Beruflich Dokumente
Kultur Dokumente
Myicon.ico
1. INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Definition of Computer Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2. Components of Data communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3. Types of computer networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.1. Local Area Networks (LANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.2. Metropolitan Area Network (MAN) . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.3. Wide Area Network (WAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.4. Virtual Private Network (VPN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.4.1. Protocols used in VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3.4.2. Internet-based VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3.4.3. Intranet-based VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3.5. Personal Area Network (PAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2. NETWORKING DEVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1. Repeater . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2. Hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.1.1. Passive Hubs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1.2. Active Hubs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 9 2.1.3. Intelligent Hubs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3. Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.4. Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.5. Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.6. Network Interface Card (Ethernet) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 12 2.7. Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.8. VoIP (Voice over Internet Protocol) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.8.1. Types of VoIP Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.9. Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 14 2.10. Connectors RJ 45 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 15 2.11. Direction of transmission or Data Flow . . . . . . . . . . . . . . . . . . . . . . . . .. 16 2.11.1. Simplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.11.2. Half-Duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.11.3. Full-Duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3. TRANSMISSION MEDIUM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.1. Unguided Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.2. Guided Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.3. Twisted-Pair Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.3.1. UTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3.2. STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.4. Coaxial cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.5. Optical Fiber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.6. Comparison of Different mode of Optical Fibers . . . . . . . . . . . . . . . . . . . 21
http://san24mca.blogspot.com/
4. TRANSMISSION IMPAIRMENT.. 22 4.1. Attenuation... 22 4.2. Distortion.. 22 4.3. Noise......... 23 4.3.1. Signal-to-Noise Ratio (SNR).... 23 4.3.2. Throughput.... 23 5. ACCESS POINT............................. 24 5.1 What is Wi-Fi?...............................................................................24 5.2 Types of Access Points..25 5.2.1 Motorola AP-5131..26 5.3 AP-5131 Configuration..28 6. SWITCH..35 6.1 TYPE OF SWITCHES ..35 6.1.1 Two-Layer Switches....35 6.1.2 Three-Layer Switches..36 6.2 LAN Switch Mechanism and Its Advantages37 6.3 VLAN.....37 6.3.1 Advantages of VLANs...38 6.3.2 Types of VLANs.38 7. NETWORK TOPOLOGY..39 7.1 Star Topology 39 7.2 Ring Topology ...40 7.3 Bus Topology 41 7.4 Mesh Topology .. 41 7.5 Tree Topology ...42 7.6 Hybrid Topology ...43 8. OSI REFERENCE MODEL44 8.1 Physical Layer ...45 8.2 Data Link Layer 46 8.3 Network Layer ..47 8.4 Transport Layer .47 8.5 Session Layer 48 8.6 Presentation Layer 48 8.7 Application layer ...49 9. FIREWALL.50 9.1 How Does Firewall Management Work?.......................................50 9.2 Firewall techniques50 9.2.1 Packet filtering firewall..50 9.2.2 Stateful firewall..51
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
9.2.3 Deep packet inspection firewall..51 9.2.4 Application-aware firewall..51 9.2.5 Application proxy firewall..51 9.3 Firewall Rules.52 9.4 Types of Firewall52 9.4.1 Software firewall.52 9.4.2 Hardware firewall..53 9.5 The Advantages and Disadvantages of Firewall .. 53 9.5.1 Advantages .53 9.5.2 Disadvantages .54 10. UTM..55 10.1 How UTM secures the network55 10.2 Advantages ..56 10.3 Features56 10.4UTM Appliance Benefits..............................................................56 11. PROTOCOL...57 11.1 FTP [File Transfer Protocol]57 11.1.1 Anonymous FTP58 11.1.2 How FTP Works?..........................................................58 11.2 TELNET [TErminaL NETwork]..58 11.3 Simple Mail Transfer Protocol (SMTP)......................... .............59 11.4 POP3.61
http://san24mca.blogspot.com/
3
UNIT -2
1.WEB SERVER .65 1.1 IIS...65 1.1.1 Installation...66 1.1.2 Security Features.70 1.2 Apache Web Server ..70 1.2.1 Features ..71 1.2.2 Use...71 2. TEMINAL SERVER72 2.1Terminal Services Architecture .72 2.1.1 Multi-user kernel ...72 2.1.2 Remote Desktop client 72 2.1.3 Terminal Services licensing service...72 2.1.4 Session Directory Services.72 2.2 Components73 2.3 Installation & Configuration Terminal Services75 2.4 How to connect client with Terminal server.82 2.5 Advantages.83 3. WINDOWS SERVER UPDATE SERVICES (WSUS)..84 3.1 Installation .84 3.1.1 Software Requirements .. 84 3.1.2 Minimum Hardware Requirements ...84 3.1.3 Installation Steps85 3.2 Configuring the network87 3.3 To specify the way this server will obtain updates87 3.4 Start WSUS87 3.4.1 Configure updates and synchronization.87 3.4.2 Configure client updates.88 4.BLADE SERVER.89 4.1 Need Of Blade Server.89 4.2 Features .89 4.2.1 Virtualization.89 4.2.2 Hot Swapping.90 4.2.3 Power..90 4.2.4 Cooling ..90 4.2.5 Storage90 4.2.6 LED Indicators...90 4.3 Specification...91 4.4 Components Of Blade Server.91 4.4.1.Chassis92 4.4.2 Management server 92 4.4.3 SAN & KVM. 92 4.5 RAID..93
http://san24mca.blogspot.com/
4.5.1. Advantages And Disadvantages Of Raid.94 4.6 Configuration. 954.6.1. Using the Configuration /Setup Utility program....95 4.6.2. Using the PXE boot agent utility program ....97
4.7 Configuring The Gigabit Ethernet Controllers .97
4.8. Blade Server Advantages And Disadvantages.........98 4.8.1. Advantages........98 4.8.2. Disadvantages........99 5. DHCP Server...100 5.1 Installing DHCP Server is very easy in win server 2003.101 5.2 Configuring DHCP...110 5.3 Advantages and Disadvantages ...112
http://san24mca.blogspot.com/
UNIT 1 NETWORKING
http://san24mca.blogspot.com/
1. INTRODUCTION
A network is a set of machines/devices (often referred to as nodes) connected by communication links to communicate with each other. A node can be a computer, printer, or any other device capable of sending and/or receiving data generated by other nodes on the network.
Two machines may be directly connected, or can communicate through other machines Some machines are sources and destinations of data. Some devices do not generate data, but facilitate in the transfer (ex. a router) Networks are an interconnection of two or more computers such that they can share resources and information. These computers can be linked together using a wide variety of Cables, or telephone, or through satellites.
Two computer are interconnected if they are able to exchange information Two computers are autonomous if they are capable of operating independently, that is, neither is capable of forcibly starting, stopping, or controlling the other.
of
Data
1. Message : The message is the information (data) to be communicated. Popular 2. 3. 4. SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
5.
form of information includes text, numbers, pictures, audio, and video. Sender : The sender is the device that sends the data message. It can be a computer, workstation, telephone handset, video camera, and so on. Receiver : The receiver is the device that receives the message. It can be a computer, workstation, telephone handset, video camera, and so on. Transmission medium : The transmission medium is the physical path by which a message travels from sender to receiver. Example of Transmission media include twisted pair wire, coaxial cable, fiber-optic cable, and radio waves. Protocol : A protocol is a set of rules that govern data communications. It
represents an agreement between the communicating devices. Without a protocol, two devices may be connected but not communicating, just as a person speaking French cannot be understood by a person who speaks only Japanese.
wireless media. Wireless LANs are the newest evolution in LAN technology.LAN size is limited to a few kilometers. 1.3.2 Metropolitan Area Network (MAN) : A metropolitan area network (MAN) is a network with a size between a LAN and a WAN. It covers the area inside a town or city. It consists of multiple LANs. It is larger than local-area networks (LANs) but smaller than wide-area networks (WANs). It is characterized by very high-speed connections using fiber optical cable or other digital media. Example- Telephone company network and cable TV network 1.3.3 Wide Area Network (WAN) : A wide area network (WAN) provides longdistance transmission of data, image, audio, and video information over large geographic areas thats may comprise a country, a continent, or even the whole world. It covers a large Geographical area (Kilometers).It consists of two or more LANs.
1.3.4 Virtual Private Network (VPN) : A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions, and government agencies use VPN technology to enable remote users to securely connect to a private network. A VPN can connect multiple sites over a large distance just like a Wide Area Network (WAN). VPNs are often used to extend intranets worldwide to disseminate information and news to a wide user base. Educational institutions use VPNs to connect campuses that can be distributed across the country or around the world. In order to gain access to the private network, a user must be authenticated using a unique identification and a password. An authentication token is often used to gain access to a private network through a personal identification number (PIN) that a user must enter. The PIN is a unique authentication code that changes according to a specific frequency, usually every 30 seconds or so. 1.3.4.1 Protocols used in VPN : There are a number of VPN protocols in use that secure the transport of data traffic over a public network infrastructure. Each protocol varies slightly in the way that data is kept secure. IP security (IPSec) is used to secure communications over the Internet. IPSec traffic can use either transport mode or tunneling to encrypt data traffic in a VPN. The difference between the two modes is that transport mode encrypts only the message
http://san24mca.blogspot.com/
within the data packet (also known as the payload) while tunneling encrypts the entire data packet. IPSec is often referred to as a "security overlay" because of its use as a security layer for other protocols. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) use cryptography to secure communications over the Internet. Both protocols use a "handshake" method of authentication that involves a negotiation of network parameters between the client and server machines. To successfully initiate a connection, an authentication process involving certificates is used. Certificates are cryptographic keys that are stored on both the server and client. Point-To-Point Tunneling Protocol (PPTP) is another tunneling protocol used to connect a remote client to a private server over the Internet. PPTP is one of the most widely used VPN protocols because of it's straightforward configuration and maintenance and also because it is included with the Windows operating system. Layer 2 Tunneling Protocol (L2TP) is a protocol used to tunnel data communications traffic between two sites over the Internet. L2TP is often used in tandem with IPSec (which acts as a security layer) to secure the transfer of L2TP data packets over the Internet. Unlike PPTP, a VPN implementation using L2TP/IPSec requires a shared key or the use of certificates. Typical VPN connections are either Internet-based or intranet-based.
1.3.4.2 Internet-based VPNs : By using an Internet-based VPN connection, you can avoid long-distance and 1-800 telephone charges while taking advantage of the global availability of the Internet.
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
1.3.4.3 Intranet-based VPNs : The intranet-based VPN connection takes advantage of IP connectivity on an organization intranet.
Advantage:1. 2. 3. 4. 5. 6.
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
Cost Saving Improved Scalability Improved Security Better Performance Flexibility and Reliability Greater Access to mobile user
Disadvantage:1. Less Bandwidth than Dedicated Line 2. Lack of Security 1.3.5 Personal Area Network (PAN) :
Personal devices of one individual: His/her PC, laptop, cell phone, PDA To allow devices to communicate and work together. To permit devices to become smarter: spontaneously, network and work together. PANs feasibility is growing with improvement of wireless technology:
Bluetooth enabling devices to communicate automatically and wirelessly when they are in range. PANs can keep portable devices synchronized with a desktop PC. E-clothing products (Jacket) equipped with a battery pack and devices.
10
http://san24mca.blogspot.com/
2. NETWORKING DEVICES
Computer network devices also known as communication devices and they constitute a data communication network. Network components and devices are the physical entities connected to a network. There are many types of network devices and increasing daily. The basic network devices are: Computers either a PC or a Server, Hubs, Switches, Bridges, Routers, Gateways, Network interface cards (NICs), Wireless access points (WAPs), Printers and Modems. In an Ethernet or WAN network, the data communication cannot be performed without these devices. Network devices are components used to connect computers or other electronic devices together so that they can share files or resources like printers or fax machines. A full list of Computer networking devices is units that mediate data in a computer network. Computer networking devices are also called network equipment, Intermediate Systems (IS) or Interworking Unit (IWU). Units which are the last receiver or generate data are called hosts or data terminal equipment. These devices are broken into two classifications.
11
End User Devices : Include computers, printers, scanners, and other devices that provide services directly to the user. Network devices : Include all devices that connect the end-user devices to allow them to communicate.
End user devices that provide users with a connection to the network are also called hosts. These devices allow users to share, create, and obtain information. Host devices can exist without a network, but without a network, host capabilities are greatly reduced. Host devices are physically connected to the network media using a network interface card (NIC). They use this connection to perform the tasks of sending e-mails, printing reports, scanning pictures, or accessing databases.
2.1 Repeater
Repeaters are networking devices that exist at Layer 1, the Physical layer, of the OSI reference model. To understand how a repeater works, it is important to understand that as data leaves a source and goes out over the network, it is transformed into either electrical or light pulses that pass along the networking medium. These pulses are called signals. When signals leave a transmitting station, they are clean and easily recognizable. A network repeater is a device used to expand the boundaries of a wired or wireless (WiFi) local area network (LAN).
http://san24mca.blogspot.com/
Repeaters are relatively simple pieces of equipment consisting of an antenna, duplexer, receiver and transmitter. The reason that repeaters are needed is because a radio's power is limited by its antenna size. The purpose of a repeater is to regenerate incoming electrical, wireless or optical signals that are weaker signals and then broadcast it. With physical media like Ethernet or Wi-Fi, data transmissions can only span a limited distance before the quality of the signal degrades. Repeaters attempt to preserve signal integrity and extend the distance over which data can safely travel.
12
Repeater is to retime network signals at bit level, allowing them to travel a longer distance on the medium. The term repeater originally meant a single port in device and a single port out device. Today multiple-port repeaters also exist. Repeaters are classified as layer 1 devices in the OSI model because they act only on the bit level and look at no other information.
