Network Operating Systems and Windows 2000-Based Networking Chapter Eight Network Operating Systems and Windows 2000-Based Networking
Objectives Discuss the functions and features of a networking operating system Define the requirements for a Windows 2000 network environment Describe how a Windows 2000 server fits into an enterprise-wide network
Objectives Perform a simple Windows 2000 Server installation Manage simple user, group, and rights parameters in Windows 2000 Server Understand how Windows 2000 Server integrates with other popular network operating systems
Introduction to Network Operating Systems Selecting a network operating system Is it compatible with existing infrastructure? Will it provide the security required by the network’s resources? Can the technical staff manage it effectively? Will existing applications run smoothly on it?
Introduction to Network Operating Systems Selecting a network operating system (cont.) Will it accommodate future growth (that is, is it scalable)? Does it support additional services the network’s users require? How much does it cost? What type of support can be expected from the manufacturer?
Network Operating Systems and Servers How many clients will connect to the server? What kind of applications will run on the server? How much storage space will each user need? How much down time is acceptable? What can the organization afford?
Network Operating System Services and Features Client support Creating client accounts and enabling them to connect to the network Managing client accounts Enabling clients to share resources Managing client access to shared resources Enabling clients to communicate with other clients
Client/Server Communication Redirector Service that runs on a client workstation and determines whether the client’s request should be handled by the client or the server Authentication Process whereby a network operating system verifies that a client’s user name and password are valid and allows the client to log onto the network
Client/Server Communication Figure 8-1: A client connecting to a network operating system
Client/Server Communication Middleware Software that sits between the client and server in a 3-tier architecture Thin client Type of software that enables a client to accomplish functions over a network while utilizing little of the client workstation’s resources and, instead, relying on the server to carry the processing burden
Client/Server Communication Figure 8-2: Middleware between clients and a server
Users and Groups To more easily manage network access, you can combine users with similar needs and restrictions into groups Table 8-1: Providing security through groups
Directories Directory Object Attributes List that organizes resources and associates them with other properties, or characteristics Object Representation of a thing or person associated with the network Attributes Properties associated with an object
Directories Containers Account Tree Logically defined receptacles that serve only to assemble similar objects Account The record of a user that contains all of his or her properties Tree Logical representation of multiple, hierarchical levels in a directory
Figure 8-3: A directory tree Directories Figure 8-3: A directory tree
Figure 8-4: Two possible tree for the same organization Directories Figure 8-4: Two possible tree for the same organization
File System An operating system’s method of organizing, managing, and accessing its files through logical structures and software routines Be careful not to confuse file systems with directories A file system interacts with the operating system A directory organizes files so that a user can find them on a hard disk
FAT (File Allocation Table) Original PC file system designed in the 1970s to support floppy disks and, later, hard disks FAT16 File system designed for use with early DOS- and Windows-based computers FAT32 Enhanced version of FAT16 that accommodates the use of longer filenames and smaller allocation units on a disk
Significant FAT16 Characteristics Partitions or files cannot exceed 2 GB (when used with Windows 2000 file system, cannot exceed 4 GB) Uses 16-bit fields to store file size information Without additional utilities, supports only filenames with maximum of eight characters in the name and three in the extension
Significant FAT16 Characteristics Characterizes files on a disk as Read, Write, System, Hidden, or Archive A FAT16 drive stores data in noncontiguous blocks and uses links between fragments to ensure that data belonging to the same file, for example, can be pieced together when the file is requested by the operating system Because of its low overhead, it can write data to a hard disk very quickly
Significant FAT32 Characteristics Uses 28-bit fields to store file size information Supports long filenames Theoretically supports partitions up to 2 Terabytes in size Partitions can be easily resized without damaging data Provides greater security than FAT16 Supported by Windows 9x, Windows Me, and Windows 2000
HPFS High-Performance File System File system originally designed for IBM’s OS/2 operating system Offers greater reliability and efficiency than FAT Supports extended attributes
Sharing Applications One significant advantage of the client/server relationship is the ability to share resources Shared applications are often stored on a file server specifically designed to run applications For some applications, you can purchase a site license For a fixed price, a site license allows any number of users on one location to legally access that application
Figure 8-5: Shared printers on a network Sharing Printers Figure 8-5: Shared printers on a network
Sharing Printers All NOSs can: Create an object that identifies printer to rest of network Assign printer a unique name Install drivers associated with printer Modify printer attributes Establish or limit access to printer Remotely test and monitor functionality Update and maintain printer drivers
Figure 8-6: NetWare printer identification screen Sharing Printers Figure 8-6: NetWare printer identification screen
Sharing Printers Printer queue Logical representation of printer’s input and output Figure 8-7: Client issuing a job to a networked printer
Managing System Resources: Memory Physical memory Refers to (RAM) chips installed on computer’s system board that provide dedicated memory to that machine Virtual memory Logically carved out of space on hard disk and added to physical memory Stored on hard disk as a page file (or swap file) Paging Process of moving pages between RAM and into a page file on disk
