1.

Introduction
The hardware course of first year took again the office computers, notebook and current material. Even if we speak again about it throughout these 20 hours of course, the matter of second is centered towards the maintenance and the installation of the networks equipments, in short of the data-processing work of technician of company The hardware technician PC/network course takes again the networks (wiring, servers, hub and switch, routers, Ethernet, safety...), various equipments of communication, technologies servers (SCSI, RAID...). In the other Technician PC/network courses, the lan are analyzed at the software level: management, administration, protection... the approach of this networking training is not software, but material: that the network server operating system is Windows, Linux or Novell does not intervene directly in this course. We will analyze here installation and choice of connections equipment. Even if software solutions are approached for comparison, the finality remains the hardware solution. Our work in this course is limited (it is already not so badly) to choice, installation, maintenance, breakdown service and parameter setting of a network installation at the material level. You will require for all the competences acquired in the other data-processing courses for the software parts, even if concepts are provided in this course. The IT network part takes again the network adapter, technologies, hub, switch, routers and wiring Ethernet RJ45 and wireless. The server part takes again all servers specificities: RAID and SCSI hard drives, Safeguard, multi processors MP. It is supplemented by specific storages networks (data storage, NAS and SAN). High speed connections (ADSL, rented lines, ATM...) takes again all technologies of connection Internet. It is supplemented by the possibilities of remote connections (firewall, safety, VPN...). This part will enable you to compare the various solutions (software, Linux and hardware) with their defects and advantages. A solution is never perfect. Electric protections takes again the equipments of protections against all the disturbances of the electrical supply network (UPS). Other chapters treat future or specific technology.

2. Network introduction
2.1. Introduction - 2.2. OSI model network - 2.3. Model TCP/IP - 2.4. Types of connected computers - 2.5. Networks applications - 2.6. Types of servers - 2.7. Characteristic of a network - 2.8. Safety and administration

2.1. Introduction
Before attacking us with the infrastructures networks, in general let us take again some basic concepts on the data-processing network. The networks make it possible to share resources between several computers: data or peripherals (printer, safeguard on tapes, modem, scanner...). The first part of this course takes again all information making it possible to connect these computers between-them. As this processing training is typically hardware, I will be interested mainly only in this aspect. The other aspects of a network are included in the other trainings of technician PC networks, in particular "Base network", "Initiation with systems LINUX & UNIX", "Network software"... The transmission of information between 2 data-processing programs out of 2 different machines passes by two models: the OSI model or model TCP/IP. These two standards make it possible each part of the communication to dialogue. Each model includes several layers. Each layer must send (and receive for the other PC) a comprehensible message by the two parts, compatibility of information. The following chapter (transmission network bases) will treat communication in its details.

2.2. OSI model

Other technicians PC / network courses on the networks spoke to you about the various layers of OSI model (Open System Interconnection Model). This ideal model defines in 1977 governs the communication between 2 information processing systems according to 7 layers. With each layer, the 2 systems must communicate "compatible". You reassure, I am not a follower of this matter to proceed. If they are mentioned, they do not form really part of the formation "hardware network". In hardware we use only the sub-bases. The use of Novell Netware, Microsoft Windows NT, Windows 2000, Linux or any other manager of network does not intervene significantly on the hardware, with share for the drivers. The OSI is a basic model which was defined by the International Standard Organization. This organization returns regularly for standardized various concepts, as well in electronics as in data processing. This model defines 7 levels different for transport from data. These levels are also called layers.

 Application Data transmission

Application level Session level level Transport level Network level data link Physical Layer

7 5 4 3 2 1

Application level Session level level Transport level Network level data link Physical Layer

Package Trame

Presentation level 6 Presentation level

Support of communication Level 7: level application, manages the transfer of information between programs. Level 6: level presentation, occupies itself of the data preparation, possibly of in encoding and the compression of the data, for example formatted of the texts, images and videos. Level 5: the session layer, is occupied of the establishment, the management and coordination of the communications Level 4: the transport layer, manages the correct handing-over of information (management of the errors), uses in particular the UDP and the TCP/IP Level 3: the network layer, determines the roads of transport and is occupied of the treatment and the transfer of messages: manage IP and ICMP Level 2: the data link layer, defines the interface with the board network: hubs, switch... Level 1: the physical layer, manages the material connections, defines the way in which the data are converted into numerical signals With each one of these levels OSI, one encapsulates a heading and an end of message which comprises information necessary while following the rules defined by the protocol used. This protocol is the language of communication for the transfer of the data (TCP/IP, NetBui, IPX are the principal ones). On the diagram below, the part which is added on each level is the part on white zone. The part on grayed bottom is that obtained after encapsulation of the preceding level. The last screen, that which one obtains after having encapsulated the physical layer, which is that will be sent on the network.

OSI model In hardware, we are interested only in the first three levels of OSI model (until the routers and switch the top-of-the-range one), possibly on level 4 for the firewall. The road bases are reserved for the other courses of the technician PC Networks training, in particular bases network and protocol TCP/IP.

2.3. Model TCP/IP

Model TCP/IP is inspired by OSI model . It takes again the modular approach (use of modules or layers) but contains of them only four: Protocols used Model TCP/IP level application TCP/UDP IP/ARP /ICMP/RARP/IGMP level Transport level Internet (IP) Access network sleep OSI model level application level Presentation level session level transport level network level Data link Physical Layer

On each level, the package of data changes aspect, because one adds a heading to him, thus names change according to the layers:
y y y

The package of data is called message on the level of the application layer The message is then encapsulated in the form of segment in the transport layer. The message is thus cut out of piece before sending. The segment once encapsulated in layer Internet takes the name of datagrams

Lastly, one speaks about screen on the level of the layer access network

Layers TCP/IP are more general than in OSI model

2.3.1. Level application

The Application Layer includes the standards applications of the network:
y y y

Smtp: "Simple Mall protocol Transport", management of the malls Telnet: protocol allowing to connect itself on a distant machine (server) as a user Ftp: "File Protocol Transfer", protocol allowing to exchange files via Internet and others less current.

2.3.2. Level transport

The transport Layer ensures the routing of the data and the mechanisms making it possible to know the state of the transmission The protocols of the following layers make it possible to send information of a machine to another. The transport layer makes it possible to identify the applications which communicate. To facilitate the communication, one A not defines names of applications, but of the wearing of communication (varying number from 0 to 65535, 216) specific to each application. The transport layer manages 2 protocols of delivery of information, independently of the type of borrowed network: TCP ensures the control of the data, directed connection (checks the sending of data by signals of acknowledgement of delivery -acknowledge - of the recipient), he ensures the control of the data thus UDP, antiquated and not directed connection, does not ensure any control of transmission of the data. These 2 types (directed connection or not) are a concept used for the firewall. Indeed, when you closed a port in TCP, the sending of a message does not return signal of return (acknowledge), making believe that address IP is not used. On the other hand, in UDP, the closed port not returning information makes believe that address IP is used. Indeed, the UDP returns a message only if the port is in error (does not answer)

2.3.3. Level Internet

Layer Internet is charged to provide the package of the data. It defines the datagrams and manages the decomposition/recombining of the segments. Layer Internet contains 5 protocols (the 3 first are most important):

1. Protocol IP: manage the destinations of the messages, addresses of the recipient 2. Protocol ARP (Address Protocol Resolution): manage the addresses of the network boards. Each board has its own address of identification coded on 48 bits.

3. Protocol ICMP (Internet Control Message Protocol) manages information relating to the errors of transmission. ICMP does not correct the errors, but announces to the other layers that the message contains errors. 4. Reverse Address Resolution Protocol (Reverse Address Resolution Protocol) manages address IP for the equipment which cannot get of them one by reading of information in a file of configuration. Indeed, when a PC starts, the configuration network reads the address IP which it will use. This is not possible in certain equipment which does not have hard disks (final primarily) 5. Protocol IGMP (Internet Group Protocol Management) makes it possible to send the same message to machine forming part of a group. This protocol also makes it possible these machines to subscribe or to be stopped subscribing of a group. This is used for example in the video conference with several machines, sending of vidos... The principal HARDWARE application of the IGMP is found in the SWITCH manageables. This protocol makes it possible to gather stations.

2.3.4. Access network sleep

The layer Access network specifies the form in which the data must be conveyed, whatever the type of network used. It deals with the following concepts:
y y y y y

Routing of the data on the connection Coordination of the data transmission (synchronization) Format of the data Conversion of the signals (analogic/numeric) for modems Control errors with the arrival

24. Types of connected computers and networks

A network makes it possible to connect computers whatever the type: PC, Mac, Hand Frames (host computer)... between-them to share resources. One determines two types of computers connected on the network: servers and customers. The servers share their resources (files, peripherals of storage, peripherals of impression...). The customers use these shared resources.

One distinguishes three types of networks: 1. the networks "Peer to Peer" or points at points. In these small networks, the connected computers are at the same time customers and servers. A network Peer to current Peer consists of PC under Windows 95 /98 put in networks. This term is also used by extension for the division of music and various files between PC connected on Internet, a nightmare for the administrators networks and an excellent fault of safety for the hackers. 2. The networks known as heavy use a host computer (called server) which shares its resources. In this case, the levels of access of the users allow of protected the data. The various peripherals connected on this server increase further this safety (backup, UPS...). Management is made by a specific operating system of type "Server" such as for example Linux, Windows NT server, Windows 2000 server or Netware Novell. 3. The networks Wan (World Area Network) are international networks making it possible to inter-connect networks of the heavy type. Internet is a network of this type. A Wan is not distance related, but well to the type of interconnection between two networks. The applications, the costs and the difficulties of implementation and management are proportional. Safety is inevitably proportional. We will not be interested too much in these concepts. Indeed, with share for connections, the considerations Peer To Peer, servers or Wan are determined by the operating system and the use that by the machines. . Win 95/98/me/ Xp home for Peer To Peer . Win NT, 2000 server, XP pro, Windows 2003 server, Linux or Netware for the heavy networks . Unix system or owners (specific to the manufacturer) for the others, even if Wan is configured more and more using gathering of heavy networks. Internet does not make departures from the rule.

2.5. The networks applications.

To connect network computers is not used for large thing without applications. The use of a network allows: 1. Plays. The setting in computer network makes it possible to play several at the same time if the plays includes this possibility. In this case, a simple network Peer to Peer of the Win98 type is sufficient. 2. File sharing. According to the level of desired safety and centralized administration, one can choose either a network Peer To Peer, or for a heavy network. In a Peer To Peer network, safety and the administration are almost null but the installation is relatively easy and flexible. Moreover, it is easier to carry out a safeguard of only one computer (the server) that on all the connected PC. The peer to peer are not thus used that for a restricted number of PC. You can also use a NAS to replace a server.

3. Central application. In business applications, one calls upon a program managing one (or several) data bases. These programs generally require a heavy server. This makes it possible several PC to work on the same basis of data at the same time starting from different PC (accountancy, management of manufacture, invoicing and stock management...). Safety is done on two levels: access to the files and limitations of the rights of access in the program itself. Let us take an example, a company uses a commercial management (invoicing, inventory control...). If the secretary should not have access to the data base, its access server will not include the access to the file. In the same way, the person in charge for the purchases will be limited to the level for the program not to have the access to the invoices of exits or only in consultation. This requires particularly muscular servers with generally an operating system dedicated server. 4. Share connection Internet. To connect itself simultaneously on Internet starting from each PC via their own connection costs in the long term very much. The setting in network of the computers makes it possible to share only one connection (modem, ADL or high speed). This possibility passes by a division of connection Internet under Win98 and higher or by the use of a router or an application software for more professional uses. 5. Divide peripherals. To use a printer by PC allows a flexibility in use. Nevertheless, the simultaneous use of only one printer of large capacity can prove to be profitable with the purchase of a faster printer (generally, more the printer is expensive, less expensive is the page price). This list is not exhaustive.

2.6. Servers Types.

In the preceding chapter, we spoke about servers in the broad sense. In data processing, one distinguishes three types of servers:
y

A file-sharing server stores and distributes data shareable by the users of the local area network. It results from a combination of hardware and software which can be specific. They are also used as print servers. An application server makes it possible to exploit an application (a program) on a server starting from all the customers. This is typical with the applications based on data bases (management of manufacture, commercial management, accountancy...). It makes it possible for example to invoice, manage stocks... starting from several PC at the same time in a commercial management. These applications must be dedicated to this mechanism of division. The configuration of these servers are generally definitely more muscular. The server permanently sends the parts of program and data towards each station, which increases the traffic network clearly. The servers of this type are in world PC multiprocessors. The program must be conceived for like application centralized. Indeed, a file (text, table...) can be used only by one program (1 PC customer in our case) at the same time. This poses problems for the safeguards when the server works for example. In the case of the data bases, the dedicated program allows simultaneous work on the same data base. To avoid the risks of errors (modification of the same recording by 2 users at the same time and corruption of the data), the dedicated program will block

each recording used by a station. For recall, in the data bases, the recording of a modification is done with fact, without need to use the order to record small file. On the other hand, if the base of data is used, it is impossible to safeguard the base of data. Safety (access control, safeguards,..) is however facilitated bus centralized. A printer server makes it possible to divide printers connected on only one PC. Certain printers networks can be directly connected on the network without passing by a PC, specific cases can also be used.

In practice, a server often gathers the three applications. The configurations (powers) are different for each application, the servers of applications are most powerful.

2.7. Network characteristics.

The local area networks (LAN) are complex infrastructures and not only cables between workstations. If one enumerates the list of the components of a local area network, one will be surprised to find of it a quantity larger than envisaged: 1. Wiring constitutes the physical infrastructure, with the choice between telephone pair, coaxial cable and optical fiber. This choice determines the type of concentrators (switch, HUB) of the network. Those constitute the interns in the case of distribution systems star. In this course, the links microwave (without wire) are seen like a particular wiring. 2. The access method describes the way in which the network referee communications of the various stations on the cable: order, time speaking, organization of the messages. It depends closely on the topology and thus on the space organization of the stations the ones compared to the others. The access method is primarily materialized in the interface boards, which connect the stations to the cable. 3. The protocols of networks are software which "turns" at the same time on the various stations and their interface boards networks. It is the language of communication. So that two structures connected on the network, they must "speak" the same protocol. 4. The server network operating system, often named administrative of the network, is installed on the servers. It manages the divisions, right of access... For Microsoft, one finds Windows NT server, Windows 2000 server, Windows 2003 (NET). They are specific versions. Linux is used under various versions servers. Novell Netware is a mainly effective system dedicated like file server. 5. The system of safeguard is an essential element which functions in various ways either by recopying all the files systematically of the servers, or by making regular safeguards, possibly automated. 6. A bridge, a router or gateway constitutes the means of communication which allow one its users "to leave" the local area network to reach other local area networks or distant servers. 7. The system of management and administration of the network sends alarms in the event of incidents, enters the traffic, memorizes the activity of the network and assistance the supervisor to envisage the evolution of its network. This part is typically software.

2.8. Safety and administration.

One of the important aspect of a heavy network is the centralization of the administration of the data. This makes it possible to safeguard and make safe the data on only one machine, reducing the wastes of time related to this unpleasing but obligatory aspect of data processing. Safety gathers a whole of measurements: intrusion and right of access, virus, safeguard of the data, continuity of the application (not of stops)... There are no ideal solutions for the safety of the networks (and for the computer security in general). Three solutions are possible: material solutions that we will see, of the solutions based on Linux and the solutions based on Windows or the programs added on these Windows stations. The mixture of several solutions is possible in certain cases. Certain solutions are complementary besides. On a large "significant" network, to put a VPN hardware is not sufficient. A complementary software safety including access controls to the level administration server (server, file, right of access) and software of safety measures checking the traffic on the internal network is not superfluous.
y y y y y

The routers can be replaced by the WinGate software or specific applications in Linux on a dedicated PC for example The servers proxy are sometimes integrated in the routers The firewall anti-intrusion are integrated in certain routers but software provides (almost) equivalent functions (e.g..: Symantec, Zonealarm) The integrated private networks (VPN) allowing an access to a heavy network by Internet are included in certain software or operating systems. The antivirus generally software, but are sometimes included in the routers who have their own antivirus software. These equipments directly return all messages containing a virus to its shipper.

According to the application, the originator of the network will use one or the other or a combination of both. The software solutions are reserved for the other courses of the technician PC/networks training. Other control network programs make it possible to manage traffics, users... They are specifically software. The rights of access can be blocked of a station towards a server in its entirety, not on the level of the resources. In light, by hardware, you can block the complete access to a server, by software, to authorize only one part of the resources of a server.

3. Base transmission network

3.1. Introduction - 3.2. Wiring Ethernet -3.3. Physical connection - 3.4. Bus topology 3.5. Ring topology 3.6. Star topology - 3.7. Mixed topology - 3.8. Topology with a grid 3.9. Access method

3.1. Introduction
To communicate information between computers and data-processing peripheral, various concepts are necessary. Before tackling the connections networks, let us begin for the pleasure with a current communication between a computer and one... printing. In a parallel connection, each bits constituting a byte (byte) are transferred at the same time. This connection consists of 8 wire of data and various wire of mass, more of the signals of communications (out of paper...). We will be interested only in wire of data. To make pass a byte of the computer towards the printer, we send on these 8 wire a tension or not according to the binary message to send. To know if a message is sent, the printer only makes look on 8 wire of data if a tension is present or not. This does not require in theory of signals of controls. Though interesting, the parallel connections are supplanted by serial connections. This replacement is related on the price of physical connections and the obstruction of wire. If copper is not too expensive, the installation by an electrician is definitely more expensive and the obstruction of wire of the parallel connections would quickly become ingerable. In a connection series, one finds at the beginning only one wire of communication (two for the bi-directional one) and a ground wire. In practice, others wire are used for the control of the communications. The principle is the same one as above, except that the 8 bits of data will pass on only one line in turn. The computer sends on a wire specialized an electric signal (tension) which announces to the receptionnor that one sends of data will occur and this one prepares to look at what occurs on the cable. If a tension is present, the received signal is the 1, if no signal is present, the received signal is 0. The various signals are sent following the other, which explains why the connection series is considered slow. As soon as one sends a signal of a place to another, the data must be controlled. A solution would be to require of the receptionnor to return the data received for checking. The importance the speed of transfer makes this principle null. In practice, one carries out a parity check. To calculate the parity, one hopes the number of 1. If this number is even, the parity is 0, if it is odd, the parity is 1 in the case of an even parity, EVEN (the reverse in a parity ODD, odd).

One sends like ninth bit this equal number. This checking of the data is not completely reliable. If two bits are bad, the parity check is right, whereas the received signal is false. In the space connections at long distances, the number of bits of parities increases. This system of parity is often used in the modems, but more in the systems networks. These concepts were already seen in first years. In our parallel connection or traditional series, only two installations are connected enters. This connection is not very realistic for a network made up of computers. Physical connection (wire) must connect all the computers between-them. Each one must also speak in its turn to prevent that several signals are present at the same time. This east governs by the type of network. How computers of the different types can be included/understood at the time of the data transmission in network? What one sends like continuation of 0 and of 1 component the message is called a screen. It is consisted of the data and the headings and end of messages added by the layers of OSI model or Internet. These trames are organized specific manners according to a protocol. A protocol is the way in which information is sent towards the recipient. As in the human language, the shipper must use the same language (protocol) that the recipient so that the exchange of information is correct. The most current protocols are TCP/IP, IPX, NetBeui... In spite of this short description, the protocols really do not intervene in the hardware part of the networks (with share for the routing). Indeed, in OSI model of chapter 2, we limit ourselves to the first 3 levels, whereas the protocol is related to level 4: transport.

3.2. Ethernet Wiring

The wiring of the local area networks tends today to be standardized, and not to be distinguished from the data-processing and telephone wiring general of the company. Three media are used today in the local area networks.

3.2.1. The telephone twisted pair

not very expensive, rather easy to pose, it is today the most widespread support for the local area networks. They is often taken again under the term Ethernet network or network RJ45 The type of cable used determines the maximum speed of transmission of the data, as well as the standard of connection of the networks. In the case of the twisted pair, one uses telephone cable. Nevertheless, these cables are taken again according to their physical characteristics (diameter, insulator, length of the twists) in various categories below: Type of cable Category 1 Category 2 Supported speed Telephony 1 Mbps Type of network Telephone Token Ring and telephone

Category 3 Category 4 Category 5 5e category (category 6)

16 Mbps 20 Mbps 100 Mbps 1 Gbps

Token Ring and 10 base T 10 Base T 10BaseT and 100 Base TX Giga Ethernet

There are 2 families of cables of twisted pairs. Shielded cables (STP: Shilded Twisted pair) are surrounded of an aluminum foil to make electrostatic screen. Cables UTP (Unshielded twisted pair) do not have any. Most current are the UTP.

3.2.2. The coaxial cable

Definitely expensive, is in loss speed after having been the support par excellence of the first local area networks which functioned in broad band mode (band-width cut out in beaches of frequency, each one being allotted to a channel). Today, the majority of the local area networks functioning in baseband (all the transmitting stations on the same channel occupying the totality of the band-width), the coaxial cable are less necessary and one employs it almost only for the interconnection of various local area networks or in environments disturbed by spurious electromagnetic signals (electric motor for example).
y

The sheath makes it possible to protect the cable from the external environment. It is usually out of rubber (sometimes out of polyvinyl Chloride (PVC), possibly out of Teflon) The shielding (metal envelope) surrounding the cables makes it possible to protect the data transmitted on the support of the parasites (otherwise called noise) which can cause a distortion of the data. The insulator surrounding the central part consists of a dielectric material making it possible to avoid any contact with the shielding, causing electric interactions (short-circuit).

The heart, achieving the task of data transmission, is generally made up of only one bit out of copper or several twisted bits.

3.2.3. Fiber optic cable

Still definitely more expensive, because it allows high flows and is insensitive with the parasites, starts to make an opening in the local area networks with large needs for band-width (technical calculation, CAD), but is used for especially to inter-connect several local area networks. The fiber optic cable is expensive, fragile and tiresome to install. It breaks easily under the effect of torsion.

The fiber optic cable has nevertheless many advantages:

y y y y y

Lightness Immunity with the noise Weak attenuation Tolerate flows about 100Mbps Bandwidth of a few tens of megahertz to several gigahertz (monomode fiber)

Optical wiring is particularly adapted to the connection between distributors (central connection between several buildings, called backbone) because it allows connections on long distances (of a few kilometers to 60 km in the case of monomode fibre) without requiring of ground connection. Moreover this type of cable is very sure because it is difficult to put such a cable on listening.

3.3. Topologies network.

In the case of our printing connection - PC, the cable centronix ensured the data transmission. A connection network is definitely more complex. It is not enough any more to connect 2 apparatuses, but well several in the broad direction. Just like in a parallel connection, the apparatuses to be connected are connected between-them by a cable (we will see also later of the connections infra-red or hertzian). Before studying the various forms of connections, let us see the type of connections, called topology. There are three types of principal topologies:

3.4. Topology bus network

The bus, a central segment where information circulates, extends over the entire length from the network, and the machines come to cling to it. When a transmitting station data, they circulate over the entire length of the bus and the destination station can recover them. Only one station can emit at the same time. In end of bus, a "stopper" makes it possible to remove information definitively so that another station can emit.

The advantage of the bus is that a broken down station does not disturb the remainder of the network. It is, moreover, very easy to set up. On the other hand, in the event of rupture of the bus, the network becomes unusable. Also let us note that the signal is never regenerated, which limits the length of the cables. This topology is used in the networks Ethernet 10 Base 2 and 10 Base 5.