2.2 Hub
The central connecting device in a computer network is known as a hub. A USB hub is a device that expands a single USB port into several so that there are more ports available to connect devices to a host system. Every computer is directly connected with the hub. When data packets arrives at hub, it broadcast them to all the LAN cards in a network and the destined recipient picks them and all other computers discard the data packets. Hub has five, eight, sixteen and more ports and one port is known as uplink port. Here are three types of network hubs: Passive Hubs, Active Hubs and Intelligent Hubs. 2.2.1 Passive Hubs : One of the types of a network hub is the so-called passive hub. It's a pass-through that does not do anything more than just broadcast signals it receives through its input port, then sends it out through the output port. It does not do anything to regenerate or process the signals because it only functions as a connector of different wires in a topology. 2.2.2 Active Hubs : An active hub works more than just a connector but also regenerates the data bits to ensure the signals are strong. Another name for an active hub is a multiport repeater. It provides an active participation in the network aside from acting as an interface. It participates in the data communication, such as storing signals received through the input ports, before forwarding them. It can monitor the data it is forwarding and sometimes help improve signals before forwarding them to other connections. Such a feature makes troubleshooting of network problems easier. 2.2.3 Intelligent Hubs : An intelligent hub can perform everything that the passive hub and active hub do, and help manage the network resources effectively to ensure that the performance of the network is highly efficient. An intelligent hub can help in troubleshooting by pinpointing the actual location of the problem and help identify the root cause and resolution. It is very adaptable to different technologies without any need to change its configuration. The intelligent hub performs different functions such as bridging, routing, and switching and network management. Hubs are considered Layer 1 devices because they only regenerate the signal and repeat it out all their ports (network connections). Hubs amplify signals and propagate signals through the network. Hubs do not require filtering and path determination or switching.
http://san24mca.blogspot.com/
13
2.3Bridge
The bridges used in computer networking are not like your typical bridge. A bridge device filters data traffic at a network boundary. Bridges serve a similar function as switches. Bridges reduce the amount of traffic on a LAN by dividing it into two segments. A bridge works on the principle that each network node has its own address. A bridge forwards the packets based on the address of the particular destination node. Bridges operate at the data link layer (Layer 2) of the OSI model, which means the bridge cannot read IP addresses, but only the outermost hardware address of the packet. In our case the bridge can read the Ethernet data which gives the hardware address of the destination address, not the IP address. The hardware address is also called the MAC (media access control) address. Bridges inspect incoming traffic and decide whether to forward or discard it. To determine the network segment a MAC address belongs to, bridges use one of:
Transparent Bridging - They build a table of addresses (bridging table) as they receive packets. If the address is not in the bridging table, the packet is forwarded to all segments other than the one it came from. This type of bridge is used on Ethernet networks. Source route bridging - The source computer provides path information inside the packet. This is used on Token Ring networks.
http://san24mca.blogspot.com/
Bridges can be used to: Expand the distance of a segment. Provide for an increased number of computers on the network. Reduce traffic bottlenecks resulting from an excessive number of attached computers.
2.4 Switch
A network switch or switching hub is a computer networking device that connects network segments. Switch is multi-port device. A networking switch runs in full-duplex mode, meaning a machine on the LAN can receive and transmit data simultaneously. This is much faster than a networking hub. In the Open
14
Systems Interconnection (OSI) communications model, a switch performs the layer2 or Data-Link-Link function. Some newer switches also perform routing functions (layer3 or the Network layer functions in OSI) and are sometimes called IP switches. A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). Switch provides similar functions as a hub or a bridge but has more advanced features that can temporarily connect any two ports together. It contains a switch matrix or switch fabric that can rapidly connect and disconnect ports. Unlike Hub, a switch only forward frame from one port to the other port where the destination node is connected without broadcast to all other ports.
2.5 Router
In an environment consisting of several network segments with different protocols and architecture, a bridge may not be adequate for ensuring fast communication among all of the segments. A complex network needs a device, which not only knows the address of each segment, but also can determine the best path for sending data and filtering broadcast traffic to the local segment. Such device is called a Router. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called routing, which is somewhat like switching, but a router is different from a switch. Routers work at the Network layer of the OSI model meaning that the Routers can switch and route packets across multiple networks. They do this by exchanging protocol-specific information between separate networks. Routers have access to more information in packets than bridges, and use this information to improve packet deliveries. Routers are usually used in a complex network situation because they provide better traffic management than bridges and do not pass broadcast traffic. Routers can share status and routing information with one another and use this information to bypass slow or malfunctioning connections. When data packets are transmitted over a network (say the Internet), they move through many routers (because they pass through many networks) in their journey from the source machine to the destination machine. Routers work with IP packets, meaning that it works at the level of the IP protocol. Each router keeps information about its neighbors (other routers in the same or other networks). This information includes the IP address and the cost, which is in terms of time, delay and other network considerations. This information is kept in a routing table, found in all routers. Routers do not look at the destination node address; they only look at the network address. Routers will only pass the information if the network address is
http://san24mca.blogspot.com/
15
known. This ability to control the data passing through the router reduces the amount of traffic between networks and allows routers to use these links more efficiently than bridges . Unlike bridges and switches, which use the hardware-configured MAC address to determine the destination of the data, routers use the logic network address such as IP address to make decisions.
http://san24mca.blogspot.com/
The upper connection is an RJ45 female for UTP media. The middle connection is a BNC connector for thin coaxial media. The lower connection is a DB-15 connector for a thick Ethernet viper tap.
In order for a NIC to operate effectively, it must be able to carry out its interface tasks with minimum disruption to the CPU of the computer in which it is installed. Four methods of NIC to computer data transfer are used:
Bus mastering DMA (direct memory access): Data enters the NIC from the network. The NIC's own CPU stores data in the NIC's RAM. NIC's CPU sends data to computer's motherboard when the network transmission is complete.
16
The computer's CPU is not interrupted - the NIC's CPU has ultimate responsibility for data transfer.
DMA: Data enters the NIC from the network. The NIC's CPU interrupts the computer's CPU. The computer's CPU stops other tasks and transfers the network data into its RAM.
Programmed I/O (input/output): Data enters the NIC from the network. The NIC's CPU loads the network data into a motherboard I/O address. The computer's CPU checks the I/O address for any network data. If there is any data, the computer's CPU transfers the data to its RAM.
Shared memory: Data enters the NIC from the network. The NIC's CPU stores the data in the NIC's RAM. The NIC's CPU interrupts the computer's CPU. The computer's CPU stops other tasks and transfers the network data into its RAM.
2.7 Modem
A modem (modulatordemodulator) is a device that modulates an analog carrier signal to encode digital information, and also demodulates such a carrier signal to decode the transmitted information. The goal is to produce a signal that can be transmitted easily and decoded to reproduce the original digital data. Modems can be used over any means of transmitting analog signals, from driven diodes to radio. The most familiar example is a voice band modem that turns the digital data of a personal computer into analog audio signals that can be transmitted over a telephone line. Modems are generally classified by the amount of data they can send in a given time, normally measured in bits per second (bit/s, or bps). They can also be classified by Baud, the number of times the modem changes its signal state per second. Asymmetric Digital Subscriber Line (ADSL) is one form of the Digital Subscriber Line technology, a data communications technology that enables faster data transmission over copper telephone lines than a conventional voice band modem can provide. It does this by utilizing frequencies that are not used by a voice telephone call. Currently, most ADSL communication is full-duplex. Full-duplex ADSL communication is usually achieved on a wire pair by either frequency-division duplex (FDD), echo-cancelling duplex (ECD), or time-division duplex (TDD). With standard ADSL, the band from 26.000 KHz to 137.825 kHz is used for upstream communication, while 138 kHz 1104 kHz is used for downstream communication.
http://san24mca.blogspot.com/
17
VoIP telephone calls can be placed either to other VoIP devices, or to normal telephones on the PSTN (Public Switched Telephone Network). Calls from a VoIP device to a PSTN device are commonly called "PC-toPhone" calls, even though the VoIP device may not be a PC. Calls from a VoIP device to another VoIP device are commonly called "PCto-PC" calls, even though neither device may be a PC.
2.9 Gateway
Gateways make communication possible between different architectures and environments. They repackage and convert data going from one environment to another so that each environment can understand the other's environment data. A gateway repackages information to match the requirements of the destination system. Gateways can change the format of a message so that it will conform to the application program at the receiving end of the transfer. A gateway links two systems that do not use the same: Communication protocols Data formatting structures Languages Architecture
For example, electronic mail gateways, such as X.400 gateway, receive messages in one format, and then translate it, and forward in X.400 format used by the receiver, and vice versa.
18
2.10 Connectors RJ 45
Registered Jack-45, an eight-wire connector used commonly to connect computers onto Local-area networks (LAN), especially Ethernets.
2.9.1 Configuring straight and cross patch cords: Straight connection: It is used in LAN End1 1. White(orange) 2. Orange 3. White(green) 4. Blue 5. White(Blue) 6. Green 7. White(Brown) 8. Brown
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
Cross connection: It is used in computer to computer data transform. End1 1.White(orange) 2.Orange 3.White(green) 4.Blue 5.White(Blue) 6.Green 7.White(Brown) End 2 1.White(Green) 2.Green 3.White(Orange) 4.Blue 5.White(Blue) 6.Orange 7.White(Brown) 8.Brown
19
8.Brown
http://san24mca.blogspot.com/
20
2.11.1 Simplex In simplex mode, the communication is unidirectional, as on a one way street. Only one of the two devices on a link can transmit; the other can only receive. In other words, Simplex refers to one-way communications where one party is the transmitter and the other is the receiver. An example: simple radio, which you can receive data from stations but can't transmit data. Keyboards and Traditional Monitors are example of simplex devices. The keyboard can only introduce input; the monitor can only accept output.
2.11.2 Half-Duplex In half-duplex mode, each station can both transmit and receive, but not at the same time. When one device is sending, the other can only receive, and vice versa. It refers to two-way communications where only one party can transmit at a time. I.e. in both directions but one at a time. The entire capacity of a channel is taken over by whichever of the two devices is transmitting at the time. The half-duplex mode is used in cases where there is no need for communication in both directions at the same time. Example: a walkie-talkie and CB(citizen band)radios .
http://san24mca.blogspot.com/
2.11.3 Full-Duplex Full-Duplex:-In full duplex mode, both stations can transmit and receive simultaneously. It refers to the transmission of data in two directions simultaneously. For example, a telephone conversation because both parties can talk and listen at the same time. In full duplex mode signals going in either direction share the capacity of the link. It can occur in two ways either two separate physical paths or the capacity of the channel is divided between signals traveling both directions.
21
3. TRANSMISSION MEDIUM
A transmission medium is a material substance (solid, liquid or gas) which can propagate energy waves. For example, the transmission medium for sound received by the ears is usually air, but solids and liquids may also act as transmission media for sound. In other word, the transmission medium is the physical path by which a message travels from sender to receiver. Example of Transmission media include twisted pair wire, coaxial cable, fiber-optic cable, and radio waves. The absence of a material medium (the vacuum of empty space) can also be thought of as a transmission medium for electromagnetic waves such as light and radio waves. Signals are usually transmitted over some transmission media that are broadly classified in to two categories:-
http://san24mca.blogspot.com/
One of the wires is used to carry signals to the receiver, and the other is used only as a ground reference. The receiver uses the difference between the two. In addition to the signal sent by the sender on one of the wires, interference (noise) and crosstalk may affect both wires and create unwanted signals. If the two wires are parallel, the effect of these unwanted signals is not the same in both wires because they are at different locations relative to the noise or crosstalk sources (e.g., one is closer and the other is farther). This results in a difference at the receiver. By twisting the pairs, a balance is maintained. Twisted-pair cable used in communications is categories in two different categories :
22
3.3.1 UTP The most common twisted-pair cable used in communications is referred to as unshielded twisted-pair (UTP).
3.3.2 STP IBM has also produced a version of twisted-pair cable for its use called shielded twisted-pair (STP). STP cable has a metal foil or braided-mesh covering that encases each pair of insulated conductors. Although metal casing improves the quality of cable by preventing the penetration of noise or crosstalk, it is bulkier and more expensive
http://san24mca.blogspot.com/
Coaxial cable is used as a transmission line for radio frequency signals, in applications such as connecting radio transmitters and receivers with their antennas, computer network (Internet) connections, and distributing cable television signals. One advantage of coax over other types of transmission line is that in an ideal coaxial cable the electromagnetic field carrying the signal exists only in the space between the inner and outer conductors. This allows coaxial cable runs to be installed next to metal objects such as gutters without the power losses that occur in other transmission lines, and provides protection of the signal from external electromagnetic interference.
23
The typical optical fiber consists of a very narrow strand of glass called the Core. A typical Core diameter is 62.5 microns (1 micron = 10-6 meters). Around the Core is a concentric layer of glass called the Cladding. Typically Cladding has a diameter of 125 microns .Coating the cladding is a protective coating consisting of plastic, it is called the Jacket. Its purpose is to provide protection for the cladding and core against such hazards as abrasion and moisture. There are 3 primary types of transmission modes using optical fiber: They are a) Step Mode Index b) Graded Mode Index c) Single Mode Index Step Mode Index has a large core the light rays tend to bounce around, reflecting off the cladding, inside the core. This causes some rays bounce back and forth taking a longer path. Some take the direct path with hardly one reflections taking shorted path.
http://san24mca.blogspot.com/
The result is that the light rays arrive at the receiver at different times. The signal becomes longer than the original signal. Typical Core diameter is 62.5 microns and cladding diameter is 125 microns. LED light sources are used. Graded Mode Index has a gradual change in the Core's Refractive Index. This causes the light rays to be gradually bent back into the core path. This is
24
represented by a curved reflective path. The result is a better receive signal than Step Index. Typical Core diameter: 42.5 microns & cladding diameter 145.5 microns. LED light sources are used.
