overhead.
2.12.2 Domain Trusts

2.12.2.1 External trusts: - You can create an external trust to form a one-way or two-way, nontransitive trust with domains outside of your forest. External trusts are sometimes necessary when users need access to resources located in a Windows NT 4.0 domain that doesnt support Active Directory.
Figure 2.4 2.12.2.2 Shortcut trusts: - By using Kerberos, you can create a transitive trust between the two domains that allows one domain to directly access another, without having to traverse up and down their various trees. Its quite a useful trick, and it can save a lot of time.
21
Figure 2.5 2.12.2.3 Realm trusts: - Realm trusts are designed to give UNIX users the ability to authenticate and have a relationship with a Windows server. This means the users on another operating system can have access to your files and resources. However, UNIX realm trusts are one-way trusts and are not transitive.
Figure 2.6
2.13 Domain Functional Levels

Domain functional levels Windows 2000 Native Windows Server 2003 Windows Server 2008 OS supported in domain controller 2000 server, 2003 server, 2008 server 2003 Server, 2008 Server 2008 Server 22
System & Network Administration Table 2.3
2.14 Forest Functional Levels

Forest Functional levels Windows 2000 Windows 2003 Windows 2008 Table 2.4 OS supported on Domain Controller 2000,2003,2008 2003, 2008 2008
2.15 Read-Only Domain Controllers

A read-only domain controller (RODC) hosts a read-only copy of the Active Directory database. This is somewhat of a misnomer, because changes can be made to the database. However, the changes can come only from other domain controllers, and the entire database isnt replicated; instead, only a few select objects are replicated. Usually, domain controllers are considered peers where they are all equal (with a few exceptions). Any objects can be added or modified (such as adding a user or a user changing their password) on any domain controller. These changes are then replicated to other domain controllers. However, with RODCs, changes to the domain controller can come only from other domain controllers. Moreover, the changes are severely restricted to only a few select objects. The huge benefit of the RODC is that credentials of all users and computers in Active Directory are not replicated to the RODC. This significantly improves the security of domain controllers that are placed at remote locations. If stolen, they hold the credentials of only a few objects.
23
3. SERVERS
3.1 Dynamic Host Configuration Protocol (DHCP)

The purpose of Dynamic Host Configuration Protocol (DHCP) is to provide TCP/IP configuration information to clients. A DHCP server within a Windows Server 2008 domain will typically provide the following information to clients: - IP address -Subnet mask -Default gateway -DNS domain name -Address of DNS server -Address of WINS server
When a client is turned on, it has a name but doesnt have an IP address. Also, it doesnt know the IP address of the DHCP server, so it must broadcast its request, and the DHCP server must broadcast the answer. A total of four packets are exchanged between the client and server. Many people remember the four packets by using the acronym DORA. The four packets exchanged between a DHCP client and a DHCP server is as follows: DHCP discover (the D in DORA) The DHCP discovers packet broadcasts out looking for any server running the DHCP service. DHCP offer (the O in DORA) When a DHCP server receives a DHCP discover, it responds by broadcasting an offer, which includes a lease length and specific TCP/IP options. Options would include an IP address, subnet mask, and any other TCP/IP options that have been configured on the DHCP server. Its possible for more than one DHCP server to receive the request and respond with an offer. DHCP request (the R in DORA) The DHCP client will respond to the first DHCP offer with a DHCP request. In essence, the DHCP client is requesting to confirm the lease. If a DHCP server doesnt receive a DHCP request (for example, the second DHCP server that sent an offer), the DHCP offer will time out, and the IP address will be available to give to another client. DHCP acknowledge (the A in DORA) after receiving the DHCP request, the DHCP server will respond with a DHCP acknowledge. At this point, the DHCP server confirms the IP address is allocated and not available to give to other clients, and the client begins to 24
System & Network Administration use the IP address.
Figure 3.1
3.2 Scopes
DHCP is configured with scopes to identify the range of available IP addresses to give to computers on that scope. A scope usually relates directly to a subnet, though subnets can contain more than one scope. Port no. for DHCP Server and DHCP clients are 67 and 68 respectively.
3.3 Domain Name System

Domain Name System (DNS) servers are primarily used to provide name resolution of hostnames. Every host that has an IP address can also have a hostname. Instead of remembering the IP address, we remember the name, and then DNS resolves the name to an IP address. Within a Windows network using Active Directory Domain Services, DNS is also used to find specific servers through the use of SRV records. For example, a service may need to find a global catalog server or a PDC emulator. SRV records are used to find servers with these capabilities.
3.3.1 Zones
A DNS zone is group of resource records associated with a specific namespace. It includes mappings of names to IP addresses, IP addresses to names, names to services, and more. If a DNS server is responsible for maintaining records for a given namespace, it is considered authoritative for that zone.
3.3.2 Zone Types

Windows Server 2008 DNS includes three zone types: 3.3.2.1 Primary zone: - A primary zone is a zone hosted by a DNS server where the server is the primary source of information about the zone. In other words, the DNS server for a primary zone is authoritative for that zone. 25
System & Network Administration 3.3.2.2 Secondary zone: - A secondary zone is created on a different DNS server to provide load balancing for the DNS server holding the primary zone. The secondary zone is a readonly copy of the zone data. It cannot be modified except through zone transfers. 3.3.2.3 Stub zone: - A stub zone is a copy of key records in another zone. The purpose is to identify the DNS server that is authoritative for the zone. A stub zone does not contain all of the records in the zone but instead only enough records needed to communicate with the authoritative DNS server. Records contained in the stub zone are the name server (NS) record, the start of authority (SOA) record, and possibly the host (A) records. 3.3.2.4 Active Directoryintegrated zones: - Both primary zones and stub zones can also be Active Directoryintegrated zones. An ADI zone is one that is included in the Active Directory database. A significant benefit of using ADI zones is that DNS zone transfers are now part of Active Directory replication. Whenever a change occurs to objects (such as users, computers, and in this case DNS zone records) within Active Directory, the replication process recognizes the change and sends the changes to other domain controllers in the domain. Since the zone transfer is part of Active Directory replication, it is automatically encrypted. Additionally, since all DNS servers that are ADI zones are also primary zones, an ADI zone provides built-in fault tolerance. If a single DNS server fails, other DNS servers will automatically take on the load.
3.3.3 Zone Files

Zones can contain one or two zone files: 3.3.3.1 Forward lookup zone file: - The forward lookup zone file is primarily used to provide hostname to IP address resolution using host (A) records. In other words, a client queries the DNS server with a hostname, and the DNS server answers with the IP address based on the record within the forward lookup zone. We must have a forward lookup zone file within a DNS zone of any type. Although forward lookup zones primarily hold host (A) records, they typically hold other records. Forward lookup zones can hold any zone records except PTR records, which are used for reverse lookups. 3.3.3.2 Reverse lookup zone file: - The reverse lookup zone file is used to hold PTR (commonly called pointer) records. PTR records are found only in reverse lookup zones and provide an IP address to name resolution method. In other words, the client passes an IP address to the DNS server, and the DNS server replies with the hostname. PTR records are commonly used for security purposes.
3.3.4 Zone Resource Records

26
System & Network Administration 3.3.4.1 PTR: - The PTR record is contained within the reverse lookup zone file. It provides mapping from the IP address to a name. PTR records can be automatically created when the A or AAAA is created with dynamic update. 3.3.4.2 SOA: - The start of authority (SOA) record provides a lot of key information on the DNS server and is created when DNS is installed. 3.3.4.3 SRV: - SRV records are used to identify servers running specific services within the domain. DNS is required within an Active Directory Domain Services domain, and the existence of SRV records is a core reason why DNS is required. 3.3.4.4 NS: - The NS record is used to identify DNS name servers. A NS record can be created within a zone by viewing the properties of the zone and selecting the Name Services tab. 3.3.4.5 MX: - Mail exchanger (MX) records are used to identify mail servers. An MX record is sometimes referred to as a mail exchange record. 3.3.4.6 CNAME (alias): - A CNAME record is used to allow a single server to respond to multiple names. DNS queries with any of the names (from the A record or any of the CNAME records) will respond with the same IP address.
3.3.5 Dynamic Update

Since Windows 2000, Microsoft networks have supported dynamic DNS, or dynamic updates. The dynamic update feature allows the A and PTR records within DNS to be created automatically without any manual intervention. Figure 4.11 shows the process of dynamic updates.
Figure 3.2
3.4 Internet Information Services

Internet Information Services 7.0 is included as a role you can add within Windows Server 2008. IIS is used as a web server; in other words, it is used to serve web pages to clients. A 27
System & Network Administration client can be any system (Microsoft or non-Microsoft) running a web browser such as Internet Explorer. A page is requested, IIS creates HTML-formatted pages, and the client receives the HTML page and displays it in the browser.
Figure 3.3
3.4.1 URL Authorization Rules

A new feature available with IIS 7.0 is the ability to grant or deny access to specific websites, applications, directories, or files on your server. You can do this with ULR authorization rules. The URL Authorization service is not installed by default when IIS is installed. Well need to add the URL Authorization service, and the feature will appear within the IIS Manager console.
3.4.2 Installing IIS

-Launch Server Manager by clicking Start Administrative Tools Server Manager. - Right-click Roles in the menu, and select Add Roles. - On the Before You Begin page, review the information, and click Next. - On the Select Server Roles page, click the Web Server (IIS) check box, and click Next. - The Add Roles Wizard will display a dialog box indicating additional features are required. This will look similar to the following graphic. Click the Add Required Features button. - On the Select Server Roles page, click Next. - On the Web Server (IIS) page, review the information, and click Next. - On the Select Roles Services page, select the Application Development check box. - In the Add Roles Wizard dialog box, youll be prompted to include the Windows Process Activation Service (including the .NET environment). Click the Add Required Features button. Your display will look similar to the following graphic. Click Next.
28
Figure 3.4 - On the Confirm Installation Selections page, review your choices, and click Install. - When the installation completes, click Close.
3.5 Hypertext Transfer Protocol Secure (HTTPS)

HTTPS is a combination of the Hypertext Transfer Protocol (HTTP) with the SSL/TLS protocol. It provides encrypted communication to prevent eavesdropping and to securely identify the web server with which you are actually communicating. Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems. In the late 2000s and early 2010s, HTTPS began to see widespread use for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and browsing history private. While connecting to a website, HTTPS makes it possible to know whether you are talking to the right server and protects from passive and active network attacks such as Man-in-themiddle attacks. During a session it can protect against eavesdropping and tampering with the contents of the site or with the information you send to the site. As an example HTTPS can protect from an adversary replacing downloadable content on a site with malware. HTTPS is especially important over unencrypted Wi-Fi as it is completely insecure by design and attacks on unencrypted Wi-Fi networks are relatively common. Another example where HTTPS is important is connections over Tor (anonymity network), as malicious Tor nodes can damage or alter the contents passing through them in an insecure fashion and inject 29
System & Network Administration malware into the connection. This is one reason why EFF and Torproject started the development of HTTPS Everywhere, which is included in the Tor Browser Bundle. Note that when a client sends an HTTPS request, the entire request is encrypted, including the URL. However the hostname and port of the URL are visible to an eavesdropper because this information is also present in the TCP/IP packets to establish and maintain the connection. This means that an eavesdropper can see the sites you connect to, the amount of time you spend using a site, and the amount of information you upload or download on the particular site. [1] However, the entire HTTPS request, including the URL path and query parameters, can only be decrypted by the destination site or by an interposing intermediary that terminates the HTTPS connection on behalf of the site. A site must be completely hosted over HTTPS, without having some of its contents loaded over HTTP or the user will be vulnerable to some attacks and surveillance.
3.6 File Transfer Protocol
File Transfer Protocol (FTP) is a TCP/IP protocol that enables a user to transfer files between local and remote host computers. You place your files in directories on your FTP server so that users can establish an FTP connection and transfer files with an FTP client or FTPenabled web browser. When you load FTP, you are loading IIS 6.0 to host the FTP sites. Therefore, to manage the FTP sites, you need to open Internet Information Services 6.0 from the Administrative tools. After FTP is loaded, there will already be a Default FTP site created with C:\inetpub\ftproot as the FTP working folder. By default, you can read from the FTP site but you need to enable Write if you wish for the FTP site to be used to upload files. The available isolation modes are:-
3.6.1 Do Not Isolate Users: - This mode does not enable FTP user isolation and it works
similarly to earlier versions of IIS.
3.6.2 Isolate Users: - This mode authenticates users against local or domain accounts
before they can access the home directories that match their usernames. All user home directories are in a directory structure under a single FTP root directory where each user is placed and restricted to a home directory. Users are not permitted to navigate out of the home directory.
3.6.3 Isolate Users Using Active Directory: -This mode authenticates user credentials
against a corresponding Active Directory container, rather than searching the entire Active Directory, which requires large amounts of processing time. Specific FTP server instances can be dedicated to each customer to ensure data integrity and isolation.
30
3.7 Terminal Services Servers
Terminal Services is a server role in Windows Server 2008. It provides users with access to either Windows-based programs or a full Windows desktop located on a server. The full features of TS are experienced only on computers running Windows Vista or Windows Server 2008, but Terminal Services does support Windows XP and Windows Server 2003 products.
Figure 3.5
3.7.1 Modes of terminal services

3.7.1.1 Remote Administrator Mode: -specially designed for remote management of server. Only two connections are supported. License is not required. 3.7.1.2 Application Server Mode: - specially designed to use multiple application from terminal server. Unlimited connections supported. License should be purchased.
3.7.2 Terminal Services Sessions
31
System & Network Administration Disconnect Session- if the session is disconnected all the programs will continue to run in the background and user can reconnect to same session. 3.7.2.1 Logoff session: - if the session is logged off then all programs will be closed and next time new session will be established. 3.7.2.2 Terminal Services Manager User terminal sessions can be monitored. Users can be forced to logoff or disconnect sessions. Let you to see all users and sessions on nay server from one location.
3.7.3 Terminal Services Session Broker

TS Session Broker is needed only when you are running multiple TS servers. TS Session Broker provides two primary functions: 3.7.3.1 Load balancing: - With load balancing, you can distribute the load between multiple servers in a load-balanced terminal server farm. Once installed and configured, the TS Session Broker will automatically send new sessions to the server with the fewest sessions. 3.7.3.2 Session state management: - Sessions state is information about a users session when connected to a TS server. If a user disconnects and reconnects, you would want them to be reconnected to the same session on the same server. The TS Session Broker stores the session state information to ensure users connect to the same server.
Figure 3.6
3.7.4 Terminal Services Licensing