Managing System Resources: Multitasking Ability of a processor to perform many different operations in a brief period of time Preemptive multitasking Type of multitasking supported by NetWare, UNIX, and Windows 2000 Performs one task at a time
Managing System Resources: Multiprocessing Routine of sequential instructions that runs until it has achieved its goal Thread Self-contained, well-defined task within a process Multiprocessing Support and use of multiple processors to handle multiple threads
Managing System Resources: Multiprocessing Symmetric multiprocessing Splits all operations equally among two or more processors Asymmetric multiprocessing Assigns each subtask to a specific processor
Introduction to Windows 2000 Server Windows 2000 Server serves as a redesign and enhancement of Windows NT Server Windows NT was a popular NOS known for its intuitive graphical user interface (GUI) Windows 2000 Server carries on many of the advantages of Windows NT Server, plus provides additional features and capabilities (see next slide) Windows 2000 Advanced Server offers same benefits and features as Windows 2000 Server, but adds support for clustering
Some Benefits of Windows 2000 Server NOS Advanced system of organizing and managing network objects, called Active Directory Multiple, integrated Web services with easy to use administrator interface Support for great deal of RAM and multiple processors Support for multiple, modern protocols and security standards Excellent integration with other NOSs Simple, centralized management of multiple clients Flexible, customizable network management interface
Why Choose Windows 2000 Server? Windows 2000 Server is a popular NOS because it addresses most of a network administrator’s needs very well Its customizable graphical administrative interface called, the Microsoft Management Console (MMC), makes Windows 2000 Server a simple operating system to manage
Windows 2000 Server Hardware Important resource for determining what kind of Windows 2000 hardware to purchase is Microsoft’s Hardware Compatibility List (HCL) Table 8-2: Minimum hardware requirements for Windows 2000 Server
Windows 2000 Server Memory Model Figure 8-8: Viewing virtual memory
Windows 2000 File Systems In addition to FAT, FAT32, and HPFS file systems, Windows 2000 Server supports other file systems, including: CDFS (CD-ROM File System) Used to read from and write to a CD-ROM disk Universal Disk Format (UDF) Another file system used on CD-ROM and DVD media NTFS (New Technology File System) Developed for Windows NT platform With release of Windows 2000, Microsoft updated NTFS to version 5
NTFS Features Filenames can be maximum of 256 characters long Stores file size information in 64-bit fields Files or partitions can be as large as 16 exabytes Required for Macintosh connectivity
NTFS Features Incorporates sophisticated, customizable compression routines Keeps a log of file system activity to facilitate recovery if a system crash occurs Required for encryption and advanced access security for files, user accounts, and processes Improves fault tolerance through RAID and system file redundancy
Microsoft Management Console (MMC) Tools added to MMC interface are known as snap-ins Figure 8-9: MMC Window
Active Directory Schema Set of definitions of kinds of objects and information associated with those objects that the Active Directory database can contain Figure 8-10: Active Directory and a simple user schema
Active Directory Active Directory’s schema may contain two types of definitions: Classes Also known as object classes Identifies what type of objects can specified in Active Directory Attributes Property associated with an object
Workgroups Group of interconnected computers that share each other’s resources without relying on a central server Figure 8-11: A Windows workgroup network
Domains Group of users, servers, and other resources that share a database of account and security information Figure 8-12: Multiple domains in one organization
Domains Domain controller Member server Replication Windows 2000 server that contains a replica of the Active Directory Member server Does not hold directory information and, therefore, cannot authenticate users Replication Process of copying Active Directory data to multiple domain controllers
Figure 8-13: A Windows 2000 domain model network Domains Figure 8-13: A Windows 2000 domain model network
Organizational Units Container within an NOS directory used to group objects with similar characteristics or privileges Figure 8-14: A tree with multiple domains and OUs
Trees and Forests Domain tree Forest Group of hierarchically arranged domains that share a common namespace in Windows 2000 Active Directory At base of Active Directory tree is the root domain From root domain, child domains branch out to separate objects with the same policies Forest Collection of one or more domain trees
Trust Relationships Relationship between two domains in which one domain allows another domain to authenticate its users Active Directory supports two types of trust relationships: Two-way transitive trust Explicit one-way transitive trust
Two-Way Transitive Trust Security relationship between domains in same domain tree in which one domain grants every other domain in the tree access to its resources and, in turn, that domain can access other domains’ resources Figure 8-15: Two-way trusts between domains in a tree
Explicit One-Way Transitive Trust Type of trust relationship in which two domains that belong to different NOS directory trees are configured to trust each other Figure 8-16: Explicit one-way trust between domains in different trees
Naming Conventions Namespace Refers to complete database of hierarchical names used to map IP addresses to their hosts’ names Each object on a Windows 2000 network can have three different names: Distinguished name (DN) Relative distinguished name (RDN) User principal name (UPN) When creating a user account, user’s login name is added to a UPN suffix
Figure 8-17: Distinguished name and relative distinguished name Naming Conventions Figure 8-17: Distinguished name and relative distinguished name
Naming Conventions Naming conventions used by Windows 2000 follow those specified in the Lightweight Directory Access Protocol (LDAP) LDAP is a protocol for accessing network directories In addition to a DN, RDN, and UPN, each object has a globally unique identifier (GUID)
Planning for Installation: Preinstallation Decisions How many, how large, and what kind of partitions will the server requires? What type of file system will the server use? What will the server’s name be? Which protocols and network services should the server use? What will the Administrator password be?