Single Mode Index has separate distinct Refractive Indexes for the cladding and core. The light ray passes through the core with relatively few reflections off the cladding. Single Mode is used for a single source of light (one color) operation. The core diameter is very small: 9 microns & cladding diameter is 177.5 microns. It requires a laser.
http://san24mca.blogspot.com/
25
4. TRANSMISSION IMPAIRMENT
Signals travel through transmission media, which are not perfect. The imperfection causes signal impairment. This means that the signal at the beginning of the medium is not the same as the signal at the end of the medium. What is sent is not what is received. Three causes of impairment are attenuation, distortion, and noise.
4.1 Attenuation
Attenuation means a loss of energy. When a signal, simple or composite, travels through a medium, it loses some of its energy in overcoming the resistance of the medium. To compensate for this loss, amplifiers are used to amplify the signal. Figure shows the effect of attenuation and amplification.
Decibel To show that a signal has lost or gained strength, engineers use the unit of the decibel. The decibel (dB) measures the relative strengths of two signals or one signal at two different points. Note that the decibel is negative if a signal is attenuated and positive if a signal is amplified. dB =10 log10 p2/p1
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
4.2 Distortion
Distortion means that the signal changes its form or shape. Distortion can occur in a composite signal made of different frequencies. Each signal component has its own propagation speed (see the next section) through a medium and, therefore, its own delay in arriving at the final destination. Differences in delay may create a difference in phase if the delay is not exactly the same as the period duration. In other words, signal components at the receiver have phases different from what they had at the sender. The shape of the composite signal is therefore not the same. Figure shows the effect of distortion on a composite signal.
26
4.3 Noise
Noise is another cause of impairment. Several types of noise, such as thermal noise, induced noise, crosstalk, and impulse noise, may corrupt the signal. Thermal noise is the random motion of electrons in a wire which creates an extra signal not originally sent by the transmitter. Induced noise comes from sources such as motors and appliances. These devices act as sending a antenna, and the transmission medium acts as the receiving antenna. Crosstalk is the effect of one wire on the other. One wire acts as a sending antenna and the other as the receiving antenna. Impulse noise is a spike (a signal with high energy in a very short time) that comes from power lines, lightning. Figure shows the effect of noise on a signal.
http://san24mca.blogspot.com/
SNR is actually the ratio of what is wanted (signal) to what is not wanted (noise). A high SNR means the signal is less corrupted by noise; a low SNR means the signal is more corrupted by noise. As SNR is the ratio of two powers, it is often described in decibel units, SNR dB , defined as 4.3.2 Throughput SNR cm =10 log10 SNR
27
The throughput is a measure of how fast can send data through a network. In other words, the bandwidth is a potential measurement of a link, the throughput is an actual measurement of how fast data can send.
5. ACCESS POINT
An access point is nothing but a router that releases IP. Access point gets its IP address range from the port address of the switch as port of switches are configured according to VLAN. Access points are configured and installed according o the signal location etc. They have 14 broadcasting channels of 22 MHz each and separated by 5 MHz guard band. If two devices come under same channel then they will establish path in a loop with each other. In this case they can communicate with each other only and not with any other device. All access points are connected to managed switch from where DHCP server is connected in data centre. From access points stations are connected. We can also configure access point as DHCP server. Access points can release up to a maximum of 60 IP addresses and it varies with the device. Access point devices can configure MAC address within itself. Access points are distinguished by SSID (Service Set Identifier) and we can have multiple SSID to allocate particular bandwidth. It also helps in managing access points. Access points are mainly used in Wi-Fi technology to transmit data to and from wireless clients.
28
802.11
The original WLAN standard. Supports 1Mbps to 2 Mbps. Spectrum 2.4 GHz. Layer 3 data rate 1.2Mbps. Transmission FHSS/DSSS. Limited bit rate but higher range. High speed WLAN standard for 5 GHz band spectrum. Supports 54 Mbps. Layer 3 data rate 33Mbps. Transmission through OFDM. Smallest range of all 802.11 standards but higher bit rate in less crowded spectrum. WLAN standard for 2.4 GHz band. Supports a maximum of 11 Mbps. Layer 3 data rate 6-7 Mbps. Transmission by DSSS. Compatible with 802.11 Widely deployed due to higher range but bit rate is too slow for many emerging applications. Address quality of service requirements for all IEEE WLAN radio interfaces. Defines inter-access point communications to facilitate multiple vendor-distributed WLAN networks. Establishes an additional modulation technique for 2.4 GHz band. Intended to provide speeds up to 54 Mbps. Layer 3 data rate is 32 Mbps. Transmission through OFDM. Compatible with 802.11 and 802.11b due to narrow spectrum. Includes much greater security. Defines spectrum management of 5 GHz band for use in Europe and Asia Pacific. Address the current security weakness for both authentication and encryption protocols. The standard encompasses 802.1X, TKIP, and AES protocols.
802.11a
802.11b
802.11g
29
.
22 dBm Maximum (country, channel and data rate dependent) 802.11b/g 19 dBm +/- dBm @1, 2, 5.5, 11 Mbps 19 dBm +/- dBm @6 and 9 Mbps 18 dBm +/- dBm @12 and 18 Mbps 17 dBm +/- dBm @24 and 36 Mbps 16 dBm +/- dBm @48 and 54 Mbps 802.11a 17 dBm +/- dBm @6 and 9 Mbps 16 dBm +/- dBm @12 and 18 Mbps 15 dBm +/- dBm @24 and 36 Mbps 14 dBm +/- dBm @48 and 54 Mbps
Operating Channels
802.11a radio- Channels 1-35 (4920-5825 MHz) 802.11b/g radio- Channels 1-13 (2412-2472 MHz) 802.11a radio 6, 9, 12, 18, 24, 36, 48 and 54 Mbit/sec
30
802.11g radio 6, 9, 12, 18, 24, 36, 48 and 54 Mbit/sec 802.11b radio 1, 2, 5.5, 11 Mbps Wireless Medium Direct Sequence Spread Spectrum (DSSS) Orthogonal Frequency Division Multiplexing (OFDM)
Antenna Options : Both Radio 1 and Radio 2 require 1 antenna and can optimally use two antennas per radio (4 antennas total for dual-radio models). Two antennas per radio provide diversity that can improve performance and signal reception. Motorola supports 2 antenna suites for the AP-5131. Radio 1 supports the 2.4 GHz radio and Radio 2 refers to the AP-5131 5.2 GHz radio. However, there could be some cases where a dual-radio AP-5131 is performing a Rogue AP detector function. In this scenario, the AP-5131 is receiving in either 2.4 GHz or 5.2 GHz over Radio 1 or Radio 2 antennas depending on which radio is selected for the scan.
http://san24mca.blogspot.com/
LED indicators : AP-5131 utilizes seven LED indicators. Five LEDs display within four LED slots on the front of the AP-5131 (on top of the AP-5131 housing) and two LEDs (for above the ceiling installations) are located on the back of the device (the side containing the LAN, WAN and antenna connectors). The five AP-5131 top housing LEDs have the following display and functionality:Boot and Power Status Error Conditions Solid white indicates the AP-5131 is adequately powered. Solid red indicates the AP-5131 is experiencing a problem condition requiring immediate attention.
31
Flashing white light indicates data transfers and Ethernet activity. Flickering amber indicates beacons and data transfers over the AP-5131 802.11a radio. Flickering green indicates beacons and data transfers over the AP-5131 802.11b/g radio.
The LEDs on the rear of the AP-5131 are viewed using a single (customer installed) extended light pipe, adjusted as required to suit above the ceiling installations. The LEDs displayed using the light pipe have the following colour display and functionality:Boot and Power Status Error Conditions Solid white indicates the AP-5131 is adequately powered. Blinking red indicates the AP-5131 Rogue AP Detection feature has located a rogue device. Solid red indicates the AP-5131 is experiencing a problem condition requiring immediate attention.
http://san24mca.blogspot.com/
32
2. Log in using admin as the default user ID and motorola as the default password. If the default login is successful, the Change Admin Password window displays. 3. Change the password.
http://san24mca.blogspot.com/
2. Enter a System Name for the AP-5131. The system name is useful if multiple devices are being administered. 3. Select the Country for the AP-5131s country of operation from the dropdown menu. The AP-5131 prompts the user for the correct country code on the first login. A warning message also displays stating that an incorrect country setting may result in illegal radio operation. Selecting the correct country is central to legally operating the AP-5131. Each country has its own regulatory restrictions concerning electromagnetic emissions and the maximum RF signal strength that can be transmitted. To ensure compliance with national and local laws, be sure to set.
33
4. Optionally enter the IP address of the server used to provide system time to the AP-5131 within the Time Server field. Once the IP address is entered, the AP-5131s Network Time Protocol (NTP) functionality is engaged automatically.
5. Click WAN tab to set minimum set of parameters for using the WAN
interface.
http://san24mca.blogspot.com/
a. Select the Enable WAN Interface checkbox to enable a connection between the AP-5131 and a larger network or outside world through the WAN port. Disable this option to effectively isolate the AP-5131s WAN connection. No connections to a larger network or the internet will be possible. MUs cannot communicate beyond the configured subnets. b. Select the This Interface is a DHCP Client checkbox to enable DHCP for the AP-5131 WAN connection. This is useful, if the target corporate network or Internet Service Provider (ISP) uses DHCP.
34
c. Specify an IP address for the AP-5131s WAN connection. d. Specify a Subnet Mask for the AP-5131s WAN connection. This number is available from the ISP for a DSL or a cable-modem connection or from an administrator if the AP-5131 connects to a larger network. e. Specify a Default Gateway address for the AP-5131s WAN connection. The ISP or a network administrator provides this address. f. Specify the address of a Primary DNS Server. The ISP or a network administrator provides this address. 1. Optionally use the Enable PPP over Ethernet checkbox to enable point-topoint over Ethernet (PPPoE) for a high speed connection that supports this protocol. a. Select the Keep Alive checkbox to enable occasional communications over the WAN port even when the client communications to the WAN are idle. Some ISPs terminate inactive connections, while others do not. In either case, enabling Keep-Alive maintains the WAN connection, even when there is no traffic. If the ISP drops the connection after the idle time, the AP-5131 automatically re-establishes the connection to the ISP. b. Specify a Username entered when connecting to the ISP. c. Specify a password entered when connecting to the ISP.
1. Click the LAN tab to set a minimum set of parameters to use the AP-5131 LAN interface.
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
35
a. Select the Enable LAN Interface checkbox to forward data traffic over the AP-5131 LAN connection. The LAN connection is enabled by default. b. Use This Interface drop-down menu to specify how network address information is defined over the AP-5131s LAN connection. Select DHCP Client if the larger corporate network uses DHCP. Select DHCP Server to use the AP-5131 as a DHCP server over the LAN connection. c. Enter the network-assigned IP Address of the AP-5131. d. The Subnet Mask defines the size of the subnet. e. Enter a Default Gateway to define the IP address of a router the AP-5131 uses on the Ethernet as its default gateway. f. Enter the Primary DNS Server IP address. g. If using DHCP Server use the Address Assignment Range parameter to specify a range of IP address reserved for mapping clients to the IP addresses.
1. Enable the radio(s) using the Radio Enable checkbox(es). If using a single radio model, enable the radio, then select either 802.11a(5GHz) or 802.11b/g(2.4GHz) from the RF Band of Operation field. 2. Select the WLAN#1 tab to define its ESSID security scheme for basic operation. a. Enter the ESSID (Extended Services Set Identification) and name associated with the WLAN. b. Use the Available On checkboxes to define whether the target WLAN is operating over the 802.11a or 802.11b/g radio. Ensure the radio selected has been enabled. c. Even an AP-5131 configured with minimal values must protect its data against theft and corruption. A security policy should be configured for WLAN1 as part of basic configuration outlined in this guide. 1. Click Apply to save any changes to the AP-5131 Quick Setup screen.
http://san24mca.blogspot.com/
36
Wired Equivalent Privacy (WEP) is a part of 802.11 specifications. Static WEP key operation requires keys on the client and AP that are used to encrypt data sent between them. With WEP encryption, sniffing is eliminated and session hijacking is difficult (or impossible). Client and AP are configured with a set of 4 keys, and when decrypting each is used in turn until decryption is successful. This allows keys to be changed dynamically.
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
37
To configure WEP128 : 1. From the AP-5131 Quick Setup Screen. Click the Create button to the right of the Security Policy item. The New Security Policy screen displays with the Manually Pre-shared key/No authentication and No Encryption options selected. 2. Ensure the Name of the security policy entered suits the intended configuration or function of the policy. Multiple WLANs can share the same security policy. 3. Select the WEP 128 (104 bit key) checkbox. The WEP 128 Setting field displays within the New Security Policy screen. 4. Configure the WEP 128 Setting field as required to define the pass key used to generate the WEP keys. 5. Click the Apply button to save the security policy and return to the AP-5131 Quick Setup screen.
http://san24mca.blogspot.com/
38
6. SWITCH
A LAN switch is a local area networking device that prevents data packet collision, and maximizes transmission speed as well as bandwidth allocation. This is a good replacement to a network hub and solves problems associated with expanding networks. Switch is an intelligent, active hub that establishes, maintains, and changes logical connections over physical circuits. Switches flexibly connect transmitters and receivers across networks of interconnected ports and links, thereby allowing network resources to be shared by large numbers of end users. LAN switches are packet switches that can support multiple simultaneous transmissions, reading the destination address of each frame and forwarding it directly to the port associated with the target device. There is a figure of switch with 8 ports.
http://san24mca.blogspot.com/
39
sophisticated. It can have a buffer to hold the frames for processing. It can have a switching factor that forwards the frames faster. Some new two-layer switches, called cut-through switches, have been designed to forward the frame as soon as they check the MAC addresses in the header of the frame. A bridge with a few ports can connect a few LANs together. A bridge with many ports may be able to allocate a unique port to each station, with each station on its own independent entity. This means no competing traffic (no collision, as we saw in Ethernet).