3.5. Ring topology

Developed by IBM, this architecture is mainly used by the networks Token Ring. Token Ring uses the technique of access per "token". Information circulates of stations in stations, while following the ring. A token circulates around the ring. The station which has the token transmits data which make the turn of the ring. When the data return, the station which sent them eliminates them from the network and passes the token to its neighbor, and so on... This topology makes it possible to have a flow close to 90% of the band-width. Moreover, the signal which circulates is regenerated by each station. On the other hand, the breakdown of a station returns the whole of the unusable network. The interconnection of several ring is not easy to implant. Lastly, this architecture being the property of IBM, the prices are high and almost non-existent competition. This topology is used by networks Token Ring and FDDI. Note: during 2000, IBM announced that it would not follow any more a development of integrated circuits for this type of bus.

3.6. Star topology.

It is the most current topology, in particular with the networks Ethernet RJ45. All the stations are connected to single composing central: the network concentrators. When a transmitting station towards the concentrator, this one sends the data to all the other machines (hub) or only to the recipient (switch). This type of network is easy to set up and to supervise. The breakdown of a station does not blame the whole of the network. On the other hand, one needs more cables than for other topologies, and if the concentrator breaks down, all the network is destroyed. Moreover, the practical flow is worse than for other topologies. This topology is used by the networks Ethernet 10, 100 Base T and following.

3.7. Mixed topology.

A topology as above is unfortunately too simplistic in the case of important networks. If a star topology is perfect in the case of a geographically limited network, a world network cannot use a connection of this type. The method used is thus to connect star distribution systems (by buildings for example) via connections in the bus (telephone for example). In the continuation of the course, by interesting us in connections internetwork, we will re-examine this type of space-division switching, by knowing that each part of the network is generally out of star.

3.8. Topology with a grid.

The ring main systems (represented here by computers) are connected by routers who choose the best way according to several possible. Internet is a topology with a grid, this guarantees best stability in the event of breakdown of a node but is difficult to implement, mainly on the level of the choice of the roads to follow to transfer information. This requires the use of intelligent routers.

This topology cannot be used in the networks intern Ethernet.

3.9. Access method

"to put order" in a local area network, where all the computers can take the initiative of the sendings of messages, one needs a rule complied with by everyone. It is the access method. One distinguishes two principal methods, the application and the token. They distinguish both principal family from local area networks: Ethernet, which uses the application, and the token ring (Token Ring of IBM), "deterministic" method (nonrandom).

The two methods are standardized within the framework of American IEEE association (committee 802), standardization included within the framework of the ISO. If one refers to OSI model, which distinguishes the access methods is located of course in layer 1 (Physical layer) of OSI model, since wiring and topologies are different, but especially in a lower underlayer of layer 2 of OSI model (Data link) called Mac (Medium Access Control). The method Ethernet CSMA/CD (Multiple Sense Carrier Access With collision Detection) is standardized under name 802.3 and the token ring under 802.5. In the Ethernet method, using the application, each computer sends its message without occupying itself too much from what occurs on the cable. If a transmitting station while another is emitting, this causes a collision thus. The second transmitting station stops the transmission to start again later. In the case of Giga Ethernet, the stations does not send any more the message, but a starting signal to check if the way is free. The CSMA/CD (Multiple Sense Carrier Access with Collision Detection) takes care of the detection of the collisions. In the token method , each station can communicate in its turn. If 3 computers are connected out of ring, station 1 speaks, then the 2, then the 3. Station 1 can again speak, and so on.

4. Ethernet networks.
4.1. Introduction - 4.2. Ethernet, IEEE 803.3 10 base 5 - 4.3. Ethernet, IEEE 802.3 10 base 2 - 4.4. Ethernet, IEEE 802.3 10 Base T RJ45 - 4.5. Ethernet 100 bases T RJ45, fast Ethernet - 4.6. Giga Ethernet - 4.7. 10 Gigabit - 4.8. Network card - 4.9.Duplex Half and Duplex Full - 4.10. Connection RJ45 - 4.11. Networks RJ45, problems of connection, tests equipments 4.11. Mac address

4.1. Introduction
Connection between computers requires a network interface card (NIC) established in each PC witch are connected with twisted pair or fiber optic cable. The most current local area networks boards are Ethernet type. This chapter gathers all types of Ethernet connection and wiring (manufacture, precaution...). The Ethernet network appeared at the end of the Seventies in the United States. This network, most widespread from the local area networks, was born from the complementary experiments of DEC, INTEL and Xerox, well before standardization. This implies that the main part of the road bases of OSI model is not specified. All the PC can communicate on the cable network at the same time. It is necessary thus a rule if two stations would start to communicate at the same time. The method used is the contention. The principal method of application in local area networks is the CSMA/CD (Carrier Sense Multiple Access), with collision detection (CD). It is that of the Ethernet networks. It consists for a station, at the moment when it emits, to listen if another station is not also emitting.

If it is the case, the station ceases emitting and re-emits its message at the end of a fixed time. This method is random, in the sense that one cannot envisage time necessary to a message to be emitted, transmitted and received.

4.2. Ethernet, IEEE 803.3 10 Base 5

10 Base 5 version (10Mbps on coaxial cable with a maximum length by segment of 500 meters) is the version of origin of Ethernet, it is represented below:

Each station is equipped with an network "Ethernet" adapter (NIC, Network Interface Card). This equipment ensures the physical adaptation and manages algorithm CSMA/CD. As in all connections coaxial, the 2 ends of the cable are connected to a stopper (it is also called resistance of termination), a specific resistance which attenuates the reverberation of the signal on the cable. The drop cable consists of twisted pairs and can have a maximum length of 50 meters. The coaxial cable is a thick cable of yellow color an half-inch in diameter of the type BELDEN 9580. The overall length of the network can reach 2,5 kilometers with 100 points of connection. The 10 base 5 is used practically more only in the disturbed environments (electromagnetic radiation) or when one wants to guarantee the confidentiality of the exchanges (non radiation for coaxial cable).

4.3. Ethernet, IEEE 802.3 10 Base 2

A cut-rate version of wiring IEEE 802.3 10 base 5 was carried out with fine coaxial cable (Thin Ethernet). This type is represented below:

This physical architecture of network is recommended for the realization of small networks 2 or 3 PC. Each network adapter is connected to the cable via a connector in T of the type BNC. The 2 ends of the network are closed by a resistance of termination (stopper) of 50 ohms. This termination is not obligatory, but the speed transmission is definitely reduced since this resistance eliminates the "reverberations on the cable": the transmitted signal returns on the cable and the stations believing in a true signal wait until the line is free. The connection is easy to start, nevertheless, as soon as one installs 3 PC or more, the speed transmission strongly decreases. This solution is thus to used only in specific cases. The maximum length of the network is 185 meters, with a maximum of 30 equipments connected. The minimal distance between 2 connections is 50 centimeters. This wiring is often used to connect "the small station in bottom of factory". This solution does not function badly but it is absolutely necessary to separate this part of the others with for example a HUB. The reason is not data-processing but related to the electromagnetic disturbances, storms... If the cable takes these disturbances, all the network disturbed or is broken down.

4.4. Network Ethernet, IEEE 802.3 10 Base T

With the problems of wiring, AT&T imagined to re-use preexistent telephone wiring in the office buildings for the realization of the network. That imposed two constraints: one of flow, the other of distance. The network thus carried out functioned with 1Mbps, the stations were connected on star concentrators via repeaters (hub) and outdistances it between the hub and a station was limited to 250 meters. This architecture (802.3 1 base 5 or Starlan) completely obsolete evolved to a version 10MBps (802.3 10 base T). The following figure presents network 10 bases T. Ethernet 10 bases T uses a wiring per telephone pair (8 pairs is 4 wire). Its maximum speed is 10 Mbps (mga bit a second). Wiring is of star type. The nodes consist of concentrators. This solution is currently most widespread, but if the standard evolved/moved of speed. Wiring under RJ45 in 10BaseT requires 4 wires (for 8 accessible in the connector). The wire are sold done everything in the trade, but one can easily manufacture cables RJ45. Generally, 8 wire are inserted but it is not obligatory, in particular if you wish to use a cable for 2 stations (attention with the disturbances).

Connector and taken board network

Right cable RJ45 of them 10 Base T and 100 base T (not in full duplex)

If one does not use a concentrator (connection of 2 stations) or to connect 2 concentrators between-them, the wire must be of type cables cross like below. You must respect the polarities and the pairs must be paired.

Why respect wiring per pairs. The signal at the beginning of the board network is sent on the T+ form and the form T (reversed signal). Let us suppose a parasite which appears on the cable during the transmission of the signal. It is of the same direction on 2 wire. As a pair is twisted, the electric disturbances related to induced currents will be generally different from one pair to another. For recall, the passage of an electrical current in a son produces fields electromagnetic in its entourage and of this fact a current in close electric wire induces.

Let us reverse T(-). the signal and the parasite are reversed. While adding T(+) and T(-) reversed, the double signal but the parasite is removed. Material necessary for a cable RJ45:
y y y y

Cable 4 twisted pairs category 5 Connectors RJ45 to crimp category 5 Sleeves rubber, to avoid dividing the cable. A grip to be crimped and if the grip does not include it: cutting pliers and a grip to be stripped.

Procedure to be followed:
y y y

To thread the sleeve on the cable. To strip the external sheath on approximately 15 mm. For the cord crossed, Trier wire according to the diagram below.

Cable cross connection RJ45 (10 base T and 100 base T)

y y y y

To maintain wire in place by respecting the pairs and to cut them well on line. There must remain approximately 13mm, the end should not form an arc of circle. To place wire in the connector while supporting on the whole of the wire so that the pairs return until the bottom of the connector. To crimp the connector. To plug in the sleeve.

Check, by transparency, the good state of your assembly, if the wire arrive well in end of connector.

4.5. 100 Bases TX and 100 Base T4, Fast Ethernet

Since 1992, one uses the 100 base T. The theoretical flow is 100 Mbps. The fast Ethernet also obliges to use concentrators of the hub type or switch. One finds 2 category of 100 Base T: 100 Base T4 and 100 Base TX. The 100 Base TX (most widespread) uses same the 2 pairs that the 10 Base T On the other hand, the 100 T4 Base uses the 4 pairs. Nevertheless, the 100 T4 base (almost more used) simultaneously uses 3 pairs for the emission and the reception. This mode cannot thus use Full Duplex (simultaneous bidirectional communication). It can be used on cable of category 3, 4 or 5. In 100 base TX, wiring is the same one as in Ethernet bases 10, only the cable must be of better quality (category 5) and the 4 others wire must be connected according to the colors below. Attention which each "cabler" often uses his own code of colors. The cross cables use the two same crossings that into 10 base T.

Normal and cross cable RJ45 100 Base TX diagram

Normal and cross cable

4.6. Ethernet gigabit.

If at the beginning, the gigabit used an optical fibre connection, it is replaced by a connection of the type RJ45 of class 5e (with a limitation of distance limited to 100 meters). The gigabit uses the same format of screens of data that the 10 Base - T and the 100 Base TX and the same anti-collision protocol, namely the CSMA-CD (Carrier Sense Multiple Access with Collision Avoidance). This standard makes it possible each computer to announce that it will transmit a message before transmitting the data on the network (what avoids the collisions).

Network adapter INTEL PCI-X 64 bits - 133 MHz 1000 Base SX (1 Gbit/s on multimode optical fibre (MMF): 500 m) 1000 Base LX (1 Gbit/s on monomode optical fibre (SMF): 3000 m) 1000 Base C (1 Gbit/s out of 4 pairs UTP5: 25 m) 1000 Base T - 1000 Base TX IEEE 802.3 ab ratified on June 26, 1999 1 Gbit/s on cable category 5, transmission out of 4 pairs (250 Mbits/paire) over a 100 meters length) Nomenclature
10BaseT 100BASE-TX 100BASE-FX 1000BASE-LX

Speed
10 Mbps 100 Mbps 100 Mbps 1000 Mbps 1000 Mbps 1000 Mbps 1000 Mbps 1000 Mbps

Outdistance
100m 100m Copper Copper

Media

412 m 2 km
5Km 550m 550m 275m 25m

half Duplex Multimode Optical fibre Multimode Full Dumlex Optical fibre
Individual-mode Optical fibre Multimode Optical fibre Multimode Optical fibre (50u) Multimode Optical fibre (62.5 U) Copper

1000BASE-SX

1000BASE-CX (not supported by the industrial applications standards) 1000BASE-T 1000 BASE LH

1000 Mbps 1000 Mbps

100m 70 km

Copper Optical fibre

Wiring on twisted pairs of 1000 C and 1000 TX is identical to that of the 100 T4 Base, including for the Ethernet cables cross RJ45.

4.7. Network 10 Giga hertz

Currently in court of development, it should compete with on the lines at high speeds, connections ATM.

4.8. Ethernet Network adapter

One finds in the PC three types of boards networks: 10, 100 and Giga Ethernet. The first boards bases 10 of 3Com used only the connectors coaxial and a specific connector. Currently, the network adapters 10 MB are connected into coaxial and RJ45. On the other hand, the boards does not base 100 do not use any more but the RJ45. Consequently, the use of a network into coaxial obliges the use of a board bases 10. As the use of a cable RJ45 requires the use of a concentrator, this one and the boards connected must use the same parameters is of the 10 MBb/s. Concentrators 10 generally include (but not each time) a coaxial connector and the number specific to the concentrator of wiring RJ45. Concentrators 100 allow the connections with 100 Mb, on some, they also detect boards 10 Mb. The networks boards are also characterized by the internal bus used: ISA and PCI. As a recall, there have sometimes incompatibilities between the boards PCI 3.3V and mother board in 5V (old Pentium). Like all boards PC, they are characterized by an address and an interruption for which are recognized by the PC. Certain adapter include a socket making it possible to insert Eprom to start the PC via the network (without hard disk). This solution is used little. Each Ethernet network adapter in RJ45 includes 2 LED. The first, generally green, announces that the lan is connected on a concentrator via a cable. The second, orange or green, announce the transmission/reception of data. The current network adapter make it possible to commutate on each Ethernet speed automatically (10 or 100). With very rare exceptions (hub and switch the bottom-of-the-range one), with a board in connected in RJ45 on a concentrator, it (them) LED must ignite on the board and the HUB, Switch, Routeur. As a technician hardware, that means that the access network is badly parameterized, it is spring of the administrators networks, except if the speed of connection is low.

4.9. Duplex Half and Duplex Full.

A Ethernet network adapter can be of type Half Duplex and Full duplex. The boards Half Duplex (normal) cannot emit and receive at

the same time. By counter the boards Full Duplex (and the switch associated) can emit and receive at the same time on channels (cables) different. This solution makes it possible to double the rate of transfer on the Ethernet network. For example, a board 100 bases TX (100 T4 base does not authorize duplex Full) goes authorized a rate of transfer of 200 Mbps for 100 in the duplex case half. It is necessary to slow down the network (to pass into 100 Half mode or even in the event of disturbances network to oblige the board 100 Base TX to work into 10 base T). The parameter setting is done in the parameters networks by using the properties of the network adapter. Here for example the case of a Ethernet adapter at base of the circuit Realtec RTL8139D (10base T and 100 automatic base TX).

4.10. Wiring RJ45 Ethernet, rules, problems of connections and tests equipments
Cables RJ45 can be bought done everything. Nevertheless, in professional wiring, they are integrated in chutes, pass through walls... The solution consists in buying a grip, the connectors (with protections), the cable and to respect strictly the colors of wiring RJ45 above. To connect two structures between them by cables brings always various types of problems. The first remains the maximum conditions of operating. It is trying to put a wire longer than that envisaged by the standard between Hub (or a switch) and computer (100 meters for one T bases 10 or 100). First error. If the cable is bought done everything, connection is generally good. This is valid for the small internal networks but is seldom the case for the industrial networks. As a tester of wiring network is worth easily the price of a small sporting car, better is worth to cable correctly in advance. Each connection is limited by the number of HUBS in cascade. For a connection 10 bases T, the maximum number between 2 stations east of 4. On the other hand, it is 2 into 100 base T In the last, cable RJ45 must be correctly posed. Among the encountered problems, one finds:
y y

cable network cut or scratched or folded. more underhand: the cable passes to with dimensions from electric cables which disturb the signal, beside fluorescent tubes or neon (minimum 50 cm). Proximity of electric motors of strong powers. The table below shows the distances minimum between the cables networks and the electric cables according to the distance.

Spacing enters the cables current strong (electrical supply network, neon) and low current (Ethernet network)
Spacing in cm 30 cm

20 cm

10 cm 5 cm

10 m

20 m

30 m

80 m

Parallel advance in meters For a cable RJ45 low length, one could put the electric cables and networks in the same chutes. This would be to forget the electric safety requirements which prohibit to insert electric cables and telephone (low voltage) in the same chutes, even if it is common in the suspended ceilings in industries. One finds on the market various types of apparatuses of tests of the cables networks. The first network tests equipment type functions like an ohmmeter on 8 lines. It is important that the apparatus can be divided into two part (a part of control and a case of termination) to allow the tests of cables posed. These equipments generally make it possible to detect the right cables and the cross cables as well as other connectors (RJ11, RJ45, USB...). These apparatuses are reliable only up to one certain points. It check only if connection is correct, not if the connection is correct. If the apparatus detects an error of wiring, the son is to be started again. If it does not detect an error, that does not mean inevitably that the cable is good. A bad contact will be often regarded as good by the tester, but not of connection network.

Here, a test of cross cable. The left part takes again the module of order, the right part, the detachable termination. The 8 Led above indicates if the wire individually are correct. In the left part gives indications on connections. Shorts (cable cut or bad connection on at least a son). CONNECTED which the cable is right or cross connection. NO CONNECTION which the cable is not inserted. The price varies from 100 to 150. The second type functions with the manner of a network card. These equipment test the line (and not only the wire the apparatus is connected at the end of a cable and tests the connection on a HUB or a switch. In this direction, they are more effective. They are a little more expensive. The third type of tester network resembles a minicomputer. Does the price return easily to 10.000 and is thus not with the range of everyone. The method of test is identical to that of the first apparatuses. They offer the same possibilities that the apparatuses of the first group but allow moreover:
y y y y

effective tests of the poor contacts or the cuts on each cable. cable length in the event of cut of a son (or of several), the distance to which it is cut. various disturbances which forward on the cable (electric disturbances).

4.11. MAC address

Each network adapter is characterized by a MAC address. This address is single for all the boards networks in the world. It consists of 6 bytes of the type XX.XX.XX.XX.XX.XX or each XX vary from 0 to 255. The address is often given in form hexadecimal. For example 4D.FF.56.D2.AF.26. In Starts - > to carry out, type order WINIPCFG (present in the Windows repertory under Windows 98) or ipconfig/all in a window DOS (Windows 2000 and XP) for given the following your board network.

The address Mac FF.FF.FF.FF.FF.FF is particular, the data are sent to the whole of the network. It is the address of Broadcast. The Ethernet protocol uses this MAC address to make communicate equipment between them via network. When a machine wants to speak with another, it sends a package on the network, containing the address MAC destination, the address MAC source, the length of the packet, the data and the CRC (Cyclic Redundancy Checking), an error control, ... The MAC address has priority on address IP. When a communication network was established under Ethernet, order DOS arp - A makes it possible to find the MAC address of the other PC of the network.

5. Hub, switch, network router

5.1. Introduction - 5.2. Hub (repeater) - 5.3. Switch - 5.4. Router - 5.5. Repeater - 5.6. Difference between a hub and a switch - 5.7. Passage of IP addresses to the MAC addresses - 5.8. Ethernet Connection Up to now, we used the term "network concentrators" to indicate the networks "noeuds" in T Bases 10, T bases 100, gigabits... (excepting coaxial networks which uses bus topology). This view is too simple. The Ethernet concentrators gathers the hub, the switch, routers... On the level installation, the technique of wiring is almost the same one. Concentrator choice varies according to the importance of the network, the site of the concentrator and the importance (interconnection) of networks.

2. Hub
Hub are used in Ethernet bases 10 and bases 100. Hub is the simplest concentrator. It is practically only one repeater (it is its French name). It amplifies the signal to be able to transfer it towards all connected PC. All information arriving on the equipment is thus transmited on all the lines. In the case of important networks by the number of connected PC or the importance of the flow of transferred information, one cannot use HUB. Indeed, as soon as a PC says something, everyone hears it and when each one starts to transmit, speeds decrease directly. The HUB are characterized by a number of connection: 4, 5, 8, 10, 16, 24... According to the version and the model, they integrate some characteristics of connection specific to the apparatus. Hubs bases 10: connection numbers according to the model, port reverse (this one makes it possible to connect two Hubs between-them, avoiding the use of a cross cable RJ45), a connection coaxial. By connection, one finds a led announcing connection to a chart and a led of collision per channel or for the unit. The latter announces the state of the whole of connections. Hubs bases 100: connection numbers according to the model, port reverse (this one makes it possible to connect two Hubs between-them), never of connection coaxial. By connection, one finds a LED announcing connection to a chart and a led of collision per channel or for the unit. The latter announces the state of the whole of connections. Moreover, for versions 10/100, one finds two LED for each channel (bases 10 and bases 100) A last remark, according to the standard, the maximum number of HUB in cascade (connected port to port, by stackable types) is limited to 4 between 2 stations for the 10 base T and to 2 for the 100 base T. This is related on the maximum travel time of an ETHERNET signal before its disappearance and to the time of detection of the collisions on the cable. It could be that the collision is not detected in time and that the second transmitting station sends the message by thinking that the way is free. This does not exist for the switch "blind and forward"

which record the screens before sending them and segment the network according to connections, avoiding these collisions.

3. Network switch.
3.1. Introduction
Of appearance, it is equivalent to a HUB. The HUB'S default is that all information forwards towards all the PC. A switch recognizes the various computers, servers, routers, printers and firewall connected on the network. By receiving information, it decodes the heading to know the recipient and sends it only towards this one in the case of a connection PC towards PC. This reduces the traffic on the complete network. With the difference, information all circulates on all wiring with the hub' S and thus towards all the connected stations. They thus work on level 1, 2 and 3 of OSI model, for only layers 1 in the case of the HUBS. Level 3 of OSI model determines the roads of transport. The switch replace the HUBS more and more. The prices become practically equivalent. The majority of the switch can use the duplex Full mode. The communication is then bidirectional, doubling the rate of maximum transfer. This function is never established in the HUB. Switch checks automatically if the connected peripheral is compatible full or half duplex. This function is often taken again under the denomination "Car Negotiation". The current models of switch are often Auto MDI/MDIX. This means that the port will automatically detect the crossing of the cables for connection. In the case of the HUB, a port provided with a pushbutton, includes the function manually. You can nevertheless use cables crossed to connect concentrators between them. The use of the switch makes it possible to reduce the data collisions on wiring network. When a peripheral attempt to transmit data, it sends a message on wiring. If another peripheral communicates already, two messages are found at the same time on the network. The first takes again its message at the beginning and the second awaits for trying again a few milliseconds later. There are (in theory) no limitations of the number of switch in cascade on a network.