32
System & Network Administration When using Terminal Services (TS) to allow users to remotely create desktops or run TS RemoteApp applications, you often need a TS Client Access License (TS CAL) for the connection. Creating, tracking, and maintaining these licenses can be quite challenging. TS Licensing is an additional role service you can add after installing the Terminal Services role for the management of TS licenses. You must have at least one license. Two types of TS CALs can be issued. When configuring CAL licensing, you need to configure the terminal servers using the same licensing mode as the TS Licensing server. 3.7.4.1 TS per Device CAL: - The first time a computer or device connects; it is issued a temporary license by default. If the computer connects again, the license server is checked to determine whether there are any available TS CALs to issue. If so, the computer or device is issued a permanent CAL. Any user can connect to a terminal server using a computer that has been issued TS per Device CAL. Once all the available CALs are issued, computers or devices will be denied access the second time they try to connect. 3.7.4.2 TS per User CAL: - A TS per User CAL gives a user the right to access a terminal server on any number of computers or devices. Unlike TS Per Device CALs, TS Per User CALs are not enforced by the Licensing server. Administrators still have a responsibility to track the licenses and ensure adequate licenses are purchased.
3.8 Windows Deployment Services

The primary purpose of Windows Deployment Services (WDS) is to provide a simplified method of rapidly deploying Windows operating systems over the network. We can use Windows Deployment Services to install and configure Microsoft Windows operating systems remotely on computers that are Preboot Execution Environment (PXE, pronounced pixie) enabled. A PXE client computer may not have an operating system, but it has the capability to boot to the network. After booting to the network, the client can access the WDS server to install one of the following operating systems: -Windows Server 2008 -Windows Vista -Windows Server 2003 -Windows XP -Boot Images Boot images are those used to boot up a system for the sole purpose of connecting to the WDS server: 33
3.8.1Types of boot images

3.8.1.1 Generic boot images: - A generic boot image (or just boot image) is used to connect to the WDS server to download an install image. The boot image downloads a mini operating system that provides a graphical user interface (GUI). The user can then use the GUI to pick the specific install image desired. Both basic install images and custom (standard) install images can be chosen once a client boots from the boot image. The boot image is available on the installation DVD in the Sources directory as boot.wim. 3.8.1.2 Capture images: - A capture image is used to capture an image from a reference computer. A capture image is created within WDS by modifying a standard boot image. The difference between a boot image and a capture image is that a boot image is used to download an image from WDS to a destination computer. A capture image is used to allow the destination computer to create an image of it. 3.8.1.3 Discover images: - A discovers image is used by clients that arent PXE enabled. The discover image is created within WDS, converted to an .iso image, and then burned to a CD or DVD. Non-PXE clients can boot to the media and then connect to the WDS server to select the desired install image. A discover image is created from a boot image (boot.wim) within WDS. The challenge is converting the .wim file to an .iso image file. WDS does not include tools to do this, but downloadable tools are available.
3.8.2 Install Images

Install images are those used to install an image onto a computer. The two types of install images are basic images and custom images: 3.8.2.1 Basic images: - A basic image includes the operating system only. It is built from the install.wim file that can be found on the installation DVD in the Sources directory. Two different install images are used for 32-bit and 64-bit systems. 3.8.2.2 Custom images A custom image can also include applications, service packs and updates, security baseline settings, configuration settings, and anything else you want to add to the image.
3.8.3 WDS Requirements

-Active Directory Domain Services -Dynamic Host Configuration Protocol (DHCP) 34
System & Network Administration -Domain Name Services (DNS)
3.9 Remote Access Services

Remote access is the process of providing access to your internal network from an external source. You can do this via direct-dial methods (using phone lines) or via a public network such as the Internet. When using a public network, tunneling protocols are used to create a virtual private network (VPN). In the diagram, both dial-up remote access and a VPN are shown. For dial-up remote access, the client has a modem and phone line and directly dials the remote access server (which also has a modem and phone line). The remote access server then provides access to the internal network.
Figure 3.7 A VPN differs in the connectivity to the remote access server. Instead of connecting directly to the remote access server via a telephone line, the client tunnels through the Internet. Any time the client connects via a phone line, the Point-to-Point Protocol (PPP) is used. First, the client gains access to the Internet through a local Internet service provider (ISP). If its dial-up, the client uses PPP to connect, but its also possible the client has a broadband connection to the Internet. When planning for a VPN server, youll need to decide on which tunneling protocol to use. The following tunneling protocols can be used with a Microsoft VPN server:
3.9.1 PPTP: - The Point-to-Point Tunneling Protocol (PPTP) is the oldest of the three. It is
supported by Windows 2000 and newer operating systems. It can be used with IP-based connections. 35
System & Network Administration Data is encrypted using Microsoft Point to Point Encryption (MPPE), providing data confidentiality. PPTP does not provide data integrity or machine-level authentication.
3.9.2 L2TP: - The Layer 2 Tunneling Protocol (L2TP) is supported by clients running
Windows 2000 or newer operating systems. L2TP is commonly used with IPsec, and youll often see it as L2TP/IPsec. IPsec provides data confidentiality and integrity to L2TP. Machine-level authentication can be achieved through the use of a pre shared key or computer certificates. One of the drawbacks to L2TP when used with IPsec is that it cant pass through a Network Access Translation (NAT) server. If a NAT was needed, administrators often had to move backward to a PPTP solution that sacrificed security.
3.9.3 SSTP: - The Secure Socket Tunneling Protocol (SSTP) is the newest tunneling
protocol. It is supported only on clients running Windows Vista SP1 or newer operating systems. SSTP uses Secure Sockets Layer (SSL) to encrypt the data and provide data confidentiality. Further, it uses HTTPS over TCP port 443 to pass traffic through firewalls, making it an easier solution to implement without requiring modifications to firewalls. Port 443 is often already open on firewalls. Unlike L2TP/IPsec, SSTP can pass through a NAT. SSL within SSTP also provides data integrity and machine-level authentication.
3.10 Disk Storage Management

Windows Server 2008 supports two types of hard disk storage: basic and dynamic.
3.10.1 Basic Disks

A basic disk under Windows Server 2008 is essentially the same as the disk configuration under earlier versions of Windows: It is a physical disk with primary and extended partitions. Prior to Windows 2000, Microsoft did not call disks basic because that was the only type of disk available. There were no dynamic disks. Aslong as you use the File Allocation Table (FAT or FAT32) file system, Windows Vista, Windows XP, Windows 2000, Windows NT, Windows 9x, and the MSDOS operating systems can access basic disks. You can create up to three primary partitions and one extended partition on a basic disk of four primary partitions. You can create a single extended partition with logical drives on a basic disk. Basic disks store their configuration information in the Partition Table, which is stored on the first sector of each hard disk. The configuration of a basic disk consists of the partition information on the disk. 3.10.2 Dynamic Disks
36
System & Network Administration A Windows Server 2008 dynamic disk is a physical disk configuration that does not use partitions or logical drives, and the MBR is not used. Instead, the basic partition table is modified and any partition table entries from the MBR are added as part of the Logical Disk Manager (LDR) database that stores dynamic disk information at the end of each dynamic disk. Dynamic disks can be divided into as many as 2,000 separate volumes, but you should limit the number of volumes to 32 for each dynamic disk to avoid slow boot time performance. Dynamic disks do not have the same limitations as basic disks. For example, you can extend a dynamic disk on the fly without requiring a reboot. Dynamic disks are associated with disk groups, which are disks that are managed as a collection. This managed collection of disks helps organize dynamic disks. All dynamic disks in a computer are members of the same disk group. Each disk in a disk group stores replicas of the same configuration data. This configuration data is stored in the 1MB LDR region at the end of each dynamic disk. Dynamic disks support five types of volumes: simple, spanned, mirrored, striped, and RAID5. You can extend a volume on a dynamic disk. Dynamic disks can contain a virtually unlimited number of volumes, so you are not restricted to four volumes per disk as you are with basic disks. 3.10.3 The five types of dynamic volumes are 3.10.3.1 Simple Volumes A simple volume consists of disk space on a single physical disk. It can consist of a single area on a disk or multiple areas on the same disk that are linked together. 3.10.3.2 Spanned Volumes A spanned volume consists of disk space from more than one physical disk. You can add more space to a spanned volume by extending it at any time. 3.10.3.3 Striped Volumes A striped volume stores data in stripes on two or more physical disks. Data in a striped volume is allocated alternately and evenly (in stripes) to the disks contained within the striped volume. Striped volumes can substantially improve the speed of access to the data on disk. Striped volumes are often referred to as RAID-0; this configuration tends to enhance performance, but it is not fault tolerant. 3.10.3.4 Mirrored Volumes and RAID-5 Volumes You can create mirrored volumes and RAID-5 volumes only on dynamic disks running on Windows Server 2008, Windows Server 2003, or Windows 2000 Server computers. Both mirrored volumes and RAID-5 volumes are considered fault tolerant because these configurations can handle a single disk failure and still function normally. Mirrored volumes and RAID-5 volumes both require that an equal amount of disk space be available on each disk that will be a part of these volumes. A mirrored volume must use two physical disksno 37
System & Network Administration more and no fewer than two physical hard disk drives. A RAID-5 volume must use at least three physical hard disks up to a maximum of 32 physical disks. Many network administrators and consultants agree that hardware-based fault tolerant solutions are more robust and reliable than software-based fault tolerant configurations. By installing one or more RAID controller adapter cards into a server, you can set up several different types of hardware fault tolerance, such as mirroring, RAID-5, RAID 10 (mirrored volumes that are part of a striped array set), and RAID 0+1 (striped volumes that are part of a mirrored set). When you use hardware RAID, you can retain basic disks or you can convert disks to dynamic; hardware RAID is hidden to Windows Server 2008. Of course, its less expensive to implement a software solution, such as setting up mirrored volumes or RAID-5 volumes using the Disk Management console in Windows Server 2008, but often the improved performance, reliability, and flexibility of hardware-based RAID far outweighs its extra cost.
3.11 RAID
When configuring fault tolerance for a server, you will often consider fault tolerance on your disks first. Fault tolerance on disks comes in the form of Redundant Array of Independent Disks or (Redundant Array of Inexpensive Disks), or RAID.
RAID Level
Min. Num of Description Drives 2 Data striping without redundancy
Strengths
Weaknesses
RAID 0
Highest performance
No data protection; One drive fails, all data is lost High redundancy cost overhead; Because all data is duplicated, twice the storage capacity is required
RAID 1
Disk mirroring
Very high performance; Very high data protection; Very minimal penalty on write performance
38
System & Network Administration RAID 2 Not Used In LAN No practical use Previously used for RAM error environments correction (known as Hamming Code ) and in disk drives before the use of embedded error correction Excellent performance for large, sequential data requests No practical use; Same performance can be achieved by RAID 3 at lower cost
RAID 3
Byte-level data striping with dedicated parity drive
Not well-suited for transactionoriented network applications; Single parity drive does not support multiple, simultaneous read and write requests Write requests suffer from same single paritydrive bottleneck as RAID 3; RAID 5 offers equal data protection and better performance at same cost High redundancy cost overhead; Because all data is duplicated, twice the storage capacity is required; Requires 39
RAID 4
3 (not widely used
Block-level data striping with dedicated parity drive
Data striping supports multiple simultaneous read requests
RAID 5
Combination of RAID 0 (data striping) and RAID 1 (mirroring)
Highest performance, highest data protection (can tolerate multiple drive failures)
System & Network Administration minimum of four drives Table 3.1
4. INTRODUCTION TO LINUX
LINUX is an open source / free software. With its advanced server configuration, Red Hat is putting Linux as an operating system at the core of enterprise computing. Today Linux is found in Web infrastructure, file server, ERP, and point of sale system, increasingly in the systems running critical applications at large companies. Analysts predict that by the end of this decade Linux will be a common element in the enterprise computing landscape. Over the last year, weve seen Linux go from being focused on small and medium business to being used very deep in the enterprise, says Paul Cormier, executive vice president of engineering at Red Hat, a leading Linux platform provider.
4.1 Salient Features of LINUX