6.1.2 Three-Layer Switches A router, on the other hand, works at Layer 3 of the OSI model (Network). It is a WAN device that connects a LAN to a WAN or a subnetted LAN to another subnetted LAN. A router routes IP packets between IP networks. Routers do this using an IP routing table. In that table, they have either static or dynamic routes. When an IP packet comes in, the router looks up the destination IP in the IP routing table. If that destination IP is not found in the table the router drops the packet, unless it has a default route. Routers form broadcast domains because they drop broadcast packets. A three-layer switch is a router, but a faster and more sophisticated. The switching fabric in a three-layer switch allows faster table lookup and forwarding. According to the configuration and monitoring capability of switches. It categories in to two categories that is, Managed and Unmanaged Switches. Unmanaged switches : An unmanaged switch simply allows Ethernet devices to communicate with one another, such as a PC or network printer, and those are typically what we call plug and play. They are shipped with a fixed configuration and do not allow any changes to this configuration.
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
Managed switches : Managed switches provide all the features of an unmanaged switch and provide the ability to configure, manage, and monitor your LAN. And this gives you greater control over how data travels over the network and who has access to it. Also, managed switches use protocols such as the Simple Network Management Protocol, or what we call SNMP, for monitoring the devices on the network. SNMP is a protocol that facilitates the exchange of management information between network devices. SNMP queries can determine the health of the network or the status of a particular device. By displaying this data in an easily understood format, IT managers located at a central site can monitor the performance of the network and quickly detect and repair network problems without having to physically interact with the switch. Another important feature of a managed switch is redundancy. Redundancy provides the ability to safeguard a network in case a connection or cable fails by providing an alternate data path for traffic. Managed switches incorporate what is
40
called Spanning Tree Protocol standard, or STP, to provide path redundancy in the network. Using the spanning-tree algorithm, STP provides redundant paths while preventing loops that are created by multiple active paths between switches. STP allows for one active path at a time between two network devices, preventing loops and establishing the redundant links as a backup to keep integrated systems available and preventing expensive downtime, which network administrator can appreciate.
http://san24mca.blogspot.com/
6.3 VLAN
VLAN stands for virtual local area network. A LAN can be divided into several logical LANs called VLANs. This virtual LAN is also an IP subnet. The whole idea of VLAN technology is to divide a LAN into logical, instead of physical, segments. Each VLAN is a work group in the organization. If a person moves from one group to another, there is no need to change the physical configuration. The group membership in VLANs is defined by software, not hardware. Any station can be logically moved to another VLAN. All members belonging to a VLAN can receive broadcast messages sent to that particular VLAN. A virtual local area network (VLAN) is configured by software, not by physical wiring. Membership in a VLAN can be based
41
on port numbers, MAC addresses, IP addresses, IP multicast addresses, or a combination of these features. VLANs are cost and time-efficient, can reduce network traffic, and provide an extra measure of security. In a traditional VLAN, switches tag the VLAN traffic, and only the devices on the same VLAN can communicate with one another. If devices on different VLANs need to communicate, they would talk to each other via a trunk port on a router. That trunk port and the processing power of the router would create a bottleneck for communications. With a Layer 3 switch, routing and trunking are performed at very high speeds. Besides the functionality mentioned above, a VLAN has a number of other features such as: Performance & broadcast control Segregating departments or project networks Security
6.3.1 Advantages of VLANs VLANs allow network administrators to organize LANs logically instead of physically. This is a key benefit. This allows network administrators to perform several tasks:
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
Easily move workstations on the LAN Easily add workstations to the LAN Easily change the LAN configuration Easily control network traffic Improve security
6.3.2 Types of VLANs Three basic VLAN types that are used to determine and control VLAN membership assignments: Port-based VLANs MAC address based VLANs Protocol-based VLANs
42
7. NETWORK TOPOLOGY
A network topology describes the configuration of a network (how the network components are connected together). There are FIVE main topologies.
Factors for selecting topologies Desired Performance Desired Reliability Size(No of nodes) Expandability of the system Cost of the components Delays involved in routing
http://san24mca.blogspot.com/
43
Advantage: If any comp. fails the remaining N/W is unaffected. (If one link fails, only that link is affected. All other links remain active. ). Only n-1 lines are required for connecting n node. Disadvantages : If the host fails ,the entire network fails.
http://san24mca.blogspot.com/
Faulty workstations can be isolated from the ring. When the workstation is powered on, it connects itself into the ring. When power is off, it disconnects itself from the ring and allows the information to bypass the workstation. Information travels around the ring from one workstation to the next. Each packet of data sent on the ring is prefixed by the address of the station to which it is being sent to, when a packet of data arrives, the workstation checks to see if the packet address is the same as its own. If it is, it grabs the data in the packet. If the packet does not belong to it, it sends the packet to the next workstation in the ring. Ring systems use 4 pair cables (separate send/receive). The common implementation of this topology is token ring. A break in the ring causes the entire network to fail. No central hub. No central cable. Network devices connected in a ring formation from one device to the next. Data travels from one device to another around the ring in one direction only. There's no danger of collisions because data always flows in one direction. If a connection is broken, the entire network goes down.
44
Disadvantages : A break in the ring can disable the entire network Addition of new nodes increases the delay Requires more complicated control then star network
http://san24mca.blogspot.com/
No central hub. Central cable to which all devices are attached. Data transmission down the line from one device to another .Only one device transmits at a time. Easy to implement and extend. Requires less cable length than a star topology BUT If there is a problem with the cable, the entire network goes down. Performance degrades as additional computers are added or on heavy traffic. Advantage : Ease of installation Disadvantage : Difficult reconnection and fault isolation
45
In mesh network, each node is directly connected to all nodes on the network. This type of network involves the concept of routes. In this type of network, each node may send message to destination through multiple paths. It means that each node of mesh network has several possible paths to send (or to receive) message, but in
Bus, Star, Ring and Tree topologies each node has only one path. The mesh topology connects all computers to each other. The cable requirements are high, but there are redundant paths built in. Any failure of one computer allows all others to continue, as they have alternative paths to other computers. Mesh topologies are used in critical connection of host computers (typically telephone exchanges). Alternate paths allow each computer to balance the load to other computer systems in the network by using more than one of the connection paths available. Advantage : It has multiple links, so if one route is blocked then other routes can be used for data communication. Each connection can have its own data load, so the traffic problem is eliminated. It ensures the data privacy or security, because every message travels along a dedicated link. Troubleshooting of this topology is easy as compared to other networks. Its performance is not affected with heavy load of data transmission. A mesh topology is robust. Point to point links make fault identification and fault isolation easy
Disadvantage :
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
It becomes very expensive because a large number of cabling and 110 ports are required. It is difficult to install.
46
four departments) can be connected together through a central hub (in the form of star network) as shown in the figure below.
47
modules or layers Value: The reference model defines 7 layers of functions that take place at each end of communication and with each layer adding its own set of special related functions. Each layer expects some service from its lower layer, and provides some service to its higher layer Top most layers is application (for ex., email)
8.1. Physical Layer : The physical layer is responsible for movements of individual bits from one hop (node) to the next. Physical interface between data transmission device (e.g. computer) and transmission medium or network. It Specifies raw transmission details like connectors, medium, voltage levels, encodings used etc .Physical topologies are Star and Bus. Line configuration is p2p or multipoint. Transmission mode- Simplex, Half- Duplex, Duplex
http://san24mca.blogspot.com/
Figure:-Physical layer The physical layer is also concerned with the following:
48
Physical characteristic of interfaces and medium ->The physical layer define the characteristics of the interface between the devices and the type of transmission medium.
Representation of bits -> The physical layer data consist of a stream of a bits (sequence of 0s or 1s )with no interpretation .it also defines how 0s and 1s changed into signals. Data rate -> Data rate means the transmission rate (the no of bits sent per second) Synchronization of bits -> Physical layer synchronized the senders and receivers clocks of bit level. Line configuration ->The physical layer is concerned with the connection of devices to the media. Physical topology->The physical topology defines how devices are connected to make a network. Transmission mode-> The physical layer also defines the direction of transmission between two devices :simplex, half-duplex, or full-duplex.
delivery.
http://san24mca.blogspot.com/
Figure:-Datalink layer Other responsibilities of the data link layer include the following: Framing->The data link layer divides the stream of bits received from the network layer into manageable data units called frames. Physical addressing->If frames are to be distributed to different systems on the network, the data link layer adds a header to the frame to define the sender and/or receiver of the frame. Flow control->The data link layer imposes a flow control mechanism to avoid overwhelming the receiver. Error control->Error control is normally achieved through a trailer added to the end of the frame. It also uses a mechanism to recognize duplicate frames. Access control->When two or more devices are connected to the same ink, data link layer protocols are necessary to determine which device has control over the link at any given time.
49
8.3 Network Layer : The network layer is responsible for the delivery of individual packets from the source host to the destination host.
Figure:-Network layer
Routing : Network layer deals primarily with routing , sending packets from SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
source to destination when they are not directly connected. Packets may not reach in order, get lost etc.
Logical addressing : Has some other functionalities like logical addressing.
8.4 Transport Layer : The transport layer is responsible for process to process delivery of the entire message. A process is an application program running on a host.
50
Figure:-Transport layer
Other responsibility of the transport layer include the following: Process to Process Delivery- Reliable, in-order delivery between any two applications (not just machines) Segmentation and Reassembly Connection control- The transport layer can be either connection oriented or connection less. Flow Control- Flow control is performed End to End Error Control- Error correction is usually achieved through retransmission 8.5 Session Layer : The session layer is responsible for network dialog control and synchronization. The services provided by the first three layers (physical, data link, and network) are not sufficient for some process. It establishes, maintains, and synchronizes the interaction among communicating systems.
http://san24mca.blogspot.com/
Figure:-Session layer Specific responsibilities of the session layer include the following: Dialog Control-The session layer allows two systems to enter into a dialog either half duplex or full duplex. Synchronization- The session layer allows to add checkpoints or synchronization points to a stream of data. 8.6 Presentation Layer : The presentation layer is responsible for translation, compression, and encryption. The presentation layer is concerned with the syntax and semantics of the information exchanged betn two systems.
51
Figure:- Presentation layer Some responsibilities of Presentation layer: Translation-At the sender changes the information from its sender dependent format into a common format. The presentation layer at the receiving machine changes the common format into receiver-dependent format. Encryption-Encrypted the message
Compression- compressed the message.
8.7 Application layer : The application layer is responsible for providing services to the user. The application layer enables the user, whether human or software, to access the network. It provides user interfaces and support for services such as electronic mail, remote file access and transfer, shared database management, and other type of distributed information services.
http://san24mca.blogspot.com/
Figure:-Application layer Specific services provided by the application layer: Network virtual terminal File transfer, access, and management Mail services Directory services
52
http://san24mca.blogspot.com/
9. Firewall
A Firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or internet users from accessing a private network and/or a single computer. The word firewall originally referred literally to a wall, which was constructed to halt the spread of a fire. In the world of computer firewall protection, a firewall refers to a network device which blocks certain kinds of network traffic, forming a barrier between a trusted and an untrusted network. It is analogous to a physical firewall in the sense that firewall security attempts to block the spread of computer attacks. Basically, a firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at
53
private network resources. A firewall is a secure and trusted machine that sits between a private network and a public network.
54
Similar to deep packet inspection except that the firewall understands certain protocols and can parse them, so that signatures or rules can specifically address certain fields in the protocol. The flexibility of this approach to computer firewall protection is great and permits the signatures or rules to be both specific and comprehensive. There are no specific drawbacks to this approach to firewall security as generally it will yield improvements over a standard "deep packet inspection" approach. However, some actual attacks may be overlooked (false negatives) because the firewall security parsing routines are not robust enough to handle variations in real-world traffic. 9.2.5 Application proxy firewall An application proxy acts as an intermediary for certain application traffic (such as HTTP, or web, traffic), intercepting all requests and validating them before passing them along. Again, an application proxy firewall is similar to certain kinds of intrusion prevention. The implementation of a full application proxy is, however, quite difficult, and each proxy can only handle one protocol (e.g. web or incoming email). For an application proxy firewall to be effective as computer firewall protection, it has to be able to understand the protocol completely and to enforce blocking on violations of the protocol. Because implementations of the protocol being examined often do not follow a protocol correctly, or because implementers add their own extensions to a protocol, this can result in the proxy blocking valid traffic (false positives). Because of these kinds of problems, end users will often not enable these technologies.
Firewalls rules can be customized as per your needs, requirements & security threat levels. You can create or disable firewall filter rules based on such conditions as:
IP Addresses: Blocking off a certain IP address or a range of IP addresses, which you think are predatory. Domain names: You can only allow certain specific domain names to access your systems/servers or allow access to only some specified types of domain names or domain name extension like .edu or .mil. Protocols: A firewall can decide which of the systems can allow or have access to common protocols like IP, SMTP, FTP, UDP,ICMP,Telnet or SNMP. Ports: Blocking or disabling ports of servers that are connected to the internet will help maintain the kind of data flow you want to see it used for & also close down possible entry points for hackers or malignant software. Keywords: Firewalls also can sift through the data flow for a match of the keywords or phrases to block out offensive or unwanted data from flowing in.
55
http://san24mca.blogspot.com/
56
destination. This information is compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped.
http://san24mca.blogspot.com/
57
9. There have been claims made by IDS (Intrusion Detection System) companies where Trojan's were detected such as the RuX FireCracker v 2.0 which disabled certain Firewalls programs thus leaving the PC vulnerable to malicious actions.