3.2. Operation of a switch.

To starting, a switch will build a table of correspondence addresses MAC - port connection number. This table is an internal memory storage of the switch. For example for Dlink DSS-16+ (16 ports), it is of 8000 entries (stations). By against, for a model of lower range (D-Link OF the -1024D of 24 ports) it is also of 8000 entries, for the majority of the switches 5 ports, it varies from 512 to 1000 entries. This does not pose problems for a small network but well for large networks. In any event, the maximum number of connected PC is limited by the class of address IP used. When a new chart will be connected on one of its ports, it will adapt its table. The performances of the switch are thus tributary of the importance of this table.

Let us see now what occurs when a PC (PC1) communicates towards another PC (PC2) connected on same the switch. The starting message including the TO address, the switch will find directly in its table the address of the PC2 and will redirect the message on the adequate port. Only the wiring of 2 ports (PC1 and PC2) will be to use. Other PC will be able to communicate at the same time on the other ports.

Now let us see the case or the network uses 2 switch. The PC1 sends the message with the TO address on the switch1 on which it is connected. The switch will check in its table if the TO address is physically connected on one of its ports in its table. In our case it is not the case. The switch thus will send a special message (an address MAC FF.FF.FF.FF.FF.FF, called broadcast) on all its ports to determine on which port the peripheral of destination is. This broadcast generally passes on all the network. While receiving the broadcast, the switch 2 will check in its table if the TO address is in its table. In our case, it is present. It thus will return a message to the switch 1 meaning that the message is for him. The switch 1 thus will direct the message towards the port connected to the switch 2. The switch 1 will memorize in its table the address of the PC2 and the associated port (in our case that of the switch 2). This does not pose too many problems as long as the capacity of the table of the switch 1 is sufficient. Let us see some more complex cases now. When a MAC address off-line on line is placed in the table, the switch will keep it during a certain time. If a new request towards this address is received, the wearing of destination is found in the table. On the other hand, if the time between the requests is too long (generally 300 seconds), the entry of the table is erased and the process of broadcast is again activated. Inevitably, if the table is too small (case of Switch with a low number of ports on a very important network), the MAC entry in the perhaps prematurely unobtrusive table. These characteristics of tables reduced in the switch of bottom-of-the-range installation of big problems in the networks. Moreover, less the switch comprises of entry, plus the table is small. This implies that for the use of small switches (4-8 ports), the number of switch connected between-them for a connection between 2 PC is limited. I have already had the problem in a network of 30 PC. As soon as the factory started, the communications networks broke down. The replacement of switch by HUB for the most distant stations solved the problem but one could have used switch of better quality. All the switch are not equivalent. For networks of ten stations, the problem does not arise. On the other hand, for the important networks, the switch of medium and high range correct better the attenuations of the signals received before transmission.

3.3. Types of switch

The technology of a switch is closely related on the type of data, the topology of the network and the desired performances. The first process of operation and more running, called Blind and Forward, store all the screens before sending them on the adequate port. Before storing information, the switch carries out various operations, energy of the detection of error (RUNT) or construction of the table of addresses until the functions applicable to level 3 of OSI model, such as filtering within a protocol. This mode is appropriate well for the client/server mode because it does not propagate an error and accepts the mixture of various media of connection. This explains why one uses them in the mixed environments coppers/fiber or in the mixture of flows. The storage capacity plug varies from 256 KB to more than 8 MB for the largest models. Small the switch of this type often shares the storage capacity by groups of ports (for example by 8 ports). On the other hand, the models of high range use a memory dedicated by wearing of entry. The latency between the reception and the sending of a message depends on the size of the data. This slows down the transfer of the large files. The mode Cut Through analyzes only the Mac address of destination (placed in heading of each screen, coded on 48 bits and specific to each chart network) then redirects the flood of data without any checking. This type of switch does not make any checking on the message itself. In the principle, the destination address must be stored beforehand in the table, if not a mechanism of broadcast is found. These switch is only used in environments made up of pointto-point connections (customers - server). One exclude all mixed applications from type peer to peer. The mode Cut Through Runt Free is derived from Cut Through. When a collision occurs on the network, an incomplete screen (less than 64 bytes) called Runt is delivered by the switch. In this mode, the switch analyzes the first 64 bits of screens before sending them to the recipient. If the screen is rather long, it is sent. In the contrary case, it is ignored. The mode Early Cut Through (also called Free Fragment at Cisco) is also derived from Cut Through. This system directly transmits the screens whose TO address is detected and present in the table of address of the switch. For that, the table must be perfectly up to date, which is difficult in the case of large networks. On the other hand, it will not send the screens whose TO address is not clearly identified. It does not hold account either of the original address. The latencies are very low. The mode Adaptive Cut Through is distinguished especially on the level from the correction from the errors. These switches keep the trace of the screens comprising of the errors. When the error count exceeds a certain threshold, the switch passes automatically in mode Store and Forward. This mechanism avoids the propagation of the errors on the network by isolating certain segments from the network. When the error rate becomes again normal, the switch returns to the mode Cut Through.

3.4. Additional characteristics

Switch can be stackable (stackable). In this case, a special connector makes it possible to connect several switch of the same mark between-them. The number of switch piled up (of the same model) is limited. The whole of the group of switch is seen like only one switch. This makes it possible to increase the number of ports and to take again a more important common table. The HUB are not truly stackables since this would return exactly to same as to interconnect them with cross cables). Some switch are manageables (more information). By an interface of the WEB type connected to address IP of the switch or by RS232 and the use of telnet, you can block certain lines, preventing for example, a part of PC to connect itself towards another block of PC or to determine physically which computer has access to which server. This also makes it possible to determine beaches of addresses on ports (case where several switch - Hub are chained) and thus to increase speed. A small remark nevertheless, management is generally done according to the MAC addresses (single and given with the manufacture of the chart network or the peripheral). The use of these characteristics must be considered with precaution since if you change a chart network, the switch will have to be reconfigured. Certain models make it possible nevertheless to create user groups by using protocol IGMP. They are known as of level 2 (to level 2 of OSI model) if they make it possible to determine the addresses and of level 3 (to level 3 of OSI model) if they allow in more of blocking by ports (TCP or UDP). Via interface IP or telnet, a switch manageable also makes it possible to remotely check connections on the switch (posting of the front face), to safeguard or restore the configuration, update of the firmware, to parameterize the lifespan of the MAC addresses in the table... Some switch of the type Cut Through integrate additional functions as Meshing which makes it possible to create a table on several switch (and not to more send information on all the ports when the apparatus of destination is not directly connected) on the switch. The Trunking Port makes it possible to reserve a certain number of ports for connections between 2 switches.

4. Routers.
The hub and switch make it possible to connect equipment forming part of the same class of address in IP or of the same sub-network (other protocols). For recall, an address IP of an apparatus connected to a network is single. It is of type X.X.X.X, for example 212.52.36.98. Values X can vary from 0 to 255. Address IP consists of 32 bits and a mask also coded on 32 bits. One determined hierarchies in the addresses, called classes of address.
Classify A Network Machine Machine Machine

Addresses from 1.0.0.0 to 126.255.255.255. Beach 10.0.0.0. to 10.255.255.255 is private.

128 fields (network) and 16.777.216 machines of class A by field 1.X.X.X.X, 2.X.X.X.X...
Classify B Network Network Machine Machine

127.0.0.0 to 191.255.255.255. Beach 172.16.0.0. to 172.31.255.255 is private

16.000 fields and 65.536 Machines of class B by field 127.0.X.X., 127.1.X.X....

Classify C Network Network Network Machine

192.0.0.0 to 223.255.255.255. Beach 192.168.0.0. to 192.168.255.255 is private

2.000.000 fields and 254 machines of class C by field 192.0.0.X, 192.0.1.X, 192.0.2.X...
Classify D Classify E

Multicast Experimental

The addresses finishing by 0 or 255 are not usable directly. 2 Stations in the same network or even sub-network can communicate directly or with simple equipment of level 2 (hub or switch). 2 stations in 2 pennies different networks must communicate via a router. For example: un equipment with address 12.0.0.0 (class A) can directly communicate with equipment of address TCP/IP 16.23.25.98. . equipment with address 127.55.63.23. (class B) can directly communicate with a network equipment located at address 191.255.255.255 (class B). . a PC in an internal network with address 192.168.1.23 can communicate with address 192.168.1.63 (identical class C). On the other hand, the connection of a PC with address 192.168.1.23 (class C) will have to pass through a router to communicate with an installation located into 15.63.23.96 (class A). This is the case for a PC which is connected to an Internet site (using addresses of classes A or B). In the same way, in an internal network, the connection of two stations in networks of

different classes C (for example 192.168.223 and 192.168.3.32) must pass through a router. A network without router is thus limited to 254 stations (0 and 255 are not used). In the same way; as the addresses of Internet sites can practically be in all the beaches of addresses A and class B, the connection of an internal network with Internet passes obligatorily through a router which serve of gateway Nothing obliges to use the addresses of classes C for an internal network, but it is preferable. Notice, the class of address 169.254.XXX.XXX is not usable in an internal network for a division Internet, this beach of particular address does not accept it even if it is often given by defect by DHCP of Windows. The router is practically a computer with him all alone. This one decodes the screens and recognizes parts information of the headings and can thus transmit information on other routers who renew information towards the recipients. A router joins together networks on the level of the layer network (layer 3), it allows to connect 2 networks with a "barrier" between the two. Indeed, it filters information to send only what is indeed to intend for the following network. The most current use is the connection of multiple stations towards Internet. The data forwarding on the local area network (not intended for Internet) are not transmitted outside. Moreover, the routers partly allow to hide the network. Indeed, in a connection Internet for example, the supplier of access gives an address TCP/IP which is assigned to the router. This one, by the means of a technology NAT / STALEMATE (Network address translation/port address translation) goes redirect the data towards the private address which is assigned to the PC. The routers are skeletal and in particular allow to block certain connections. Nevertheless, it do not ensure of safety the level of ports TCP or UDP. They are used to interface various groups of PC (for example departments) by ensuring a pretence of safety. Some switch of manageable can partly be to use for this function as long as the network remains in the same class of addresses. The principal use in SME is the division of a connection Internet, but of others exist like network under following Win98 and or specific equipment. The routers are not useful that to connect networks to Internet, they also make it possible to be used as bridge (English Bridge) to connect itself to a corporate network. The future connections for this protected kind of application go rather for the VPN via Internet. We will see this in chapter 10: Distant connections It is not possible to connect 2 networks directly by connecting 2 charts networks in a central PC, except by using a software of connection proxy of the Wingate type. A DHCP server (Dynamic Host Protocol Configuration) can be established in manner software (Windows 2000 for example) or in a router. This possibility makes it possible automatically to allot IP addresses to each station in a beach of given address (in the same class of address).

5. Repeaters
The repeater is equipment which makes it possible to exceed the maximum length imposed by the standard of a network. To be done it amplifies and regenerates the electric signal. It is also able to insulate a failing section (open Cable for example) and to adapt two different Ethernet media. (For example 10base2 towards 10BaseT). This last use which is currently the principal one. For the connections monomode 1000Base LX, there is allowing apparatus of the connections of more than 100 kilometers.

6. Difference between a HUB and Switch

HUB SWITCH

The information sent of a PC towards another (or a forwards only towards the recipient. If another printer) is sent to all the PC which decode PC sends information towards the printer, the information to know if they are intended. two communications can thus be done

The information sent of a PC towards another

simultaneously.

The total band-width is limited at the speed of the hub. A hub 100 bases-T 100Mbps offer of bandwidth divided between all the PC, some is the number of ports

The total band-width is determined by the number of ports on Switch. i.e. Switch 100 Mbps 8 ports can manage until 800Mbps of band-width.

Support only the transfers in "half-duplex" what limits the connections has the speed of the port. A port 10Mbps offers a connection has 10Mbps.

Switch which manages the transfers in mode "fullduplex" gives the possibility of doubling the speed of each bond, of 100Mbps with 200Mbps for example. The performances/prix report/ratio increased, is worth the additional charge.

Cheaper by port.

7. Passage of IP addresses to the MAC addresses

We know already that the communications are done by the MAC addresses and not directly by IP addresses. For a communication, the transmitting PC checks if the PC is in the same class of address IP. If it is the case, it will send a ARP command to determine the MAC address of destination and directly sends the packet data and the headings on the network. The HUBS leave the packet just as it is since they are simple amplifiers. On the other hand, if the network is connected by switches, each switch will check the MAC address in its table, if required to send a broadcast. On the other hand, if the PC of destination is not in the same class of address, it sends the packet to the router (of which the address MAC is known) with address IP of destination. The router will check if he is connected to the sub-network (class IP) of destination. If it is directly connected, it sends information to the recipient via a ARP. In the contrary case, it will send the packet to the following router, and so on.

8. Connection of an Ethernet network.

By the part Ethernet connection, we know already that: 1. To connect 2 hubs (switch) between-them, we must use a cross cable. Nevertheless, a small push rod switch is often present on one of the ports which makes it possible to use a normal cable. The new models detect the crossing also automatically. 2. In Ethernet 10, 4 Hubs present a blocking at the level speeds of connection. 3. In Ethernet 100, 2 HUBS in series start to cause "stoppers" in the data flows. 4. The maximum distances must be respected (100 meters maximum for the cable). 5. The rules of wiring must be strict: connectors, proximities of the electric cables, networks. Let us pass now to a real Ethernet network. With. The departments (or offices, or stages) can be connected by a HUBS or a switch. If all connections are made PC towards only one server, Hubs can be sufficient. On the other hand, in the event of use of other peripherals (printers network for example), a switch is definitely preferable. The HUB or the SWITCH must have a sufficient number of ports. In the case of a small single application customers - 1 server, as all the communications go towards only one PC (the server), the use of switch or Hub is practically equivalent, except if that the use of a switch will reduce the number of collisions. The switch can also be duplex Full (bi-directional communication)

B. The departments between-them can be connected by HUBS or switch, but the preference must go to switch, if possible manageable which make it possible to block certain connections. All external connections (Internet and inter-network connection) requires a router. The case of divisions Internet directly on a PC connected to Internet must be proscribed for the companies (division by Windows), mainly in the event of heavy networks of type Win NT or Netware. Indeed, the routers include the function NAT which makes it possible to mask the various addresses of the network interns and include more and more bases of safety intrusions of the type firewall hardware. When we finish the network part, we will see concrete connection network exercises.

6. High speed connections, high flow, ADSL, ATM.

6.1. Introduction - 6.2. Technologies xDSL (ADSL, SDSL, VDSL...) - 6.3. Rented lines - 6.4. Satellite Connection - 6.5. The TV cable - 6.6. ATM

6.1. Introduction
This chapter of the hardware networks and communications course treats connections with high flow for the connection of Internet sites and connection high speed between user and Internet: connection xDSL, ATM, rented lines, cable television, satellite connection... All these solutions require a special subscription in your supplier of access.

62. Technologies xDSL

The xDSL gather all that makes it possible to make pass from the floods of data at high speed on simple twisted telephone lines. There are various alternatives:
y y y y y

HDSL: High bit Rate DSL SDSL (Symmetric Digital Subscriber Line): symmetric DSL but ca be use in asymmetric mode ADSL: Asymmetric DSL RADSL: Adaptive spleen DSL VDSL: Very high DSL

The essential differences between these technologies are businesses of:

y y y

speed transmission maximum distance of transmission variation of flow enters rising flow (user/network) and flow going down (network/user)

Technologies xDSL are divided into two great families, those using a symmetrical transmission and that using an asymmetrical connection.

6.2.1. Symmetrical solutions

A solution xDSL symmetrical have the same speed of transfer in download (Internet towards user) that in upload (user towards Internet), contrary to the asymmetrical connections (ADSL for example). This is of primary importance for the lodging of a site within the company. The symmetrical solutions are especially used to replace the too expensive rented lines.

HDSL :
The first technique resulting from technology DSL was born at the beginning of the years 1990, it is the HDSL. This technique high flow divided the numerical trunk of the network, T1 in the United States, and E1 in Europe, on several pairs of wire (2 instead of 24 for T1 and 3 instead of 32 for E1). This was carried out thanks to the evolution of the theory of the signal making it possible to increase the number of bits per transmitted symbol. With this technique, it is possible to reach a flow of 2Mbps on three twisted pairs and 1,5Mbps on two pairs. This while having a length of local loop of 4,5km and without additional addition of repeaters. HDSL is currently in strong progression. The first networks of access HDSL were deployed by the American local operators. The principal argument of the HDSL is of order economic. The HDSL is particularly well adapted for:
y y y

the replacement of lines T1 and E1 (networks of access of the operators tlcoms) local area networks LAN systems integrating of the PABX (Self-switching of company) and the Voice on IP

In short, the HDSL allows:

y y

to run out the symmetrical traffic of way but requires two or three pairs of copper. It allocates the same bandwidth in the direction going up as in the downward direction. to have a flow of 2Mbps, this last which can fall to 384 kbps according to quality from the line and the distance (limited to 4,5 km).

In Europe, the operators just start to massively deploy these technologies and the prices are long in lowering fault of competition. The great innovation should come from HDSL2. This technology, derived from the HDSL, offers the same performances but on only one twisted pair. It is currently tested in the United States with 1,5Mbps. The current problem of this technology is a still imperfect standardization.

SDSL (Symmetric DIGITAL Subscriber Line):

The precursor of technology HDSL2 is the SDSL. Like HDSL, SDSL supports the symmetrical transmissions on T1 and E1, however, it differs from HDSL by three important points:

y y y

the transmission is done on a twisted pair the length of the local loop is limited to 3,6km (either 1,8 km of the concentrator) the flow is limited to 2 Mb/s in download and upload.

Just like the HDSL, this symmetrical solution are reserved for the replacement of rented lines T1 and E1. The use of the line with a phone call is impossible. It is possible to couple 2 lines to reach 4 Mb/s. The distance from the distributor is in theory of 1,5 km, but of the tests go up up to 2 km

SHDSL:
Last symmetrical solution SHDSL (Individual-pair High-speed DSL) goes back to it (2002) gathers technologies HDSL and HDSL2 and SDSL. The rates of transfer (in payload) are identical in the two directions and can vary: - 192 Kb/s with 2,3 Mb/s in mode two wire (a pair). - 384 Kb/s to 4.6 Mb/s in mode four wire (two pairs). This solution uses all the band-width of the telephone line. It is not thus possible any more to use the telephone line at the same time. The use of filters is thus not necessary. These lines also allow the passage of "digitized" telephone signals of normal type or ISDN via specific apparatuses (PABX for example). The other specificity of a connection SHDSL comes from the flow. The line is configured for a fixed flow (until 2,3 Mb/s). If the modem cannot reach this speed, there is no connection. This must allow a fixed flow. Nevertheless, some manufacturers authorizes a car detection speed by the modem interior speeds. The maximum distance is of 5 km on a simple pair of copper.

6.2.2. Asymmetrical solutions: ADSL, RADSL and VDSL

By various tests, one realized that it was possible more quickly to transmit the data since the exchange of the public network towards the user. As the concentration of the cables is more important when one approaches the exchange. The latter thus generate more cross talk near the switch. The signals coming from the user, more attenuated, are more sensitive to the noise caused by these electromagnetic disturbances. It is thus preferable to transmit low frequency (or on a less broad frequency band) the data resulting from the user. The idea is the use of an asymmetrical system, by imposing a lower flow of the subscriber towards the exchange. The systems using this technique were named ADSL. There are some at least in two alternatives: the RADSL and the VDSL These asymmetrical solutions are null and void for the lodging of Internet site important, the speed of transfer server Internet towards Internet (towards the user) is definitely lower at the speed of user transfer towards server. On the other hand, this can completely function for the lodging of a small site of amateur or SME with the proviso of using an address TCP fixes or of using a redirection software of address TCP.

ADSL (Asymetrix DIGITAL Subscriber Line):

The most important characteristic of the ADSL is its capacity to offer fast numerical services on the existing coppered telephone network, in superposition and without interference with the traditional analogical telephone service. A circuit ADSL connects an exchange of the public network to modem ADSL of the user, thus creating three channels of information:
y y y

a channel descending high flow a duplex channel average flow a channel of telephony (normal voices)

To create multiple channels, modem ADSL divide the bandwidth available of a telephone line according to one of the two types: multiplexing with division of frequency (FDM) and the cancellation of echo. With one or the other of these techniques, transmissions ADSL leave the free area around the 4kHz in order to let pass the telephone calls (POTS). For that, in more of modem ADSL, it is necessary to install a separator of line (splitter which filters the telephone signals sees - digital signal), as explained in filter adsl installation The ADSL allows, for a length of maximum loop of 5,6km, to provide flows of:
y y

at least of 1,5 with 2Mbps in the direction switch towards user (maximum 8Mbps) at least of 16 kbps in the direction user towards switch (maximum 640kbps)

Speeds ADSL standards in Belgium are 4 Mb/s in download (1 Mb/s if the user is in extreme cases of distances). You can nevertheless increase the flow by changing subscription in your supplier of access (definitely more expensive). On the other hand, the subscriptions in France provide speeds of 256 Kb/s, 512 kb/s... according to the subscription. These flows also depend on a certain number of factors including/understanding, the length of the loop, its section and the interferences. The attenuation of line increases with its length, the frequency of the signal emitted as well as the narrowness of the cable. These speeds of transfer transform the existing telephone public network (limited to the voice, the text and graphics low resolution) into a powerful system able to support the multimedia one, including the video real time. Indeed, new wiring broad band will take decades to reach all the subscribers, without speaking about a hypothetical profitability. While transmitting films, programs of television, data of local area networks, and especially introducing the Internet into the houses, ADSL makes the markets viable and profitable for the companies of telephone and the suppliers of applications. In December 1998, an important stage was reached by the UIT (International Telecommunication Union) with regard to the standardization of systems DSL. The standard more awaited was the ADSL-Lite, which hiding place a version reduced of the ADSL. It is intended for the fast accesses to Internet and functions with flows lower than those of its elder

(which are however largely higher than those of maximum the V.92 modems in 55.600 kb/s). It is less complex to put in?uvre because it does not require a filter (splitter).

RADSL
With RADSL (Spleen Adaptive DSL), the speed transmission is fixed in an automatic and dynamic way, according to the quality of the line of communication. As a long time as it was a question of transfer of video data, he was out of question of varying the flow. In this precise case, it is necessary to make a synchronous treatment. However, since the failure of the VDT (Video Dial Tone), which has undergoes competition of the cabled TV and by satellite, other applications appeared:
y y y

architectures client/server the access to the remote networks the Internet and the multi-media one

These applications have two advantages, synchronization is not obligatory any more, and asymmetrical architecture becomes obvious (in measurement or one transmits more information in the direction serveur/client than in the other). The RADSL thus adapts its speed to the local conditions. RADSL would allow constant flows (ascending of 128kbps with 1Mbps and descendant of 600kbps with 7Mbps), for a maximum length of local loop of 5,4km (like the ADSL). RADSL is in the course of standardization by the ANSI. The organization considers technologies QAM, CAPE and DMT like modulations RADSL.

VDSL
VDSL is fastest of technologies xDSL. It is able to support, on a simple twisted pair, flows:
y y

descendants from 13 to 52 Mbps ascending from 1,5 to 2,3 Mbps

On the other hand, the maximum length of the loop is only of 1,5km. This distance is very low but it can be increased by using optical fibre, of the supplier to a special optical terminal near to the user. From this terminal this last can be connected in VDSL (see figure below). With regard to the modulation, the two channels of data are separated from the bands used for telephony on the one hand, and from those used for the ISDN on the other hand. This would allow to the suppliers services to superimpose VDSL with the already existing services. For the hour it is considered that the two channels (ascending and descendant) are also separate in frequency.