Linux is the fastest operating system in the world. It runs much faster than Windows 9X/NT. It is about 1.2 to 3 times faster than Windows 9X/NT. In command-line console mode without X-window it runs even faster (console mode is ideal for Database servers, Apache Web servers, Email servers, News servers, File servers, DNS servers, Print servers, Network 40
System & Network Administration Computer servers, etc..). Linux is also the most powerful yet most simple and easy to use operating system in the world. Linux is the most reliable OS. Windows 9X/NT fails the CRASH_OS_TEST Programs and only Linux passes. Also commercial UNIXs like IRIX, Solaris, HPUX, AIX, SCO all fail the crash test and Linux is the only OS which passes the crash me test. Very often Windows 95 users will get GPF errors and the system freezes. Linux is very robust because it is built by millions of people on internet and there are no errors in the kernel. It runs for one full year without any re-boots or any problems non-stop, guaranteed. It is the best designed OS. Linux has an excellent scalability - it runs on Uni-processor, Multi-processors, Parallel Processors and even Super-computers. It fully supports SMP (Symmetric Multi-Processing) boxes with more than one CPU. Windows 95 supports only one CPU box. Linux scales much better than NT on SMP. Linux is fully 32-bit & 64-bit operating system. And it is very modular and is already ported to 64-bit chips like DEC alpha, Sun Microsystems Ultra Sparc, Intel IA64, Motorola PowerPC, Transmeta Corp Crusoe chip and GNU/GPL Freedom 64-bit CPU. Whereas Windows 95 has a major chunks of 16-bit code in its kernel and MS Windows runs only on one type of chip -" Intel chip". Linux is a very secure OS. Windows 95 is not a secure OS, break-ins are easy. Windows 95/2000, NT, MSDOS have computer viruses. But Linux does not have any viruses. Computer viruses cause lot of damages to Windows 95/2000/NT but not to Linux. Linux is very mature and is one of the oldest operating system in the world. UNIX (which is another name for Linux) was born in AT&T Bell Labs 27 years ago for Telecom research. Linux (UNIX) is the end-result of 27 years of research and development effort by U.S/European Universities and mega-corporations of Europe / America. It took 27 years to create vast amount of UNIX information, and all that info is now just sitting inside this Linux cdrom on our hand. For example programs like 'grep' had not changed for the past 27 years and they are still used in Linux. Functionality and command line options of grep had not changed for the past 27 years. Linux started the Linux during 1991, but he borrowed lot of concepts, code from UNIX and this means Linux is 27 years old. Today Linux is the OCEAN wherein all other unixes like Solaris, HPUX, and AIX merge into. And in near future all other unixes will be replaced by Linux. Linux is less demanding on system resources. Linux runs on 386 PC with as little as 2 MB RAM in command-line console mode. Windows 95/NT cannot because the graphic engine is included in the kernel, which makes Windows 95/NT a resource hog. Graphic engine makes the Windows 95/NT extremely unreliable and unpredictable. Linux can do everything that Windows 95/NT does but Windows 95/NT cannot do everything which Linux does. In Windows 95/NT there is no option for the user to run in command-line console mode without 41
System & Network Administration any graphics. Unlike Windows95, X-window can run with very minimum resources, it runs on 486 boxes with just 8MB of RAM. Linux uses X-window which is an advanced network-windowing system, whereas Windows 95/NT is a standalone single-workstation windowing system. For example, using Xwindow, users can display output on any workstation-monitor attached anywhere in the network. There is a command called "xhost" in Linux and display environment variable, export display=`hostname`:0.0. Like this there are lots of functionalities in X-window which are missing in Windows NT/95. X-Window is an industry standard which was developed in MIT and is a very powerful network windowing system. With X-window you can run programs on super-computers and display on your Linux desktop locally. Even though Xwindow is network-resource intensive, it is becoming increasingly popular because of the availability of very low cost, high speed networking like 1 Gig bit Ethernet cards, 100 Megabit Ethernet cards, DSL lines, Cable-Modems, Frame-relay and ATM networks. Linux has very low total cost of ownership since Linux supports diskless nodes. Cost of maintaining Linux is five times lower than MS Windows.
Linux supports remote system administration whereas Windows NT/95 does not. We can remote login and do many system administration tasks, for example like adding users, reboot a Linux server from a remote terminal hundreds of miles. Linux runs most windows applications (16bit) like MSOffice, MSWord using WABI ($40), WINE (free) and MSDOS applications using DOS emu, Free DOS, and Dr. DOS. But Windows95/NT will run only few of UNIX and Linux applications. Linux supports su (super user) command. Using su command it is possible to switch user without logging off. For example 'su - root' will login as user 'root'. In Windows NT/95 you must log off completely to switch user. Linux has remote commands like 'rlogin', telnet, etc. While Windows NT/95 does not have. Linux kernel is very small and it can fit on a single floppy. It is less complex but very sophisticated and powerful. Small kernel means it is very reliable. Linux applications are much bigger running on top of the Linux Kernel. Linux has many powerful desktops like KDE desktop, GNOME, Triteal CDE, Motif mwm, Open look olwm, twm, fvwm95, xdm, xsm, Windows Afterstep, Window maker (NeXTsteplookalike), Qvwm, amiwm (amiga), mlvwm (mac) etc. KDE desktop is much more user friendly than Windows95! You have more freedom and choice in Linux desktops as compared to Windows 9X/NT. Linux OS needs only 200 MB of disk space for installation. Linux supports dual boot on the PCs - that is, you can have Windows95/NT on one partition and Linux on other. During 42
System & Network Administration system startup user can select to load Linux or Windows 95 and vice versa. Nowadays PCs are shipped with 6 Gigs of disk space. Linux runs on many hardware platforms - Intel, Motorola, PowerPC, RISC, DEC Alpha, MIPS, ARM, Transmeta Crusoe, Sparc architectures and GNU Freedom-64-bit CPU. Linux is already ported to 1024 CPUs super computer (Fujistu, Hitachi, Sun, Intel & others). Intel corporation had built the world's fastest super-computer with 10240 Intel Pentium CPUs (more than ten thousand CPUs) which is based on a system similar to Linux. Linux is 100% POSIX compliant OS, whereas Windows NT/9X are not. POSIX is IEEE (Institute of Electrical Eng.) standard as well as ANSI and international ISO standard spec. U.S. GOVT. generally require full compliance of POSIX on any operating system. Most of the UNIXs like Solaris, HPUX, AIX, and SCO are 100% POSIX We can get the complete source code for Linux OS and all of its applications, whereas Windows 9X/NT is proprietary and we get only the binaries. Having the source code of Linux is vital for companies because they can quickly add advanced features and share it with every other company in the world. Linux is free of any cost. Downsides of Windows 9X/ NT is that we need to pay $200 (US dollars) per seat for Windows 95 and $800 (US dollars) per seat for Windows NT. And Microsoft applications like MS Office, C++ compilers and others will cost further $400,000 US dollars. It is better to spend money on hardware and use Linux as the software. Linux is trouble free and we will not have any problems with Linux, whereas you will have more headaches with Windows 95/NT (MS is not as reliable as Linux). Linux more than 1900 software packages on cdrom and many more are being developed world-wide. All the software packages are in a single Linux cdrom. Linux was awarded The best Network Operating system 1997/98/99/2000, by many computer magazines (US InfoWorld, European publications). The movie Titanic was created using Linux on Digital Alpha. Linux was used to create computer graphics, animations of all the shots in the movie Titanic. Linux was also used for storing data from experiments in the space shuttle. Linux was orbiting the earth in space.
4.2 Advantages of Linux:Virus proof Economical Advanced OS Secured Crash proof Fully supported 43
System & Network Administration Multi-user Multi-tasking Multi-desktop
Powerful networking Variety of servers Table 4.1 Who are using Linux:Private sector Raymonds ICICI IDBI Bombay Dyeing Asian Paints Bharat petroleum Reliance Government sector Air-India Central Excise Govt. of MP Govt. of Goa Govt. of Kerala Govt. of A P etc. Railways Table 4.2
4.3 LINUX INSTALLATION

Before Linux installation, you must really know about what is hard drive partition. For Linux installation we need to insert the installation cd of Red Hat Linux to CDROM and boot. Most of the installers give you an option between text and graphical install; you need to select text if your computer memory is restricted. Linux software comes in packages. No matter what distribution or version of Linux you have, the CD contains packages that make the base operating system a rich selection of networking clients and servers with appropriate configuration and monitoring tools, some end-user text mode application, base X-window system and at least one GUI desktop. The installation program will ask you several things to do like type of boot loader configuration. It is better to select GRUB boot loader configuration. After this you will be asked to select the type of doing partitions. It is recommended to choose disk druid type. In this you will be asked to do partitions on available free space. In Linux there is all file system concept unlike windows. The minimum required file system for installation of Linux are /, /boot, swap and /usr. After doing these partitions the procedure will ask which packages to install. If you select workstation the packages normally found on servers are omitted from your installation. If you select server installation then the end-user applications will not be installed. You can also chose to install everything, best option for installation on personal computers at your home for new users. For expertise users there is an option of selecting individual packages as per your requirement. Now installation of Linux all in the form of packages starts and takes time according to the packages selected. After completion the system reboots and Linux will start successfully. 44
4.3.1 Types of installation Method

-CD-ROM -NFS -FTP -HTTP -HARD DISK -Through kickstart method
4.3.2 Types of Boot loader

GRUB LILO
4.4 Hard Disk Partitioning Method

-Disk druid -fdisk
4.5 Type of X-Window System (Desktop)

-GNOME GNU Network Object Model Environment -KDE- K Desktop Environment
5. LINUX KERNEL & SHELL
5.1 KERNEL
The core of the Linux system is the kernel-the operating system program. The kernel controls the resources of the computer, allotting them to different users and tasks. It interacts directly with the hardware, thus making the programs easy to write and portable across different platform of hardware. Since the kernel communicates directly with the hardware, the parts of the kernel must be customized to the hardware features of each system. However, 45
System & Network Administration the kernel does not deal directly with a user. Instead, the login process starts up a separate, interactive program, called the shell, for each user.
5.2 SHELL
Linux has a simple user interface called the shell that has the power to provide the services that a user wants. It protects the user from having to know the intricate hardware details.
5.2.1 Feature of Shell:

-Command Execution -Redirection -Background processing -History -Aliases -Variables -File Name Expansion -Command completion
5.2.2 Types of Shell in Linux:

Bash- Bourne Again Shell Pdksh-Public Domain Korn Shell Tcsh- Toms C Shell Ash- A Shell Zsh- Z Shell
5.3 Linux Utilities and Application Program

The Linux utilities or commands are a collection of programs that service day-to-day processing requirements. These programs are invoked through the shell, which is itself another utility
5.4 LINUX SUPPORTED FILE SYSTEMS

5.4.1 MS-DOS, VFAT, and UMSDOS:-These file systems allow you to read MS-DOSformatted file systems. MS-DOS lets you read preWindows 95 partitions, or regular Windows partitions within the limits of short filenames. VFAT lets you read Windows 95 and later partitions that are formatted to this file system. UMSDOS allows you to run Linux from a DOS partition (not currently supported by Red Hat). 46
5.4.2 ISO 9660 CDROM: - The standard file system for CD-ROM. It is also known as the
High Sierra File System or HSFS on other UNIX systems.
5.4.3 Minix:-The standard file system for the Minix operating system. This is the original
default Linux file system. The current Linux standard is ext3.
5.4.4 NTFS: - NTFS is the Microsoft Windows NT/2000/XP file system designed for
username / password security. Currently supported as a read-only system.
5.4.5 OS/2 HPFS: - The standard for IBMs OS/2 operating system. 5.4.6 /proc: - The /proc file system is a Linux virtual file system. Virtual means that it
doesnt occupy real disk space. Instead, files are created as needed. /proc is used to provide information on kernel configuration and device status.
5.4.7 /dev/pts: - The /dev/pts file system is the Linux implementation of the Open Groups
Unix98 PTY support.
5.4.8 ROM:-The ROM file system is a read-only file system, intended primarily for initial
RAM disks such as an installation boot floppy.
5.4.9 Second Extended (ext2):-The basis for ext3, the standard Linux file system. The ext3
file system is essentially ext2 with journaling.
5.4.10 Third Extended (ext3):- The standard Linux file system. 5.4.11 NFS:-The Network File System. This is the system most commonly Used to share
files and printers between Linux and UNIX computers.
5.4.12 SMB: - Server Message Block (SMB) is based on Microsoft and IBM Network
protocols. Linux can use SMB to share files and printers With Microsoft Windows operating systems.
5.4.13 NCP: - Net ware Core Protocol (NCP) is the network file system used by Novell,
using the IPX/SPX protocol stack. NCP allows Linux to use NCP as A client Types.
5.5 File system

In all of the preceding configurations, automatic partitioning sets up multiple volumes separate volumes on each directory. The advantage of separate partitions for certain directories is that it limits the risks to your system. For example, many Webmasters configure their Web sites to write daily log files with data relating to all users who visit their sites. These files can become quite large, especially for large online merchants. Before you decide how to set up partitions, you need to know about each of the major Linux directories. Linux directories are organized according to something known as the File system Hierarchy Standard (FHS).
5.5.1 File system Hierarchy Standard

47
System & Network Administration The FHS is a standard for organizing directories for Linux- and Unix-based systems. Every FHS-compliant operating system starts with a top directory, root, symbolized by the forward slash. All other directories are subdirectories of root.
Direc Description tory / The root directory. Other directories are below root in the FHS hierarchy. Unless mounted separately, the contents of other directories are in the root directory partition.
/bin Essential command line commands. Do not mount this directory on a separate volume, or else you may not be able to find these commands when you use a rescue disk. /boot Linux startup programs. Normally includes the Linux kernel. Separate/boot partitions are common; the default size is currently 100MB. /dev Linux device drivers. Do not mount this directory on a separate partition. /etc Basic configuration files. /hom User home directories (accept the root user). e /lib Program libraries. Do not mount this directory on a separate partition.
/mnt Mount point for removable media (floppy disks, CD drives). /opt For applications, such as Star Office or VMWare. /proc Running kernel processes. /root Home directory for the root user. Do not mount this directory separately. /sbin System administration commands. Do not mount this directory separately. /tmp Temporary file default directory. /usr Small programs. /var Log files, print spools, and other variable-sized data. /etc All configurations files. Table 5.1
5.6 IMPORTANT FILE TYPES

5.6.1 $HOME
Environment variable that points to your login directory.
5.4.2 $PATH
48
System & Network Administration Pathname environment variable.
5.4.3 $PATH
The shell environment variable that contains a set of directories to be searched for UNIX commands. Files with this extension contain manual page entries. The actual extension can be any value between 1 and 9 and can have an alphabetic suffix (.3x, .7, and so on). .ag: Applixware graphics file. .as: Applixware spreadsheet file. .aw: Applixware word processing file. .bmp: Bitmap graphics file. .c: C source file. .C:C++ source file. .cc:C++ source file. .conf: Configuration file. .cxx :C++ source file. .db: Database file. .dvi: Device-independent TeX output. .gif: GIF graphics file. .gz: File compressed using the GNU gzip utility. .h: C header file. .html: HTML document. .jpg: JPEG graphics file. .m: Objective C source file. .o: Compiled object file. .p: Pascal language source file. .pbm: Portable bitmap graphics file. .pdf: Adobe Acrobat files. .ps: PostScript file .s: Assembler file. .tar: tar file. .tgz: Gzipped tar file. .tif: TIFF graphics file. 49
System & Network Administration .txt: Text document. .Z: File compressed using the compress command.
6. LOGICAL VOLUME MANAGER (LVM)

50
System & Network Administration As a very special treat, LVM can even make 'snapshots' of itself which enable you to make backups of a non-moving target. We return to this exciting possibility, which has lots of other real-world applications, later on. In the next section we explain the basics of LVM, and the multitude of abstractions it uses. Historically, a partition size is static. This requires a system installer to have to consider not the question of "how much data will store on this partition", but rather "how much data will *EVER* store on this partition". When a user runs out of space on a partition, they either has to re-partition (which may involve an entire operating system reload) or use kludges such as symbolic links. The notion that a partition was a sequential series of blocks on a physical disc has since evolved. Most Unix-like systems now have the ability to break up physical discs into some number of units. Storage units from multiple drives can be pooled into a "logical volume", where they can be allocated to partitions. Additionally, units can be added or removed from partitions as space requirements change. This is the basis of a Logical Volume Manager (LVM). For example, say that you have a 1GB disc and you create the "/home" partition using 600MB. Imagine that you run out of space and decide that you need 1GB in "/home". Using the old notion of partitions, you'd have to have another drive at least 1GB in size. You could then add the disc, create a new /home, and copy the existing data over. However, with an LVM setup, you could simply add a 400MB (or larger) disc, and add its storage units to the "/home" partition. Other tools allow us to resize an existing file-system, so we simply resize it to take advantage of the larger partition size and we're back in business. The physical media We should take the word 'physical' with a grain of salt, though we will initially assume it to be a simple hard disk, or a partition. Examples, /dev/hda, /dev/hda6, /dev/sda.
6.1 Physical Volume (PV)

A PV is nothing more than a physical medium with some administrative data added to it once you have added this, LVM will recognize it as a holder of
6.2.1 Physical Extents (PE)

Physical Extents are like really big blocks, often with a size of megabytes. PEs can be assigned to a... 6.2.1.1 Volume Group A VG is made up of a number of Physical Extents (which may have come from multiple Physical Volumes or hard drives). While it may be tempting to think of a VG as being made up of several hard drives (/dev/hda and /dev/sda for example), it's more accurate to say that it contains PEs which are provided by these hard drives. 6.2.1.2 Logical Volume (LV) 51
System & Network Administration A Logical Volume is the end result of our work, and it's there that we store our information. This is equivalent to the historic idea of partitions.
Figure 6.1
Figure 6.2
52
6.3 Filesystem
This filesystem is whatever we want it to be: the standard ext2, ReiserFS, NWFS, XFS, JFX, NTFS, etc. To the linux kernel, there is no difference between a regular partition and a Logical Volume. . A Physical Volume, containing Physical Extents: +----- [Physical Volume] ------+ | PE | PE | PE | PE | PE | PE | +------------------------------+ A Volume Group, containing 2 Physical Volumes (PVs) with 6 Physical Extents: +------ [Volume Group] -----------------+ | +--[PV] --------+ +--[PV] ---------+ | | | PE | PE | PE | | PE | PE | PE | | | +--------------+ +---------------+ | +---------------------------------------+ We now further expand this: This shows us two filesystems, spanning two disks. The /home filesystem contains 4 Physical Extents, the /var filesystem 2.
53
7. X WINDOW SYSTEM
-Provides foundation for the graphical component of Linux. -Created in 1986. -Client / Server Architecture. -XFree86 Free Open Source implementation of X. -Flexibility of the core components -Use fonts on local or remote machine. -Different graphical login- gdm, kdm, xdm KDE KDE is the k Desktop Environment. It consists of desktop environment. It uses Qt widget set. GNOME Consistent easy to use desktop environment. GNOME has collection of tools and libraries to develop software. It uses GTK+ widget set.
7.1 Web Browsers