10. UTM
Unified Threat Management (UTM) is a comprehensive solution that has recently emerged in the network security industry. It is the evolution of the traditional firewall into an all-inclusive security product that has the ability to perform multiple security functions in one single appliance: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing and on-appliance reporting. The advantages of unified security lies in the fact that rather than administering multiple systems that individually handle antivirus, content filtering, intrusion prevention and spam filtering functions, organizations now have the flexibility to deploy a single UTM appliance that takes over all their functionality into a single rack mountable network appliance.
http://san24mca.blogspot.com/
58
http://san24mca.blogspot.com/
In this context, UTMs represent all-in-one security appliances that carry firewall, VPN, gateway anti-virus, gateway anti-spam, intrusion prevention, content filtering, and bandwidth management and centralized reporting as basic features. The UTM is thus, a highly integrated quiver of security solutions, working in tandem that systematically provides network security to organizations. As there is a customized OS holding all these security features at one place, they tend to work in unison, providing a very high throughput. The UTM can prove highly effective because its strength lies in the bundle of solutions which are integrated and designed to work together without treading on each others toes.
10.2 Advantages
1. Reduced complexity: Single security solution. Single Vendor. Single AMC 2. Simplicity: Avoidance of multiple software installation and maintenance 3. Easy Management: Plug & Play Architecture, Web-based GUI for easy management 4. Performance: performance Zero-hour protection without degrading the network
59
10.3 Features
1. Award winning Anti Spam with Grey Listing technology Anti Virus Web Proxy UTM appliance Web Filter Http Proxy spam filters
2. 3. 4. 5. 6. 7. internet filter 8. Intrusion prevention Content Filter 9. P2P Blocking Intrusion Prevention
http://san24mca.blogspot.com/
11. PROTOCOL
A protocol is a set of rules that govern data communications. It represents an agreement between the communicating devices. Without a protocol, two devices may be connected but not communicating, just as a person speaking French cannot be understood by a person who speaks only Japanese.
60
Transferring files from one computer to another is one of the most common tasks expected from a networking or internetworking environment. As a matter of fact, the greatest volume of data exchange in the Internet today is due to file transfer. Telnet allows you to interact with an application running on a remote computer, but it
has no facility for enabling you to copy a file from that computers hard disk to yours, nor for you to upload files to the remote system. That function is carried out using File Transfer Protocol (FTP).The FTP specification caters for several different file types, structures and transfer modes, but in practice FTP implementations recognize either text files or binary files. Text files are converted from their native format to 7bit ASCII with each line terminated by a carriage-return, line-feed pair for transmission. They are converted back to the native text file format by the FTP client. FTP therefore provides a cross-platform transfer mechanism for text files. Binary files are transmitted exactly as-is. Data is transferred as a continuous stream of bytes. The TCP transport protocol provides all the reliability, making sure that data that is lost is re-sent and checking that it is received correctly. FTP is unusual compared to other TCP applications in that it uses two TCP connections. A control connection is made to the well-known FTP port number 21, and this is used to send FTP commands and receive replies. A separate data connection is established whenever a file or other information is to be transferred, and closed when the data transfer has finished. Keeping data and commands separate makes life easier for the client software, and means that the control connection is always free to send an ABOR (abort) command to terminate a lengthy data transfer. FTP uses the services of TCP. It needs two TCP connections. The well-known port 21 is used for the control connection and the well-known port 20 for the data connection. Allows a person to transfer files between two machines. Requires a person to supply login name and password to gain entry . Command: ftp <domain_name> ftp <ip_address> 11.1.1 Anonymous FTP
http://san24mca.blogspot.com/
A special form of FTP which has become very popular. Does not require a person to know login name and password. In place of login name, type the word anonymous. In place of password, type the email address. Huge amount of resources are available in anonymous FTP sites.
Two connections established: A control connection over port 21, that remains all through a session. A temporary port number, used for every file being transferred. New connection established for every file transfer.
61
Telnet is a terminal emulation application that enables a workstation to connect to a host using a TCP/IP link and interact with it as if it was a directly connected terminal. It is a client/server application. The server runs on a host on which applications are running, and passes information between the applications and the Telnet clients. The well-known port number for Telnet servers is TCP port 23. Telnet clients must convert the user data between the form in which it is transmitted and the form in which it is displayed. This is the difficult part of the application, the terminal emulation, and has little to do with the Telnet protocol itself. Telnet protocol commands are principally used to allow the client and server to negotiate the display options, because Telnet clients and servers dont make assumptions about each others capabilities.TCP provides the reliability for Telnet, so neither the client nor the server need be concerned about re-sending data that is lost, nor about error checking. This makes the Telnet protocol very simple. There is no special format for TCP segments that contain commands - they simply form part of the data stream. Data is sent, usually as 7-bit ASCII, in TCP packets (which you may recall are called segments). A byte value of 255, interpret as command (IAC), means that the bytes which follow are to be treated as Telnet commands and not user data. This is immediately followed by a byte that identifies the command itself, and then a value. Many commands are fixed length, so the byte after that, if not another IAC, would be treated as user data. To send the byte 255 as data, two consecutive bytes of value 255 are used.
http://san24mca.blogspot.com/
62
Most widely used application on the Internet . For sending mails: 1. Simple Mail Transfer Protocol (SMTP) 2. Multipurpose Internet Mail Extension(MIME) For receiving mails: 1. Post office protocol version 3 (POP3) 2. Internet Mail Access Protocol (IMAP)
The objective of Simple Mail Transfer Protocol (SMTP) is to transfer mail reliably and efficiently. SMTP is independent of the particular transmission subsystem and requires only a reliable ordered data stream channel. An important feature of SMTP is its capability to relay mail across transport service environments. A transport service provides an inter process communication environment (IPCE). An IPCE may cover one network, several networks, or a subset of a network. It is important to realize that transport systems (or IPCEs) are not one-to-one with networks. A process can communicate directly with another process through any mutually known IPCE. Mail is an application or use of inter process communication. Mail can be communicated between processes in different IPCEs by relaying through a process connected to two (or more) IPCEs. More specifically, mail can be relayed between hosts on different transport systems by a host on both transport systems. Based on RFC 821. Transmits simple text messages only. 7-bit ASCII format . Uses information written on envelope of mail . Message header. Contains recipient address and other information. Does not look at contents. Message body. Mail is created by user agent program (mail client). Messages queued and sent as input to SMTP sender program. Typically a server process. Daemon on UNIX. Send mail or queued mail Mail Message Contents Each queued message has: Message text RFC 822 header with message envelope and list of recipients. Message body, composed by user. A list of mail destinations Derived by user agent / SMTP server from header. May require expansion of mailing lists. SMTP Sender Takes message from queue. Transmits to proper destination host .Via SMTP transaction. Over one or more TCP connections to port 25. When all destinations processed, message is deleted. Optimization If message is sent to multiple users on a given host, it is sent only once. Delivery to users handled at destination host. If multiple messages are ready for given host, a single TCP connection can be used. Saves overhead of setting up and dropping connection. Possible Errors Host unreachable Host out of operation TCP connection fail during transfer Faulty destination address User error
http://san24mca.blogspot.com/
63
Target user address has changed Redirect if possible Inform user if not Sender can re-queue mail, Give up after a period SMTP Protocol Reliability Used to transfer messages from sender to receiver over TCP connection. Uses port number 25. Attempts to provide reliable service. No guarantee to recover lost messages. No end-to-end ACK to sender. Error indication report not guaranteed. SMTP Receiver Accepts arriving message. Places in user mailbox or copies to outgoing queue for forwarding. Receiver must: Verify local mail destinations. Deal with errors Transmission Lack of disk space SMTP Forwarding Mostly direct transfer from sender host to receiver host. May go through intermediate mail servers via forwarding capability. Sender can specify route. SMTP System Overview Commands and responses exchanged between sender and receiver. Initiative with sender. Establishes TCP connection. Sender sends commands to receiver. e.g. HELO <domain><CRLF> Each command generates exactly one reply. e.g. 250 requested mail action ok; completed. SMTP Replies
Starts with 3-digit code. Leading digit indicates category. 2xx -- Positive completion reply 3xx -- Positive intermediate reply 4xx -- Transient negative completion reply 5xx -- Permanent negative completion reply
Operation Phases a) Connection setup b) Exchange of command-response pairs c) Connection termination a) Connection Setup Sender opens TCP connection with receiver. Once connected, receiver identifies itself. 220 <domain> service ready Sender identifies itself. HELLO Receiver accepts senders identification. 250 OK If mail service not available, the second step above becomes: 421 service not available b) Mail Transfer Commands The MAIL FROM command identifies originator. Gives reverse path to be used for error reporting. Receiver returns 250 OK or appropriate failure / error message. One or more RCPT TO commands identify recipients for the message. Separate reply for each recipient. The DATA command transfers message text. End of message indicated by a line containing just period (.)
http://san24mca.blogspot.com/
64
c) Closing Connection Two steps: Sender sends QUIT and waits for reply. Then initiate TCP close operation. Receiver initiates TCP close after sending reply to QUIT. An Example SMTP Session How to connect to an SMTP server? telnet servername 25 A TCP connection gets established over port number 25. The telnet client and the mail server can now start a dialogue.
11.4 POP3
The client POP3 software is installed on the recipient machine, and the server POP3 software installed on mail server. The client (user agent) opens a connection with the server on TCP port number 110. Sends user name and password. Can access the mails, one by one. Two modes: Delete mode mails deleted as they are read Keep mode mails remain in the mailbox POP3 has commands for: Log in Log out Fetch messages Delete messages
IMAP4 Provides the following extra features: A user can check the email header before downloading. A user can search the contents of the email for a specific string prior to downloading. A user can create, delete, or rename mailboxes on the mail server.
Multipurpose Internet Mail Extension(MIME) SMTP cannot transmit non-text messages. Solutions (like uuencode) exists on some systems, but are not standardized. Cannot transmit text that includes international characters (e.g. , , , , , , ). Need 8 bit ASCII. Servers may reject mail over certain size. Some SMTP implementations do not adhere to standard. CRLF, truncate or wrap long lines, removal of white space, etc. Overview of MIME Five new message header fields: MIME-version Content-type Content-transfer-encoding Content-Id Content-description A number of content types and transfer encoding formats have been defined. Content Types Text body Multipart Mixed, Parallel, Alternative Message RFC 822, Partial, External-body Image jpeg, gif Video mpeg Audio Basic Application Postscript octet stream
65
MIME Transfer Encodings Specifies how the mail body is wrapped for transmission. Content transfer encoding field can have six possible values. 7bit, 8bit, binary: no encoding done for these three. Provide information about nature of data. Quoted-printable Data mostly printable ASCII characters. Non-printing characters represented by hex code. Base64 Maps arbitrary binary input onto printable output. X-token Named nonstandard encoding. MIME Header Example
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
Subject: Simple Message MIME-Version: 1.0 Content-type: multipart/mixed; boundary="simple boundary" This is the preamble. It is to be ignored, though it is a handy place for mail composers to include an explanatory note.--simple boundary This is implicitly typed plain text. It does NOT end with a linebreak. -- simple boundary Content-type: text/plain; charset=us-ascii This is explicitly typed plain ASCII text. It DOES end with a linebreak. --simple boundary-This is the epilogue. It is also to be ignored.
66
UNIT - 2 SEVERS
http://san24mca.blogspot.com/
67
A computer, or a software package, that provides a specific kind of service to client software running on other computers. The term can refer to a particular piece of software, such as a WWW server, or to the machine on which the software is running, e.g. "Our mail server is down today, that's why e-mail isn't getting out." A single server machine can (and often does) have several different server software packages running on it, thus providing many different servers to clients on the network. Sometimes server software is designed so that additional capabilities can be added to the main program by adding small programs known as servlets
1. WEB SERVER
A web server is a computer programs that delivers (serves) content, such as this web page, using the Hypertext Transfer Protocol. In other word, a web server is a computer that stores websites and their related files for viewing on the Internet. Visitors wishing to access the sites and files simply type in the corresponding URL to the site they wish to view. Web hosting is big business in the age of electronic commerce. Every Web server has an IP Address and possibly a domain name. For example, if you enter the URL http://www.pcwebopedia.com/index.html in your browser, this sends a request to the server whose domain name is pcwebopedia.com. The server then fetches the page named index.html and sends it to your browser. Any Computer can be turned into a Web server by installing server software and connecting the machine to the Internet. There are many Web server software applications, including public domain software from NCSA and Apache, and commercial packages from Microsoft, Netscape and others.Here is mainly two type of server use in wide range are: - IIS and Apache web server.
http://san24mca.blogspot.com/
1.1 IIS
Internet Information Services (IIS) formerly called Internet Information Server , is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the world's second most popular web server in terms of overall websites behind the industry leader Apache HTTP Server. The protocols supported in IIS 7 include: FTP, FTPS, SMTP, NNTP, and HTTP/HTTPS. IIS is used to make your computer a web server. If we want to have a web server for developing dynamic websites or want to publish website on our own server then we install the IIS. IIS is used on windows plate form. For other plate form we have different web servers. E.g. apache for Linux. IIS takes request from user and executes (response) the required files and sends result back to the user.
68
1.1.1 Installation
To install IIS you must have your operating systems CD (Win XP or Win 2K). Click Start, point to Control Panel and click Add or Remove Programs. Click the Add/Remove Windows Components button in the Add or Remove Programs
On the Windows Components window, click on the Application Server entry and click the Details button
http://san24mca.blogspot.com/
69
On the Application Server page, click on the Internet Information Services (IIS) entry and click the Details button
In the Internet Information Service (IIS) dialog box, put a check mark in the World Wide Web Service check box and click OK
http://san24mca.blogspot.com/
70
http://san24mca.blogspot.com/
71
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
72
After installation of IIS a user will be able to configure IIS according to his/her requirement.
http://san24mca.blogspot.com/
73
URL Authorization
Authentication changed slightly between IIS 6.0 and IIS 7, most notably in that the anonymous user which was named "IUSR_{machinename}" is a built-in account in Vista and future operating systems and named "IUSR". Notably, in IIS 7, each authentication mechanism is isolated into its own module and can be installed or uninstalled.
http://san24mca.blogspot.com/
74
1.2.2 Use Apache is primarily used to serve both static content and dynamic Web pages on the World Wide Web. Many web applications are designed expecting the environment and features that Apache provides. Apache is used for many other tasks where content needs to be made available in a secure and reliable way. One example is sharing files from a personal computer over the Internet. A user who has Apache installed on their desktop can put arbitrary files in Apache's document root which can then be shared.