The downward data could be transmitted to each final equipment (passive termination of network) or to a pivot which distributes the data to the final equipment (active termination of network).

For the ascending data, the multiplexing is more difficult. In a passive configuration, each final equipment must divide a common cable. A system of collision detection could be used, however, two other solutions can be considered. A first solution would consist so that the optical terminal sends screens to all the final equipment. These screens would authorize only one equipment to be communicated and for a certain period (TDMA Time Division Multiplexing Access). This equipment is recognized, thanks to the screen, and would transmit for this period. However, this method is heavy insofar as it implies to insert a certain latency between two authorizations and where it requires many bytes for its only protocol of operation (what reduces the productive flow).

The second method would consist to divide the ascending channel into various frequency bands and to associate each band final equipment (FDMA Frequency Division Multiplexing Access). This method has the advantage of being freed from any protocol of dialogue. However, it would limit to a value fixes the flow available of each final equipment. In conclusion, we saw that the increase in the band-width of the VDSL makes it possible to the supplier of access to offer services of television high definition and numerical video of quality, multi-media Internet and services LAN with the consumers.

6.2.3. Summary table of technologies DSL

Technologies DSL
Technology Definition Mode of transmission Flow Internet > PC (Download) Flow PC - > Internet (Upload) Maximum distance A number of pairs 2 or 3 following desired flow

HDSL

High dated spleen DSL

Symmetrical

1.544 Mbps 2.048 Mbps

1.544 Mbps 2.048 Mbps

3.6 km

HDSL 2

High dated spleen DSL 2 Individual line DSL

Symmetrical

1.544 Mbps

1.544 Mbps

3.6 km

SDSL

Symmetrical

768 Kbps

768 Kbps

3.6 km

SHDSL

Individualpair HighSpeed DSL

Symmetrical

- 192 Kb/s with - 192 Kb/s with 2,3 Mb/s (a 2,3 Mb/s (a pair), pair), - 384 Kb/s to - 384 Kb/s to 4.6 Mb/s (two 4.6 Mb/s (two pairs) pairs) 128 Kbps With 9 Mbps

5 km

1 or 2 following desired flow

ADSL

Asymmetric DSL

Asymmetrical

16-640 Kbps

5.4 km

RADSL

Miss Adaptive Asymmetrical DSL Very high dated DSL

0.6- 7 Mbps

128 kb/s-1 Mb/s 1.544-2.3 Mbps

5.4 km

VDSL

Asymmetrical

15-53 Mbps

1.3 km

6.3. Internet Rented lines

Another method of connection to Internet or to a corporate network (interconnection) uses rented lines. They currently have the highest flow but the number of pairs is definitely higher (24 pairs for T1 and 32 pairs for E1 for example). This solution is inevitably definitely more expensive than the solutions standards. It is currently the surest connection since it directly connects 2 points without passing by intermediaries. Unfortunately, safety has a price. By compression, these lines make it possible to use as much the line in communication Internet, that in communication of the type ISDN or STN via PABX. In the case of the suppliers of European accesses, the current types are E1 (2Mb/s, 50 km maximum), E2 (8Mb/s), E3 (34 Mb/s) and E4 (140 Mb/s) In the case of the American suppliers, T1 (1,544 Mb/s), T2= 4X T1 (6,312 Mb/s) and T3= 7*T2 (44,736 Mb/s) For Japan: T1 (1,544 Mbps), T2=4*T1 (6,312 Mbps), T3=5*T2 (32,064 Mbps) and T4= 3*T3 (97,728 Mbps).

6.4. Connection Internet by satellite

Connection Internet by satellite has some advantages, in particular not to depend on installation terrestrial existing: cables of cable television, network telephone with close terminals DSL,.. The first connections by satellite used a hybrid system: reception by microwave link, emission by traditional modem STN. This not very advantageous solution makes it possible to use an antenna standard parabola. The new parabolas allow the emission and the reception. Speed in upload (sending towards Internet) varies from 128 K with 1024k and 512kbps with 2 Mbps in download (Internet towards user) for the applications commercial. The theoretical limit of this connection borders the 155 Mbps (a record). This does not hold account of times of latent (nearly 700 milliseconds) between the emitted signal and the signal received from the other with dimensions of the connection. As the satellites are geostationary, the distance between the satellite and the ground is of 36.000 km (multiply by 2, that is to say 72.000 km, for the distance to be traversed). The travel time between the message sent and the beginning of sending of information is a little more important than in other connections high speed (it is the same problem with connections by satellite GSM). So the speed of ping is very low. This should nevertheless disturb only some critical applications or the players via Internet; to a lesser extent VoIP. Does this solution have some additional defects since the price of the installation is very expensive (count at the beginning of 2004 since 1000? for the antenna of less than 1 meters diameter, terminal of transmission/reception), without counting the installation of the antenna by a specialized technician who will make point the antenna on a precise satellite. Moreover

subscriptions remain also definitely higher than those of the ADSL. This solution is to be recommended only for the zones not served by technologies DSL.

6.5. TV cable
This solution uses the network of cable television. The frequencies of transfer on these cables are spread out from 10 to 860 MHz but certain zones are blocked not to interfere with radio operator FM, military communications... On this broad spectrum, the tele chains numerical ones are gathered per packages of 8. Each one of these packages occupies a bandwidth of 8 MHz. On the other hand, the analogical chains of television cannot be gathered and also occupy 8 MHz. Two zones of frequencies are reserved for Internet, for the side going up, the other for the downward side. Flow of rising, broad part the 30 MHz, reached 128 kbs/s. In the direction going down, the flow varies according to the commercial offers between 512 and 768 kb/s but can go up to 1,500 Mbps. Contrary to the ADSL, this bandwidth is divided between all the users of the same section, typically several buildings.

6.6. Connection ATM.

The ATM (Asynchronus Transfer Mode) was selected like standard towards the end of the Eighties. He is the direct heir to Frame Relay of which he differs by employment from packages from small size and fixes (called cell). Protocol ATM is thus directed connection. The ATM transports a continuous flow of cells (screens) of fixed size comprising 5 bytes (byte) of heading and 48 bytes (byte) of data. The band-width is optimal. Connections ATM use a mechanism of priority of the data, called QOS (Quality Of Service). This means that the messages high priority are sent directly. When ATM finds white (not priority emission of data), it will send priority data to stop these white. This possibility makes it possible to transfer via connections ATM all kinds of information (given, voice and others). The transmission is supposed without error. This means that the message is never re-emitted. This requires a network (wiring) with weak losses. In practice, the functions of routing of cell is directly established in hardware, contrary to the majority of routers IP. For connections ATM, the term used for the routers is Switch. ATM adds with technologies which preceded it the possibility of guaranteeing capacity and quality of the service. One can thus establish a connection ATM between 2 systems and specify for example which one wishes a guaranteed flow of 3 Mb/s, 100 ms a maximum time, a variation of time lower than 5 ms and a rate of loss lower than 10 10. Such guarantees are necessary to be able to transfer onto ATM the digital circuits (to 64 Kb/s, 2 Mb/s, 34 Mb/s... to 622 Mb/s currently). It is this quality of service which makes it essential compared to the Ethernet networks. Moreover, certain connections ATM can reach 10 Gb/s at almost any distance. Connections ATM are independent of the type of support network, this is not a hardware technology. Technology ATM can thus be established on cable twisted, coaxial

network or optical fibre with limitations for high speeds. It is not inevitably independent of technology IP, but complementary. Technology ATM do not have in its structure of the emission and TO addresses. It governs only the low layers of OSI models in charge of transport.

7. The specific hardware for network servers.

7.1. Introduction to the servers - 7.2. External specificities - 7.3. Internal specificities 7.4. Basic configuration of a server - 7.5. Memories servers - 7.6. Internal ports 7.7. Processors - 7.8. The techniques multiprocessors

7.1. Introduction to the servers networks

Using of heavy network (Windows NT / 2000 / 2003 / 2008, Linux or Netware Novell) imposes one or more host computer. These computers can be of all types, including mainframe. We will be interested here in the servers networks of the type PC X86. A server may be a normal PC for a small network and a server can be used like workstation the top-of-the-range one. Nevertheless, the majority of the servers are specific computers. The characteristics of these computers must answer various criteria related to application and data security installed on the server. With the evolution of data processing in the company, the host computer and the peripheral installation become paramount, the least stop of the installation immediately causes the stop of the factory with the consequences than one can imagine. That this stop is of software problem type, related to a malfunction of a server or even on a recalcitrant switch is without real importance. The result is the same one for the company: loss of production, loss of data, ... A network installation should not stop. If it made its preparatory work of the possible causes of breakdown (and the immediate solutions), a good maintenance man must "walk" in the factory. The least stop, especially if it lasts, is paid cash, to minimize the durations as much. With the following chapter, we will make a turn on the side of the hard disks, their types and of their regrouping (RAID). Nevertheless, the servers of large powers are not limited to hard disks or external protections. Internal architecture is also different. If a server should never stop, it is necessary also that its power is sufficient for the application. For recall, a server should not function with more than 10 % of load on average, under penalty of slowing down the application and the users. This does not actuate muscular servers inevitably. According to the application, the number of connected PC, the function of the server (file, printer, program), the configuration will be selected consequently. Let us see the various solutions which were adopted for (to try) obtaining result.

7.2. External specificities

External protection to avoid to stop of a server by an indelicate hand are established on the servers of high range.
y y

Blocking by keys of the buttons of lighting, reset, access to the disk drive... although this is not most important. Connecting cables, must be fixed on the case or in a cable shelf, to prevent that the cables are not torn off by traction... It must be labeled.

7.3. Internal specificities

y y y y y

fast disks hard to give information as soon as possible after a request of a connected customer, if possible multi-sessions, which implies connections SCSI. data security in the event of "crash landing disk" (breakdown supplements of a hard disk): unfolding of the discs by systems RAID data security in the event of breakdown of power supply or fall of tension: UPS data security in the event of breakdown supplements of a computer (daily safeguard) installation of discs, electronic board "hot plug". This means that the peripheral can be replaced whereas the server continues to function.

By seeing the list, this does not appear too difficult. Let us avoid the external aspect. This is related to the case on the one hand and... with the technicians, administrators networks for the aspect wiring: no wiring with goes quickly in the passages. Moreover, the computer rooms conceived for the servers networks are generally installed with a false floor, which makes it possible to pass the cables and provided below with a system fire-resistant with gas to freon, an inert gas. At the price of a bottle, avoid lighting your cigarette in these rooms. Temperature is generally under controlled of 18 centigrate. Each server is connected to a UPS, uninterruptible power supply (inverter). The inverter is of able to control the server (to stop it) in the event of or fall current failure of tension via a specialized program. It is also often the case of the HUBS and switch and external peripherals additional. The internal aspect is more complex. The hard disks are generally SCSI. This type of connection is hardly more powerful in station than hard disks E-IDE, except at the access times. On the other hand, connections SCSI are more powerful in multi-read. In the event of crash landing disc, one uses systems redundant of the discs (RAID). One writes the data on each discs (in an equivalent way), but one reads only on one disc. In the event of crash landing, one continues on the second disc. In the event of crash landing complete of a server, one can permanently couple 2 servers in the same way as the discs above. All these systems are known as RAID. For the power supply, one can use 2 coupled power supply (duplicated or redundant). In the event of breakdown of one, The other continues. Each one must thus be does not measure to feed the autonomous whole of manner. For the electronic boards, the PCI 64 makes it possible to remove or insert a board without switching off computer, provided that the server is installed with a compatible operating system (for example Win2000). The unfolding of each part of a

data-processing installation to guarantee that if one break down, the second part takes the place immediately calls the redundancy of the equipment. In short, there is job. On the level of the peripherals, we know of them already some. The backup tapes are practically always used, but not really as small safeguard if with speeds of transfer which have nothing to do with the bands of the types QIC of first year. Moreover, one finds into external cases containing the hard disks for example, always in RAID.

7.4. Basic configuration of a server.

Before returning in purely technical solutions, let us see a little the use of a network server. By definition, a server is not a workstation. Result, the graphics card, the CD-Rom reader and the floppy drive of the computer are not paramount components. The screen should not either be a multi-media model of high range. The screen of the server is generally one 15"(even one 14 black and white) which turns" in neutral ". One is interested in posting only in the critical cases. The CD-Rom reader is generally not either of type SCSI but well E-IDE, considering his weak use. According to the operating system, one can (or one must) configure it via a station. The memory must when it to be sufficient, the discs of double capacities, even triple compared to the maximum capacity which you will use on this machine. I speak here about the capacity effective, usable, without returning in technology RAID

7.5. Memory server.

First comparisons with the traditional memories, the memories used by servers are the same uses by traditional PC. The current servers use memories ECC (Error Checking and Correcting or Error Correction Codes). This technology uses several bits of control (parity) for the checking of the data in memory. These memories are car-corrective. This memory can detect 4 errors and correct one without stopping of them the system. A new type of memories with correction of error AECC (Advanced Error Correcting Codes) can detect 4 errors and correct 4 without stopping of them the system. Inevitably, these mechanisms slow down a little the system.

7.6. Internal bus.

In office automation, the current ports are PCI 32 bits and AGP. These ports have two problems. The first, they are not hot plug. Board replacement requires to stop the server. In the small servers, this does not pose problems in practices. Indeed, as each function is carried out by only one chart, the server does not ensure in any event plus its function in the event of breakdown of chart. On the other hand, in the servers of high range, all the charts are redundant. A chart network is duplicated. In the event of breakdown of a chart, the function continues on the second equivalent chart. This makes it possible "to repair the server" without stopping it. The second problem of these ports are related to speed. For recall, an office automation port PCI is able to transmit 132 maximum MB/s on the whole of ports PCI (divided band-width).

Let us check for example a network board bases 1000 (Ethernet Gigabits). As the connections network are of series type, one can divide the rate of transfer by 10, which makes us 8 per only one chart network a rate of transfer of 100 MB/s. Perhaps you think that there remains walk, but... hard disks SCSI are also connected via an interface on port PCI. Let us take for example, a connection hard disk Wide Ultra 3 SCSI (Ultra 160/m) which are able to transfer 160 MB/s: 100 MB/s + 160 MB/s = 260 MB/s, largely higher than the 132 MB/s of port PCI 32 bits. All the servers worthy of this name must thus use internal faster bus: the PCI-X. Developed jointly by principal the actor of the data-processing hardware, the servers use connections PCI on 64 bits (the rate of transfer is thus doubled). Moreover, common port PCI uses a speed of 33 MHz. Ports PCI-X go up to 533 MHz. This gives us a rate of transfer of 533 MB/s * 8 (port 64 bits) = 4256 MB/s for the whole of bus PCI-X. Generally, a server also accepts 1 or 2 port PCI 32 bits (chart screen for example or Ethernet 100 of reserve). The ports 64 bits accept generally only the charts 32 bits functioning in 3,3 V to recognize the ports 64 bits which accept charts PC 32 bits, it is enough to check if there are 2 notches (only charts 3,3 V) or 1 notch (accepts charts 3.3 and 5V) in part 32 bit of bus PCI 64 bits. With ports PCI-X, we find the awaited characteristics: speed and Hot plug (if the driver board allows it). A last precision, these boards and the installation of these bus are expensive. Each server does not include an office a PCI-X to 533 MHz. There are charts with 33, 66, 100 and 133 MHz. Moreover, many server do not include one, but 2 or three separate ports PCI-X. This also makes it possible to remove the necks. PCI-X 1.0 left in 1999, with a supply voltage of 3,3 V:
Bus Frequency PCI-X 1.0 Voltage 3,3 V Data Bus with 32 bits 64 bits 32 bits 100 Mhz 3,3 V 64 bits 32 bits 133 Mhz 3,3 V 64 bits 1064 Mb/s 800 MB/s 532 MB/s Band Width 264 MB/s 528 MB/s 400 MB/s

66 Mhz

3,3 V

Version PCX-2.0, left in 2002, is also fed in 1,5 V according to the versions. The boards are hot Plug.
Bus Frequency PCI-X 1.0 Voltage Data Bus with Band Width

66 Mhz

3,3 V

32 bits 64 bits 32 bits

264 MB/s 528 MB/s 400 MB/s 800 MB/s 532 MB/s 1064 MB/s 1064 MB/s 2128 MB/s 2128 MB/s 4256 MB/s

3,3 V
100 Mhz 3,3 V

64 bits 32 bits 133 Mhz 3,3 V 64 bits 32 bits 266 Mhz 3,3 V / 1,5 V 64 bits 32 bits 533 Mhz 3,3 V / 1,5 V 64 bits

With these characteristics, an office PC cannot be used as server network.

7.7. Microprocessor server.

For the effective characteristics of the processors dedicated to the servers networks, you can refer in the page microprocessor server. This part takes again only the general cases.

7.7.1. Introduction
The processor of a server is not office an animal of competition. A server dos not create multi-media-applications. Except for the servers of programs, the processors are generally "weak". A server of Web can at ease be satisfied with Pentium III, even of a CELERON. On the other hand, in the heavy applications, the manufacturers of processors moved towards two directions: specialized processors and the multiprocessor. Both are partly dependent. The current processors are 32 bits. This means that the instructions out of assembler that they read are coded on 32 bits. With the roadhogs of data processing, to increase the performances of a processor, you can either increase speed, or to double the number of instructions per cycle of clock. This solution already used, but the processors 64 bits use this possibility differently. Indeed, like the current processors, the programs are written in 32 bits. A processor 64 bits cannot thus read instructions 32 bits and screw poured. INTEL with its processor 64 bits ITANIUM left in July 2001 circumvented the problem by not taking the old

instructions 32 bits (that which we know). This required to rewrite the programs and operating systems or rather recompiler, i.e. to reconvert the program assembler 32 bits in 64 bits. Windows 64 bits exists for these processors, but few programs are really on the market. This reduces Intel Itanium to computer servers or very high range stations. AMD chose the opposite way. While creating a processor 64 bits kept compatibilities 32 bits. The AMD 64 bits thus carry out as much the current applications that the applications 64 bits. A last thing, the use out of bi-processor and superior requires an operating system adapted. Windows NT, 2000 and XP Pro are sold in manner specific. Novell obliges an additional option. UNIX - Linux is native multiprocessors, if the function is established according to the mother chart/OS. The versions "home" of the operating systems Microsoft (Win95,98 Me and XP Home) do not manage the multiprocessor.

7.7.2. INTEL
At INTEL, the processors specialized 32 BITS are of type XEON (more old Pentium Pro). Compared to Pentium normal (Pentium III, Pentium IV), INTEL generally inserts masks more important L1 and L2. To perfect work, the socket and the chipsets are different. Nevertheless, Pentium III could be used out of bi-processor. INTEL has to remove this possibility in an internal way, but not in the majority of the CELERON. Itanium and Itanium II are reserved for the demanding networks since they work in 64 bits. Notice, to add a second processor (on a mother chart which accepts it) requires a of the same processor speed and (in practice) of the same series of manufacture. This is not always easy to obtain. A last remark, with Pentium IV to 3.06 Ghz, INTEL includes from now on, L'hypertreading. This technique makes it possible to emulate two software processors in only one Pentium. The advantage would be related to speed but the various tests are mitigated enough, in particular because the application must be dedicated to this process in the case of workstations. On the other hand, this function is largely established in the ITANIUM and XEON. At the beginning of 2004, INTEL announces architecture NOCOMA for the XEON. This modified processor is a processor 32 bits able to carry out certain applications 64 bits. It is thus comparable with Opteron of AMD and positions between the normal XEON and the ITANIUM Full 64 bits.

7.7.3. AMD
AMD produced since September 2001 of the specific Athlon processors able to work out of bi-processors, with such a specific chipset him. They are Athlons of the type MP (multiprocessors). The opteron (version server of Athlon 64 bits) allowing to use to 8 processors simultaneously.

AMD develops 2 versions of its processor 64 bits: Opteron and Athlon 64 bits. Opteron, left in April 2003, is the version server station data-processing of high range, as well as Itanium and its successor Itanium II. Athlon 64 bits for stations left in September 2003. For recall, these processors are also compatible 32 bits and can thus be used with operating systems 32 usual bits. The principal modifications compared to K7 architecture comes from the number and the size of the registers (the working memories intern) which must support at the same time new instructions AMD64 of AMD and SSE of INTEL. Opteron are engraved in 0,13 , just like Athlons current, and use a specific socket of type 940. The L2 cache passes from 512K to 1 MB. Management memory does not deal any more with the chipset, but well directly with the processor which manages 2 benches (32 bits) of DDR333. Opteron uses 3 Hypertransports bus which can be connected directly to another processor (3,2 GB/s into bidirectional) that is to say with a chip managing the PCI-X or AGP. As Opteron is dedicated server, it is declined under 3 versions: 100, 200 and 800 which respectively have 0, 1 and 3 buses processors which can be used for machines using 1,2 and 8 opteron. Each version is declined in various speeds. Version 200 is currently the only available one with speeds of 1,4, 1,6 and 1,8 Ghz.

7.8. The techniques multiprocessors.

To work with several processors simultaneously (in the same machine) inevitably requires a mother chart which accepts it. The principle must make it possible to share the memory, the accesses discs and in general all the internal buses. Two techniques are currently used: the SMP with commutated bus (Symetric multiprocessing) and the multi-processing Numa. The difference between the two start to be reduced, quite simply because the manufacturers start to mix both, even if the principle of operation is different. The SMP is especially used for a small number of processors, Numa is better for a great number of processors.

7.8.1. SMP, standard UMA (Uniform Memory Access)

Architecture SMP consists in using several processors sharing the same memory and the same internal peripherals. Only one operating system makes turn the sets of the processors. Following several technological projections, the limits of this principle were pushed back. Indeed, to divide does not want to say use at the same time.

Structure standard SMP (UMA) The system bus was a long time the weak point of the SMP. Thus, the first multiprocessors made communicate the processors between-them via shared systems buses. Those quickly became saturated beyond some processors. The increase in the memory hiding place and the increase in the work frequency of this bus have made it possible to improve the performances of a server. Nevertheless, the upgrading capabilities of these buses are weak, the band-width remaining in all the cases constant. To work out evolutionary platforms, the manufacturers of processors worked on architectures with commutated buses. This A made it possible to create infrastructures of interconnection whose band-width could be increased by stages, thanks to additional switches. This type of connection is at the base of modular systems. The elementary components are not any more the processors, but boards girls Bi or quadri processors inserted in connectors on a basic central board. It is Sun which used this technique the first with a machine able to exploit until 64 microprocessors simultaneously. The board accommodating the girl board allows a flow of 12,8 GB/s and makes it possible to plug in until 16 boards four-processors. Each addition of boards four-processor sees the opening of channels of additional interconnection and thus an increase in the band-width. In system SUN, the memory is localised on each board girl. She thus seems held by board. In fact, all the accesses report are made by by the central bus, whether the access is on the same board girl or another. By this principle, technique SUN uses a technique SMP. Each manufacturer currently uses a technique if not identical, at least equivalent. Certain firms have nevertheless to insert a local controller on each board girl. In the PC world, it is INTEL (via repurchases) which is leader. INTEL uses a commutation controller of 2 buses of access report, of 2 buses to access to modules fourprocessors (the total is thus limited to two boards, that is to say 8 processors) and 1 bus of inputs/outputs. The whole is supplemented by cache accelerators. Another solution, currently deployed by Unisys consists in using an operating system per processor (architecture NUMA below). This currently makes it possible to use to 32 processors simultaneously, in Windows 2000-NT, Netware or UnixWare.