Mozilla- Standard web browser. Lynx Original text mode browser. Links Advanced text mode browser. Konqueror KDE file manager/web browser.
7.2 Mail Clients

- Mozilla mail - Kmail - KDE mail client
7.3 Office Application

KOffice- Integrated office suite for KDE. Open office open source version of star office.
7.4 GUI Editors

Xemacs X version of emacs editor. 54
System & Network Administration Kwrite Default KDE text editor. -Redhat-config-xfree86 -Red hat developed X configuration tool -Monitor selection -Resolution selection -Video card selection -Xchat Full-featured IRC client -Gftp Graphical ftp client. -Gimp The GNU image Manipulation Program. -Window Manager Special X client. Perform window movement, resizing, focus.
55
8. LINUX NETWORKING
For networking firstly your hardware must be properly configured. Your network card should have been setup during the Linux installation or after the installation. Under Linux most drivers for network cards are implemented as modules, after the module is inserted, you may want to inspect the file /proc /modules to see if the module is loaded. The module configuration file is modules.conf in /etc. After setting up the network and connecting the cables, set up the network by running the command: - netconfig While setting up the network, doesnt mess up with the loop back driver which has the IP address 127.0.0.1. It is always there-it is the IP through which the computer talks to itself. IP address is allocated either statically or dynamically. For Linux Networking (communication through a network), the two basic Requirements are Media and Rules:By media we mean the communication link (cables), hubs and switches. It may be wired or wireless. Hubs are dumb, not an intelligent device. It works at the Physical layer whereas Switches are intelligent devices and works at Data link layer. To obtain good performance we make use of Switches. In a Switch, direct routing is possible, the data packet is unicasted and not broadcasted, the packet doesnt traverse to all the port but direct connection is made via IP address. Thus it has high performance; Switches maintain the IP address table for mapping process. By rules we mean the set of protocols used for communication. Rules or the Protocol to be used depends on the OS on the end systems, if both the end- Systems have MS-Windows then for small network we use Netbui protocol & for larger networks use of TCP/IP is made. End systems having LINUX as OS Make use of TCP/IP protocol.
8.1 Some Basic Networking Command

8.1.1 Ping Measures connectivity and network latency between local & remote system. It
uses ICMP echo packets. Example: ping 192.168.0.1 Or ping www.redhat.com
8.1.2 Traceroute Shows network path between local and remote systems.
Useful for pinpointing network congestion. Example: traceroute www.redhat.com Lists network statistics and parameters, including Network Connection, Routing table, Interface statistics. Example: netstat rn Or netstat a 56
8.1.3 Netstat
8.1.4 ifup/ifdown - For each installed network adapter, there is a

corresponding ifcfg-* file in/etc/sysconfig/network- Scripts. You can activate or deactivate that adapter with the ifup and ifdown commands. Either one of the Following commands will activate the eth0 network Adapter: Example: ifup ifcfg-eth0 Ifup eth0
8.1.5 Ifconfig - The ifconfig command is used to configure and display network devices.
Here is some sample output of an ifconfig command: # /sbin/ifconfig eth0 Eth0 Link encap: Ethernet HWaddr 00:50:56:40:1E:6A Inet addr: 192.168.199.131 Bcast: 192.168.199.255 Mask: 255.255.255.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU: 1500 Metric: 1 RX packets: 11253 errors: 0 dropped: 0 overruns: 0 frame: 0 TX packets: 1304 errors: 0 dropped: 0 overruns: 0 carrier: 0 Collisions: 0 txqueuelen: 100 RX bytes: 2092656 (1.9 Mb) TX bytes: 161329 (157.5 Kb) Interrupt: 10 Base addresses: 0x10a0 # /sbin/ifconfig eth0 207.174.142.142 The first parameter, eth0, tells us which interface is being configured. The next Argument, 207.174.142.142, indicates the new IP address being assigned to this interface. If we want to make sure our change worked, we issue the ifconfig command again to view its current settings. # /sbin/ifconfig eth0 Eth0 Link encap: Ethernet HWaddr 00:50:56:40:1E:6A Inet addr: 207.174.142.142 Bcast: 192.168.199.255 Mask: 255.255.255.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU: 1500 Metric: 1 RX packets: 11253 errors: 0 dropped: 0 overruns: 0 frame: 0 TX packets: 1304 errors: 0 dropped: 0 overruns: 0 carrier: 0 Collisions: 0 txqueuelen: 100 RX bytes: 2092656 (1.9 Mb) TX bytes: 161329 (157.5 Kb) Interrupt: 10 Base addresses: 0x10a0
57
9. LINUX AS ROUTER
For a Linux machine to be called a router it has to either have at least two network cards or it should have IP aliases set up.
9.1 The steps are as follows:

-Configure the network cards -Run the netconf command -Select the Routing & Gateway option -Provide the required IP address -Select Enable Routing option. -Accept the configuration -Restart the network service
CLASS A
10.0.0.2
10.0.0.3
NETWORK
Switch 1
eth0 10.0.0.1
eth1 192.168.0.1 Switch 2
CLASS C NETWORK
Figure 9.1
58
10. LINUX AS FIREWALL

A Firewall is quite simply a TCP/IP host on the internet, with multiple IP interfaces or network cards. One interface is connected to the internet, and other is connected to the internal network. Firewalls are intended to keep the flames of internet hell out of your private LAN, or, to keep the members of your LAN pure and chaste, by denying those accesses to all the evil internet temptations.
10.1 Types of Firewall

Packet filter: - Screening Router Filters Ip packets Route between networks Protocol independent Only filters packet header Minimal hardware needs Work on transport layer
Dual-homed host: - proxy Filters protocols No routing between networks Not all protocols supported Can filter content High hardware requirements Work on application layer
10.2 Iptables & netfilter

Netfilter is Linux 2.4s network filter stack. The filtering stack was redesigned to have packet filtering, mangling and network address translation in one implementation. Iptables is netfilters filtering module. Iptables now uses different tables for different action. Generally filter and NAT tables are used. There are five built-in chains (INPUT, OUTPUT,
59
System & Network Administration FORWARD, PREROUTING AND POSTROUTING).The chains represent special hooks in the netfilter code that are used for the packet filtering.
10.3 Iptables syntax and commands

Iptables [-t table] <action> [pattern] [-j target] Here action determines the action to perform on the table. Here pattern specifies when the rule matches. Target defines what happens to the packet.
Iptables t filter A INPUT s 192.168.0.254 j DROP This deny the any packet arriving from IP address 192.168.0.254
Iptables t filter A OUTPUT d! 192.168.0.254 j DROP This denies all packets to every host except 192.168.0.254
Iptables t filter A INPUT s 192.168.0.251 I eth3 j DROP This rule denies all packets from 192.168.0.251 coming in to the eth3 interface.
Iptables t filter L INPUT This rule is used to list the rules in a particular chain.
Iptables F For freshens Iptables.
60
11. SERVERS
11.1DNS SERVER
DNS is the Domain Name System, which maintains a database that can help your computer translate domain names such as www.redhat.com to IP addresses such as 216.148.218.197. As individual DNS servers are not large enough to keep a database for the entire Internet, they can refer requests to other DNS servers. This section addresses two basic DNS server configurations: a caching-only server, and a primary DNS server for a domain. The key configuration files to support such servers include /etc/nsswitch.conf, /etc/resolv.conf, and /etc/hosts,/etc/named.conf,/var/named/.
11.1.1 Types of DNS server

Master DNS Server- contains the master copy of data for a zone. Slave DNS Server - provides an automatic backup to the master name server. Caching-only Server - When a request is make for a Web page such as www.osborne.com, network asks the configured DNS server for the associated IP address. This is usually known as a name Query. If the DNS server is outside your network, this request can take Time. If you have a caching-only name server, these queries are stored locally, which can save significant time while you or others on your Network are browsing the same sites on the Internet.
11.1.2 Service Profile: DNS

Type: System V-launched daemon Packages: bind, bind-utils Daemons: Script: Ports: named named 53 udp, 53 tcp
Configs: /etc/named.conf,/var/named/* Related: redhat-config-bind
61
Domain Name System
.edu
.gov
.com
.org level
Domain
Top
india.gov
Second poornima.org level Domain

Figure 11.1
The DNS root has a small set of top-level domains that rarely changes. Some of them are as aero, com, net, edu, gov, info, org, int, and name. In a domain name like www.poornima.org, org is a first-level name within the root, poornima is a second-level name within org, and www is a third-level name within poornima. The tree can extend to any number of levels, but in generally it is not more then four levels deep.
11.2 DHCP SERVER

DHCP provides methods for hosts on a TCP/IP network to request and be granted IP addresses, and also to discover information about their local network. One machine on an Ethernet segment is designated the dhcp server and configured to answer these requests.IP 62
System & Network Administration addresses are either dynamically assigned from a range or pool of address, or statically assigned by MAC address. Service Profile: DHCP Type: System V-launched scripts Packages: dhcp Daemons: dhcpd Scripts: dhcpd Ports: 67(bootps), 68(bootps) Configuration: /etc/dhcpd.conf Related: dhclient
Example: Dhcp server provides ip address between 192.168.0.1/192.168.0.20
192.168.0.1
DHCP SERVER
SWITCH
PC 1 192.168.0.18
PC 2 192.168.0.19 Figure 11.2
PC 3 192.168.0.20
63
11.3 APACHE WEB SERVER

Apache is Red Hats standard web server. Apache is the most widely used web server. More than 60% sites are hosted on apache web server. Apache provides very stable and scalable web server platform. Apache support virtual hosts in which multiple web sites may share the same web server.
11.3.1 Service profile: Apache

Type: System V-launched service Packages: httpd Daemons: httpd Script: httpd Ports: 80/tcp (http), 443/tcp (https) Configuration: /etc/httpd/*, /var/www/*
11.3.2 Installing the Apache Server

- Mount the Red Hat RPM source files for Apache. They may be located on CD or you may have copied them in a previous chapter to a network source. -Locate the Apache RPM packages: httpd, httpd-devel, redhat-config-httpd, mod_python, autoconf, automake, libtool, mod_perl, and mod_ssl. If you cant find some of these packages; you may have to repeat steps 13 with a different Red Hat Installation CD. -Load the Apache RPM packages. -Use chkconfig to verify that Apache is not configured to start. -Now, use chkconfig to start Apache for runlevels 3 and 5. -Start Apache by hand by invoking the Apache management script (httpd) in /etc/rc.d/init.d. -Start a Web browser such as Mozilla or Konqueror. Point it at http://localhost. -You should see the default Apache Web page for Red Hat Linux. -Close your Web browser.
11.4 Network File System (NFS)

NFS is the standard for sharing files and printers on a directory with Linux and UNIX computers. It was originally developed by Sun Microsystems in the mid-1980s. Linux has 64
System & Network Administration supported NFS (both as a client and a server) for years, and NFS continues to be popular in organizations with UNIX- or Linux-based networks.
11.4.1 Required Packages

Two RPM packages are associated with NFS: portmap and nfs-utils. Use the rpm q packagename command to check for these packages, which should provide a number of key files. The nfs-utils package includes:
/etc/rc.d/init.d/nfs (start/stop script for NFS) /etc/rc.d/init.d/nfslock (start/stop script for lockd and statd) /usr/share/doc/nfs-utils-version (documentation, mostly in HTML format) Server daemons in /usr/sbin: rpc.mountd, rpc.nfsd Server daemons in /sbin: rpc.lockd, rpc.statd Control programs in /usr/sbin: exportfs, nfsstat, nhfsstone, showmount Status files in /var/lib/nfs: etab, rmtab, statd/state, xtab
The portmap package includes the following key files: /etc/rc.d/init.d/portmap (start/stop script) /usr/share/doc/portmap-version (documentation) Server daemon in /sbin: portmap Control programs in /usr/sbin: pmap_dump, pmap_set
11.4.2 Service Profile: NFS

Type: System V-launched service Packages: nfs-utils Daemons: nfsd, lockd, rpciod, rpc. {Mountd, rquotad, statd} Scripts: nfs, nfslock Ports: assigned by portmap (111) Configuration: /etc/exports
65
11.5 NFS Server & client
NFS SERVER (LINUX)
SWITCH
66
NFS CLIENT 1 (LINUX) Figure 11.3
NFS CLIENT 2 (UNIX)
11.6 Samba Server

Microsoft computers can share files and printers on a network through a facility called SMB, Server Message Block. This type of network communication over a Microsoft-based network is also known as NetBIOS over TCP/IP. Through the collective works of Andrew Tridgell and many others (in the Samba group), Linux systems provide transparent and reliable SMB support over TCP/IP via a package known as Samba.
You can do four basic things with Samba: - Share a Linux directory tree with Windows computers. - Share a Windows directory with Linux computers. - Share a Linux printer with Windows computers. - Share a Windows printer with Linux computers.
It is easy to configure Samba to do a number of things on a Microsoft- based network Participate in a Microsoft Windows 9xstyle Workgroup or an NT/2000/XP Domain as A client or a server. Act as a Primary or Backup Domain Controller. Share user home directories. Act as a WINS client or server. Link to or manage a workgroup browse service. Act as a Master Browser. Provide user/password and share security databases locally, from another Samba server, or from a Microsoft Domain Controller. 67
System & Network Administration Configure local directories as shared SMB file systems Synchronize passwords between Windows and Linux systems. Download print drivers to Microsoft clients.
11.6.1 These are the four Samba RPM packages that you need:
-The Samba package includes the basic SMB server software for sharing files and printers. -The Samba-common package contains common Samba configuration files. -The Samba-client package provides the utilities needed to connect to shares from Microsoft computers. - The Samba-swat package includes the aforementioned SWAT configuration tool.
11.6.2 Service Profile: Samba

Type: System V-launched service Package: samba, samba-common, samba-client Daemons: nmbd, smbd Script: smb Ports: 137,138,139 Configuration: /etc/samba/smb.conf Related: samba-swat
11.6.3 SAMBA SERVER (LINUX)
PRINTER
68
SWITCH
LINUX
WINDOW 98 Figure 11.4
WINDOW 2000 SERVER
11.6.4 SAMBA SERVER SHAREING PRINTER, FILE & DIRECTORY