2. TEMINAL SERVER
The Terminal Server component of the Microsoft Windows Server 2003 operating system can deliver the Windows desktop, in addition to Windows-based applications, from a centralized server to virtually any desktop computing device, including those that cannot run Windows. Terminal Services transmits only the user interface of the program to the client computer. Terminal services in windows Server 2003 can enhance an enterprises deployment capabilities for a variety of scenarios, allowing substantial flexibility in application and management infrastructure. The client computer then returns keyboard and mouse clicks to be processed by the server. Terminal Server uses the Remote Desktop Protocol (RDP) to communicate between client and server. Client computers connecting to the terminal server can run Windows (including the Microsoft Windows CE operating system) or run on other operating systems such as the Apple Macintosh or even UNIX (using a thirdparty add-on). Each user sees only their individual session, which is managed transparently by the server operating system and is independent of any other client session.
http://san24mca.blogspot.com/
75
The Remote Desktop client The Terminal Services Licensing service, and Session Directory Services.
2.1.1 Multi-user kernel : The multi-user kernel extensions, originally developed for Windows NT 4.0 Server, Terminal Server Edition, have been enhanced and fully integrated as a standard part of the Windows Server 2003 family kernel. These are resident on the server at all times, regardless of whether Terminal Services is enabled or not. 2.1.2 Remote Desktop client: The client software is an application that establishes and maintains the connection between a client and a server computer running Terminal Services. 2.1.3 Terminal Services licensing service: This system allows terminal servers to obtain and manage terminal server client access license (TS CAL) tokens for devices and users connecting to a terminal server. 2.1.4 Session Directory Services: The session directory (SD) keeps a list of sessions indexed by user name, and allows a user to reconnect to the terminal server where the users disconnected session resides and resume that session.
http://san24mca.blogspot.com/
2.2 Components
Component Description
76
CSRSS.exe
The Client-Server Runtime Subsystem is the process and thread manager for all logon sessions. Captures the Windows user interface and translates it into a form that is readily converted by RDPWD into the RDP protocol Unwraps the multi-channel data and then transfers it to the appropriate session. Session Manager creates and manages all sessions. Manages client connections and initiates creation and shutdown of connection contexts. The RDP protocol, which listens for RDP client connections on a TCP port. Packages the RDP protocol onto the underlying network protocol, TCP/IP. Runs in the sessions WinLogon process to create processes in the user session. Manages the Windows GUI environment by taking the mouse and keyboard inputs and sending them to the appropriate application. This system service handles user logons and logoffs and processes the special Windows key combination Ctrl-Alt-Delete. WinLogon is responsible for starting the Windows shell (which is usually Windows Explorer).
RdpDD.sys
RdpWD.sys
SMSS.exe Termsrv.exe
Termdd.sys
Tdtcp.sys
Wlnotify.dll
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
Win32k.sys
WinLogon.exe
As the Windows Server 2003 Terminal Server boots and loads the core operating system, the Terminal Server service (termsrv.exe) is started and begins waiting for session connections. Each connection is given a unique session identifier or SessionID to represent an individual session to the Terminal Server, and each process created within a session is tagged with the associated SessionID to differentiate its namespace from any other session namespaces. The console session (Terminal Server keyboard, mouse, and video) is always the first to load, is treated as a special-case client connection, and is assigned SessionID0. The console session starts as a normal Windows Server 2003 session, with the configured Windows display, mouse, and keyboard drivers loaded.
77
After creating the console session, the Terminal Server service then calls the Windows Session Manager (SMSS.EXE) to create two idle client sessions, which then await client connections. To create the idle sessions, the Session Manager starts the Client-Server Run-time Subsystem (CSRSS.EXE), and a new SessionID is assigned to that process. The CSRSS process also invokes the WinLogon process (WINLOGON.EXE) and the Windows Manager and GDI kernel module (Win32k.sys) under the newly associated SessionID. The Windows image loader recognizes this Win32k.sys as a SessionSpace loadable image by a predefined bit set in the image header. It then relocates the code portion of the image into physical memory with pointers from the virtual kernel address space for that session if Win32k.sys has not already been loaded. By design, it always attaches to a previously loaded images code (Win32k.sys) if one already exists in memory (that is, from any active application or session). The data (or nonshared) section of this image is then allocated to the new session from a newly created Session Space pageable kernel memory section. Unlike the console session, Terminal Server client sessions are configured to load separate drivers for the display, keyboard, and mouse. The display driver is the Remote Desktop Protocol (RDP) display device driver (rdpdd.dll), and the mouse and keyboard drivers are replaced with the RDP driver Rdpwd.sys. These drivers allow the RDP client session to be both available and interactive, remotely. Finally, Terminal Server also invokes a connection listener thread for the RDP protocol (Termdd.sys), which listens for RDP client connections on a TCP port. At this point, the CSRSS process exists under its own SessionID namespace, with its data instantiated per process as necessary. Any processes created from within this SessionID will execute within the Session Space of the CSRSS process automatically. This prevents processes with different SessionIDs from accessing another session data.
http://san24mca.blogspot.com/
Step 1: Choose the Licensing Mode : To use Terminal Server in your organization, you are required to have a Windows Server 2003 license for every terminal server that you deploy in your organization as well as Terminal Server Client Access Licenses (CALs) for devices that access the terminal servers. For terminal servers that are running Windows Server 2003, there are two types of Terminal Server CALs: Per Device
78
Per User
Which CAL you choose depends on how you plan to use Terminal Server. By default, Terminal Server is configured in Per Device mode, but it can be switched to Per User mode using the Terminal Services Configuration tool (TSCC.msc). You can serve both license types from the same license server. A Terminal Server license server on your network manages the Terminal Services CALs. A license server stores all Terminal Server CAL tokens that have been installed for a terminal server and tracks the license tokens that have been issued to clients. Per Device Licensing Mode A Per Device CAL provides each client computer the right to access a terminal server that is running Windows Server 2003. The Per Device CAL is stored locally and presented to the terminal server each time the client computer connects to the server. Per Device licensing is a good choice for: Hosting a users primary desktop for devices the customer owns or controls. Thin clients or computers that connect to a terminal server for a large percentage of the working day. This type of licensing is a poor choice if you do not control the device accessing the server, for example, computers in an Internet caf, or if you have a business partner who connects to your terminal server from outside your network. Per User Licensing Mode In Per User licensing mode you must have one license for every user. With Per User licensing, one user can access a terminal server from an unlimited number of devices and only needs one CAL rather than a CAL for each device. Per User licensing is a good choice in the following situations: Providing access for roaming users. Providing access for users who use more than one computer, for example, a portable and a desktop computer. Providing ease of management for organizations that track access to the network by user, rather than by computer. In general, if your organization has more computers than users, Per User licensing might be a cost-effective way to deploy Terminal Server because you only pay for the user to access Terminal Server, rather than paying for every device from which the user accesses Terminal Server. Check the EULA for the applications that you plan to host to determine if they support per user licensing.
http://san24mca.blogspot.com/
79
Step 2: Configure the Terminal Server Role On the server running Windows Server 2003 that you plan to use as an additional server, configure the Terminal Server role. To install Terminal Server 1.Log on to the additional server using the local administrator account. 2. Verify that the Windows Time service is configured and running, and that the time is correct. 3. Click Start, click Manage Your Server, and then click Add or remove a role. The Configure Your Server Wizard starts. 4. Click OK on the Preliminary Steps page. 5. On the Server Role page, select the Terminal server check box, and then click Next. 6. Click Next on the Summary of Selections page to begin the configuration. Your computer will restart as part of the configuration.
Step 3: Create an Administrator Account Next, create a domain administrator account in order to manage your additional server.
To create an administrator account for the additional server 1. Log on to the computer running Windows Server 2003 using the local administrator account. 1. Click Start, and then click Server Management. 2. In the console tree, click Users. 3. In the details pane, click Add a User. 4. The Add User Wizard starts. On the Template Selection page, in the Templates dialog box, click Administrator Template. On the Set Up Client Computer page, click Do not set up a computer. On the Completing the Add User Wizard page, click Finish. Step 4: Create a Computer Account and Connect to the Network Next, create a domain administrator account in order to manage your additional server.
http://san24mca.blogspot.com/
To create an administrator account for the additional server 1. Log on to the computer running Windows Small Business Server 2003 using the local administrator account. 1. Click Start, and then click Server Management. 2. In the console tree, click Users.
80
In the details pane, click Add a User. 4. The Add User Wizard starts. On the Template Selection page, in the Templates dialog box, click Administrator Template. On the Set Up Client Computer page, click Do not set up a computer. On the Completing the Add User Wizard page, click Finish.
3.
Step 5: Create a Computer Account and Connect to the Network Next, create an account for your additional server on the Windows Small Business Server network, and then join the server to the network. To create a computer account 1. Log on to the computer running Windows Small Business Server 2003 using the built-in Administrator account. 1. Click Start, and then click Server Management. 2. In the console tree, click Server Computers. 3. In the details pane, click Set Up Server Computers. The Set Up Server Wizard starts. 4. Follow the instructions in the wizard for creating a server computer. To connect the terminal server to the network 1. On the new server, log on using the built-in Administrator account. 1. In Internet Explorer, go to http://ServerName/connectcomputer, and then click Connect to the network now. 2. Follow the instructions in the wizard to connect this computer to the network. Use the administrator user name and password that you created when you ran the Add User Wizard. Step 6: Configure Terminal Server Licensing After you have joined the additional server to the network, configure the server with Terminal Server licensing. For information about adding an additional server, click Start, click Help and Support, and then search for "Terminal Server Licensing."
http://san24mca.blogspot.com/
To configure Terminal Server Licensing 1. Click Start, click Control Panel, and then click Add or Remove Programs. 1. Click Add/Remove Windows Components. 2. In the Components dialog box, click Terminal Server Licensing, and then click Next. 3. On the Terminal Server Licensing Setup page, click Next to accept the default on that page.
4.
81
Provide the file system location where the license server database should be installed on the Terminal Server license server, click Next, and then click Finish. The default location for the license server database is systemroot\System32\LServer.
Activating the License Server : After a Terminal Server license server is activated, it becomes the repository for Terminal Server client licenses. A Terminal Server license server can issue temporary licenses for clients that allow use of terminal servers for up to 120 days from the date of the first client logon. After this evaluation period ends, a terminal server can no longer allow clients to connect unless it locates a Terminal Server license server to issue client licenses. Licensing wizard properties, such as activation method and company information, set during the activation process, can be changed later. To activate the license server 1. Click Start, click Control Panel, click Administrative Tools, and then click Terminal Server Licensing. 1. In the console tree, right-click the Terminal Server license server you want to activate, and then click Activate Server to start the Terminal Server License Server Activation Wizard. 2. In Activation method, select Automatic connection (recommended), and then click Next. Follow the instructions in the wizard. Adding Client Licenses to the License Server : You must purchase a client access license for each client computer that connects to the terminal server and install them on the license server for users to be able to use the terminal server. For more information about Terminal Server licensing, click Start, click Help and Support, and then search for "Terminal Server Licensing." To install client license key packs 1. On the terminal server, click Start, click Control Panel, click Administrative Tools, and then click Terminal Server Licensing. 1. Verify that the installation method for the Terminal Server license server is set to Automatic by right-clicking the Terminal Server license server for which you want to install key packs, and then clicking Properties. On the Installation Method tab, change the installation method if necessary. 2. In the console tree, right-click the Terminal Server license server for which you want to install key packs, click Install Licenses to start the Terminal Server CAL Installation Wizard, and then click Next. The previous steps are not necessary if the Terminal Server CAL Installation Wizard is already started.
3.
http://san24mca.blogspot.com/
In Program and Client License Information, provide the required information for your licensing program to receive your key packs, and then click Next.
The Microsoft Clearinghouse processes your request, and installs the encrypted client license key pack on your Terminal Server license server.
4.
The Terminal Server license server can now issue licenses to clients that connect to a Terminal server.
82
Step 7: Redirect My Documents Folders It is recommended that you redirect users My Documents folders to the server running Windows Small Business Server 2003 and apply volume quotas to the folders. By default, users My Documents folders are saved with the user profiles on the terminal server. If you use My Documents Redirection and the backup feature of Small Business Server 2003, your users data will be backed up along with the rest of the server. For information about redirecting users My Documents folders from the terminal server to the Windows Small Business Server 2003, click Start, click Help and Support, and then search for "Folder redirection." To ensure that users My Documents folders synchronize with the server, tell the users to log off from their terminal server sessions rather than simply close the session. Step 8: Install Client Applications You can use the client applications on the computer running Windows Small Business Server 2003 and install them on the terminal server. You can also install other client applications on the terminal server. For more information about installing and running applications with Terminal Server, click Start, click Help and Support, and the search for "Terminal Server." For more information about installing Microsoft Office 2003 in a Terminal Server environment, see the whitepaper "Deploying Office 2003 in a Windows Terminal Services Environment" at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=24921).