7.8.2. Multi-processing of the type Numa (No Uniform memory access)

Structure NUMA Architecture NUMA makes it possible to use more processors. Technology makes it possible to gather groups of processors, using their own local memory, and to connect them between-them by buses able to deliver several giga Octets a second. By no uniform access to the memory, it should be understood here that a processor will not reach within the same times a data in memory if this one formed part of a local or distant memory. This difference in times is reduced nevertheless, thus gathering architectures UMA and NUMA. The memory is by the whole of the processors. This implies that system NUMA exploits a management of coherences of the memory hiding place able to take into account the whole of the processors attached to the platform. Technology multiprocessor is not based nevertheless solely on the bus management of connection. The communications on the buses of interconnection must also allow to maximize the treatment of the tasks between the processors. A last remark, and of size, architecture NUMA obliges that each processor makes turn its own operating system, whereas in case SMP, only one operating system turns for the whole of the processors. This thus dedicates NUMA for systems UNIX multiprocessors or owners and SMP for the world of servers INTEL - Windows, even AMD Opteron uses NUMA (Memory controller is included in processor).

8. Hard drive SCSI, RAID technologies

8.1. Introduction - 8.2. Technology SCSI - 8.3 Connection of peripherals SCSI 8.4. RAID (Redundant Array of Independent Disk) - 8.5. Hardware and software RAID

8.1. Introduction.
The data (and its principal support, the hard disk) are of primary importance in all processing applications. In the case of servers computers, two directions are used to increase the speed and to guarantee reliability in the event of breakdown of a hard disk: the use of solutions SCSI for the storage and the establishment of the RAID. Both are generally established at the same time.

8.2. Technology SCSI.

In first year, we saw only IDE and SATA hard drive. This year, with the servers, we will be interested in SCSI hard disks and peripherals. Connections SCSI (Small Computer System Interfaces) have compared to peripherals IDE several advantages.
1. The number of peripherals connected on the same tablecloth is higher: until 15. The address is done by bridging or rotary selector 2. A SCSI connection is multi-session. In light, the disc can carry out several applications at the same time (or almost) and the writing (or reading) of a file should not await the end of the preceding operation. This is the case for example when one writes a large file on the hard disk, the following reading should not wait to start. The SCSI is thus able to manage several requests of reading /writing in parallel (until 255), contrary to the IDE which can treat only one operation at the same time (completely). This does not function moreover but with one compatible operating system (Win NT, Win 2000 or XP Pro, Novell), other than Win 95 and consort. 3. Peripherals SCSI can be internal or external. The transfer of data between two peripherals is done directly by DMA between the two peripherals. 4. A hard disk SCSI automatically includes a control of error of the data.

All this explains why speeds are higher than in IDE (even to rate of transfer are equivalent), with prices which vary at the same time. Standard SCSI evolved/moved, but one meets still almost all the standards according to apparatuses' to be connected. NARROW refers to a bus 8 bits, WIDE refers to a bus 16 bits.

Standards SCSI

Rate maximum MB/s transfer

Width drunk

Maximum length cables SCSI

(out of bits)
8

SE

LVD

HVD

Max. Number Numbers connection (not conducting included/understood the board controller)

SCSI (NARROW)

6m

25

SCSI 1
FAST NARROW SCSI Fast Wide SCSI 10 8 3m 50 7

20

16

3m

12 m

25 m

68 or 80

15

SCSI 2
Ultra SCSI Narrow Ultra SCSI Narrow 20 8 3m 50 3

20

1,5 m

50

Wide Ultra SCSI SCSI 3

Wide Ultra SCSI

68 or 80

40
40

16 bits
16 bits

3m
1,50

68 or 80 7

Wide Ultra SCSI SCSI 3 DIFFERENTIEL

40

16 bits

12 m

25 m

68 or 80

15

Ultra 2 SCSI (Narrow) Wide Ultra 2 SCSI

40

8 bits

6m

50

80

16 bits

12 m

25 m

68 or 80

15

Ultra Wide 160 Ultra 3 SCSI or SCSI 5 Ultra Wide 320 SCSI 160 16 bits 12 m 68 or 80 15

16 bits

68 or 80

320

12 m
By comparison 80 wire (connector 40)

15

E-IDE ATA 133

133

16 bits

The rate of transfer, the length of the cords, the number of wire and peripherals differs according to the standard. What it is important to know to order a cord or terminating:
1. The number of wire and the model of the connectors. 2. Standard SE, LVD or HVD.

All the other information is superfluous in the field of the connectors. SCSI 1 (NARROW SCSI): It is coded on 8 bits only SCSI 2 (WIDE SCSI): Coded on 16 bits it authorizes a rate of transfer up to 20 MB/s

Board SCSI 2 Adaptec AH 3940. This board is identical to one 2940 but has 2 distinct internal channels (RAID)

Internal connector SCSI2

SCSI 3 (ULTRAWIDE SCSI): it makes it possible to reach rates of transfer of 40 MB/s

y

SCSI 3 DIFFERENTIAL: it uses cable of very good quality appair and conveys per pairs two signals, the useful signal being the difference between the two. There are 2 types of differential chains:

the HVD (High Voltage Differential) which works under 5 volts and makes it possible to reach lengths of chain of 25 m whereas UltraWide does not make it possible to exceed 6 Mr. Used especially in professional configurations. the LVD (Low Voltage Differential) which works under 3,3 volts and makes it possible to reach 12 m length of chain. It uses tablecloths internal LVD, cords LVD, terminating external LVD and terminating interns LVD.

The connector industry is specific to each 3 standard: the cords and the tablecloths intern do not have the same impedance in Ultra Wide, HVD or LVD. The terminating ones also are different. One thus should not mix the various types of cords and terminating between them, especially the HVD incompatible with the remainder. However standard LVD makes it possible to connect peripherals not LVD on the board host and contrary connecting components LVD on a board host not LVD. Of course the flows will not be in this case those of the LVD. The standard Ultra 2 SCSI LVD is an extension of the SCSI 3. On the connector industry plan the signals are conveyed in two wire at the same time, the useful signal being the difference between the two. This method is also used in Ethernet connection (amongst other things). Cords LVD must of high quality and with the good impedance. Theoretical maximum speed is 80 MB/s. The Ultra standard 3 SCSI or Ultra 160/m or SCSI 5 (SCSI PARALLEL INTERFACES SPI-3):
The Ultra 160/m is a specific establishment of the Ultra standard 3 SCSI and retains only 3 elements of this standard: 1. Rate of transfer doubled compared to Ultra the 2 SCSI: 160 Mo/s instead of 80 Mo/s. 2. Physical test of bus SCSI by the controller, with starting, allowing to determine the speed of work according to the various elements of chain SCSI. It goes without saying that the quality of the cords and terminating will play a decisive part in the total speed of the chain. 3. Cyclic redundancy check (CRC) which allows the control of errors in the transmission of the data. In fact the essential characteristics characterize the Ultra 160/m, it "/m" means that this standard is manageable (physical test and CRC). The designation used for Ultra the 2 SCSI, LVD, is unsuitable because Ultra the 3 SCSI are him also LVD. It uses the same connectors, therefore cords and terminating are identical, but must be more still here of excellent quality, taking into account the very high flows. One can also use 15 peripherals over an overall length of 12 m. It is manageable because a board Ultra 160/m will be able to manage peripherals connected in the same chain with different speeds, by respecting their respective speeds: 80 Mo/s for Ultra the 2 SCSI AND 160 Mo/s for the 160/m. Ainsi it is the rule of the weakest link which determines the total speed of the chain disappears. Conversely a controller Ultra 2 SCSI will be able to also manage the 2 standards at the same time, but at single 80 Mo/s. Conclusion: total compatibility enters the 2 standards.

The Ultra standard 320 SCSI (SCSI PARALLEL INTERFACES SPI-4) : This new standard enriches while keeping the specifications by the preceding standard Ultra 160/m:

Transfer of units of information (IU transfer or packetization). Information independent of the data flow, for example the orders exchanged between the board host and the hard disk, is transferred at the nominal speed is 320 Mo/s. Multiplexing of inputs/outputs tasks without awaiting the phase of BUS FREE. Continuity of the data flow without phases of inertia and optimized exploitation of the channels available. - the chain of orders for the sending of a package of data is simplified and the various stages are fewer, from where an improvement of the rates of transfers. Correction of the signal of data compared to the clock signal (skew compensation). Skew is the difference in time in the routing of two different signals coming from the same transmitter towards two targets different located in the same bus from treatment. It can be a question of a board host emitting of the different signals towards two hard disks located on same chain SCSI. To maintain the logic of the system, the time between the two signals is arbitrated by a clock signal. The speed of treatment makes that all the peripherals Ultra 320 achieve a compensation in reception mode because a variation of a nanosecond can make the difference between a valid signal and an incorrect transmission.

DB 25

External Centronix 50 male (more pine than the connector centronix printing standard)

SUB 50 male

Connector DB68HD

8.3. Connection of peripherals SCSI

The types of peripherals in SCSI which are connected in SCSI are
y y y

Hard disk (intern or external) Safeguard on tapes (DAT, DLT...) in-house or external Scanner (external)

The choice of the number of peripheral is done either by bridging, or by a rotary selector. The address must be single on the same cable or rather on the same controller. Indeed, the internal and external peripherals generally divide the same controller. The end of the connection of the external peripherals must end in a resistance of termination specific to the type of connection SCSI. Indeed, for the external peripherals, connection is chained. One begins from the controller towards the peripheral. The following cable passes from the peripheral to the following peripheral. In certain peripherals, the termination is included in the peripherals (bridging to insert to activate it). The standard cables intern take again generally only 3 connectors but models taking again more peripherals are in the trade. Generally, one does not mix peripherals SCSI of various types, nevertheless special terminations make it possible to chain peripherals NARROW (50 pine) with ULTRA WIDE (68 pine), as well in-house as into external.

8.4. RAID (Redundant Array of Independant Disk).

This possibility requires a controller particular disc and... always a specific operating system heavy network (once more, avoid Win 95/98). Adaptec provided of the controllers RAID IDE, but it is not the majority of the cases for questions of performances. Certain operating systems network also allow, to a lesser extent, to carry out software RAID. This is not advised since it is the processor which replaces the work of the controllers, from where a deceleration. The RAID makes it possible to associate several hard disk drives in the same way standard (connection SCSI and capacity) in only one bunch. In the event of failure of a disc, the versions of RAID other than 0 make it possible to rebuild the data lost starting from the other units of the bunch. The establishment of this technology can be of material, software nature or

pass by a combination of both. The solutions suggested can be gathered in six great families, of Raid 0 with RAID 5.

8.4.1. RAID 0 (striping)

RAID 0 does not bring any data security, it increases only the rate of transfer of information. Information is cut out following the other on the whole of the hard disks (4 discs in the case below but more generally 2) the unit which gathers the discs profits from the sum of the flows of each disc. An access (operation of reading) or a transfer (operation of writing) is carried out into simultaneous on the whole of the bunch on a parallel mode. The breakdown of only one hard disk causes the loss of all the data.

The total capacity is equivalent to the sum of the capacities of each hard disks (of identical capacities).

8.4.2. RAID 1 (Mirroring)

In the connections RAID 1, the data are duplicated completely on a second disc or a second group of hard disks. The performances in reading are doubled thanks to the simultaneous access to the two discs (with the proviso of having two separate controllers). This method reduced nevertheless storage capacity. It corresponds to the software Mode "Mirror" of Windows NT4 or Windows 2000 Server.

Writing

Reading

8.4.3. RAID 2
RAID 2 rests on a bunch with several discs of parity and a synchronization of the access. This technology is used little from its complexity and the overcost which it involves. It is identical to RAID 0 with an integrated control of the data. One generally uses 3 discs of control for 4 discs of data. The method of correction is the ECC (same that memories). Nevertheless, all hard disks SCSI include this control of error, from where anecdotic character of this mode. This technology were not marketed in an industrial way.

8.4.4. RAID 3
RAID 3 is based on group of hard drives identical with a storage unit reserved to the storage of the bit of parity. If the disc of parity breaks down, one finds oneself in RAID 0. The data security is established little. Attention, the disc of parity is 2 times more used than the other discs.

8.4.5. RAID 4
RAID 4 is different from RAID 3 by an asynchronous management of the units. Even if the accesses function in parallel on the various units, the disc of parity is more often requested. This implies in RAID 3 a bottleneck. The only difference with RAID 3 is the structure of the data established on the discs.

Into writing, the data are broken up into blocks of small size and distributed on the various discs composing RAID 4. At the same time, the parity check is registered on the disc dedicated for this purpose.

Reading:

Advantages:
o

Fault tolerance and parity centralized on a dedicated disc.

o o o o

Parity: algorithmic process allowing the system to reconstitute a defective or missing data starting from the information of parity memorized during the writing. A subsystem in RAID 4 presents a report/ratio capacity performance interesting investment. The performances in reading of the piles of discs of level RAID 4 are excellent (comparable with those of the level RAID 0). Since there is not duplication of the data, but only recording of the corresponding data of parity, the cost per megabyte of a solution of level RAID mode 4 remains reasonable.

Defaults:
o

The defect major comes from the update of the data of parity which degrades the performances of Raid 4. For this reason, RAID 5 is always preferred with the systems RAID of level 4.

8.4.6. RAID 5
RAID 5 is connected with RAID 4 with a bit of parity distributed on the whole of the units of the bunch, thus removing the famous bottleneck while profiting from the performances of asynchronous management. This mode corresponds to the aggregate by bands with parity under NT4 or 2000 Server. The discs work all as much. At the time of a hot plug of a hard disk, the data are recreated starting from the other hard disks.

Advantages:
o o o o

Good errors tolerance Enormously of commercial establishments Hot-spare Hot-plug

Disadvantages:
o o

3 discs at least In the event of problem, given in order rather slow

Applications:
o o

The applications which use the random E/S of manner on small volumes Typically servers of data bases

8.4.7. Orthogonal RAID 5

Orthogonal RAID 5, software technique developed by IBM, this mode uses a controller by disc. In the language running, it is assimilated to a RAID 5.

8.4.8. The other RAID

Other system RAID are proposed. They are only RAID 5 advanced. These modes remain rare because of a complex architecture and a high cost.
y y

RAID 6 uses a double parity. This system makes it possible to work with 2 defective hard disks, with inevitably a loss of performances. RAID 7 puts in plays several discs of data coupled with 1 or several discs of parity. the control of the data and the memory hiding place and the calculation of the parity is done by a microcontrolor. This gives performances until 50 % faster than in the other RAID modes. This solution is a trade mark of Storage Computer Corporation RAID 10 establishes the striping (RAID 0) coupled with Mirroring (RAID 1). Excellent but expensive solution of fault tolerance. This system is surest and fastest. Nevertheless, its difficulty of implementation and the price return it used little.

8.5. Hardware and software RAID.

The RAID can be managed in manner hardware or software. The range of the "professional" operating systems of Microsoft can manage the RAID in a software way: Windows NT, 2000 in version server manage RAID 0, 1, 5 Netware manages in native mode (software) RAID 1 Linux manages RAID 0, 1, 4 and 5 The series "amateurs" (DOS, WIN95/98/Me and XP Home) do not manage the RAID in native mode.
y y y

This manner of proceeding allows the operating system to use several discs in RAID mode without dedicated hardware. On the other hand, by using a hardware (with the associated driver) adequate, all the operating systems can work in RAID in theory. For recall, the operating systems "personal" of Microsoft do not draw either part of the possibilities of the SCSI, in particular for the transfer by simultaneous DMA of data enter hard drives.

9. Backup and tapes dives in network

9.1. Introduction - 9.2. Strategy of backup - 9.3. Types of tape readers - 9.5 REV Iomega 9.4. Safeguards on hard disk (NAS - SAN)

9.1. Introduction.
This chapter treats methods of safeguard of the servers data (back-up). If they are obsolete for the office computer, the tape readers are the essential elements of the storage in network. The technology of these tape readers passes by speed transmissions up to 200 MB/s with capacities active until Tetra (1000 GB). Hard disks servers connection in RAID gets a pretence of safeguard, or rather a false sense of security. In the world networks, if the data of the discs can be recovered under certain conditions (RAID 1, RAID 5), an attack by virus, a malevolent intrusion or the flight of a computer directly involve losses of data and production. In the case of a PC "stand alone" (not connected in network) of professional use, the conservation of the data at all costs had been largely detailed in the course of first. In the case of the discs servers, the problem is equivalent into worse. Firstly, the users make whole confidence with the network (and especially with the network administrator) for the data backups. Indeed, the safeguards are normally daily on the servers. Secondly, the networks applications are often too large to be individuality safeguarded (place, access...) An essential point in the safeguards lies in the use by the users or other programs of the files all confused types. It is of primary importance that users leave the network when they leave work. If a file is used by a station, it will not be safeguarded. With the types RAID 1, we saw that we can cut hard drives of the users. Discs is thus accessible in read/write for the users while second is used only by the system of safeguard. When the backup is finished, the 2 discs are resynchronizes and the system RAID returns in operational mode 2 hard disks.

9.2. Strategy of backup.

Whatever examples to show the importance of a daily safeguard.
1. tackle virus or intrusion by Internet (hacker) 2. modification of the configuration software directly on the server (method largely used in practice) to add functionalities and... faulty operation. In practice, oblige the programmers to make a complete copy of the file on the hard disk. It is faster in the event of problem and will avoid you hours of recovery on tape. 3. accidental or different obliteration of files, losses of files in the contents of the disc.

In these three cases, the discs in RAID are not useful to you with nothing.

9.2.1. In first, we had seen the three types of safeguard:

Complete backup : save the whole of the files of the hard disk. This safeguard is very sure, but long. Incremental backup: safeguard only the files which were modified since the last safeguard. A restoration thus requires to recover a complete safeguard initially and then to take again the incremental restorations. Differential backup : copy all the files since the last backup complete or incremental. Indeed, this mode of safeguard does not modify the bit of file of the files. Each method has its qualities and its defects. It should not be forgotten that the duration of a back up is long, from where the interest not not to save too much. Moreover, one daily complete safeguard would make double function, the programs and the operating system is seldom modified every days. The complete backup makes it possible to take again the whole of the files of only one block. Nevertheless, in the event of complete loss of a hard disk, it is initially necessary to reinstall the operating system. The duration of a complete backup is very long and obliges to cut the servers of the users. Indeed, in recovery, one replaces the files completely. If a file misses, the program does not function or worse will pose "odd" problems. An incremental saves the files which are not safeguarded yet. Consequently, these safeguards are fast. But... The recovery of the files of an incremental safeguard obliges to recover some several behind, until a complete safeguard of the file. A differential saves all the files since the last complete or incremental backup. The time of safeguard is thus very long and increases with each safeguard. As the bit of safeguard is not notched, one needs another type of front safeguard. If not, the server (or the file) will be completely safeguarded each time
Complete SAFEGUARD modification of the bit of YES safeguard duration of the safeguard disconnections of the users incremental differential

YES

NOT

Long

short

long - short

Yes

YES/NOT

NOT YES

Defect

problem on a tape

problem on a tape, Obligatory change of the obligatory change of the bands each time, length bands each time

RESTORATION Each safeguard until the A safeguard until the complete last complete last A safeguard as a whole defective

type of recovery

Very of a blow

Risks

missing file

Let us mix the methods of safeguards with the particular aspect of the use of the data on the server. The strategies below can be complete on the disc or by part (files). Moreover, it can be mixed. A strategy of interesting safeguard of the data remains a followed regular complete safeguard of a safeguard differential day. Unfortunately, this poses two problems. The first is the periodicity of a complete safeguard. The longer it is, the more the differential backup will take time. And the second is precisely the duration of a differential backup. A second consists in making a complete backup per month, follow-up of an incremental backup per week and a differential per week. This strategy is flexible, but requires the use of many sets of different bands. A third consists in making a complete backup system per month, a differential backup on the files important each day and an incremental daily newspaper on the other files (documents users). This strategy seems the best but it obliges each day to start two backup different. Indeed the programs of safeguard are generally not conceived to mix at the same session two types of backup. You can nevertheless write on the same daily tape the differential file and the incremental file. A last thing concerning the use of the bands. Change band every days. The bands must be duplicated. An even series and an odd series. In this manner, if a band of Monday is defective, that of previous Monday will not be it. The plays of safeguard should not be in the same part (and even in the same building) as the server. Think of the flight or fire hazards for example.

9.2.2. Example of office automation strategy of safeguard

Here an example of strategy of backup in an office automation system. In this case, the applications do not turn night, from where interest to make the safeguards during this period.

Monday Tuesday Wednesday Thursday Friday Saturday dim. Monday Tuesday Wednesday Thursday Frida Type Diff. Diff. 21h Diff. 21h Diff. 21h Diff. 21h Compl. 20h Yes Ma1 Me1 Je1 Ve1 Com1 Lu2 Ma2 Me2 Je2 Ve2 Diff. 21h Diff. 21h Diff. 21h Diff. 21h Diff. 21h

schedules 21h RAID? bandage Lu1

In our case, the backup of Friday is a differential. It can be replaced by that of Saturday if there are no activities saturdays in the company. This avoids a displacement of the personnel for... changing the bands.

9.2.3. Industrial example of strategy backup

We leave the case here where the data-processing installation does not stop, with only one deceleration Sunday morning for example (maintenance of the production equipments). The problem in this case remains the users. What an administrator network without users would be happy. The second problem in this case is the load on the server during the safeguard. While safeguarding, you slow down the system. The problems of the users is solved by the system RAID, but not the workload of the server during the safeguard. It is thus important to choose the hour of the safeguards, not at 8 hours of the morning when all the world starts. The strategy of safeguard is done over 4 weeks, a complete safeguard of the system per month (4 weeks), all confused files.
Monday Tuesday Wednesday Thursday Friday Saturday Sunday Type Diff. Diff. 21h O/N Diff. 21h O/N Diff. 21h O/N Diff. 21h O/N Diff. 14h O/N Comp 8h Monday Tuesday Wednesday Thursday Diff. 21h O/N Monthly magazine Lu2 1/2 Diff. 21h O/N Diff. 21h O/N Diff. 21h O/N

schedules 21h RAID? O/N

bandage Lu1

Ma1

Me1

Je1

Ve1

Sa1

Ma2

Me2

Je2

Monday Tuesday Wednesday Thursday Friday Saturday Sunday

Monday Tuesday Wednesday Thursday

Type

Diff.

Diff.

Diff.

Diff.

Diff.

Diff.

Compl/inc Diff. 8h Yes Inc2 21h O/N Lu4

Diff.

Diff.

Diff.

schedules 21h RAID? O/N

21h O/N Ma3

21h O/N Me3

21h O/N Je3

21h O/N Ve3

14h O/N Sa3

21h O/N Ma4

21h O/N Me4

21h O/N Je4

bandage Lu3

The strategy resembles that office automation. RAID or not in week depends on the incidence of the safeguard on the work of the factory. Sunday takes again either a complete safeguard, or an incremental safeguard. This also depends on the incidence of the backup on the operation of the company. On the other hand, first Sunday of the month is a complete safeguard on 2 sets of bands with share. It is necessary to find balance between safety, the duration of a safeguard and the incidence on the operation of the production equipments. Not question of stopping the factory two hours under pretext of safeguard data.