Network Designing & Implementation (Local Area Network):-
Hardware Requirement For Red Hat Linux Network Installation Pentium base Server with 64 MB RAM Hard disc drive of minimum 4.3 GB Ethernet Card (NIC) 10/100 MBPS Ethernet Hub 10/100 MBPS 12 Port UTP CAT 5e Cable RJ-45 Connector Software & Operating System Client Operating System Network Installation & Implementation Red Hat Linux Enterprise Server installation and Configuration (LAN/WAN) Table 11.1 10 Nos 01 Nos 500 Meter (Approx) 30 Nos Red Hat Linux Enterprise Server As much
69
12. INTRODUCTION TO NETWORKING

12.1 Definition:A network is a system that transmits any combination of voice, video and/or data between users. A network can be defined by its geographical dimensions and by which the users PC access it.
12.2 A network consists of a:

-The network operating system (Windows NT/2000TM/Xp) on the users PC (client) and server. -The cables connecting all network devices (users PC, server, peripherals, etc.). -All supporting network components (hubs, routers and switches, etc.). Computer Network means an interconnected collection of autonomous computers.
12.3 Requirement of Networking

12.3.1 Resource sharing- To make all programs, equipment, and especially data available
to anyone on the network without regard to the physical location of the resource and the user.
12.3.2 High reliability- As all files could be replicated on two or three machines, so if one
of them is unavailable (due to hardware failure), the other copies could be used.
12.3.3 Scalability- It is the ability to increase system performance gradually as the workload
grows just by adding more processors. 70
System & Network Administration A computer network can provide a powerful communication medium along widely separated employees. The use of networks to enhance human-to-human communication will probably prove more important than technical goals such as improved reliability. These are the requirement with respect to companies but computer networking is required even in the normal day to day life as we have to access the internet to get information about what all new happening in the world, to have communication with people staying far away using the e mail service. These are the reasons that forced the inventerors to invent the networking devices, models and protocols etc. And the birth of Networking took place in 1844 when for the first time Samuel Morse send the first telegraph message.
12.4 TYPES OF NETWORKS

12.4.1 LAN (LOCAL AREA NETWORK)
These are privately owned networks within a single building or campus of up to a few a kilometers in size. LANs are distinguished from other networks by three characteristics: 1) Their size. 2) Their transmission technology. 3) Their topology. LANs are restricted in size, which means that the worst-case transmission time is bounded and known in advance. LANs often use a transmission technology consisting of a single cable to which all the machines are attached. LANs run at speeds of 10 to 100 Mbps, have low delays, and make very few errors.
71
Table 12.1
12.4.2 LAN SETUP

IEEE has produced several standards for LANs. These standards collectively known as IEEE 802 . IEEE802.3 (Ethernet), IEEE802.4 (Token Bus), IEEE802.5 (Token Ring)
12.5 WAN (WIDE AREA NETWORK)

It is a Computer network that spans a relatively large geographical area, often acountry or continent. Typically a WAN consists of two or more Local AreaNetwork. Computers connected to WAN are often connected through public networks such as telephone systems. They can also be connected through leased lines or satellites. The largest WAN in existence is Internet.
72
Table 12.2 WANs run at speed of maximum 2 to 10 Mbps. For most WANs, the long distance bandwidth is relatively slow: on the order of kilobits per second (kbps) as opposed to megabits per second (Mbps) for local-area networks (LANs). For example, an Ethernet LAN has a 10 Mbps bandwidth; a WAN using part or all of a T1 carrier has a bandwidth of 1.544 Mbps .
12.5.1 Three types of approaches are used to connect WANs:

-Circuit switching, which provides a fixed connection (at least for the duration of a call or session), so that each packet takes the same path. Examples of this approach include ISDN, Switched 56, and Switched T1. -Packet switching, which establishes connections during the transmission process so that different packets from the same transmission may take different routes and may arrive out of sequence at the destination. Examples of this approach are X.25, frame relay, and ATM. -Leased lines, which can provide a dedicated connection for private use
12.6 NETWORK MODELS

Layering Concepts and Benefits Many benefits can be gained from the process of breaking up the functions or tasks of networking into smaller chunks, called layers, and defining standard 73
System & Network Administration interfaces between these layers. The layers break a large, complex set of concepts and protocols into smaller pieces, making it easier to talk about, to implement with hardware and software, and to troubleshoot.
12.6.1 The following list summarizes the benefits of layered protocol Specifications:
-Humans can more easily discuss and learn about the many details of a protocol specification. -Standardized interfaces among layers facilitate modular engineering. -A better environment for interoperability is created. One vendor can write software that implements higher layersfor example, a Web browserand another can write software that implements the lower layersfor example, Microsofts built-in TCP/IP software in its operating systems. -Reduced complexity allows easier program changes and faster productevolution. -One layer uses the services of the layer immediately below it. Therefore, remembering what each layer does is easier. (For example, the network layer needs to deliver data from end to end. To do this, it uses data links to forward data to the next successive device along that endto-end path.)
12.7 OSI NETWORK MODEL

The OSI model describes how information makes its way from application programs through a network medium to another application program in other computer. It divides one big problem in to seven smaller problems . Each problem is addressed by one of the seven layers of the OSI model.
Figure 12.3 74
12.7.1 Functions of Network Layers in Brief:

12.7.1.1 APPLICATION LAYER -Used for applications specifically written to run over the network -Allows access to network services that support applications; -Directly represents the services that directly support user applications -Handles network access, flow control and error recovery -Example apps are file transfer, e-mail, Net BIOS-based applications 12.7.1.2 PRESENTATION LAYER -Translates from application to network format and vice-versa -All different formats from all sources are made into a common uniform format that the rest of the OSI model can understand -Responsible for protocol conversion, character conversion, data encryption / decryption, expanding graphics commands, data compression -Sets standards for different systems to provide seamless communication from multiple protocol stacks -Not always implemented in a network protocol 12.7.1.3 SESSION LAYER -Establishes, maintains and ends sessions across the network -Responsible for name recognition (identification) so only the designated parties can participate in the session -Provides synchronization services by planning check points in the data stream => if session fails, only data after the most recent checkpoint need be transmitted. -Manages who can transmit data at a certain time and for how long -Examples are interactive login and file transfer connections, the session would connect and re-connect if there was an interruption; recognize names in sessions and register names in history 12.7.1.4 TRANSPORT LAYER -Additional connection below the session layer -Manages the flow control of data between parties across the network -Divides streams of data into chunks or packets; the transport layer of the receiving computer reassembles the message from packets -"Train" is a good analogy => the data is divided into identical units -Provides error-checking to guarantee error-free data delivery, with on losses or duplications
75
System & Network Administration -Provides acknowledgment of successful transmissions; requests retransmission if some packets dont arrive error-free -Provides flow control and error-handling TCP, ARP, RARP; 12.7.1.5 NETWORK LAYER -Translates logical network address and names to their physical address (e.g. computer name ==> MAC address) -Responsible for addressing and determining routes for sending -Managing network problems such as packet switching, data congestion and routing -If router cant send data frame as large as the source computer sends, the network layer compensates by breaking the data into smaller units. At the receiving end, the network layer reassembles the data -Think of this layer stamping the addresses on each train car IP; ARP; RARP, ICMP; RIP; OSFP; 12.7.1.6 DATA LINK LAYER -Turns packets into raw bits 100101 and at the receiving end turns bits into packets. -Handles data frames between the Network and Physical layers -The receiving end packages raw data from the Physical layer into data frames for delivery to the Network layer -Responsible for error-free transfer of frames to other computer via the Physical Layer -This layer defines the methods used to transmit and receive data on the network. It consists of the wiring, the devices use to connect the NIC to the wiring, the signaling involved to transmit / receive data and the ability to detect signaling errors on the network media 12.7.1.7 Logical Link Control -Error correction and flow control -Manages link control and defines SAPs 12.7.1.8 PHYSICAL LAYER -Transmits raw bit stream over physical cable -Defines cables, cards, and physical aspects -Defines NIC attachments to hardware, how cable is attached to NIC -Defines techniques to transfer bit stream to cable
76
13. IP ADDRESSING
Every machine on the internet has a unique identifying number, called an IP Address. A typical; IP address looks like this: 216.27.61.45 IP ADDRESS is a 32-bit number, usually written in dotted decimal form, that uniquely identifies an interface of some computer. This 32-bit number is divided into 4 octets each separated by a decimal. Out so many values certain values are restricted for use as typical IP address. For example, the IP address 0.0.0.0 is reserved for the default network and the address 255.255.255.255is used for broadcast. Each IP address is split into 2 sections: 1) Network address 2) Host address Individual IP address in same network all have a different value in the host part of address, but they have identical value in network part, just as in town there are different street address but same ZIP code.
13.1 There are five IP classes:

13.1.1 Class A This class is for very large networks, such as a major international
company. IP addresses with a first octet from 1 to 126 are part of this class. The other three octets are each used to identify each host. Net 54. Host or Node 24.54.43
13.1.1.1 Loopback- The IP address 127.0.0.1 is used as the loopback address. This means that it is used by the host computer to send a message back to itself. It is commonly used for troubleshooting and network testing.
13.1.2 Class B- Class B is used for medium-sized networks. A good example is a large
college campus. IP addresses with a first octet from 128 to191 are part of this class. Class B addresses also include the second octet as part of the Net identifier. The other two octets are used to identify each host. Net 145. Host or Node 24 53.198
13.1.3 Class C- Class C addresses are commonly used for small to mid-size business. IP
addresses with a first octet from192 to 223 are part of this class. Class C addresses also include the second and third octets as part of Net identifier. The last octet is used to identify each host. 77
System & Network Administration Net 196. Host or Node 54.34 86
13.1.4 Class D- It is used for multicast. It has first bit value of 1, second bit value of 1, third
bit value of 1 and fourth bit value of 0. The other 28 bits are used to identify the group of computers the multicast messages is intended for. Net 224. Host or Node 24.54.145
13.1.5 Class E- It is used for experimental purpose only.

Net 240. Host or Node 23.45.105
13.2 Private IP
It is not necessary that every time we make a network we are connected to some ISP (Internet Service Provider). So in that case we require some private IP also which can be used in indigenous networks .In each class a range of IP addresses have been defined for this purpose CLASS A 10.0.0.1 to 10.255.255.244 CLASS B 172.16.0.1 to 172.34.255.254 CLASS C 192.168.0.0/16
13.3 MASKING
Computers use a mask to define size of network and host part of an address. Mask is a 32-bit number written in dotted decimal form. It provides us the network address when we perform a Boolean AND of mask with the IP address. It also defines number of host bits in an address.
13. 4 SUBNETTING
Basically it is a process of subdividing networks into smaller subnets. In case we have 2-3 small networks but we cant buy IP address for each and every network. So here we use the basic concept of SUBNETTING i.e. using one public IP address we will give them IP address and make them independent networks. For this we take some bits of host address and use them for network address so we have different independent networks Address Format when Subnetting Is Used (class A,B,C resp.): And due to this mask changes to subnet mask and now the network address also includes subnet address. 78
13.5 Some terminologies those are used with networking models:

13.5.1 Collision Domain- It is the group of PCs in which collision will occur when two
PC will transmit data simultaneously.
13.5.2 Broadcast Domain- It is the group of PCs those will receive same broadcast
message. CSMA/CD (Carrier Sense Multiple Access/ Collision Detection)- In this protocol when a PC wants to transmit any packet it sense the carrier i.e. the path ,if no other PC is using the carrier then only it sends. If two PCs start sending data simultaneously collision will occur. Both PCs will wait for some random time and then initiate the same process.
13.5.3 MAC (Media Access Control) . The IEEE 802.3 (Ethernet) and 802.5 (Token Ring)
are the MAC sub layers of these two LAN data link protocols.
13.5.4 Burned-in address: The 6-byte address assigned by the vendor making the card. It is
usually burned in to a ROM or EEPROM on the LAN card and begins with a 3-byte organizationally unique identifier (OUI) assigned by the IEEE. Locally administered address: Through configuration, an address that is used instead of the burned-in address.
13.5.5 Unicast address: Fancy term for a MAC that represents a single LAN interface.
13.6 PASSIVE COMPONENTS

Passive components are those devices which are used to provide connectivity between different networking devices. It includes -Cables -Patch Panel -Patch Cord -I/O box -Racks -RJ-45 Connectors
13.7 CABLES
There are different Cabling options depending on the access method :
13.7.1 Twisted pair

The wires are twisted around each other to minimize interference from other twisted pairs in the cable. Twisted pair cables are available unshielded (UTP) or shielded (STP). UTP is the most common type and uses a RJ-45 Connector. 79
System & Network Administration Typical lengths are up to 100m. Twisted pair network uses a star topology.
Figure 13.1a, 13.1b
13.7.2 Coaxial
80
System & Network Administration Coaxial cable uses BNC connectors. The maximum cable lengths are around 500m. Coaxial networks use a single bus topology.
Figure 13.2a, 13.2b
13.7.3 Fiber Optic

UTP and Co-axial cables are not capable for driving the data signals for long distance i.e. UTP is capable of transmitting up to a distance 100 meters only By using the Fiber cables it is 81
System & Network Administration possible to send the data about 10 kilometers. Fiber optic cable uses SC, ST, LC connectors (most common in use is SC connector) In fiber cables the data is converted to light signals and the signal is made to propagate through the fiber cable. There are two types of Fibre optic cable available. 1. Single mode: In this mode typical length is up to 12km and data rate is 1000Mbps. The core diameter is about 9.25 nm cable is known as 1000 base LX cable. 2. Multi mode: This mode is further categorised in two: SX: Typical length is up to 500m and data rate is 1000Mbps. FX: Typical length is up to 220m and data rate is 100Mbps.
82
Figure 13.3a, 13.3b
13.8 PATCH PANEL

A patch panel provides a convenient place to terminate (connect) all of the cable coming from different locations into the wiring closet. We connect the cablescoming from various locations willing to connect to switch through the patch panel.
13.8.1 NEED OF PATCH PANEL

We can label the patch panel so we know that which wire belongs to which location. Without a patch panel, it is chaotic. If we want to disconnect a station from the switch, it's a lot easier if there's a label. Most cabling is wired "straight-through" from end to end. But sometimes we need to cross-wire some of the pairs between switch and station, like with a cable modem, or cross-wire to connect two switches. With a patch panel, all of this crosswiring is done in the patch cable. If you have to make any changes, like moving a station or switch, you just move the patch cable with it, instead of having to reterminate the cable run.
13.9 PATCH CORD

13.9.1 RACK
We have to mount the patch panel somehow. The best way is to buy a rack.Basically, a rack is a pair of vertical rails with holes drilled in them so that we can mount patch panels, hubs, and other network equipment. This made it easy toaccess the back of the patch panel and other networking components.
13.9.2 Cabling Guidelines