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
Installing Outlook You can install Microsoft Office Outlook 2003 on the terminal server from the server running Small Business Server 2003. To install Outlook 1. On the additional server, log on using the domain administrator account. 1. Click Start, click Run, and then type \\ServerName. 2. Double-click ClientApps, and then double-click outlook2003. Double-click Setup.exe, and then follow the Setup instructions. 3. To close Outlook Setup after installation, click Next, and then click Finish. Ensure that you close the wizard that launches along with Setup. Installing Internet Explorer : You do not need to install Internet Explorer on the terminal server; the correct version of Internet Explorer is included with Windows Server 2003. The Favorites menu and connection settings are configured by Client Setup. Some links on the Favorites menu point to items that require the installation of Microsoft ActiveX controls or certificates. To prepare Internet Explorer for these links, use the following procedure.
83
Configuring Fax for Terminal Server Users : You can configure the server running Windows Small Business Server 2003 as the fax server for Terminal Server users by installing the Fax Service on the server running Windows Small Business Server 2003. For more information about hosting Fax Services on the additional server, click Start, click Help and Support, and then search for "Using Fax." To configure Fax Services for Terminal Server users, you need to configure the terminal server and each client computer that will use the service. Use the following procedure to configure the terminal server for using fax. When you are configuring the client computers to use the Terminal Server, you will also need to configure the client computers to use fax. To configure the terminal server for fax : 1. From the terminal server, click Start, click Control Panel, and then click Add or Remove Programs. 1. Click Add/Remove Windows Components. 2. Select the Fax Services check box, and then click Next. 3. Click Do not share this printer, and then click Next. 4. Click Finish. Step 9: Configure Client Computers : To configure the client computers to access the terminal server, you must install the Remote Desktop Connection on each client computer. After you have installed the Remote Desktop Connection, you can configure the client computers for Fax Services. To install Remote Desktop Connection on client computers : 1. From the client computer, click Start, click Run, and then type: \\ServerName\clientapps Click tsclient. 2. Double-click the Win32 folder, and then double-click Setup.exe. 3. Complete the Remote Desktop Connection - InstallSheild Wizard. To configure client computers to use Fax Services : 1. From each client computer, click Start, click Programs, click Accessories, click Communications, click Remote Desktop Connection, and then log on to the terminal server using the Remote Desktop Connection. 1. Click Start, click Printers and Faxes, and then double-click Add a printer. The Add Printer wizard starts. 2. Click Next. 3. Click A network printer, or a printer attached to another computer, and then click Next. 4. Click Find a printer in the directory, and then click Next .
1.
http://san24mca.blogspot.com/
84
5.
In the search results list, a printer named Fax should appear. Select the printer named Fax, and then click OK. Click No when asked if you want to set this printer as the default printer, and then click Finish.
6.
Client To connect to Terminal server remotely following step required. Click Start, click All Programs, click Accessories, click Communication, and then click Remote Desktop Connection. Then a window will be appear like this
http://san24mca.blogspot.com/
85
Here a user can specify his/her requirement. After Click on the Connect button the client will be connected to the terminal server and a terminal server GUI interface will appear on the client computer .
2.5 Advantages
Advantage Rapid, centralized deployment of applications
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
Description Terminal server is great for rapidly deploying Windows-based application to computing devices across an enterprise- especially applications that are frequently updated, infrequently used, or hard to manage. When an application is managed on terminal Server, and not on each device, administrators can be certain that users are running the latest version of the application.
Terminal server considerably reduces the amount of network bandwidth required to access data remotely. Using Terminal Server to run an application over bandwidth-constrained connections, such as dial-up or shared WAN links, is very effective for remotely accessing and manipulating large amount s of data because only a screen view of the data is transmitted, rather than the data itself.
86
Windows anywhere
Terminal Server helps users become more productive by enabling access to current applications on any device- including under-powered hardware and Non-Windows desktops. And because Terminal Server lets you use Windows anywhere, you can take advantage of extra processing capabilities from newer, lighter-weight devices such as the Pocket PC.
3.
http://san24mca.blogspot.com/
WSUS provides a software update service for Microsoft Windows operating systems and other Microsoft software. WSUS is a locally managed system that works with the public Microsoft Update website to give system administrators more control. By using Windows Server Update Services, administrators can manage the distribution of Microsoft hotfixes and updates released through automatic updates to computers in a corporate environment. A WSUS server can obtain updates either from Microsoft Update or from another WSUS server, but at least one WSUS server in the network must connect to Microsoft Update to get available updates. The administrator can decide how many WSUS servers should connect directly to Microsoft Update, based on network configuration, bandwidth, and security considerations. These servers can then distribute updates to other downstream WSUS servers. WSUS originated as Software Update Services (SUS), which delivered only operating system hotfixes and patches. WSUS builds on SUS by expanding the range of software it can update. The WSUS infrastructure allows automatic downloads of hotfixes, updates, service packs, device drivers and feature packs to clients in an organization from a central server(s), instead of using the public Microsoft Windows Update website. This saves bandwidth, time and disk space, as the individual computers in a network do not have to connect to an external server themselves, but
87
connect to a local central server. It also increases administrators' control and allows clients to obtain updates in environments that do not have internet access.
3.1 Installation :
3.1.1 Software Requirements : Computer running Windows 2003/2000 Server with Microsoft Windows Server Update Services (WSUS) installed. Microsoft .NET Framework version 2.0 installed on WSUS server.
Both the system partition and the partition on which we install WSUS 3.0 SP2 must be formatted with the NTFS file system. Minimum 1 GB of free space on the system partition. Minimum 2 GB of free space on the volume on which database files will be stored. Minimum 20 GB of free space is required on the volume on which content is stored, 30 GB is recommended
2. After extracting the files navigate to the folder where the files where extracted and double-click on the setup.exe file. 3. Click Next on the welcome screen.
88
4. Agree
to
the
End
User
License
Agreement
and
click
Next.
5. In the SQL setup dialog enter the SQL server instance for WSUS. If WSUS database was installed with the default WMSDE database then enter LOCALHOST\WSUS in the SQL Instance textbox. If WSUS database was installed on a different SQL server then enter the name of the SQL server in the SQL Instance textbox. Enter the default Root web location for WSUS. Enter a website title and footer for the WSUS Easy Reporter website. Click Next.
http://san24mca.blogspot.com/
89
1. In the Select Installation Address dialog choose the site that WSUS is installed
in (Default is Default Web Site). * A new website can be created beforehand and then chosen. The website will have to have host headers set and our DNS server should have an alias (CNAME) created for the site. Enter a virtual directory name. This is the name that we will connect to in the address bar of our browser (i.e. http://LOCALHOST/WSUSReports). Click Next.
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
2. Click Next to start the installation. 3. After the setup is finished read the readme and click Next then Close.
90
wizard later through the Options page of the WSUS Administration Console. By default, WSUS 3.0 SP2 is configured to use Microsoft Update as the location from which to obtain updates. To obtain updates from Microsoft Update, the WSUS server uses port 80 for HTTP protocol and port 443 for HTTPS protocol. This is not configurable. If we have a proxy server on the network, we can configure WSUS 3.0 SP2 to use the proxy server. If there is a corporate firewall between WSUS and the Internet, we might have to configure the firewall to ensure that WSUS can obtain updates. NOTE: Although Internet connectivity is required to download updates from Microsoft Update, WSUS offers us the ability to import updates onto networks that are not connected to the Internet.
http://san24mca.blogspot.com/
Save and download information about our upstream server and proxy server. Choose the language of the updates. Select the products for which we want to receive updates. Choose the classifications of updates. Specify the synchronization schedule for this server.
91
After we configure the network connection, we can download updates by synchronizing the WSUS server. Synchronization begins when the WSUS server contacts Microsoft Update. After the WSUS makes contact, WSUS determines whether any new updates have been made available since the last time we synchronized. When we synchronize the WSUS server for the first time, all the updates are available and are ready for our approval for installation. The initial synchronization may take a long time. 3.4.2 Configure client updates: In Windows Server Update Services 3.0 (WSUS 3.0 SP2), the WSUS Setup automatically configures IIS to distribute the latest version of Automatic Updates to each client computer that contacts the WSUS server. The best way to configure Automatic Updates depends on the network environment. In an environment that uses Active Directory service, we can use an existing domainbased Group Policy object (GPO) or create a new GPO. In an environment without Active Directory, use the Local GPO. In this step, we will configure Automatic Updates and then point the client computers to the WSUS server.
http://san24mca.blogspot.com/
3. BLADE SERVER
92
A blade server is a stripped down server computer with a modular design optimized to minimize the use of physical space and energy Features and specifications
http://san24mca.blogspot.com/
4.2 FEATURES
The different blade manufacturers vary in specific configurations for their blade servers and chassis, but the focus still remains to strip extraneous components from the blades so the blades' components can focus on essential processing and services. Each blade is a server by itself and generally dedicated to a single computing task such as file sharing, SSL, data processing, Web page serving, cache management ,video/audio streaming, or firewall etc. Blade servers provide greater I/0 connectivity, hot swap drives, and RAID-5 capabilities. 4.2.1 Virtualization In a single blade chassis, you can have different operating systems, different memory capacities, a mix and match of 32-bit or 64-bit CPUs, and so on. Once you have these, you can always run virtualization software on top. Also, blades let you pair your dynamic software with dynamic hardware, making deployment and management of virtual servers much easier. 4.2.2 Hot Swapping Hot swapping is the ability to add, remove and replace units at need without having to power-off the chassis. Hot swapping can apply to PSUs, network, management and storage units, and the blade servers themselves. Hot swapping, coupled with
93
redundancy, can give significant reliability benefits. It also aids maintenance, because if a blade develops a problem it can be removed and repaired or replaced without disruption of the other blades in the system. 4.2.3 Power: The blade relies on the chassis to provide Power. In all chassis power switching balances power load and requirements across the component blades' demands. The technology ensures that power isn't wasted running underused blades, but in times of high demand there is sufficient power available. Employing power supply unit redundancy is necessary for critical servers. 4.2.4 Cooling A full chassis may generate considerable heat from the activity of component blades, so high demand blade servers require effective cooling from their chassis to operate efficiently. The chassis' internal management systems may shut down the entire system if the temperature rises above a certain point. It's critical, then, to follow the directions of the blade server chassis' manufacturer when managing the server's cooling. This might include air space around the chassis, the use of plugs for empty bays, and environmental demands for air temperature and humidity. 4.2.5 Storage There may be some limited storage on a blade server, and there may be additional storage provided by a chassis. However, with the use of a SAN ,the chassis and blades can be completely free of storage, removing the inherent heat, noise, and reliability problems from the system completely. Everything from booting to data storage can be done over the SAN, enabling the blade servers to be focused entirely on processing. This configuration can increase reliability and reduce space requirements by partitioning storage resources in one centralized location and computing resources in another. This also eliminates storage Despite the advantages of storage outside the blade chassis, many blades have the capacity to take one or two hard drives, usually SATA. 4.2.6 LED Indicators Blade servers typically have a front panel containing a number of informational LEDs, relating to power and system activity. There may additionally be indicators of system failure, which may be general or specific to blade components. These optional features will invariably come at a cost premium.
http://san24mca.blogspot.com/
4.3 SPECIFICATION
Model: Blade Center HS20 Type 8832
94
Drivers Support for up to 2 internal IDE 2.5 inch hard disk drive(HDD) Support for up to 2 up to 2 ultra 320 SCSI hot swap HDD available in an optional SCSI storage expansion unit
Integrated functions:
Intel Xenon Processor 512 KB ECC L2cache 533 MHz front side bus(FBS)
Two Gigabit Ethernet controllers ATI Rage XL video controller Light Path DiagnosticsTM Local service processor IDE HDD controller RS-485 interface for communication with Blade Center management module USB buses for communication with keyboard , mouse , diskette drive and CDROM
Environment Memory
Air temperature : Blade server on :100 C to 350C Altitude : 0 to 914 m Blade server off : -400 to 600C Humidity Blade sever on : 8% to 80% Blade server off : 5% to 80%
http://san24mca.blogspot.com/
NOTE: The OS in the blade server must provide USB support for the blade server to recognize and use the keyboard ,mouse ,CD-ROM drive , and diskette drive. The blade center unit uses USB
95
3. SAN 4.4.1.Chassis: The chassis forms the housing for the blade servers,
providing the necessary services for the blades. Chassis vary in the number of blades they accept, usually from 6 to 16. It has two view front view and rear view and in between these two view there is a mother board of blade server
Mother view SM Rear M Front board P view
MM
FM
BLOWER PM PM PM SM MM FM
BLADES
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
PM stands for Power module , which manage the power control for blade server. All the 4 power module work simultaneously and if one fails then other take care of the power control. SM stands for Switch module , which is connected with layer 3 switch . Both the switch module work simultaneously and if one fail then other take care of them. BLOWER is used to keep the temperature of blade server at required level . MM stands for management module . It manage all the deices within a chassis . Here one is primary and another is secondary .When primary works then secondary holds the idle condition .This is called the heart of the System. FM stands for fiber module .Which is connected with SAN. Both the fiber module work simultaneously and if one fail then other take care of them 4.4.2 Management server It use the IBM directory server software and installed in any of the Blade . The blade which has that software will act as an administrator . It manage all the blades. It has two hard disk and a processor of 3.0 MHz
96
Area
Storage Area Network (SAN) is a specialized ,high-speed network attaching servers and storage devices and ,for this reason ,it is sometimes referred to as the network behind the servers . A SAN allows any-to any connection across the network ,using internetwork elements such as routers ,gateways ,hubs ,switches and directors . A storage device is a machine that contains nothing but a disk or disks for storing data. This storage area is shared by all blades. The disk of this storage use the RAID technology to store the data. The details of RAID is given in article 4.5 Instead of these three parts there is also a keyboard ,monitor and a mouse to monitor the condition of all the blade servers . Which are attached though the KVM switch.