Planning for Installation: Preinstallation Decisions Should the network use domains or workgroups, and, if so, what will they be called? Will the server support additional services? Which licensing mode should I choose? Per server Per seat How can I remember all of this information?
Planning for Installation Be prepared to: Read and accept the license agreement Identify your organization Provide your registration key Select the appropriate time and date Specify display settings Identify and supply drivers for hardware components
Planning for Installation: Windows NT Upgrade Considerations Back up the existing Windows NT server On Windows NT network including multiple servers and domain controllers, upgrade the Windows NT PDC to a Windows 2000 domain controller first Be certain to select “Upgrade to Windows 2000 (Recommended)” option on the first setup screen
Planning for Installation: Windows NT Upgrade Considerations If upgrading Windows NT PDC to Windows 2000 domain controller, indicate that you want to start a new domain or forest during the Active Directory Setup Wizard After all Windows NT servers on network are upgraded to Windows 2000 Server, convert domains to native mode Carefully follow upgrade instructions
Installing and Configuring a Windows 2000 Server Figure 8-18: Beginning with setup options
Installing and Configuring a Windows 2000 Server Figure 8-19: Selecting Windows 2000 components
Installing and Configuring a Windows 2000 Server Figure 8-20: Installing Components window
Initial Configuration After completing the Windows 2000 Server installation, the server is not yet ready to support clients on a network First, the software must be configured For instance, to assign it a place in the domain
Establishing Users, Groups, and Rights The Guest account is a predefined user account with limited privileges that allows a user to log onto the computer The Administrator account is a predefined user account that has the most extensive privileges for resources both on the computer and on the domain it controls A local account only has rights on the server they are logged onto A domain account has rights throughout the domain
Establishing Users, Groups, and Rights Figure 8-21: User account password properties
Establishing Users, Groups, and Rights A domain local group is one that allows its members access to resources within a single domain A global group allows its members access to resources within a single domain A universal group is one that allows its members to access resources across multiple domains and forests
Establishing Users, Groups, and Rights Figure 8-22: Creating a group
Establishing Users, Groups, and Rights Figure 8-23: The Program Files Properties dialog box
Internetworking with Other Network Operating Systems Gateway Services for NetWare (GSNW) Acts as a translator between the Windows 2000 and NetWare client redirector services Client Services for NetWare (CSNW) Can be installed on Windows 2000 clients to enable them to access NetWare servers Directory Services Migration Tool (DSMIGRATE) Enables network administrators to migrate accounts, files, and permissions from a NetWare NDS directory to the Windows 2000 Active Server Directory
Chapter Summary Network operating systems are entirely software-based and can run on a number of different hardware platforms and network topologies A redirector is inherent in both the network operating system and the client operating system When a client attempts to log on, the network operating system receives the client’s request for service and tries to match the user name and password with the name and password in its user database Users with similar needs and restrictions are collected in groups to more easily manage their access and privileges
Chapter Summary A directory is an NOS’s method of organizing and managing objects A file system is an operating system’s method of organizing, managing, and accessing its files through logical structures and software routines In order for clients to share a server application, the network administrator must assign user rights to the directories where the application’s files are installed NetWare, UNIX, and Windows 2000 Server perform preemptive multitasking Multiprocessing splits tasks among multiple processors to expedite the completion of any single instruction
Chapter Summary Windows 2000 supports any type of topology or protocol you are likely to run on a LAN Windows 2000 Server’s memory model assigns each process its own 32-bit memory area The description of object types, or classes, and their required and optional attributes that are stored in Active Directory is known as a schema Domains define a group of systems and resources that share common security and management policies
Chapter Summary When multiple domain controllers are used, a change to the database contained on one domain controller is copied to the databases on other domain controllers so that their databases are identical To collect domains into logical groups, Windows 2000 Server uses a domain tree Each tree, domain, container, and object has a unique name that becomes part of the namespace