The RJ-45 ports on the switch support automatic MDI/MDI-X operation, so wecan use standard straight-through twisted-pair cables to connect to any other network device (PCs, servers, switches, routers, or hubs). We use only twisted-pair cables with RJ-45 connectors that conform to FCC standards. Connecting to PCs, Servers, Hubs and Switches -attach one end of a twisted-pair cable segment to the devices RJ-45 connector. Making Twisted-Pair Connections
83
Figure 13.4 - The port where we are connecting the RJ-45 is a network card, attach the other end of the cable segment to a modular wall outlet that is connected to the wiring closet . Otherwise, attach the other end to an available port on the switch. Make sure each twisted pair cable does not exceed 100 meters (328 ft) in length.
13.9.3 Wiring Closet Connections

Today, the punch-down block is an integral part of many of the newer equipment racks. It is actually part of the patch panel. Instructions for making connections in the wiring closet with this type of equipment follow. - Attach one end of a patch cable to an available port on the switch, and the other end to the patch panel. - If not already in place, attach one end of a cable segment to the back of the patch panel where the punch-down block is located, and the other end to a modular wall outlet. -Label the cables to simplify future troubleshooting.
13.10 NETWORKING DEVICES

Networking devices do various kind of jobs like transferring the data to signals, providing connectivity to different network devices, transferring the data in form of packets or frames form one device to other. This are the central connections for all the network equipments and handles a data type known as frame or packet. Actually frames/ packet contain data and the destination address of where it is going. When a frame is received, it is amplified and then transmitted on to port of destination PC. But different networking components do this job in diff form at diff layers.
13.11 NETWORK INTERFACE CARD

A Network Interface Card (NIC) is a circuit board that plugs into both clients and servers and controls the exchange of data between them (A specific software driver must be installed 84
System & Network Administration depending on the make of the NIC. A physical transmission medium, such as twisted pair or coaxial cable interconnects all network interface cards to network hubs or switches. Ethernet and Token Ring are common network interface cards. Todays cards supports 10baseT and 100baseT with automatic recognition.
13.11.1 HUB
When the need for interconnecting more then 2 devices together then a device known as hub comes to picture. Basically hub is a layer one device. i.e. it operates on the physical layer of the OSI model. It is designed to do broadcasting i.e when it gets any frame it broadcasts it to every port irrespective that whether it is destined for that port or not. Hub has no way of distinguishing which port a frame should be sent. Broadcasting results in lot of traffic on the network which leads to poor network response. If two PC simultaneously transmit there data packets and both are connected to a HUB, then collision will occur, so we can say, it creates a single collision domain. On the other hand all PCs connected to a hub will get a same message so a single broadcast domain will be created. A 100/1000 Mbps hub must share its bandwidth with each and every one of its ports. So when only one PC is broadcasting, it will have access to the max available bandwidth. If, however, multiple PCs are broadcasting, then that bandwidth will need to be divided between all of these systems, which will degrade the performance. They are usually halfDuplex in nature.
13.11.2 SWITCH
Hubs are capable of joining more than two PC but having some demerits like if two PC would want to communicate at a time then there would be a collision and the both PC would have to send the data once again. This shortcoming of Hub is overcame by Switches. Switches are intelligent devices which work on the Layer2 of the OSI model. Basically a switch keeps a record of MAC addresses of all the devices connected to it. Using this information, it builds a MAC address table. So when a frame is received, it knows exactly which port to send it to, which increases the network response time. 13.11.2.1 Basic Working Principle of Switch. -At the time of initializing the switch the MAC address table is yet to be built up. When a frame is send by some of the PC, it recognises the source MAC address and updates the MAC address table. - If the destination is available in the MAC table then forward to the corresponding PC. - If the destination MAC address is not present in the table then forwards in all the port available expect the incoming one. The designated PC will respond for the data and it will send the acknowledge for the data received. This acknowledged data will be examined by the switch and the MAC address table would be up dated accordingly. If two PC simultaneously transmit there data packets and both are connected to a SWITCH, then collision will not occur, so we can say, it creates a multiple collision domain. 85
System & Network Administration The switch supports broadcast. Hence we can call switches create single broadcast domain and multiple collision domains. A 100/1000Mbps switch will allocate a full 100/1000 Mbps to each of its ports. So regardless of the no of PCs transmitting user will always have access to max amount of bandwidth. They are usually Full-Duplex in nature. 13.11.2.2 Switches are of two types -Managed - Unmanaged 13.11.2.3 Managed switch supports SNMP (Simple Network Management Protocol) Different switching Principles:-Store-and-forward:- The switch fully receives all bits in the frame (store) before forwarding the frame (forward). This allows the switch to check the FCS before forwarding the frame. (FCS is in the Ethernet trailer.) -Cut-through:- The switch performs the address table lookup as soon as the destination address field in the header is received. The first bits in the frame can be sent out the outbound port before the final bits in the incoming frame are received. This does not allow the switch to discard frames that fail the FCS check. (FCS is in the Ethernet trailer.) -Fragment Free:- This performs like cut-through switching, but the switch waits for 64 bytes to be received before forwarding the first bytes of the outgoing frame. According to Ethernet specifications, collisions should be detected during the first 64 bytes of the frame; frames in error because of a collision will not be forwarded. The FCS still cannot be checked. Bridge is another device like switch which also operates basing on the MAC address. But the Basic difference between the bridge and the switch is that bridge works on software bases, but the switch works on hardware basic. The Switch works on ASICs ( Application Specific Integrated Circuits)
13.11.3 ROUTER
Switch and the Hub can only interconnect devices in a single LAN. For interconnecting two LAN or two or more different networks anther device known as router is used. Its main job is to route ( sends ) packets to other networks and to do the routing ( establishing paths between networks ) it uses the IP address. A router is typically connected to at least two networks, commonly two LANs or WANs or a LAN and its ISPs network. Routers are located at gateways, the places where two or more networks connect. Routers to determine the best path for forwarding the packet are using forwarding tables. It is a layer 3 device i.e it operates at network layer of OSI model. The working principle of the router is totally different from a switch. Router makes a table known as routing table, which contains all the IP address in the network, the information for IP address router obtains directly ( all configured IP address on it ) or indirectly ( from neighbor routers ). When a packet is received it compares the destination IP address of the packet with 86
System & Network Administration the available IP addresses in its Routing table. If the IP address is not available in the routing table then it simply discard the packet instead of flooding in all the ports like a switch.(Detailed Information about router in chap )
Table 13.1
87
14. ROUTER
14.1 ROUTER INTERNAL COMPONENTS

Like a computer, a router has a CPU that varies in performance and capabilities depending upon router platform. It has typically 4 types of memory in it.:
14.1.1 ROM- It is used to store the routers bootstrap startup program, operating system
software, and power-on diagnostic tests programs. We can also upgrade our ROM
14.1.2 FLASH MEMORY- It holds operating systems image(s). Flash memory is erasable,
reprogrammable ROM. Our IOS software is present in this memory and we can upgrade it also. Flash content is retained even when we switch off or restart the router.
14.1.3 RAM- It is used to store operational information such as routing tables, routers
running configuration file. RAM also provides caching and packet buffering capabilities. Its content is lost when we switch off or restart the router. When we configure the router at that time actually we are writing in RAM.
14.1.4 NVRAM- It is used to store the routers startup configuration file. It does not lose
data when power is switched off. So the contents of startup configuration files are maintained even when we switch off or restart the router.
14.2 ROUTERS NETWORK INTERFACES

14.2.1 Ethernet or Token Ring interface are configured to allow connection to a LAN. 14.2.2 Synchronous serial interfaces are configured to allow connections to WANs. 14.2.3 ISDN BRI interfaces are configured to allow connection to an ISDN WAN. All cisco routers have a console port that provides an EIA/TIA-232 asynchronous serial connection. Console port can be connected to computers serial connection to gain terminal access to router. Most routers also have an auxiliary port that is very similar to console port but, is typically used for modem connection for remote router management.
88
14.3 CONFIGURING THE ROUTER
Figure 14.1
14.3.1 There are three methods for configuring the router:

- Through console port:- The console port is used for configuring a router locally with the help of a PC or a Laptop. The console port of the router is connected to the serial i.e COM port of the router. The detailed configuration is given in the section. -Through the AUX port:- The aux ( auxiliary ) port is accessed from a modem located faraway from a router through the PSTN ( Public Switched Telephone Network ) and the configuration is done. -Through Telnet:- Line vty ( virtual terminal ) 0 to 4 are used for the configuring the router by telnet.
14.3.2 Configuring Router through Console port

We use HyperTerminal Program to open a console session and log into the router locally. This console connection allows to connect to and to communicate with router without having to connect to the network to which it belongs. Now, the PC becomes the console that allows to enter commands and communicate directly with the router. To set up a console session, we use the workstations Windows HyperTerminal (terminal emulation) program. Now first of all we configure the COM port settings, then log into the router to interact with the IOS command line interface (CLI). These are the com port settings: 9600 8 89
System & Network Administration N1 On/off After pressing enter or OK to accept these settings, we came across a blank window. This is a session window. The Following steps are adopted to access a router through the console port with a Windows based PC. Access Hyper terminal:- Start Menu Programs Accessories
Figure 14.2 COM 1 Setting
90
Figure14.3
Hyper terminal Screen
Figure 14.4 After connecting the router that will boot and after booting the following procedures will be adopted. Router> enable Now automatically prompt asking for password will appear on the screen like this: 91
System & Network Administration Password: Now write password over here. This is done to secure access to router. After this Router# will appear on the screen this shows that we are in privileged mode and now we try to enter in configuration mode. Router# configure terminal This is done to enter configuration mode. Now starts the configuration of router Now we will assign IP address to each and very interface connected to router. Subnet mask should be given with a proper care. Following steps are to be followed: For configuring Ethernet interface: Router# config terminal Router (config)# interface ethernet 0 Router (config-if)# ip address 223.8.151.1 255.255.255.0 Router (config-if)# no shutdown Router (config-if)#exit For configuring serial interface: Router (config)# interface serial 0 Router (config-if)# ip address 204.204.7.1 255.255.255.0 Router (config-if)# no shutdown Router (config-if)#exit Router (config)# interface serial 1 Router (config-if)# ip address 199.6.13.2 255.255.255.0 Router (config-if)# no shutdown Router(config-if)# exit
14.4 ROUTING PROTOCOLS

14.4.1 ROUTING INFORMATION PROTOCOL (RIP)
RIP is a dynamic, distance vector routing protocol. RIP uses UDP port 520 for route updates. RIP calculates the best route based on hop count. This makes RIP very fast to converge RIP sends full table updates at regular intervals specified by the route-update timer (30 seconds is 92
System & Network Administration the default). This means that a RIP router summarizes all routes it knows along classful boundaries and sends the summary information to all other RIP routing devices. RIP updates can contain up to 25 messages. 14.4.1.1 RIP TIMERS TIMER DEFAULT CONTROLS -update 30 sec. Interval between route update advertisements -timeout 180 sec. Interval a route should stay 'live' in the routing table. This counter is reset every time the router hears an update for this route. -Flush 240 sec. How long to wait from the time the route was received to delete a route (60 seconds after timeout). The routing-update timer controls the time between routing updates. Default is usually 30 seconds, plus a small random delay to prevent all RIP routers from sending updates simultaneously. The route-timeout timer controls when a route is no longer available. The default is usually 180 seconds. If a router has not seen the route in an update during this specified interval, it is dropped from the router's announcements. The route is maintained long enough for the router to advertise the route as down (hop count of 16). The route-flush timer controls how long before a route is completely flushed from the routing table. The default setting is usually 120 seconds. 14.4.1.2 BASIC RIP CONFIGURATION According to the recollection of InetDaemon, configuring a Cisco router for a basic RIP configuration would look something like this: router> enable Password: router# conf -t router(config)#interface ethernet 0 router(config-if)# ip address 192.168.42.1 router(config-if)# interface ethernet 1 router(config-if)# ip address 192.168.43.1 router(config-if)# exit router(config)# router rip router(config-router)# network 192.168.42.0 router(config-router)# network 192.168.43.0 router(config-router)# exit router(config-router)# ^z 93
System & Network Administration router# The example above assumes that the interfaces that will be running RIP have IP addresses on them that fall within the 192.168.42.0, and 192.168.43.0 class C ranges.
14.4.2 IGRP
IGRP is a distance-vector routing protocol that considers a composite metric which, by default, uses bandwidth and delay as parameters instead of hop count. IGRP is not limited to the 15-hop limit of RIP. IGRP has a maximum hop limit of 100, by default, and can be configured to support a network diameter of 255. With IGRP, routers usually select paths with a larger minimum-link bandwidth over paths with a smaller hop count. Links do not have a hop count. They are exactly one hop. IGRP is available only on Cisco routers IGRP will load-balance traffic if there are several paths with equal cost to the destination IGRP sends its routing table to its neighbors every 90 seconds. IGRP's default update period of 90 seconds is a benefit compared to RIP, which can consume excessive bandwidth when sending updates every 30 seconds. IGRP uses an invalid timer to mark a route as invalid after 270 seconds (three times the update timer). As with RIP, IGRP uses a flush timer to remove a route from the routing table; the default flush timer is set to 630 seconds (seven times the update period and more than 10 minutes). If a network goes down or the metric for the network increases, the route is placed in hold down. The router accepts no new changes for the route until the hold down timer expires. This setup prevents routing loops in the network. The default hold down timer is 280 seconds (three times the update timer plus 10 seconds).
14.4.3 IP ACCESS LIST

IP access lists cause a router to discard some packets based on criteria defined by the network engineer. The goal of these filters is to prevent unwanted traffic in the networkwhether to prevent hackers from penetrating the network, or just to prevent employees from using systems that they should not be using. 14.4.3.1 Key features of access lists: - Packets can be filtered as they enter an interface, before the routing decision. -Packets can be filtered before they exit an interface, after the routing decision. - Deny is the term used in Cisco IOS software to imply that the packet will be filtered. - Permit is the term used in Cisco IOS software to imply that the packet will not be filtered. -The filtering logic is configured in the access list. -At the end of every access list is an implied deny all traffic statement. Therefore, if a packet does not match any of your access list statements, it is blocked. 94
System & Network Administration Access lists have two major steps in their logic: matching and action. Matching logic examines each packet and determines whether it matches the access-list statement. As soon as an access-list statement is matched, there are two actions to choose from: deny and permit. Deny means to discard the packet, and permit implies that the packet should continue on its way.
14.5 FIREWALL
As the limits of networking is increasing unfolded so the danger of information leaking in and leaking out increases. So a mechanism is required to keep good bits in and bad bits out. And for this we use FIREWALL. A firewall is a device of some kind that separates and protects our network in most cases, from the Internet. It restricts traffic to only what is acceptable, and monitors that what is happening. Every firewall has at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. It may be a hardware device or a software program running on a secure host computer. Hardware device means a physical devise connected at the gateway which checks every incoming or outgoing packet. Software program means that software is loaded in computer that determines as what to allow and what to reject. A firewall examines all traffic routed between the two networks to see if it meets certain criteria. A firewall filters both inbound and outbound traffic. Technologies
14.5.1 There are three different types of firewall technologies:

14.5.1.1 Packet Filtering 14.5.1.2 Proxy 14.5.1.3 State ful Inspection Packet Filtering A packet filtering firewall simply inspects incoming traffic at the transport layer of the OSI model. The packets filtering firewall analyzes TCP or UDP packets and compare them to a set of established rules called as Access Control List (ACL).
14.5.2 Packet filtering inspects packet only for following elements

-Source IP address -Source Port -Destination IP address -Destination Port -Protocol 95
System & Network Administration When a firewall is installed then no PC makes direct connection to the outside world. In that case they use proxy i.e each PC first of all sends request to proxy which then forwards the request to the internet or outside world for connection or data transfer. Stateful Inspection It is a combination of Packet filtering and proxy services. This is the most secure technology and provides the most functionality because connections are not only applied to ACL, but are logged into a static table. After a connection is established, all session data is compared to the static table. If the session data does not match the state table information for that connection, then connection is dropped.
14.5.3 CONFIGURING THE FIREWAL

Five basic commands are used to do a basic configuring of the firewall. -interface -nameif -ip-address -nat -global
14.5.3.1 Interface Command The interface command identifies the interface hardware card, sets the speed of the interface and enables the interface all in one command. SYNTAX: interface hardware_id hardware_speed [shutdown] hardware_id indicates interfaces physical location on the firewall. Hardware_speed indicates connection speed. There are various options provided to us by the firewall regarding speed. 1000sxfullSets full-duplex Gigabit Ethernet. 1000basesxSets half-duplex Gigabit Ethernet 1000autoAutomatically detects ands negotiates full/half duplex 10fullSets 10Mbps full-duplex Ethernet 100fullSets 100Mbps full-duplex Ethernet. Shutdown This parameter administratively shuts down the interface. nameif command It is used to name an interface and assign security level from 1 to 99. The outside and inside interfaces are named by default and have default security values of 0 and 100, respectively. By default, the interfaces have their hardware 96
System & Network Administration ID. Ethernet 0 is the outside interface, and Ethernet 1 is the inside interface SYNTAX: nameif hardware_id if_name security_level hardware_id Indicates the interfaces physical location on the Firewall. if_name The name by which we refer to this interface. security_level A numerical value from 1 to 99 indicating the security level. Examples: nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security20 We can see the configuration by using show nameif command. ip address Command All the interfaces must be configured with an IP address. The ip address command is used to configure IP addresses on the interfaces. The ip address command binds a logical address (IP address) to the hardware ID. SYNTAX: ip address if_name ip_address [netmask] if_name The interface name that was configured using the nameif command. ip_address The interfaces IP address. netmask The appropriate network mask. If the mask value is not entered, the firewall assigns a classful network mask. Example: ip address inside 10.10.10.14 255.255.255.0 We can see the configuration by using show ip command. nat Command The nat (Network Address Translation) command translates a set of IP addresses to another set of IP addresses. SYNTAX: nat ( if_name) nat_id local_ip [netmask] (if_name) The internal network interface name. nat_id The ID number to match with the global address pool. local_ip The IP address that is translated. This is usually the inside network IP address. netmask Network mask for the local IP address. There are two types of NATing: -Static: For ex. There is a google server and we dont want to make its IP address public so we change its IP address using nat command in firewall and now user will logon to this new IP . This results in more security as every time it has to pass through firewall.
97
System & Network Administration - Dynamic: If there are lots of PCs in a network and all want to access the internet , it is not easy that every PC is being provided with independent public IP so at firewall level we change every PCs pvt Ip with public IP. Examples: nat (inside) 1 10.10.10.0 255.255.255.0 nat (inside) 1 172.16.1.0 255.255.255.0 global Command The global command is used to define the address or range of addresses that the addresses defined by the nat command are translated into. It is important that the nat_id be identical to the nat_id used in the nat command. The nat_id pairs the IP address defined by the global and nat commands so that network translation can take place. SYNTAX: global ( if_name) nat_id global_ip | global_ip-global_ip [netmask] (if_name) The external network where you use these global addresses. nat_id Identifies the global address and matches it with the nat command it is pairing with. global_ip A single IP address. When a single IP address is specified, the firewall automatically performs Port Address Translation (PAT). global_ip-global_ip Defines a range of global IP addresses to be used by the firewall to NAT. netmask The network mask for the global IP address(es).
14.6 INTRUSION DETECTION SYSTEM (IDS)

An IDS is a security counter measure. It monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases the IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network A firewall simply blocks openings into your network/system, but cannot distinguish between good/bad activity. Therefore, if you need to allow an opening to a system (like a web-server), then a firewall cannot protect against intrusion attempts against this opening. In contrast, intrusion detection systems can monitor for hostile activity on these openings.
14.6.1 HIDS
Host Intrusion Detection Systems run on individual hosts or devices on the network. A HIDS monitors the inbound and outbound packets from the deviceonly and will alert the user or administrator of suspicious activity if detected.
14.6.2 NIDS
98
System & Network Administration Network Intrusion Detection Systems are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. Ideally you would scan all inbound and outbound traffic, however doing so might create a bottleneck that would impair the overall speed of the network. When an unauthorized user logs in successfully, or attempts to log in, they are best tracked with host-based IDS. However, detecting the unauthorized user before their log on attempt is best accomplished with network-based IDS. 14.6.2.1 There are four basic techniques used to detect intruders: -Anomaly detection - misuse detection (signature detection) - target monitoring
14.6.3 Anomaly Detection

Designed to uncover abnormal patterns of behavior the IDS establishes a baseline of normal usage patterns, and anything that widely deviates from it gets flagged as a possible intrusion. An example of this would be if a user logs on and off of a machine 20 times a day instead of the normal 1 or 2. Also, if a computer is used at 2:00 AM when normally no one outside of business hours should have access, this should raise some suspicions. At another level, anomaly detection can investigate user patterns, such as profiling the programs executed daily. If a user in the graphics department suddenly starts accessing accounting programs or compiling code, the system can properly alert its administrators.
14.6.4 Misuse Detection or Signature Detection

This method uses specifically known patterns of unauthorized behavior to predict and detect subsequent similar attempts. These specific patterns are called signatures. For host-based intrusion detection, one example of a signature is "three failed logins."
14.6.5 Target Monitoring

These systems do not actively search for anomalies or misuse, but instead look for the modification of specified files. This is more of a corrective control, designed to uncover an unauthorized action after it occurs in order to reverse it. One way to check for the covert editing of files is by computing a cryptographic hash beforehand and comparing this to new hashes of the file at regular intervals. This type of system is the easiest to implement, because it does not require constant monitoring by the administrator. Integrity checksum hashes can be computed at whatever intervals you wish, and on either all files or just the mission/system critical files
14.6.6 Passive IDS
99
System & Network Administration A passive IDS simply detects and alerts. When suspicious or malicious traffic is detected an alert is generated and sent to the administrator or user and it is up to them to take action to block the activity or respond in some way.
14.6.7 Reactive IDS

A reactive IDS will not only detect suspicious or malicious traffic and alert the administrator, but will take pre-defined proactive actions to respond to the threat. Typically this means blocking any further network traffic from the source IP address or user. IDS is required to be properly configured to recognize what is normal traffic on your network vs. what might be malicious traffic and you, or the administrators responsible for responding to IDS alerts, need to understand what the alerts mean and how to effectively respond.
15. WLAN (WIRELESS LAN)

In a traditional LAN each computer physically connects to the network via wires and a network port. A Wireless Local Area Network (WLAN) is a network that provides the same services but without the need for physical connections between the computers and the network. Wireless LANs offer many advantages over traditional wired networks, such as mobility, flexibility, scalability and speed, simplicity and reduced cost of installation. A WLAN typically uses radio waves, which allow network PC cards plugged into a PC/laptop to connect to a traditional Ethernet LAN. 100
System & Network Administration IEEE developed the 802.11 standards to provide wireless networking technology like the wired Ethernet.
15.1 STANDARDS
IEEE developed the 802.11 standards to provide wireless networking technology. With timeto-time development in the field of technology three standards has been finalized. 802.11(a), 802.11(b), 802.11(g)
Table 15.1
15.2 TOPOLOGIES
There are two topologies on which WLAN works: -Infrastructure Network - Ad hoc Network
15.2.1 INFRASTRUCTURE NETWORK

It is useful for providing wireless coverage of building or campus areas. This is a topology used when there are many access points in a single location. By deploying multiple Access Points (APs) with overlapping coverage areas, organizations can achieve broad network coverage. . A laptop or other mobile device may move from AP to AP while maintaining access to the resources of the LAN. Each client is equipped with wireless network interface card (NIC) that consists of the radio transceiver and the logic to interact with the client machine and software. While the AP is essentially a radio transceiver on one side and the wired backbone on the other.
101
Figure 15.1
15.2.2 ADHOC NETWORK

This topology is used when we have to interconnect mobile devices that are in the same area (e.g., in the same room). In this architecture, client stations are grouped into a single geographic area and can be Internet-worked without access to the wired LAN (infrastructure network). The ad hoc configuration is similar to a peer-to-peer office network in which no node is required to function as a server. In ad hoc there is no need of any AP as all devices are wirelessly connected to each other.
Figure 15.2
16. Integrated Services Digital Network (ISDN)

ISDNs primary goal is the integration of voice and no voice services. 102
System & Network Administration ISDN is actually a set of communication protocols proposed by telephone companies that allows them to carry a group of digital services that simultaneously convey data, text, voice, music, graphics, and video to end users, and it was designed to achieve this over the telephone systems already in place.
16.1 There are two types of channels:

- B channel -D channel
16.1.1 B channel
Bearer channels (B channels) are used to transport data. B channels are called bearer channels because they bear the burden of transporting the data. B channels operate at speeds of up to 64 kbps.
16.1.2 D channel
D channels are used for signaling. They are used to establish the session before the data is actually transfer.
16.2 ISDN INTERFACES

Types of ISDN interfaces: - Basic Rate Interface (BRI) -Primary Rate Interface (PRI). Both BRI and PRI provide multiple digital bearer channels over which temporary connections can be made and data can be sent.
16.2.1 BRI: ISDN Basic Rate Interface (BRI, also known as 2B+1D) service provides two B
channels and one D channel. The BRI B-channel service operates at 64Kbps and carries data, while the BRI D-channel service operates at 16Kbps and usually carries control and signaling information.
16.2.2 PRI: According to American standards , the ISDN Primary Rate Interface (PRI, also
known as 23B+D1) service delivers 23 64Kbps B channels and one 64Kbps D channel for a total bit rate of up to 1.544Mbps. And according to European standards, ISDN provides 30 64Kbps B channels and one 64Kbps D channel for a total bit rate of up to 2.048Mbps.
16.3 ISDN Function Groups and Reference Points

-Function groupA set of functions implemented by a device and software - Reference pointThe interface between two function groups, including cabling Details 103
Figure 16.1 Router A is ordered with an ISDN BRI U reference point, referring to the I.430 reference point defining the interface between the customer premises and the ISP. Router B is bought with an ISDN BRI S/T interface, implying that it must be cabled to a function group NT1 device. An NT1 function group device must be connected to the ISP line through a U reference point; the S/T interface defines the connection to Router B. Router B is called a TE1 (Terminal Equipment 1) function group device. Non-ISDN equipment is called a TE2 (Terminal Equipment 2) device and is attached using the R reference point to a terminal adapter (TA) function group device. Alternatively, a TE1 can connect using an S reference point to an NT2 function group,
16.4 Function Groups:

- TE1 (Terminal Equipment 1) ISDN-capable four-wire cable. Understands signaling and 2B+D. Uses an S reference point. -TE2 (Terminal Equipment 2): Equipment that does not understand ISDN protocols and specifications (no ISDN awareness). Uses an R reference point, typically an RS-232 or V.35 cable, to connect to a TA - TA (Terminal adapter): Equipment that uses R and S reference points. Can be thought of as the TE1 function group on behalf of a TE2. - NT1 (Network Termination): Connects with a U reference point (two-wire) to the ISP. Connects with T or S reference points to other customer premises equipment. T between NT2 and NT1. U between NT1 and ISP. .
104
Table of Contents
1. Introduction to Microsoft Server 1
1.1 What is Server ..........................................................................................................................................1 1.2 Windows Server 2008 Editions..........................................................................................................3

1.2.1 Windows Server 2008 Standard ......................................................................................................... 3 1.2.2 Windows Server 2008 Enterprise ....................................................................................................... 3 1.2.3 Windows Server 2008 Datacentre ..................................................................................................... 4 1.2.4 Windows Web Server 2008.................................................................................................................. 4 1.2.5 Windows Server 2008 for Itanium-based Systems ...................................................................... 4 1.2.6 Windows Server 2008 Standard without Hyper-V ....................................................................... 4 1.2.7 Windows Server 2008 Enterprise Without Hyper-V .................................................................... 4 1.2.8 Windows Server 2008 Datacentre without Hyper-V.................................................................... 4
1.3 Hardware Requirement ........................................................................................................................5 1.4 Windows Server 2008 Editions - Features ....................................................................................6
1.4.1 New and Updated Features in Windows Server 2008 ................................................................ 6
1.5 Edition Comparison by Server Role ................................................................................................7 1.6 Edition Comparison by Server Core Installation Option ........................................................8
105

1.7 Differentiated Feature Comparison by Edition ..........................................................................8 1.8 Edition Comparison by Technical Specification ...................................................................... 10 1.9 Edition Comparison by Distribution Channel .......................................................................... 11 1.10 Edition Comparison by Language .............................................................................................. 12 1.11 History of Microsoft Server ........................................................................................................... 13 1.12 Computers can be divided into two models ......................................................................... 13
1.12.1 Workgroup Model.............................................................................................................................. 13 1.12.2 Domain Model..................................................................................................................................... 14 2. Active Directory 15
2.1 Domain..................................................................................................................................................... 16 2.2 Trees .......................................................................................................................................................... 16 2.3 User management ............................................................................................................................... 16

2.3.1 Local User ................................................................................................................................................ 16 2.3.2 Domain User ........................................................................................................................................... 16
2.4 Password Policy .................................................................................................................................... 16

2.4.1 Account Lockout Policy....................................................................................................................... 17
2.5 Forest ........................................................................................................................................................ 17 2.6 Roles of Active Directory .................................................................................................................. 18

2.6.1 Naming Master ...................................................................................................................................... 18 2.6.2 Schema Master ...................................................................................................................................... 18 2.6.3 RID Master............................................................................................................................................... 18 2.6.4 PDC Emulator ......................................................................................................................................... 18 2.6.5 Infrastructure Master ........................................................................................................................... 19 2.6.5 Global Catalog ....................................................................................................................................... 19
2.7 Group Policy .......................................................................................................................................... 19 2.8 Sites ........................................................................................................................................................... 19 2.9 Domains................................................................................................................................................... 19 2.10 Organizational units (OUs) ............................................................................................................ 19
2.10.1 Delegating Group Policy Administration .................................................................................... 20
2.11 Trust relationship .............................................................................................................................. 20