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
A KVM ( Keyboard , Visual Display Unit, Mouse) switch is a hardware device that allows a user to control multiple computers from a single keyboard, video monitor and mouse. Although multiple computers are connected to the KVM, typically a smaller number of computers can be controlled at any given time.
4.5 RAID
Redundant Array of Independent Disks (RAID) is the combining of several hard drive into a single unit. There are a number of RAID levels, among them the most popular are RAID 0, RAID 1 and RAID 5, which require controllers to support them. Two or more disk drive are combined and the result is fault tolerance and good performance. These disks drives are usually used on servers . Level Description
Minimum no. of disks
Space Efficiency
Fault Tolerance
Image
97
In a RAID 0 system, data are split up in blocks that get written across all the drives in the array. By using multiple disks (at least 2) at the same time, RAID 0 offers superior I/O performance. This can be RAID performance enhanced further by using 0 multiple controllers, ideally one controller per disk Data are stored twice by writing them to both the data disk (or set of data disks) and a mirror disk (or set of disks).If a disk fails, the controller uses either the data drive or the mirror drive for data RAID recovery and continues operation 1
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
0 (none )
n-1 disks
RAID 5 is the most common secure RAID level. It is similar to RAID-3 except that data are transferred to disks by independent read and write operations (not in parallel). The data chunks that are written are also larger. Instead of a dedicated parity disk, parity information is RAID spread across all the 5 drives. You need at least 3 disks for a RAID 5 array
n-1
1 disk
98
Level RAID 0
Advantages RAID 0 offers great performance, both in read and write operations. There is no overhead caused by parity controls. All storage capacity can be used, there is no disk overhead. The technology is easy to implement.
Disadvantages RAID 0 is not fault-tolerant. If one disk fails, all data in the RAID 0 array are lost. It should not be used on missioncritical systems.
RAID 1
RAID 1 offers excellent read speed and a write-speed that is comparable to that of a single disk. In case a disk fails, data do not have to be rebuild, they just have to be copied to the replacement disk. RAID 1 is a very simple technology.
The main disadvantage is that the effective storage capacity is only half of the total disk capacity because all data get written twice. Software RAID 1 solutions do not always allow a hot swap of a failed disk (meaning it cannot be replaced while the server keeps running). Ideally a hardware controller is used. Disk failures have an effect on throughput, although this is still acceptable. Like RAID 3, this is complex technology.
http://san24mca.blogspot.com/
RAID 5
Read data transactions are very fast while write data transaction are somewhat slower (due to the parity that has to be calculated).
99
4.6 CONFIGURATION
The following configuration programs are provided with the blade server: 1.Configuration /Setup Utility program : This is part of the basic input /output system(BIOS) code in blade server . 2.PXE boot agent utility program : The Preboot eXecution Environment(PXE) boot agent utility program is part of the BIOS code in the blade server . Use it to select the boot protocol and other boot options.
Turn on the blade server and watch the monitor screen . When the message Press F1 for Configuration/Setup appears ,press F1 Follow the instructions that appears on the screen . Configuration /Setup Utility menu choices : The following choices are on the Configuration /Setup Utility main menu. System Summary : Select this choice to display configuration , including the type ,speed ,and cache sizes of the microprocessor and the amount of installed memory. System Information : Select this choice to display information about your blade server. Product Data : Select this choice to view the machine type and model of your blade server ,the serial number , and the revision level or issue date of the BIOS . Devices and I/O ports : Select this choice to set the system date and time , in 24-hour format (hour:minute:second). System Security : Select this choice to set a power- on password . If your set a power- on password , you must type the power-on password to complete the system startup .
NOTE : If you forget the power-on password , you can regain access to the blade server through one of the following methods Remove the blade server battery and the reinstall it. Change the position of the power-on password override switch to bypass the power-on password check the next time the blade server is turned on .
NOTE : Shut down the OS ,turn off the blade server , and remove the blade server from the BladeCenter unit to access the switches.
Start Options : Select this choice to view or change the start options . This choice appears only on the full Configuration / Setup Utility main menu . Advance Setup : Select this choice to change setting for advanced hardware features . System Partition Visibility : Select this choice to specify whether the System Partition is to be visible or hidden .
100
Memory Settings : Select this choice to manually enable a pair of memory DIMMs. CPU options : Select this choice to enable or disable the microprocessor cache . PCI Bus Control : Select this choice to view and set interrupts for PCI devices and to configure the master-latency-timer value for the blade server. Integrated System Management Processor Settings : Select this choice to enable or disable the Reboot on System NMI option on the menu . If you enable this option , the blade server will automatically restart 60 seconds after the services processor issues a Non-Maskable Interrupt (NMI) to the blade server . Error Logs : Select this choice to view or clear the POST error log.
Select POST Error Log to view the three most recent error codes and messages .
Save Settings : Select this choice to save the changes , made in the settings. Restore Settings : Select this choice to cancel the changes , made in the setting and restore the previous settings. Load Default Settings : Select this choice to cancel the changes ,made in the setting and restore the vendors settings. Exit Setup : Select this choice to exit from the Configuration /Setup Utility program . If you have not saved the changes you have made in the settings, you are whether you want to save the changes or exit without saving them.
4 .6.2 Using the PXE boot agent utility program 1.Turn on the server . 2.When the Broadcom NetXtreme Boot Agent Ctrl+S. NOTE: If the PXE setup prompt is not displayed ,use the Configuration /Setup Utility program to set the enable Ethernet PXE/DHCP option . By default , you have 2 seconds after the prompt appears on the screen to press Ctrl + S. vX.X.X prompt appears ,press
http://san24mca.blogspot.com/
3. Use the arrow keys or press Enter to select a choice from the menu. Press Esc to return to the previous menu. Press the F4 key to exit 4. Follow the instructions on the screen to change the setting of the selected items , then press Enter .
101
Two Ethernet controllers are integrated on the blade server system board which enables simultaneously transmission and reception of data on the Ethernet Local Area Network (LAN). However a device driver must install to enable the blade server OS to address the Ethernet controllers . For device drivers and information about configuring your Ethernet controllers use the Broadcom NetXtreme Gigabit Ethernet Software .Ethernet controllers support failover, which provides automatic redundancy for Ethernet controllers . Without failover only one Ethernet controller from each server attached to each virtual LAN or subnet. With failover you can configure more than one Ethernet controller from each server to attach to the same virtual LAN or subnet . If you have configured the controllers for failover and the primary link fails , the secondary controller takes over . When the primary link is restored , the Ethernet traffic switches back to the primary Ethernet controller NOTE : To support failover on the blade server Ethernet controllers , the Ethernet switch modules in the BladeCenter unit must have identical configurations to each other.
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
102
Easier Physical Deployment : Since the chassis is responsible for providing the once redundant parts of a server, deployment of a blade server simply involves the placement of the chassis and sliding in the blades. Redundant power modules and consolidated communication bays simplify integration into data centers. Flexibility- Blade systems also provide significant configuration flexibility, offering a choice among myriad servers, I/O options and other internal components. The chassis can accommodate a mix of x86 (Intel or AMD CPUs) and Unix RISC servers, storage blades, workstations and PC blades, as well as multiple I/O connections per blade. 4.8.2 DISADVANTAGES Expensive configuration Although plugging in a new server blade into the blade server is easy once the system is running, initial configuration can be labor-intensive and expensive in complex application environments. This disadvantage comes with the fact that blade servers are specialized computing equipment and their configuration and administration often requires training provided by the vendor which may not be cheap unless you have a special free-training deal with the vendor. Expensive tool ( economies of scale) If you do not fill the blade chassis with server blades, you are not fully utilizing it. Blade chassis are often made to hold 14 or 16 server blades. The general rule of thumb is that blade servers are not suitable and economical for applications requiring less than 5-10 servers. Applications requiring less than 5-10 server blades (10-20 CPUs) are best devoted to standalone server systems. Incompatible Chassis Blade systems vary between manufacturers. Once you bought blade server from a particular vendor, it is not always easy to switch to another vendor because of servicing agreements and also because a competitor is unlikely going to have the same expertise in your equipment as your vendor. You could theoretically use your server blades in competitor's blade chassis, but practically blade chassis are not standardized. It is unlikely that IBM would get together with Dell and HP to share chassis. Chassis is what makes their products unique. Server blades are often designed to only run in the company's own chassis. Business case Blade servers are not the best solution for everything. If you have a very large transaction processing application requiring high read/write ratios, then you may run into bottle neck with your bus speeds, memory limitations, disk access, and network I/O. Email and Web serving are situations where blade computing suits well. Heating and cooling One often forgotten disadvantage is HVAC. While individual stand-alone servers can be distributed throughout the building and may not necessarily need special accommodations for cooling, blade servers being very powerful these days produce massive amounts of heat per square foot. If untreated, this could melt them down. When purchasing blade servers, it is important to keep in mind that additional resources will be needed also for HVAC.
3. SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
103
DHCP SERVER
A DHCP Server assigns IP addresses to client computers. This is very often used in enterprise networks to reduce configuration efforts. All IP addresses of all computers are stored in a database that resides on a server machine. DHCP supports four strategies for IP address allocation. These are independent features. A particular server can offer any or none of them. 1. Manual. The unique client identifier-to-IP address binding has been made by an administrator. Therefore the DHCP service should not reallocate IP addresses of this type to other clients after the lease expires. This type of IP address allocation is useful when the administrator wants a host to maintain the same IP address but still wants to detect when an IP address is no longer being used. An example is a host that provides a service located by the IP address, like mail. 2. Permanent. The server's administrator creates a configuration for the server that includes only IP addresses, and gives this configuration to clients. After an IP address is associated with a MAC address, the association is permanent unless the server's administrator intervenes. Allocating permanent IP addresses has the drawback that such IP addresses cannot be reclaimed automatically. 3. Dynamic (through leases with limited duration). The server tracks leases and gives IP addresses to DHCP clients automatically as they become available when leases expire. No interaction is needed by the administrator. This is the preferred IP address type for non-BOOTP clients. 4. BOOTP. Addresses that are reserved for use by BOOTP clients. This allows an administrator to enter a pool of IP addresses intended only for BOOTP clients.
http://san24mca.blogspot.com/
104
http://san24mca.blogspot.com/
105
http://san24mca.blogspot.com/
106
http://san24mca.blogspot.com/
107
Now this will prompt new scope welcome screen click next
A scope is a collection of IP addresses for computers on a subnet that use DHCP.Enter the name and description of your scope click next
http://san24mca.blogspot.com/
108
Now you need to define the range of addresses that the scope will distribute across the network , the subnet mask for the IP address . Enter the appropriate details and click next.
Enter the IP address range that you want to exclude and click on next
http://san24mca.blogspot.com/
Select lease duration how long a client can use an IP address assigned to it from this scope. It is recommended to add longer leases for a fixed network (in the office for example) and shorter leases for remote connections or laptop computers and click next
109
You are given a choice of whether or not you wish to configure the DHCP options for the scope now or later. You can select Yes, I want to radio button and click next
http://san24mca.blogspot.com/
Enter the router, or gateway, IP address click next. The client computers will then know which router to use and click next
110
Enter the DNS and domain name settings can be entered. The DNS server IP address will be distributed by the DHCP server and given to the client click next
http://san24mca.blogspot.com/
111
If you have WINS setup then here is where to enter the IP Address of the WINS server. You can just input the server name into the appropriate box and press Resolve to allow it to find the IP address itself click next
Now you need to activate this scope now and click next
http://san24mca.blogspot.com/
DHCP Server new scope installation was finished and click finish
112
Now your server is now a DHCP server message and click finish
http://san24mca.blogspot.com/
113
114
DHCP servers permit you to reserve an IP address for a client. This means that the specific network client will have the same IP for as long as you wanted it to. To do this you will have to know the physical address (MAC) of each network card. Enter the reservation name, desired IP address, MAC address and description choose whether you want to support DHCP or BOOTP and press add. The new reservation will be added to the list.
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
So it is very easy to configure DHCP server in win server 2003 now you can configure your windows client pc to check your DHCP server is working or not. If you want to install and configure win server 2003 domain controller with DNS setup check here .
115
Advantages : DHCP servers offer a number of advantages over earlier methods of getting IP addresses. 1. Automatic management of IP addresses, including the prevention of duplicate IP address problems 2. Allows support for BOOTP clients, so you can easily transition your networks from BOOTP to DHCP 3. Allows the administrator to set lease times, even on manually allocated IP addresses. 4. Allows limiting which MAC addresses are served with dynamic IP addresses 5. Allows the administrator to configure additional DHCP option types, over and above what is possible with BOOTP 6. Allows the definition of the pool or pools of IP addresses that can be allocated dynamically. A user might have a server that forces the pool to be a whole subnet or network. The server should not force such a pool to consist of contiguous IP addresses. 7. Allows the association of two or more dynamic IP address pools on separate IP networks (or subnets). This is the basic support for secondary networks. It allows a router to act as a BOOTP relay for an interface which has more than one IP network or subnet IP address. Here are some features that are not part of the DHCP server itself, but related to the way it is administered. 1. Central administration of multiple servers 2. The ability to make changes while the server is running and leases are being tracked. For example, you can add or take away IP addresses from a pool, or you can modify parameters. 3. The ability to make global modifications (those that apply to all entries) to parameters, or to make modifications to groups of clients or pools 4. The maintenance of a lease audit trail, such as a log of the leases granted Disadvantages:
1. Only some of the DHCP client implementations work properly with the DHCP Server in windows server 2003. 2. The information in DHCP server is automatically delivered to all the DHCP clients Thus , it become important to put correct information into DHCP server. 3. If there is a single DHCP server and it is not available, lease will not be requested or renewed ,this way it will be single point of failure for the network. 4. In order to use DHCP on a multi segment network , DHCP server or relay agent should be placed on each segment .you can also ensure that the router is forwarding Bootstrap protocol Broadcasts. SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
116