9.3. Type of tapes readers.

In first year, we already saw the backup on tape for the workstations. In the case of a station, the choices are multiple: diskettes (?), CD-writer, DVD-Rom, Zipp... and them bands... are used little. On the other hand, the bands make it possible to make a safeguard with the request without intervention of the user. This possibility, allied at the cost price of a band/MB makes it practically impossible to circumvent in the networks, it is practically only. This possibilities of the bands is combined to "chargers of band" who ensure of the capacities out of the common run. Technology QIC is not used any more in the safeguards networks, considering its too low capacity and speed of transfer. We interest this time Ci in two other types, DAT 4 and 8 mm and DLT. All these technologies are systematically interfaced in SCSI.

9.3.1. Safeguard DAT

The DAT was with the departure developed for the digital audio cassettes, with an audio quality CD. In 1998, HP and Sony defined standard DDS (DIGITAL Data Storage) on the basis of these cassette. Technology DAT in 4 cassettes of 4 mm employs a technology known as elliptic. It is the same type as that used in the video cassettes. It is of itself slower than the linear type. For this reason, this type of writing is generally used when large capacities are wished.

The writing is done by groups of 128 KB with a correction of error. At the time of the restoration, the band reads the entirety of the group (including the correction) before writing the data on the disc.

DAT data cartridges exist in 2 formats: DDS and Data DAT. System DDS is most current.
Standard DDS DDS-1 DDS-2 DDS-3 DDS-4 DDS-5 Capacity 2 GB 2/4 GB 4/8 GB 12/24 GB 20/40 GB 36/72 GB Rate of transfer max. 55 KB/s 0,55/1,1 MB/s 0,55/1,1 MB/s 1,1/2,2 MB/s 1,1/2,2 MB/s 1,5 / 3 MB/s

9.13.2. Cartridges 8 mm.

The cartridges 8 mm were developed with the beginning for the videos: transfer of images in high color quality on tape for safeguard. Similar with the DAT, but generally of larger capacity, the 8mm also uses helicoids technology. Two standards are currently used according to the system of compression: Exabyte Corporation and its standard 8 mm and the mammoth developed by Seagate and Sony.

Standard

Capacity (not compressed/compressed) 3,5/7 GB 5/10 GB 7/14 GB 7/14 GB 20/40 GB 35/90 GB

Interface

Rate of transfer max. 32 MB /min. 60 MB /min. 60 MB /min. 120 MB /min. 360 MB /min. 4 MB /s (10 in compressed) 6 MB/S (12 in compressed) 12 MB/S (31 compressed) 30 MB /s (78 in compressed)

Form Factor

Type of Band

MTBF (hours)

Standard 8 mm Standard 8 mm Standard 8 mm Standard 8 mm Mammoth AIT-1

SCSI SCSI SCSI SCSI SCSI Ultra-Wide SCSI Ultra-Wide SCSI

3"5

8 mm HEART

300.000

AIT-2

50/130 GB

3"5

8 mm HEART

300.000

AIT-3

100/260 GB

SCSI 160

3"5

8 mm HEART

400.000

KNOWS

500 GB/1,3 TB

SCSI 320

5"25

1/2 HEART

500.000

For recall, the MTBF is Mean Times between Failures, average time between two breakdowns.

9.13.3. The DLT

Developed in the years 1980 by DEC (DIGITAL, repurchased by Compaq) for its microcomputers VAX, technology DLT really appeared in 1989. This technology was repurchased in 1994 per Quantum. Other manufacturers use this technology in OEM. Reader DLT use a cartridge smaller than the bands 8mm. The data are written on parallel tracks grouped per pairs. Each track uses the entirety of the band. When the end of the track is met (run-out), the heads are repositioned on a new pair of tracks and the safeguard continues while returning by the back) until the band is complete (by going - return). The current bands include 128 or 208 tracks. Technology DLT is single in the establishment of the heads. The 6 guide installation of ensures a helicoids unfolding of the band (as well as technologies above), ensures an excellent contact bandages/head this is associated 2 guides which make only the cleaning of the band and are not motorized. This ensures one lifespan of the 30.000 hour old heads, for 2000 in the case of the DAT

Standard

Capacit (no /compressed) 15 / 30 GB 20 / 40 GB 35 / 70 GB 40/80 GB 80/160 GB 160/320 GB

Media

Interface

Taux de transfert max. compress 2,5 MB /s 3 MB /s 20 MB /s 6 MB/s 16 MB/s 20 MB /s

DLT 2000 DLT 4000 DLT 7000 DLT-4 (VS-80) DLT-4 (VS-160) DLT-V4

SCSI SCSI SCSI DLTtape IV DLTtape VS1 DLTtape VS1 Wide Ultra SCSI-2 SCSI SCSI

DLT-S4

800/1600 GB

DLT-S4

Ultra-SCSI 320

120 MB/s

9.13.4. Super DLT

The Super DLT backup are also provided by Quantum. These bands increase the capacity of bands DLT. In this case, the heads are controlled by laser beam (LGMR).
SLDT 220 Basic capacity Compressed capacity 110 GB SLDT 320 160 GB SLDT 600 300 GB

220 GB

320 GB

600 GB

(2:1 of compression)
Rate of transfer (DTR) Compressed DTR MEDIA 11 MB /s 22 MB /s SDLT I ULTRA2 SCSI LVD 16 MB /s 32 MB /s SDLT I Ultra2 SCSI 32 MB/s 64 MB /s SDLT II Ultra 320 SCSI

INTERFACE

HVD
DATE TR1 2001

Ultra 160 SCSI

TR1 2002

Optical fibre
TR3 2003

9.13.5. LTO (Linear Types Open)

Destined to replace SDLT, technology LTO allows a capacity of 200 MB (400 MB compressed for LTO-2) with a maximum speed of 144 GB/hour for version LTO-2 HH and until 245 GB/hour for standard version LTO-2. The last version LTO-3 allows until 800 GB in compressed mode with a transfer rate of 490 GB/hour. These safeguards on tapes include various mechanisms of heads protections, adaptation of writing/reading speed according to the speed of transfer towards the waiters.

9.13.6. Libraries
The chapter would not be complete without mentioning the libraries. They are tape readers including several bands established in an external charger (as in the CD chargers) or provided with a drawer by band.

If they can be established as solution standard backup, their principal use consists in filing the data which (or not often) are not employed too much. The data are recognized as forming part of the hard disk but are not physically stored above. When you read such a file, it is taken again starting from the bands to be transferred on the disc. At the end of the day generally, the program takes again all the files not used for a certain time to insert them on the tapes. The bookshop thus makes function of disc at low prices. A similar solution is established under Netware Novell which compresses the files the least most often used on the hard disk, increasing the disk space to decompress them in the event of use.

9.4. REV from IOMEGA

Developed to replace the backup DAT tapes and Jazz readers, the REV of Iomega has many advantages. Does reader REV use removable cartridges of 35 GB (90 GB compressed) that is to say the largers capacities of readers DAT. Internals, REV are interfaced in IDE, SATA or SCSI. In all cases, the maximum speed of transfer is 25 MB/second. The REV are also available in external version (interface SCSI, Firewire (Mac) or USB). The safeguard software associate give the same functionalities that standard bands. The large advantage comes from the price of this equipment, near 400 (half of DAT reader price) even DAT are generally interfaced in faster SCSI 160. It is the current solution for the backup of small file servers, even if the price of DAT cartridge are cheaper that REV storage media (50 approximately)

9.5. San and NAS

9.4.1. Introduction.
We saw the data storage on the hard disks of the servers. This solution implies a dedicated server which finally makes only distribution of files. This distribution of files causes an extra work of work on the server. Moreover, the price of the licenses servers is expensive. Other solutions of storages make it possible to occur from server.

9.4.2. NAS (Network Attached Storage).

A NAS consists of one or more hard discs generally assembled in IDE (RAID or not), of an interface RJ45, an electronics of the computer type (microprocessor, memory, wearing of input/output) and of an often priority operating system (specific to the apparatus) of Linux type. The exploitation itself is done by the intermediary of a station and of a Web. navigator the administration consists in parameterize the rights of access of the users, parameterize parameters TCP/IP and server DHCP generally included. In short nothing complex good. It is precisely the strong point of these apparatuses, the simplicity of implementation and the price (not of Windows license).

Like option for these apparatuses, let us quote the discs Hot Plug (extractable hot), systems RAID, discs SCSI, synchronization of the rights of access with the privileges users existing on the server. Like all apparatuses networks, one will find redundant power supply ...

9.4.3. SAN (Storage attached Network).

As for the NAS, the discs are not attached to the principal server of the network. In this configuration, discs and libraries of band are directly connected to a network of storage Fiber Channel. Normally, all the discs and libraries of band are visible by all the processors. The functionality of Zoning makes it possible to isolate from the sets from discs and libraries of the other sets. In the case of the NAS, the discs are thus not regarded as pertaining to only one server. Nevertheless, to the difference of the NAS, the management of the files is entrusted to the servers. This can pose problems in the case of two servers of different operating systems. The difference between a SAN and a NAS thus rests primarily in positioning on the network. On the other hand, the implementation of a SAN is definitely more complex.

10. Remote connection by Internet, Security and access

10.1 Introduction - 10.2. The risks (virus, hacking, ...) - 10.3. Basic connection Internet 10.4. Various points of a professional connection - 10.5. Firewall - 10.6. The remote access 10.7. Safeguard via Internet

10.1. Introduction
This chapter treats communications and safety measures between computers. More the current relates to connection towards Internet (Firewall, VPN) but also of the remote takeover of computer or network starting from a computer connected to a telephone line or via Internet (division of remote discs for example), remote work... All these connections can be treated in hardware or software, the 2 possibilities exist systematically. We will see in detail the hardware possibilities. This will prepare us following the course: structure of a network.

10.2. Risks
A short recall on the risks of safety (virus, hacking...).

10.2.1 Virus according to their type

As each one knows, a virus is a program of which various purpose (it is a manner of even the things). Here approximately types of virus according to their working method. For the list of the virus currently on the "market", go on any site of antivirus.
1. Programs virus. First appeared viruses, their method of propagation are this "to stick" on a program. By carrying out the infested program, you start the virus which can thus tackle the other programs present on the hard disk. The finality generally passes by the destruction of the files. 2. Boot virus. The method of propagation passes by an infection of the sectors of boot (starting) of the diskettes and hard disks. Practically disappeared, these viruses could practically do everything since they started before the operating system and the antivirus. The destruction passed by any to the restoring immediate of the hard disk. As a recall, a function in the BIOS makes possible to prevent in the event of modification of the boot of a hard disk, even if this function poses some problems at the time of the installation of certain versions of Windows. 3. Macro virus: The documents Word and Excel can include macros (programming of the documents of Microsoft). These virus are thus propagated not like a program, but well inside a document. 4. Mail virus in the broad direction attack your address book to infect other machines. The destruction passes by the obliteration of files to their transfer towards other boxes of mall (with a generally false start address for the recipient). Their method of propagation goes from the file related on the writings of the type Java Script and Microsoft safety faults. The latter are not any

more of the attached files. The only fact of passing on the mall with the mouse is enough to start the virus. 5. Bios virus. Not very many, but the worst for a technician. These viruses attack the BIOS at beginning a flashage from this one. As the flashage is not correct, the mother chart is unusable without changing the flash Rom. All Bios flashables include a function in the SETUP which makes it possible to prevent such a handling. Moreover, of many mother charts include a bridging to prevent in manner hardware this function. Prefer the manner hardware. 6. Hoax. Regularly, I receives alarms for unknown virus which announce an unknown file in Windows, virus not detected by the traditional antivirus. Before erasing the file, you say that a virus not detected by the principal antivirus, it is a little as if Gainsbourg had never been detected by the breathalyser tests and check on the sites of the editors of antivirus.

10.2.2. Protection Virus

The most current solution is an up to date antivirus software. The current antivirus detect practically all the virus present on Internet (besides some new models). The virus attached to the mall are also detected. The method of disinfections passes by the suppression of the virus attached until the pure and simple removal of the file if it cannot be repaired. At the antivirus level Hardware, some routers and VPN include directly an internal antivirus. Other equipment are used only for that (PANDA manufactures a model of this type). SYMANTEC GATEWAY Security also includes (in other) an antivirus. The advantage comes from the automatic daily updates on only one node: the router of input/output of connection Internet towards the internal network. When a virus is detected in a mall (some is the type), the mall is directly returned to the shipper without very passing the end of the nose on the internal network, even less in the PC of the recipient. The defect remains the other entrance points: diskettes, pirated CD, connections to Internet via other points (modem of notebook for example). This solution is thus effective only partly.

10.2.3 Hacking, security of the PC

The risks of intrusions are a subject " la mode". Various methods of hacking will be examined.

The first method consists in injecting a program in your computer (via a mail for example). This server process program will react to any request of a customer (the program of that which tests the intrusion) via a port TCP or UDP. The ports are specific to each Trojan (also called backdoor). I leave you with the sites specialized for the list of the worm and their specific ports. This exceeds the framework of this course hardware. As these programs are easily findable on Internet, any kid is able to use them in practice, on the other hand, it requires that a program is established in your computer or a PC of the network. In short, if the customer is not established in the system, not risk. The second method consists in using faults of safety in furbished Microsoft, that it is in the operating system Windows, Internet explorer or Outlook (all versions confused). Definitely more difficult, this solution is reserved to the professionals. This allowed a site tests of firewall to open my remote CDRom reader. With a firewall software on the station and the network protected by a firewall hardware, I however felt safe rather. The solution consists in following SERVICE PACK of safety of Microsoft (when the new versions do not open other faults) Of the third, by far most underhand, the method consists in modifying information in screen TCP/IP of a correct message so that the PC (or the router) attacked believes that information comes indeed from the site required as in the diagrams below. To counter these attacks, it is necessary imperatively that the screens all is analyzed before the reading by the navigator. The goals are multiple: flights of information and in many cases, used this PC like relay for other attacks. The target detects then the attack like coming from the "hacked" PC.

10.2.4. Spyware and adware.

They are both of the programs which use Internet To explore to carry out various commercial tasks with title. These types of programs are not regarded as viruses. They thus neither are detected, nor removed by an antivirus! Free software is downloadable on Internet to remove them.

10.2.5. Microsoft.
One regularly finds problems of safety in the operating systems, the navigators and the programs of Mall of Microsoft. This is used for the intrusions, as for the proliferation of the viruses. The only solution is the update of your program on the site of Microsoft. Probably the worst. Appeared with Windows XP and To explore 6.0, each movement on Internet is analyzed. This is not too spring of a course hardware.

10.2.6. Attacks by Refusal of service (Denial of Service)

Still a concerning problem safety on Internet. Arrivals recently in the world of connections, this type of attack is rather fatal. It consists in sending a maximum of request on a Web server or a router in a minimum of time. The apparatus not knowing more to follow cracks literally. The method consists in sending multitudes of packages ICMP echo-request by modifying the address source of each package. The orders sent are multiples small packages of 64 KB or inferior. The target cannot answer any more at the requests of connections because the whole of the band-width is limited. This is the method of the spoiled kid who does not manage to be introduced on a site, then, it plants it. On the other hand, it is also a method much more professional in certain cases. In, effect, to ensure a maximum of orders at the same time, best remains to use a maximum of PC at the same time for the attack. Nothing better than to establish a Trojan among simple amateurs and to ask to all these PC to send same the orders at the same time.

10.2.6 Refusal of service station (tear drop, new tear, boink...)

The attacks of the type Teardrop, Newtear, Boink... are almost identical to the refusal of service above except which it tackles only with the computers (servers included) directly connected or even via a router. This type of attack aims at the system Windows 32 bits (Win 95, 98, Me, XP (Pro), NT and 2000) but also the operating systems Linux lower than 2.0.32 (as Linux is not in my competences, to check). Apparently, Mac and Unix systems can also be deteriorated by these attacks. With share Windows 3.11 and DOS (but how to go on Internet in DOS?), all are thus aimed. The attack is not done any more on one server, but on the connected stations. This type of attack consists in sending packets TCP/IP which overlap called OOB = Out Of Band). The target computer tries to rebuild information and finally, not arriving there, this causes a planting of the machine. In Windows, you find yourselves with a beautiful blue window and you have other choices only to start again the machine.

10.2.7. Some precise details.

Anonymity on Internet, not so sure. To determine your address IP provided by the provider remains a play of child. A router protects your local address TCP/IP on the network by not indicating that the external address. In the case of a division of connection via the programs provided with the operating systems Microsoft, in fact the internal addresses of the network are directly detected. Any intrusion, attacks of any type initially requires of the "hacker" to know address TCP/IP of the target with respect to Internet. The sport for him is then to know the internal addresses of stations PC or others of the network. As long as the address Wan (Internet) is invisible, it cannot anything. Inevitably, it is easier A to detect when the local area network is connected by fixed address TCP/IP. In the same way, your operating system and your navigator Internet are automatically sent by your navigator to the site, idem for the resolution of your screen (dimension and a number of colors) The servers proxy are memories hiding place which make it possible to accelerate connections. The mechanism is simple, when a page has been just read, the proxy the guard in memory. If a request on this page intervenes quickly, the proxy does not download it Internet but directly of its memory. Moreover, it is more difficult to track you since you are not always directly in contact with the sites. These proxy can be external cases, included in a dedicated computer of the local area network (under Linux for example) or directly by the provider. Cookies are small textual files charged on your computer. These cookies records your preferences. This makes it possible for example to arrive directly on the French version of Google.be. Not quite dangerous, but these cookies often includes information such as passwords (even if they are often encrypted) or goes back it to your last visit on a site. Some cookies makes it possible to track you on various sites. NAT (Network Address Translation) is used as translation between the outside of the local area network (Internet) and the stations. The router builds a table of correspondence of IP addresses. In this manner, outside cannot determine the internal address of a station. With the reception of data by the router, this one transfers information towards the true recipient thanks to his table.

10.3. Basic connections Internet.

The division of a connection Internet makes it possible simultaneously to connect several computers connected in network TCP/IP with only one modem. The professional division is done via a router, but simpler divisions directly use a modem connected on a PC. The modem can be normal, ISDN or ADSL. In the same way, the type of modem can be internal, external series, external USB or even in unquestionable modem ADSL, connected via to a chart network. In the first three cases, the division can be done directly by the operating system (Windows 98 second edition, Windows Millenium, Windows 2000 or Windows XP). In the case of a connection via chart network, the division can be done via a router or a software of the Wingate

type. This software also ensures the safety of connections. In this last case, the PC ensuring the division receives 2 network cards. A last remark, in the case of a simple division via the operating system Windows, each computer can require connection, but connection can be cut only on the PC connected to Internet. This does not pose problems in ADSL, but attention with the telephone calls in RTC or ISDN. It is nevertheless possible to ask to cut connection Internet after a certain lapse of time. In small Option Internet To explore, choose the order option Internet. Select connection (My connection below) and click on the button parameters. In the following window, select the "advanced" button. Notch the Disconnect box so inactive during and type the number of minutes wished.

Various software or hardware nevertheless will be connected between the network and Internet, either to ensure the safety, or to ensure the speed of connection. These apparatuses (software) provide various functions of connection.

10.4. Various points of a connection/professional division Internet.

10.4.1. Basic division
Before speaking about the apparatuses and solutions to be implemented for professional connections Internet, let us analyze the various possible problems. This will in the long term enable us to draw our connection more easily. In the case of a connection towards Internet, the first task is the division. This will make it possible to several users to connect itself on Internet at the same time (navigation, mall, news...). This necessarily passes by a network installation. In this case, a computer or an apparatus (generally a simple PC on which is connected the modem must be used as connection.

According to diagrams' above, each station has its own address TCP/IP (X.X.X.X.@station1 and X.X.X.X@station2). In the same way, the supplier of access automatically provides an address TCP/IP to connection. At the time of a request for posting of a site, referred by a clean address TCP/IP, for example 238.128.128.128 which we will name by X.X.X.X@site. At the time of the request for posting, station 1 sends to the apparatus of connection its own address (for the answer) and site addresses it which she wants to post (X.X.X.X@site). The supplier of access and all the components of Internet network will manage so that information of the site is returned to address TCP/IP Internet provided by the supplier of access (X.X.X.X.@ISP) which returns them to the apparatus of connection. This one will make the transfer of its own address Internet towards the private address of station 1. Operation, though complex in an internal way, is not too difficult to implement with the current software. This method is used by the division of connection Internet established in Windows 98 SE, Millenium, 2000 or XP. This solution is not very protected. Each address of the connected PC is visible of Internet. This practice is used for small divisions of family connections Internet out of modem STN or ADSL with modem USB.

10.4.2. Divide via a specialized software.

This solution of division Internet uses a PC relay between the network and Internet. The PC uses 2 networks cart. A NIC is connected towards the internal network, the second network card is connected to a modem Ethernet RJ45. The software can be Wingate, some professional solutions (Symantec for example) or a solution containing Linux. This diagram is used by Windows 2003 and 2008 server. The PC relay must remain connected so that connection Internet functions. The software provides various functions: NAT (Network Address Translation), proxy (mask) and even firewall. The firewall if it is directly established (Linux) is of functionality identical to a firewall hardware. You can also install on this PC relay a firewall software of the type Zonealame Pro (the free version does not function in network).

This software solution of division forms part of the other courses of second year, in particular Linux. I thus do not return in the details.

10.4.3. Divide via a simple router.

The use of Internet is completely transparent for the network. The router remains connected permanently. This hides the internal network (addresses PC and peripherals) for outside, but does not prevent the risks of intrusion. Indeed, separately the hidden addresses (NAT), the stations are directly connected on Internet. A Trojan on a station will communicate through the network in a completely transparent way. It is even probable that the hacker will not realize that it is in a network that at the time of the takeover of the PC when it has access to all the divisions of files and peripherals. This gives a pretence of safety, hardly more.

10.4.4. Divide via router and firewall hardware.

This diagram represents almost the solution of ideal safety (almost worries me). The router and the firewall can be included in the same case. The modem can be integrated in the router or be connected between this one and Internet. This solution will be examined in a exercise of chapter 17. Divide and connection Internet via a router - firewall mode ADSL RJ45 Ethernet. Safety does not rest on the assembly but on the manner of parameterize the firewall. This is valid for all the solutions of safety firewall.

10.4.5. The DMZ (Demilitarized Zone).

This is a particular use of the firewall. It is used with a lodging on a server specific to the company or in the event of lure for various attacks. In this last case one by the PC bastion. Its use as server proxy or server of transport is also used.

The firewall in contact with Internet will let pass information on port TCP 80 (possibly 443) coming from the outside of the site, as well as information coming from the internal site towards Internet. In the case of a Web server, the first firewall avoids the attacks outside. Ports 20 and 21 for example could be closed. On the other hand, information coming from outside will pass is by the external firewall, then by server DMZ (case of a PC bastion) then by the second firewall. It is not the maximum level of safety, but the hacker is found with 2 to see 3 barriers to be opened.

10.5. Firewall
10.5.1. Introduction.
The firewall protect the processing installations from hacking. A firewall supervises the communications of computers towards Internet and screw poured. For that, it analyzes, blocks or authorizes the communications via ports UDP and TCP. This is valid for connections Internet, but also between various parts of an internal network. A broad part of the "intrusions" are orchestrated interior of the company. Think for example of the employee who has just received his notice... One finds 2 types of firewall: software firewall and the firewall hardware. The parameter setting of the software firewall does not form part of this course hardware, I will not be delayed there. In applications Internet, to facilitate the communications between identical applications, one uses ports as well in TCP as in UDP. Each port is specific to a type of application. Navigation is done by port 80 and the news by port 119 for example. The parameter setting consists in opening doors (ports) necessary to the normal applications according to the emission or TO addresses IP (at exit) (addresses of the sites). As of this moment, it seems to to me clear that all the others must be closed. By definition, the intrusion is always done by the weakest entry of the protection of the network. This is similar with the safety of a building. That is not used for nothing to put doors armored everywhere, if the window of behind remainder opened permanently.