2.12.1 Forest Trusts ......................................................................................................................................... 21 2.12.2 Domain Trusts...................................................................................................................................... 21
2.13 Domain Functional Levels .............................................................................................................. 22 2.14 Forest Functional Levels ................................................................................................................. 23 2.15 Read-Only Domain Controllers ................................................................................................... 23
3. SERVERS 24
3.1 Dynamic Host Configuration Protocol (DHCP) ....................................................................... 24 3.2 Scopes ...................................................................................................................................................... 25 3.3 Domain Name System ....................................................................................................................... 25
3.3.1 Zones ........................................................................................................................................................ 25 3.3.2 Zone Types.............................................................................................................................................. 25 3.3.3 Zone Files ................................................................................................................................................ 26 3.3.4 Zone Resource Records ...................................................................................................................... 26 3.3.5 Dynamic Update.................................................................................................................................... 27
3.4 Internet Information Services ......................................................................................................... 27

3.4.1 URL Authorization Rules ..................................................................................................................... 28 3.4.2 Installing IIS............................................................................................................................................. 28
3.5 Hypertext Transfer Protocol Secure (HTTPS) ........................................................................... 29 3.6 File Transfer Protocol ......................................................................................................................... 30
106

3.6.1 Do Not Isolate Users ............................................................................................................................ 30 3.6.2 Isolate Users ........................................................................................................................................... 30 3.6.3 Isolate Users Using Active Directory ............................................................................................... 30
3.7 Terminal Services Servers ................................................................................................................. 31

3.7.1 Modes of terminal services ................................................................................................................ 31 3.7.2 Terminal Services Sessions................................................................................................................. 31 3.7.3 Terminal Services Session Broker .................................................................................................... 32 3.7.4 Terminal Services Licensing ............................................................................................................... 32
3.8 Windows Deployment Services ..................................................................................................... 33

3.8.1Types of boot images ........................................................................................................................... 34 3.8.2 Install Images ......................................................................................................................................... 34 3.8.3 WDS Requirements .............................................................................................................................. 34
3.9 Remote Access Services .................................................................................................................... 35

3.9.1 PPTP .......................................................................................................................................................... 35 3.9.2 L2TP ........................................................................................................................................................... 36 3.9.3 SSTP ........................................................................................................................................................... 36
3.10 Disk Storage Management ........................................................................................................... 36

3.10.1 Basic Disks............................................................................................................................................. 36 3.10.2 Dynamic Disks ..................................................................................................................................... 36 3.10.3 The five types of dynamic volumes .............................................................................................. 37
3.11 RAID ........................................................................................................................................................ 38

4. INTRODUCTION TO LINUX 40
4.1 Salient Features of LINUX................................................................................................................. 40 4.2 Advantages of Linux ........................................................................................................................ 43 4.3 LINUX INSTALLATION ........................................................................................................................ 44
4.3.1 Types of installation Method ............................................................................................................ 45 4.3.2 Types of Boot loader............................................................................................................................ 45
4.4 Hard Disk Partitioning Method ...................................................................................................... 45 4.5 Type of X-Window System (Desktop) ...................................................................................... 45
5. LINUX KERNEL & SHELL 45
5.1 KERNEL ..................................................................................................................................................... 45 5.2 SHELL ........................................................................................................................................................ 46

5.2.1 Feature of Shell: ..................................................................................................................................... 46 5.2.2 Types of Shell in Linux ......................................................................................................................... 46
5.3 Linux Utilities and Application Program .................................................................................... 46 5.4 LINUX SUPPORTED FILE SYSTEMS ............................................................................................... 46
5.4.1 MS-DOS, VFAT, and UMSDOS .......................................................................................................... 46 5.4.2 ISO 9660 CDROM ................................................................................................................................. 47 5.4.3 Minix.......................................................................................................................................................... 47 5.4.4 NTFS .......................................................................................................................................................... 47 5.4.5 OS/2 HPFS ............................................................................................................................................... 47 5.4.6 /proc.......................................................................................................................................................... 47 5.4.7 /dev/pts.................................................................................................................................................... 47 5.4.8 ROM .......................................................................................................................................................... 47 5.4.9 Second Extended (ext2) ...................................................................................................................... 47 5.4.10 Third Extended (ext3) ........................................................................................................................ 47 5.4.11 NFS .......................................................................................................................................................... 47 5.4.12 SMB ......................................................................................................................................................... 47 5.4.13 NCP ......................................................................................................................................................... 47
5.5 File system .............................................................................................................................................. 47

5.5.1 File system Hierarchy Standard ........................................................................................................ 47
5.6 IMPORTANT FILE TYPES .................................................................................................................... 48
107

5.6.1 $HOME ..................................................................................................................................................... 48 5.4.2 $PATH ....................................................................................................................................................... 48
5.4.3 $PATH ................................................................................................................................................... 49

6. LOGICAL VOLUME MANAGER (LVM) 50
6.1 Physical Volume (PV).......................................................................................................................... 51

6.2.1 Physical Extents (PE) ............................................................................................................................. 51
6.3 Filesystem ............................................................................................................................................... 53

7. X WINDOW SYSTEM 54
7.1 Web Browsers ....................................................................................................................................... 54 7.2 Mail Clients ............................................................................................................................................. 54 7.3 Office Application ................................................................................................................................ 54 7.4 GUI Editors .............................................................................................................................................. 54
8. LINUX NETWORKING 56
8.1 Some Basic Networking Command........................................................................................... 56

8.1.1 Ping............................................................................................................................................................ 56 8.1.2 Traceroute ............................................................................................................................................... 56 8.1.3 Netstat ...................................................................................................................................................... 56 8.1.4 ifup/ifdown ............................................................................................................................................. 57 8.1.5 Ifconfig ..................................................................................................................................................... 57 9. LINUX AS ROUTER 58
9.1 The steps ................................................................................................................................................. 58

10. LINUX AS FIREWALL 59
10.1 Types of Firewall ................................................................................................................................ 59 10.2 Iptables & netfilter............................................................................................................................ 59 10.3 Iptables syntax and commands .................................................................................................. 60
11. SERVERS 61
11.1DNS SERVER ......................................................................................................................................... 61

11.1.1 Types of DNS server .......................................................................................................................... 61 11.1.2 Service Profile: DNS ........................................................................................................................... 61
11.2 DHCP SERVER ..................................................................................................................................... 62 11.3 APACHE WEB SERVER ..................................................................................................................... 64

11.3.1 Service profile: Apache ..................................................................................................................... 64 11.3.2 Installing the Apache Server ........................................................................................................... 64
11.4 Network File System (NFS) ............................................................................................................ 64

11.4.1 Required Packages ............................................................................................................................. 65 11.4.2 Service Profile: NFS ............................................................................................................................ 65
11.5 NFS Server & client .......................................................................................................................... 66 11.6 Samba Server ...................................................................................................................................... 67
11.6.1 These are the four Samba RPM packages that you need ..................................................... 68 11.6.2 Service Profile: Samba ....................................................................................................................... 68 11.6.3 SAMBA SERVER ................................................................................................................................... 68 11.6.4 SAMBA SERVER SHAREING PRINTER, FILE & DIRECTORY .................................................... 69 12. INTRODUCTION TO NETWORKING 70
12.1 Definition .............................................................................................................................................. 70 12.2 A network consists of a .................................................................................................................. 70 12.3 Requirement of Networking ......................................................................................................... 70
108

12.3.1 Resource sharing ................................................................................................................................ 70 12.3.2 High reliability ..................................................................................................................................... 70 12.3.3 Scalability .............................................................................................................................................. 70
12.4 TYPES OF NETWORKS ..................................................................................................................... 71

12.4.1 LAN (LOCAL AREA NETWORK) ....................................................................................................... 71 12.4.2 LAN SETUP ............................................................................................................................................ 72
12.5 WAN (WIDE AREA NETWORK) .................................................................................................... 72

12.5.1 Three types of approaches are used to connect WANs ........................................................ 73
12.6 NETWORK MODELS ......................................................................................................................... 73

12.6.1 The following list summarizes the benefits of layered protocol Specifications ............. 74
12.7 OSI NETWORK MODEL ................................................................................................................... 74

12.7.1 Functions of Network Layers in Brief ........................................................................................... 75 13. IP ADDRESSING 77
13.1 There are five IP classes .................................................................................................................. 77

13.1.1 Class A .................................................................................................................................................... 77 13.1.2 Class B .................................................................................................................................................... 77 13.1.3 Class C .................................................................................................................................................... 77 13.1.4 Class D.................................................................................................................................................... 78 13.1.5 Class E .................................................................................................................................................... 78
13.2 Private IP ............................................................................................................................................... 78 13.3 MASKING .............................................................................................................................................. 78 13. 4 SUBNETTING ...................................................................................................................................... 78 13.5 Some terminologies those are used with networking models ...................................... 79
13.5.1 Collision Domain................................................................................................................................. 79 13.5.2 Broadcast Domain .............................................................................................................................. 79 13.5.3 MAC ........................................................................................................................................................ 79 13.5.4 Burned-in address .............................................................................................................................. 79 13.5.5 Unicast address ................................................................................................................................... 79
13.6 PASSIVE COMPONENTS ................................................................................................................. 79 13.7 CABLES ................................................................................................................................................... 79

13.7.1 Twisted pair .......................................................................................................................................... 79 13.7.2 Coaxial.................................................................................................................................................... 80 13.7.3 Fiber Optic ............................................................................................................................................ 81
13.8 PATCH PANEL ..................................................................................................................................... 83

13.8.1 NEED OF PATCH PANEL ................................................................................................................... 83
13.9 PATCH CORD ...................................................................................................................................... 83

13.9.1 RACK ....................................................................................................................................................... 83 13.9.2 Cabling Guidelines ............................................................................................................................. 83 13.9.3 Wiring Closet Connections .............................................................................................................. 84
13.10 NETWORKING DEVICES ............................................................................................................... 84 13.11 NETWORK INTERFACE CARD .................................................................................................... 84

13.11.1 HUB....................................................................................................................................................... 85 13.11.2 SWITCH ............................................................................................................................................... 85 13.11.3 ROUTER ............................................................................................................................................... 86 14. ROUTER 88
14.1 ROUTER INTERNAL COMPONENTS .......................................................................................... 88

14.1.1 ROM ........................................................................................................................................................ 88 14.1.2 FLASH MEMORY ................................................................................................................................. 88 14.1.3 RAM ........................................................................................................................................................ 88 14.1.4 NVRAM .................................................................................................................................................. 88
14.2 ROUTERS NETWORK INTERFACES ............................................................................................ 88
109

14.3 CONFIGURING THE ROUTER ........................................................................................................ 89
14.3.1 There are three methods for configuring the router .............................................................. 89 14.3.2 Configuring Router through Console port ................................................................................. 89
14.4 ROUTING PROTOCOLS ................................................................................................................... 92

14.4.1 ROUTING INFORMATION PROTOCOL (RIP) .............................................................................. 92 14.4.2 IGRP ........................................................................................................................................................ 94 14.4.3 IP ACCESS LIST .................................................................................................................................... 94
14.5 FIREWALL .............................................................................................................................................. 95

14.5.1 There are three different types of firewall technologies ........................................................ 95 14.5.2 Packet filtering inspects packet only for following elements............................................... 95 14.5.3 CONFIGURING THE FIREWAL ......................................................................................................... 96
14.6 INTRUSION DETECTION SYSTEM (IDS) .................................................................................... 98

14.6.1 HIDS ........................................................................................................................................................ 98 14.6.2 NIDS ........................................................................................................................................................ 98 14.6.3 Anomaly Detection ............................................................................................................................ 99 14.6.4 Misuse Detection or Signature Detection .................................................................................. 99 14.6.5 Target Monitoring .............................................................................................................................. 99 14.6.6 Passive IDS ............................................................................................................................................ 99 14.6.7 Reactive IDS....................................................................................................................................... 100 15. WLAN 100
15.1 STANDARDS ..................................................................................................................................... 101 15.2 TOPOLOGIES .................................................................................................................................... 101

15.2.1 INFRASTRUCTURE NETWORK ..................................................................................................... 101 15.2.2 ADHOC NETWORK .......................................................................................................................... 102 16. Integrated Services Digital Network 102
16.1 There are two types of channels .............................................................................................. 103

16.1.1 B channel ............................................................................................................................................ 103 16.1.2 D channel ........................................................................................................................................... 103
16.2 ISDN INTERFACES .......................................................................................................................... 103

16.2.1 BRI ........................................................................................................................................................ 103 16.2.2 PRI ........................................................................................................................................................ 103
16.3 ISDN Function Groups and Reference Points .................................................................... 103 16.4 Function Groups ............................................................................................................................. 104
110

Report

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Report

Загружено:

Авторское право:

Доступные форматы

System & Network Administration

1. Introduction to Microsoft Server

1.1 What is Server

System & Network Administration

1.2 Windows Server 2008 Editions

1.2.1 Windows Server 2008 Standard

1.2.2 Windows Server 2008 Enterprise

System & Network Administration

1.2.3 Windows Server 2008 Datacentre

1.2.4 Windows Web Server 2008

1.2.5 Windows Server 2008 for Itanium-based Systems

1.2.6 Windows Server 2008 Standard without Hyper-V

1.2.7 Windows Server 2008 Enterprise Without Hyper-V

1.2.8 Windows Server 2008 Datacentre without Hyper-V

1.3 Hardware Requirement

System & Network Administration

1.4 Windows Server 2008 Editions - Features

1.4.1 New and Updated Features in Windows Server 2008

Internet Information Services 7.0

Windows Deployment Services Server Core

System & Network Administration - Available - Not Available

1.5 Edition Comparison by Server Role

1.6 Edition Comparison by Server Core Installation Option

Table 1.4 - Full - Partial/Limited - Not Available

1.7 Differentiated Feature Comparison by Edition

ADFS WebAgent Directory uIDM

Simple SAN Management LPR Port Monitor

1.8 Edition Comparison by Technical Specification

Host + 1 Gues Unlimit VM t ed 2 2 2

1.9 Edition Comparison by Distribution Channel

Retail (FPP) FPP

OEM MNA OEM

IOEM SBS (System Builder / COEM) MSDN TechNet Partner Program

IT Academy Microsoft (MSPP)

Microsoft Action Pack (MAPS)

Table 1.7 - Available - Not Available

System & Network Administration

1.10 Edition Comparison by Language

System & Network Administration

1.11 History of Microsoft Server

1.12 Computers can be divided into two models

1.12.2 Domain Model

System & Network Administration

2.3 User management

2.3.2 Domain User

2.4 Password Policy

2.4.1 Account Lockout Policy

2.6 Roles of Active Directory

2.6.2 Schema Master

2.6.3 RID Master

SID ( Security Identifier) = DID (Domain Identifier) + RID ( Relative Identifier)

2.6.4 PDC Emulator

System & Network Administration

2.6.5 Infrastructure Master

2.6.5 Global Catalog

2.7 Group Policy

2.10 Organizational units (OUs)

System & Network Administration

2.10.1 Delegating Group Policy Administration

2.11 Trust relationship

2.12.1 Forest Trusts

2.12.2 Domain Trusts

System & Network Administration