10.5.2. Difference between a software and hardware firewall

And not, both do not make the same job exactly. In a direction, they are complementary. For recall, to install 2 firewall software is dangerous and can make each software ineffective. A software firewall checks and indicates on which ports the programs which reach Internet since your PC (in TCP/IP and UDP). In the same way, they announce the ports on which return (or try to return) of the applications on your PC. In this direction, except misconfiguration, they are effective. On the other hand, they do not analyze the current programs at all (modifications of the screens...), nor do not analyze even less the defect of safety of the operating system (various faults of Microsoft safety on the operating systems, Internet Explore, Outlook and even office 2003). By checking the programs which try connections Internet, these programs block the spyware and the adware. Unfortunately, this solution generally also blocks connection Internet. The software solution to remove them remainder lavasoft for example. A firewall software is installed on each PC (from where a heavy work of administration), on the server or dedicated PC. Moreover, this software seldom recognizes the addresses external (Internet) of the internal addresses. This software is perfect for the detection of the Trojans. If they detect them, they do not remove them. This role deals with the antivirus, even if the antivirus do not consider the adware and spyware as harmful (they are commercial programs). A firewall hardware is placed between Internet and the network. In this direction, the intrusions (or attempts) inside the network are never analyzed. Even if a firewall hardware is not

related to Microsoft, they do not protect either from the faults of safety of the programs and operating system. By analyzing the data trame, they also refused the intrusions by do-it-yourself of the addresses. On the other hand, even if all the ports not used are closed, the programs which use the standard ports can work without problems. Worms (Trojan) which would use port 80 will not be to in no case blocked, it is regarded as a completely standard application. The spyware and adware using port 80 are not thus to in no case taken into account by a firewall hardware. 2 protections below are generally integrated in the firewall material: Statefull Packet Inspection: Allows the firewall to compare a package of data entering with the packages having previously been regarded as "healthy". Content Filtering : In particular allows to control the accesses to the Web by filters (based on lists of Internet addresses, words key or time beaches of connection). An optimal safety would be thus a firewall hardware between the network and Internet and a software firewall on each station. Nevertheless, the firewall intern in the case of heavy networks poses problems on the level user. With the slightest warning (even useless of type DHCP on port UDP 68), the administrator will be called (or not...) by the user. Currently various firms manufacture networks cards which include a firewall hardware.

10.5.3. Ports to be opened in TCP and UDP, the beaches of addresses.

Each application is characterized by a port TCP and/or UDP used. It is specific to the type of application This facilitates the communications since an application of the navigation type will use office port 80, whether it is Microsoft Explorer, Netscape or another. The numbers of ports (as well in TCP as in UDP) vary from 0 to 65535 (216). IP determines the address of the site or the PC in communication. The combination port TCP/IP thus determines the site and the application.

10.5.4. Method of detection of a firewall hardware and functionalities

The firewall analyze the trames, while the firewall software analyze the applications. This analysis hardware is carried out by an internal software. The first part filters combinations TCP IP to send or not information towards the PC customer of the network. The second part will check if information is actually required by a station customer by analyzing connections PC Internet site. The third application is called State full inspection. This term is patented by Checkpoint (one of the leaders of safety Internet) which manufactures firewall software but whose technology is established in various firewall hardware, in particular those manufactured by firm NOKIA. "State Full Inspection" is also called Firewall-1 or with technology of dynamic filtering. The firewall determines if the customer is well connected (activates) on Internet at the time of

the reception of the message. For that, the firewall guard in tables of connection active sessions. In the contrary case, the message is purely blocked. The firewall can include also various options such as the proxy. A proxy is a hard disk space on which the usually required pages are stored. Each provider uses a proxy for connections. At the time of a request, the proxy checks if the page is not in memory. In the positive case, the page is returned to the request without remote loading starting from the site. This makes it possible to save time at the time of the remote loadings. This solution is also used in some firewall or router. If the user is not in direct contact with the site, its address IP could not be analyzed. Though certain sites say some, it is not really a safety since the addresses with hacker are often determined by a addresses scanning on Internet. On the other hand, in the case of the firewall which do not return orders PING, this allows the attacker to determine that the address is actually used if the proxy is not in function. Notice that use ICQ or MSN Messenger also makes it possible to determine your address TCP/IP even more easily, the list appears on the site. The filtering of sites is established in the majority of the firewall hardware. This makes it possible to block the outgoing accesses of the addresses of sites or even of the addresses containing a word. You can for example block the sites whose name included sex, meets or KAZAA.

10.6. The remote access to a network

This application makes it possible to be connected to an internal network via a telephone link or by Internet.

10.6.1. Takeover remote and file transfers.

In the preceding chapter, we saw that the horse of the Netburst type make it possible to take the remote control (amongst other things) of a PC via Internet. This solution seems easy but makes it possible others to take control too. This solution is thus completely to proscribe. The solution most commonly used calls upon software of the type PC Anywhere which makes it possible to take the ordering of PC via analogical modems or ISDN, or even ADSL (Internet). This solution is often used for small infrastructures of the independent type, or for the breakdown service of the remote users in the internal networks. Many attempts at attacks by Internet come from this software. The parameter setting of PC Anywhere makes it possible to change the number of port for the remote access. It is not the perfect solution. Indeed, for a remote takeover, one needs the number of port and the program customer. By changing the number of port, the administrator supposes that the hacker will not be able to take control. Other side, the hachers by scanning of addresses on all the ports, receives the software which answers (even badly) on a port. It does not have any more but to test all the possible programs on this port. The takeover is also done by password (clearly advised). Another solutions which is not used that by certain programs allow to share resources via the access remote network.

This function requires the installation of an additional component of Windows: server of access remote network and allows the use of files on discs divided via a modem (always RTC or ISDN). Connection to allow the entry is also done via a password and the starting of this server of remote access via the part access remote network. Certain office automation programs (in particular Works of Microsoft) also include transfer transfer functions of files. Windows XP also established a function of remote order taking, by hoping that here also there are no faults of safety.

10.6.2. Virtual Private Networks (VPN)

The solutions above directly do not make it possible "to be connected to a server network", but to take the control of a PC which him is connected to the network. They are software solutions. VPN (for Virtual Private Networks) equipment are connected physically on Internet or between the network and the router following the models. The last versions of the operating systems servers of Microsoft establish equivalent functionalities. VPN create between a computer and the network interns a protected and encrypted connection to ensure the transfer of information: called a tunnel commonly. When the station requires via Internet a connection on the internal network, the 2 apparatuses communicate a software key which will be used for encoding of information. The VPN then creates a kind of

tunnel made safe on Internet which prevents any form of hacking. This solution is the only usable one for a connection via ADSL connection requires 3 things:
1. A particular software on the customer (virtual private Network installed like component of Windows or specific program) 2. A material hardware of the type VPN connected between Internet and the corporate network (possibly Windows 2000 or XP) 3. An address Internet TCP/IP fixed or at least known at the time of connection.

The first two constraints seem easy. We will speak again of the apparatus. The third requires, that is to say an Internet site and thus a clean server connected on Internet, even if connection must be done on another server or a specific subscription making it possible to have a fixed address Internet TCP/IP. In the case of a normal subscription ADSL, the address changes with each connection and the maximum after a few tens of hours following the provider. The amateurs will be able nevertheless to use some solutions to know address TCP/IP of connection to one moment given on specific sites for example and to communicate it via telephone or mall. This solution is not very possible for a connection 24h/24h. One distinguishes several models from VPN. The majority of the models hardware allow only one tunnel between 2 network installation fixed. They thus do not allow the domestic industry (though publicities imply). The models more expensive also allow remote work. The mode of encoding can be MPLS or IP-Dryness (IP Security). Encoding is done only between the two VPN. Certain methods of tunnel, in particular Over IP (with the difference of tunnel IP) make it possible to make forward other protocols such as IPX in the tunnel. In the case of the use of a VPN, you cannot make safe your network by preventing the division of the resources via TCP/IP. Indeed, for small networks, you can establish in parallel with TCP/IP the protocols IPX or Netbui and configure protocol TCP/IP network on the network card so that it does not allow the division of the resources. The VPN makes it possible to use at distances all the resources of the network (files, applications and peripherals of the printer type) as if you were directly connected on the network. According to the apparatus (of the software solutions exist, in particular in Win2000 server), the VPN will carry out several tasks like below the series of Symantec Gateway security.

A footbridge (gateway) towards Internet (function of router Internet), a function of firewall to block the intrusions, an integrated antivirus and function VPN to create tunnel Internet via, generally operation is in conformity with the specifications of IPsec encoding of the stations customer. The VPN will provide a local address to a PC connected on Internet this one then automatically will be integrated in the network. Attention, the parameter setting of this type of apparatus on level VPN is generally more pointed since it makes it possible for example to accept the data returning on an address but to refuse the outgoing entries.

When all the levels are solved, you can directly connect two internal networks VIA Internet. It is currently the only viable solution (without completely dedicated and rented lines) for this kind of applications. It is also, at least in Belgium in the zones connected to the ADSL, the best solution for the telecommuting (work starting from its residence).

10.7. Safeguard via Internet.

This method of backup could be inserted in the storage part and safeguard network, but uses the techniques of remote connections. The principle is to create a tunnel Internet between your internal server and a distant network made up of servers, NAS or safeguards on tapes to save your data. The principal advantage: you are not worried any more your bands, they are in theory in safety outside your company (another advantage). The control program automatically saves the important data by compressing them and crypting them as a preliminary. Various alternatives of this technique are proposed. The first consists in systematically transferring the contents from the hard disk on safeguard Internet. A small recall, fastest connections ADSL turn to 8 Mb/s (divide by 10 for find a notation in byte or byte). To save a

hard disk of 20 GB of data, one thus needs 20.000.000/800 = 25.000 seconds, that is to say nearly 7 hours. The return is done even more slowly, with 512 kb/s maximum for the ADSL, that is to say 16 X slower. Not very effective. The second solution consists in saving on various supports the starting data (CD, DVD, bands) and safeguarding only the important files or that files modified via tunneling Internet. The second method returns to an incremental or differential safeguard with their respective defects. In the event of problem, one repatriates by vehicle the basic safeguard and one recovers the files safeguarded later. These systems can save the data each day in different files or the same file (by crushing the oldest files. The safeguard is compressed and encrypted at least with 128 bits, therefore protected. It is practically impossible to recover the data without the various keys. On the level SAFETY, this solution thus seems good. The defects make nevertheless important. The first comes from the data security (even if they are encrypted) since the data are on a site which does not belong to you. The second problem comes from the flow of transfer of the data in emission (even compressed) and even more in reception. As the tunneling requires a hardware or an application software, check the effective cost of this solution of not very orthodox safeguard. This principle functions only with servers networks working in TCP/IP. In short, not inevitably an intelligent solution for the safeguard of a complete server but a manner of being encumbered task more safeguards for small capacities. This solution could be also installed between two servers networks of the same company but distant by using a connection VPN. This reduces the cost of the person receiving benefits but requests of fixed connections Internet by IP and is thus possible only for the large companies.

11. Wireless network

11.1. Introduction - 11.2. Bluetooth - 11.3. IEEE 802.11 - 11.4. IEEE 802.11 A - 11.5. IEEE 802.11 B - Wifi - 11.6. IEEE 802.11 B+ - 11.7 Wireless network 802.11 G - 11.8. Connection 802.11G+ - 11.9. 802.11N - 11.10. Infra-red Connection

11.1.Introduction
This chapter could be included in the Ethernet networks connections. Nevertheless, as wireless connection is rather evolutionary, I chose to make specifics parts. Wireless connections permit to connect various equipments ... without wire. Connection perhaps either of the hertzian type, or by infra-red light. The connections will infra red require that the transmitter and the receiver are on the same line (look at themselves), which is not always hollowing out. These connections were used (without much success) for the keyboards and the mice but are established in certain printers.

The wireless network connections have taken, for a few years, very an other direction, the simultaneous connection of several apparatuses between-them. They can be various printers, scanners and peripherals or even of networks. The difficulty of implementation holds of the zone of reception, related on the power of the transmitter, the detection of the receiver (from where a protocol defining this one clearly) and of the data security transmitted. This safety must hold account of the checking of the transmitted data but also of the encoding of the data. Nothing is used for to make safe a network if a simple hertzian receiver could pump all the data circulating on the network. Currently, several types of networks "without wire" are on the market for current distributions. Connection Internet by satellite are seen in a chapter with share. The solutions hertzian pose problems of environment that few manufacturers announce. There is to only walk in an industrial building (out of sheet) to realize that the environment poses which problems of connections GSM for example. The maximum distances provided by the manufacturers speak about discovered grounds, which is seldom the case in the dwellings or companies, even if it is possible to install external antennas in many cases. The environments disturbed by electromagnetic fields (electric machines of strong powers) pose the same problems as in traditional wiring networks. In many cases, it will be necessary to mix solutions with wiring network and microwave link.

11.2. Bluetooth
This type of wireless connection allows hard cover two apparatuses via a microwave link. These apparatuses can be numerical cameras, PDA, printers,.. Bluetooth exploits the frequency band of the 2,45 Ghz ISM (Industrial, Scientific & Medical) which is normally free of right for the majority of the countries. The number of distinct frequencies used is 79. You could thus use 79 different networks in the same part. The flow of connection is of maximum 1 Mb/s for distant peripherals of maximum 4 meters and 75 kb/s for higher distances. The maximum distance is 10 meters, but can reach in certain cases 100 meters. Indeed, Bluetooth technology defines 2 categories of powers radio frequency for the personal networks, the short beach (0 dBm) which authorizes distances up to 10 meters and the average beach (+ 20 dBm) which carries up to 100 meters. The radio connection supports at the same time the data transmission and vocal with a maximum speed of data of 72 kb/s, which is in practice the maximum rate. Made safe, this connection is transparent only if the two apparatuses know each other. Each peripheral east receives a code with manufacture on six bytes : three first appointing the manufacturer and the three others the machine. Indeed, each apparatus bluetooth can be decontaminated for an automatic connection or be activated for only certain apparatuses. The peripherals thus use protection systems avoiding the transfer of unauthorized data. Nevertheless, safety is often decontaminated by defect and the hacking is thus possible to recover for example the data of the address book of a GSM or a PDA starting from another apparatus or to use the GSM of the neighbor for a connection Internet.

Within a network bluetooth, an apparatus is useful of Master and until 7 peripherals slaves which divide the band-width. It is possible in theory to make communicate until 10 groups of apparatuses, that is to say 80 apparatuses. On the contrary connections IEEE 802.11, this type of connection is not dedicated for the connections networks (even if it is possible). It makes it possible for example to connect a PDA directly to Notebook or a GSM.

11.3. IEEE 802.11

Microwave link also using the frequency band of the 2,45 Ghz (ISM). The maximum flow is 2 Mb/s at a maximum distance of 100 meters. Specificities of this old standard of wireless networks go back to 1997. It is not currently used any more.

11.4. IEEE 802.11a

This standard operates in the frequency band 5-6 Ghz. The diagram of modulation used is "orthogonal frequency-division multiplexing" (OFDM). In this type of modulation, the signal is cut out and sent on several of different frequencies. This limits the interferences and makes possible of the speed transmissions of data going up to 54 Mb/s (either approximately 10 MB/s), but more generally the communications occur to 6 Mb/s, 12 Mb/s or 24 Mb/s. The maximum distance between the central point (which function like Hub) and the stations east of 366 m to 6 Mbps in outside and of 91 m with 6 Mbps in interior. For short distances, it is faster than the 802.11B Wifi. This standard is sometimes called Wifi5. It is used little in Europe but very established in the United States.

11.5. IEEE 802.11b - Wifi - IEEE 802.11 HR

Derived from the IEEE 802.11 (1999), this microwave link also uses the frequency band of the 2,4 Ghz. It is used as connection network via specific charts networks and a central apparatus called access point (Access Point) functioning as a hub (the total band-width is thus divided between the various PC. This connection allows a maximum capacity of 11 Mb/s on a ray of a hundred meters but the range strongly depends on the environment (walls or partitions...). The number of peripheral is limited to 10 by stations. This solution is currently adapted for the wireless networks. Connection uses the 2 low layers of OSI model which are used for transport. Each PC, portable and peripheral included a chart network of the type WIFI with an antenna. A concentrator (HUB, switch or even router) is used as central point for the division or possibly for a connection towards a traditional concentrator.

The method of catch of line is of type CSMA/CA, identical to the Ethernet networks. A large difference all the same. When a transmitting station on a telegraphic connection Ethernet, it is with the listening of all the stations on the cable, which could not be the case in a microwave link. Indeed, the fact that 2 stations can be connected on the central node does not include that the stations can communicate directly between them if the distance is too important. For that, one uses the mechanism of "Virtual Carrier Sense". A station wanting to emit transmits a small package called RTS (Request To Send), which indicates the source, the destination and the duration of the transmission. The station answers, if it is free, by a package of control called CTS (Clear To Send) which includes same information of duration. All the stations which receive a RTS or a CTS start an indicator of Virtual Carrier Sense (called VOR - Network Allocation Vector) for a certain duration. Practically all the component makers networks include such apparatuses in their catalogue. The maximum distance in outside east of 503 m to 1 Mbps in outside and of 152 m in 1 Mbps in interior. A router WIFI can be used of router or bridge. He generally uses 2 directional antennas. The networks adaptaters are specific, with an external antenna. Below the photograph of a router Wifi de D-Link.

11.6. Wireless network IEEE 802.11B+

The 802.11 B+ is derived from the 802.11 B. It uses the same frequency band but characteristic of in encoding specific since this one is done on 64, 128 or even 256 bits. For recall, current versions Internet To explore cryptent only on 128 bits. This system allows flows of 22 Mbps, that is to say the double of 802.11b. It is completely compatible going down with the standard 802.11B. A peripheral 802.11B+ will thus accept connection with the peripherals 802.11B. On the other hand, this standard is not standardized. It is thus possible that apparatuses 802.11B+ different manufacturers are not compatible.

11.7. Wireless network 802.11 G

Even if standardization goes back to May 2003, some apparatuses left front. The first apparatuses really to the standard left at the beginning of July 2003. This standard wireless idem allows connections with 54 Mbps by using the frequency band of the 2,4 Ghz (that the 802.11 b). This use of the same zone of frequency should make it possible to mix access points 802.11 B

and 802.11 B+ (in the same mark). The central point adapts its speed according to the connected peripheral, allowing to customers 802.11 B to connect itself.

11.8. Wireless 802.11G+ connection

This improvement of the 802.11G left the at the beginning of 2004 and double 802.11G connection speed to reach 108 Mb/s.

11.9. 802.11N
In development (2006), this normalization must reach 100 - 200 Mb/s.

11.10. Infra-red connection.

This type of connection will disappear and replaced by connections hertzian seen higher. The first problem of this type of connection comes from its operating mode, the light. The connected apparatuses must be perfectly opposite one the other, which is not always easy. Moreover, many solutions were proposed. Even if the IrDA connection (installed in the HP990CXi printers for example) became more extensive than the other connections, this multitude of system to strongly reduced the fields of activity. The infra-red connection IrDA allows a connection of 1 meters for a maximum speed of 16 Mb/s

12. Electric protection, UPS, inverter...

12.1. Introduction - 12.2. Operation of a switching power supply - 12.3. Disturbances of the electrical supply network 12.4. Surge outlets - 12.5. Inverter - UPS (Uninterruptible Power Supply)

12.1. Introduction.
The European electrical supply network is fed in 240 V alternate. On the other hand, the equipment (PC and computing peripherals) are supplied with D.C. current according to various values, but of low voltage (generally included/understood between + 12 and -12V). To transform voltage of the electrical supply network into acceptable voltage by the electronic instruments, a power supply is used. In first years, we saw an assembly power supply by rectifying bridge . The efficiency (the relationship

between the consumption and the power returned uninterrupted) of this power supply per rectifying bridge (4 diodes) after passage by a transformer is too weak. The power supply used in data processing is of type "switching" . This principle is not only adapted to the power supply, but also in inverter. The conventional power supply generally has an efficiency close to 50 %, until 80 % for the switching power supply.

12.2. Operation of a switching power supply.

Before starting, two remarks are essential: 1. At the price of a power supply PC, repair is not very profitable. 2. The parts are difficult to find. The technique of repair is more specific to truths electronics specialists than with the data-processing technicians. So possible repairs are difficult to realize (if not impossible). Moreover, the precautions by opening these apparatuses is types "if you the finger puts there, it is of 230 V alternate, there it is of 380 continuous..." In short, if you do not have serious knowledge in analogical electronics (transistors, high voltage) ATTENTION Let us take the diagram below.

We start from an alternative voltage and let us rectify it by a bridge of diodes without intermediate transformer. At exit, the continues voltage is about 230 V (330 V at a peak). The bridge is followed of a condenser to smooth the voltage (230V continuous). The following component is a transformer: a transformer traversed by a D.C. current with the primary education does not produce any signal with the secondary. On the other hand, if you make pass an alternating voltage to the primary education of a transformer, it arises from it with the secondary an of the same voltage forms but different value (a division according to the report/ratio numbers reels inputs/outputs). With what can thus serve this transformer well? Just on the outlet side of the transformer, a transistor is placed. This one will chop the voltage, inducing a discontinuous voltage in the transformer and thus will make pass from the

current. Chopping is controlled by the control circuit which is present at the secondary. Contrary to the circuit above, the base of the transistor is generally connected to the control circuit by a second transformer which completely isolates the exit (connected on the electrical appliance) from the entry (electrical supply network). This avoids problems in the event of overpressures on the electrical supply network. Let us see operation. With the starting of the power supply, an impulse starts a certain discontinuous voltage. This voltage will initially induce to feed the control circuit which will start to make chop the continues voltage at the boundaries of the transformer.

The more the proportion of chopping will be large on the trigger of the transistor (or bases in the case of a bipolar transistor), the more the output voltage will be large. The control circuit will vary this cutting according to the output voltage of the power supply and thus to control this voltage. A small remark before continuing. As the bridge is directly on 230 V alternate, consider that half of the assembly is under 230 V. As the departure of the assembly is a rectified voltage (continues), this assembly also makes it possible to start directly of a continuous voltage (batteries).

12.3. Disturbances of the electrical supply network.

Let us take again our basic alternating signal. 1. Complete supply breakdown : generally comes from a breakdown of the electric installation of supplier or from a circuit breaker on your installation 2. Over voltage , the network voltage is higher than the voltage for which the power supply is conceived (think of the diodes of entries). This is specific to the installations close to the electric cabins "high voltage". Even if an overpressure is not by inevitably dangerous for the dataprocessing installations (in reasonable values), this disturbance causes constraints of the components of the power supply which, in the long term, cause the breakdowns.

3. Under voltage, lower voltage than that for which the power supply is conceived and the power supply cannot provide one sufficient power. In the case of the power supply for PC, it go down at least until 180 V under voltage is generally caused by a sudden increase in electric consumption on the network by the starting of heavy electric devices: engines, compressors, elevators... but also by a too significant distance compared to the high-voltage cabin. 4. Transients . Interfering signals forwarding at the same time as the basic electric signal, these transients can reach until 4000 V but are generally definitely weaker 5. Micro cuts . Weak cuts of the electric signal during a few milliseconds. 6. Peaks: overpressures of very weak duration (less than 1/120 second), but of intensity being able to reach 4000 V and more. They are caused by the stop of various machines of strong powers (air-conditioners, electric household appliances...) which dissipate the surplus voltage on the network. Here also, one attends a wear of the components. 7. The lightning . An abrupt and significant overpressure. The lightning comes from weather phenomena (storms), on the electrical supply network and the telephone network. The third source of the lightning goes up ground and there, you can almost nothing make, no effective protection does not exist really even if that represents less than 1% of the cases. These increase of voltages of the ground are often localized in the same zone (a district for example). How will behave our switching power supply in these cases: In the event of complete voltage cut, the switching power supply cannot supply the PC In overpressure any more, cutting will control the output voltage (with a voltage of entry until 280 V for the PC), as long as that does not last too a long time. In transients, after a first rectification, one can hope that it is reduced. The transformer will completely let it pass and the second condenser (often coupled to a coil of smoothing) should remove it (would have). In practice, part of these transients pass PC power supply ATX. It is the same for the peaks for voltage. In the case of the micro cuts, the condensers act as shield partly. For the lightning, directly think of changing and the following power supply and charts. In short, a part is protected, but not all.

12.4. Surge outlets

These apparatuses protect from over surge and the lightning. In the event of over surge, they disconnect equipment from the electrical supply network. Often, after only one overpressures, they can be replaced. Only some apparatuses use a restoring which makes it possible this protection to continue. Worse, certain apparatuses having taken the lightning continue to function. without protection.

In short, it is not inevitably the solution for professional installations.

12.5. UPS
A UPS (Uninterruptible Power Supply or Inverter) includes batteries which supply the processing equipments connected at the time of an interruption of current, fact office of circuit breakers and on the whole regularize the network. One distinguishes three types of inverters:
y y y

On-line UPS Line-interactive UPS Off-line UPS.

In the three cases, they can be provided with a connection (series or USB) which, via a software installed on computer PC, the computer at the time of an interruption of current stops properly. An inverter does not have an inexhaustible resource and generally stops after 10 minutes. In the case of a server, connection towards the PC makes it possible to correctly stop the applications before extinguishing the server. The inverter stops the power supply of the server when it is extinct. By an option in certain BIOS, one can ask to start again the PC when the power supply network returns. The duration of the safeguard depends on the power of the UPS, expressed VA from there (and not in Watt). Consider that for a given installation, the power of the UPS for a 10 minutes safeguard must be of P installation (Watt) X 1,6. For an installation of 350 Watt (server + monitor), the UPS must thus make minimum 350 X 1,6 = 560 VA. If the power used by the installation is higher than VA from the UPS, the inverter risk either to be destroyed, or to put itself in safety. In the same way, avoid connecting printers laser, the current consumption all at the beginning of the impression is very significant and is likely to damage the UPS. Remain the batteries. It are generally with lead in 12 V, settings sometimes in series to reach 24V and parallel to allow one duration of longer safeguard. From their design, the batteries must regularly be completely discharged to avoid a ratchet effect which makes them unusable, on average every 6 months.

Some inverter includes protection for the of cables network and of telephones. APC even left the redundantly UPS (duplicated) for the of server, one is never too careful. The OTHER large one of market MGE should emergency long in doing it. You cannot in no case to use an inverter to protect a laser printer. This is related to the excessive consumption of these printers at the time of impression starting.

12.5.1 Off-line UPS

Diagrams of operation of an Off-line UPS

Voltage regulation In black, evolution of the electrical supply network, in green the output voltage of the inverter

Off-line technology is the least expensive and thus most current. The electric voltage passes by a relay. The output voltage is then filtered to accept certain variations of voltages and to remove a part of the parasites. At the same time, the batteries 12 V are reloaded via the converter. When the voltage on the network disappears (or decreases below 176 V or higher than 280 V), the relay opens and the alternative output voltage 220 V - 240 V east recreate starting from batteries 12 or 24 V. The reaction time is relatively high, considering the time of closing or opening of the relays. These electric apparatuses of regulation do not control the micro cuts of the network.

12.5.2. Line Interactive UPS.

These inverters of average range are similar with the UPS Off-line. The difference comes from management of the cuts by a microprocessor which monitors the quantity of voltage and reacts to the variations. A booster rocket, compensating network of voltage is activated in the event of fall of prolonged voltage. The constraints of the power supply are thus less important in this case.

Diagrams of an inverter line-Interactive

Voltage regulation

The electrical supply network passes initially by a filtering of the transients. If the network supply is sufficient (above 176 V), the network passes by the booster rocket which does not intervene. When the voltage remains sufficiently a long time in under voltage, the booster rocket will inject a voltage via the continuous/alternate converter for "booster rocket" the network fed for a short period. When the voltage of the electrical supply network passes below 176 V, the inverter starts completely by opening the relay of entry (more power provided towards outside). In the case of the regulation of voltage, in the event of lower then 205 V, the booster rocket sends a voltage on the whole of the assembly for a short period (same if this voltage can be repetitive). In the event of is fall of voltage under 176 V, the voltage supply of the PC done only via the batteries.

12.5.3. On-Line UPS

The operation of an On-Line UPS is definitely different. The voltage of entry is systematically rectified and permanently supplies the batteries. This voltage recreates then a output voltage 240 V In the event of cut or of fall of voltage, the batteries ensure the power supply of the continuous/alternate converter. In the event of under voltage, the output voltage is at the same time created starting from the batteries and of the network, which is not the case of the UPS Off-line. Unfortunately, the batteries are practically requested all the time. They thus are more often changed. As the batteries are worth easily 2/3 of a price of a new equipment ... These equipments use also 2 circuit of by-pass. The first circuit of bypass makes it possible to pass in addition to inverter. This manual possibility makes it possible to supply the equipments without passing by the UPS (UPS breakdown for example). The second by-pass functions a little like the off-line UPS and makes it possible to save the lifespan of the batteries.

12.5. Protections comparisons

entry

Surge outlets

Off-line UPS

On-line UPS Power Supply by batteries and network Power supply by the network and the batteries so necessary

< 180V

Equipment is not supplied any more

opened relay, power supply only by the batteries

180 - 220 V

Normal operation

According to the model, simple voltage regulation or complete intervention of the batteries the values is decided with the design

220 - 240 V

Normal operation According to the model, simple voltage regulation or complete intervention of the batteries the values is decided with the design Operation by batteries. Operation by batteries Operation by batteries, attention and cut of with the times of opening of the the circuit relay. breaker (Reset obligatory) completely removed completely removed Power Supply by electric network

240 - 280 V

Normal operation

> 280 V

Abrupt cut

High-voltage, the lightning

Abrupt cut

Peak of short duration No detection generally Micro cuts

Partial filtering

Partial filtering

Electric protection remains a compromise between the price of the protection equipment and the importance of the material to be protected. The safety of a processing server of company requires an inverter online at least, whereas a micro-computer is probably satisfied with a circuit breaker. Lost one hour of production costs definitely more than the price of an inverter. In order to to ensure longer batteries protections, you cannot plug laser printers in an inverter. In this case, the only possibility of electric protection is a surge only outlets. UPS protect only computer and its screen.

13. Exercise: structure of a corporate network

13.1. The exercise - 13.2. Global architecture of the network - 13.3. Connections of the network administration - commercial - 13.4. Connections building manufacture - order 13.5. Global connection of network - 13.6. Another point of view: mix protocols on the network

13.1. The exercise

This is the examination of the year 2002-2003 of the course hardware of second year. As the theory without the practice is not used for large thing, let us see a concrete case of the architecture of an installation network (equipment to be implemented) in a company. The examination is done with access to the course. We will use the following chapters. The Ethernet concentrators (hub, switch, router): Hardware 2 chapter 5 Specificities of the host computers: Hardware 2 chapter 7 Storage and safeguard in network: Hardware 2 chapter 9 Remote connection, safety and division: Hardware 2 chapter 10 Wireless networks: Hardware 2 chapter 11 Electric protections, UPS: Hardware 2 chapter 12 This gathers practically the whole of the course hardware 2, except the network equipment parameter setting. Chapter 17 had been used as examination for the year 2001-2002.

The Question of the exercise

2 buildings to be connected distant of 80 meters (no chance, a road in the medium). Each building has two stages with 2 different departments (either 4 departments). I want absolutely

levels of safety (hardware) so that each PC of a department cannot (except authorization by workstation) be connected on another department. This solution of protection will be coupled in practice with software protections which are included in the other courses "Technician PC/network". The departments are 1. Building 1: 80 PC of manufacture (not of access Internet) and 1 server with a dedicated software. Outdistance maximum with the server 100 meters which we will call Fabrication. This department gathers manufacture, stocks, management of transport... It is the department to be protected. A stop of factory of 1 a.m. costs definitely more expensive the company than a 2 days stop of accountancy. 2. Building 1: 10 commercial computers for orders and 1 dedicated server. Some of them can have access to the service of the server of manufacture on a radius of 30 meters. No access Internet, nor towards building 2. We will call this department orders 3. Building 2: 10 administrative PC: direction, accountancy... on a radius of 30 meters. Valley will call this Administration department 4. Building 2: 10 commercial. and various services on a radius of 30 meters. We will call this commercial department. Building 2 shelters a small file server (documents Word, Excel...) and a server of application (accountancy), called administrative server. Certain PC can have access to the server "management of order". Building 2 (administration and commercial) must have an access made safe on Internet via a line ADSL. It must be possible for the commercial ones to be connected to the server of the remote company via Internet. I do not speak about safety via passwords, but well parameter setting TCP/IP or computer equipment. It is definitely surer, even if the passwords users are far from being optional. Give the diagram of the installation taking again the servers, concentrators used (hub, switch, router, a number of ports), types of connections, cables right or crossed... If you use a HUB or a switch, explain. I explicitly do not ask for the mark and the apparatus of each concentrator. Isn't attention what a switch of 80 ports, it current, manageable? The installation of the network must be complete, think of the safety measures of installing (electric protections, safeguard) and of the types of servers used. As computer equipment network can break down, the material must be standardized (for example switch) so that one can use a minimum of material of reserve: standard maximum of concentrators in the same way and capacity for the whole of the network to use only one apparatus of replacement for all the company. I do not ask for the parameter settings of the apparatuses, just the structure of the Ethernet network.

You do not occupy too much the budget, but choose the characteristics as a responsible data-processing manager (not need to use of Ethernet gigabit on optical fiber to connect the stations).

2. Global architecture.
To facilitate the installation of the architecture of our network, let us examine the apparatuses to be implemented. We will use the following drawings to facilitate the analysis of the total diagram of the network.

Server

Switch or Hub Ethernet (here a DES-1024d of Dlink 24 ports 10/100)

Switch manageable: to authorize (or block) certain connection of PC towards PC (or rather of groups of PC), in more of the passwords sessions users managed by the operating system Here a DGS 3224, 20 ports 10/100 and 2 gigabit ports base of them T (copper) of Dlink

Router without Wifi wire, usable like router and bridge. We could use simple a switch without wire in our case.

A Cable RJ 45 Cross

modem router ADSL, here a tornado Copperjet 812. It can be used like simple modem in bridge mode

A firewall - VPN (here a series 100 of Symantec) gives the division of the connection Internet and access of outside to the corporate network

Router firewall integrated allows of protected connections by blocking certain ports and/or certain beaches of addresses.

a simple router

NAS (here a series 300 low cost of IOMEGA)

A department with the associated PC

UPS (here APC Safeguard on tape 420W, a little SDLT (here weak for a server): Quantum models) electric protection Let us analyze the problem according to the various parts and authorized directions of communication. This will divide the problem and approximately will plan the apparatuses to be used on the level connection, routing and safety. The departments administration and commercial are not very different. They use both: Internet (it is only), the same servers (a file server and a small server of application). On the other hand, a computer of the administration must be able to be connected on the department orders (but not on the department manufacture), the commercial department cannot in no case to connect itself on the departments orders and manufacture. The access of Internet towards the servers of building 2 (administration and commercial) obliges us to use a firewall VPN for connection Internet (here a series 100 of Symantec) and a modem ADSL (here a tornado 812 used in bridge (see chapter 17). With the 20 computers included in building 2, there does not need a very powerful, but sufficiently protected apparatus. As the access of outside is possible, connection must be of fixed type IP. This gives us a good walk of operation for connections.

In black authorized communications (even with blockings), in red those which should be blocked. Ca gives a good idea of the total structure of the installation. The road between the two buildings will block us with a connection on copper or optical fibre. We will have to already use a connection without wire, of type WIFI 802.11B with 11 Mb/s (possibly 802.11B+ with 22 Mb/.s). As speeds of communications are not too important, the use of 100 base T (possibly 1000 Base T for the servers) is sufficient for the whole of the network.

13.3. Connection administrative and commercial department

Connection between administration and commercial must let pass certain communications (but not all). Moreover, they use the same servers. We can use is two classes of different addresses (from where the use of routers to connect the 2 departments), that is to say a switch manageable (and thus to block or authorize certain connections) by using the same class of IP addresses. To use 2 router for the communication directly weighed down the parameter setting. Choose the solution even class of address (for example 192.168.10.X) for all two department and let us block the accesses to the level of a switch manageable. The departments use a server of application and a small file server. Like file server, to reduce the costs, let us use a NAS. As we must connect 20 PC + 1 server +1 NAS + 1 connection building 1, the apparatus to represent (20 ports + 2 Giga) would be insufficient but we could use a switch 8 ports additional. The NAS are seldom in 1000 Base T. For connection towards the second building we must use a connection without wire. As building 2 can have connection towards the department orders (not towards manufacture) we will use classes of different addresses for building 1. This requires the use of a router. As connection must be protected (blocked starting from building 1 towards 2) more prohibition of connection Internet towards building 2, let us use a router firewall and a router 802.11B in bridge. In this case, the firewall will not be used to block ports: in an internal network, the dynamic ports (1024 - 65535) are used in a random way for the internal communications networks, we cannot block them. We only will block the communications on the beaches of addresses. For example to block the communications of address IP of the VPN towards building 2.

Another solution to block the access "Manufacture" - "administrative" would be of protected the wireless network according to the Mac addresses of the department administration computers Here our diagrams material network for building 2.

13.4. Connection Building manufacture - order

The communications machines towards order are prohibited. Only the communications orders towards factories are authorized (under certain reserves). We again have 2 use potential of the classes of IP addresses. Either two classes different with employment from router, or the same class of address with a switch manageable (with the choice).

Case 1: use of 2 classes of different addresses.

The use of a router (and thus 2 classes of addresses) will increase safety. The use of a router with firewall is not obligatory since the bi-directional communication requires two routers whereas we use the communication only order towards manufacture. This prevents already the factory from being connected towards the department orders. The safety starting from Internet is already ensured for recall with the VPN and the firewall placed at the exit of the administrative building towards router WIFI. In the same way, for the communications of building 1 towards building 2, we can either use a router WIFI in bridge mode and a firewall (case below), or a router WIFI without firewall. Safety is in any event ensured by the firewall on other side of the connection without wire.

The number of switch 24 ports for the manufacture part was voluntarily reduced for the clearness of the diagram. It would be necessary minimum 4 of them for us, even 5 to have lines of reserves. The use of only one switch of 96 ports could pose problems length of cables and in the event of breakdown of this only apparatus, all manufacture would be blocked. The use of multiples switch 24 ports makes it possible to have of them 1 of concerning the whole of the building. For recall, a number of HUBS (less constraint for the switch) is limited to maximum 2 between 2 PC into 100 base T (even if if more is often used), the server manufacture must be connected on the first switch of manufacture The use of a router firewall between the switch and connection WIFI 802.11B is not necessary if a firewall is installed other side. They would make double employment (what is not too serious) but would oblige a more complex configuration of the infrastructure.

Case 2: use of the same class of address with switch manageable.

In this case, all the PC are in the same class of address, the use of a router (or router firewall) is not more necessary between the two departments, it is the switch manageable which will accept or block the communications. In this case (and contrary with the preceding solution), one can block the communications in manner hardware between the PC of the orders and the PC of manufacture).

This solution is definitely more expensive (but protected). It makes it possible nevertheless to connect the servers in 1000 bases T on the switch manageable. The distances between each PC, servers and concentrators are respected since that in 100 base T in 1000 bases T, the maximum distance is 100 meters. For recall, the switch manageable generally work with the MAC addresses. In the event of breakdown of a PC with standard exchange (what is made in practice to minimize the stop), one is likely to have to reprogram the switch. It is not inevitably level of all the maintenance men of factory (without counting the passwords administrators to parameterize the switch). On the other hand, certain models accept the regrouping of station according to protocol IGMP.

13.5. Total connections of the network

It any more but does not remain to connect the 2 corporate networks and to position our safety measures (UPS and safeguard) and to choose the servers. The servers used for building 2 and the orders are in fact small servers. On the other hand, the server used in manufacture is a muscular server of application (with dedicated software) of bi-processor type. For reasons of data security, we use servers SCSI RAID 1 or better RAID 5. More the processor is large more it consumes. The UPS (of On-line type preferably) will have to be in report/ratio. For recall, power of UPS = consumption by the server X 1,6. For a server consuming 800 W (screen included/understood), the power of the UPS is thus of 800X1,6=1280 W.

For the safeguard of the data, we will use tapes of the type DAT or Super DLT for the capacities of these technologies, but also on the level speed of safeguard.

We could still add on the diagrams of the small UPS for certain stations or concentrators, according to desideratas' of the company.

13.6. Another point of view of this connection: mix protocols.

In the assemblies above, we used exclusively protocol TCP/IP. There is 2 different: the IPX and NetBeui. NetBeui is not routable, the IPX (used mainly by the networks NOVELL), yes. The following diagram goes mixed protocols. To reach a server, the PC must use the same protocol (but it can use some several at the same time). In the case of administrative building 2, as Internet is used, TCP/IP is obligatory. On the other hand, in building 1 (order and manufacture), Internet is interdict at exit as in entry (intrusion). We clearly will reduce the number of apparatuses while using in building 1 only IPX and for building 2, the PC which must be connected on the order part will use IPX and TCP/IP. This way of proceeding will block all the direct attempts at intrusion of Internet towards building 1. On the other hand, the connection of the department orders towards Fabrication (and screw poured) will be only blocked by the rights of sessions and the communications will be able to also pass from building 1 towards PC IPX of building 2. It is enough to block the divisions in building 2 in IPX.

In this case, we replace a switch manageable by simple a switch (with others of the same type used on the whole of the network) and more any firewall as a whole of the network (with share the VPN for Internet). This solution is not to consider for a factory of 500 PC, but well for average structures. The users of networks NOVELL will probably privilege this solution.

13.7. Errors and remarks of the examination

After correction, I takes again the errors of the architecture of the network. Some remarks and errors of the examination are taken again here.
1. Network building 2: 2 different addresses classes of IP for administrative and commercial connected both on the wearing of entry of the VPN (correct connection Internet) but not from router enters both. In this fact, no interconnection between the 2 groups of more serious computers but, 1 only department out of the 2 will have access to the server and the NAS. In short, the network infrastructure building 2 does not function. 2. 2 classes of different addresses for order and manufacture. The PC orders connected on a router 16 port (am not sure that that exists) and connected on a HUB 8 port which is connected on 5 hub 24 ports for manufacture. As the Fabrication server is a dedicated application, it is supposed that the PC will not be connected between them but all worms the server in their turn with some problems of collisions (the server will answer each one in its turn, which can be correct). On the other hand, the use of Hub like head of bridge between the router orders and the various HUB manufacture directly will slow down the whole of the network. 3. Use of 2 firewall (1 on each side of wireless bridge), configuration of the architecture of the more complex network.

14. Alternative technologies network

14.1. Introduction - 14.2. Technology IPP - 14.3. Ethernet connection by electrical supply network - 14.4. Voice over IP

14.1. Introduction.
Are gathered here a whole of hardware technologies which are more or less in the course of designs and other not easily classable technologies in the other chapters.

14.2. Technology IPP

This technology will make it possible to print via Internet. It is developed since 1996 jointly between various suppliers of printers (HP, Novell, Microsoft, Xerox, Lexmark). It will use according to last developments' port NETBIOS 631 instead of port TCP 80 used by HTTP. The current developments also lean on a printing address of type "ipp: instead of http://www.... this technology will not only make it possible to print remotely via Internet, but also to ensure certain administrative tasks on these printers or to even print a Web site remotely.

14.3. Ethernet connection by electrical supply network.

14.3.1. Introduction.
The network more the current is the electrical supply network in 230 V Several attempts has or is under development to make pass digital information (data-processing network) via this electrical supply network, in particular connections Internet with more or less of success. On the other hand, various manufacturers propose since the beginning of 2003 of the solutions of internal network via the electrical supply network (in competition with the networks without wire). With chapter 12 of the course hardware 2, we made a turn of the electrical supply network. Before studying some possibilities, let us see some constraints of the electrical grid. Some recalls: The domestic network in a dwelling is in 230 V single-phase current. On the other hand, the external electrical supply network is in three-phase current (3 phases or 3 phases + neutral). By taking 2 wire, one obtains the network single-phase current. So that the signal is propagated from one point to another, it is necessary that the 2 points are on the same phase. It could be very well that you can communicate with a house with more than 100 meters and not to be able to

reach the house at side. It is the same problem with the apparatuses to supervise the infants of the type "baby phone". To transport the electrical current on long distance, the electric tension is increased to reduce the losses of energy. It is what is called high voltage the lines which exceed 5000 V to pass from the tension 230 V to the high voltage, and live and poured, one uses a transformer. These transformers reduce (or increase) the interfering signals and the digital signals at the same time as the tension of the network. Moreover, from the effect of coil of a transformer, the shape of the signals is modified. This explains the problems of connections Internet by electrical supply network currently met under development at EDF in France. With the chapter on electrical supply protections networks, we also know that this one is traversed by many parasites. In the mediums "machines", this solution is likely to pose serious problems.

14.3.2. Connection Internet.

EDF in France in particular develop a broad band access Internet via the electrical supply network. The major problem that they try to solve comes from the modification (loss) of the signal at the time of the passage through the transformers in the cabins "high voltage". This solution is limited for a village or a building.

14.3.3. Ethernet via electrical supply network.

This solution already exists in Belgium since 2003. Same manner as the modulation of the modems, the signal is modulated on the frequency of the electrical supply network. The constraints related to the transformers are also of setting. The problems of the phases of the network are the second problem.

The Ethernet connection through the electrical supply network (Ethernet Over Power Line) uses specific equipments that take care of the transfer of the signals via the power line. Other side, the apparatus is provided with a traditional connection Ethernet 10/100 which is connected on the chart networks of the PC, Hubs, switch... The maximum capacity of this type of installation is of maximum 14 Mbps, that is to say a little more than Wifi 802.11B to 10 Mps. The maximum distance is currently limited to 200 meters. But the characteristics should evolve/move in the next months (semi-2003). The method of communication uses a modulation of the type OFDM (Orthogonal Frequency Division Multiplexing) already used in the standard 802.11a. This technology integrates many functions, like the management of QoS (classes of priority, controls latency, and adaptation of the rates of transmission to the travel time of a package). This solution makes it possible via other equipments to connect directly via port USB of the PC while forwarding by the electrical supply network. The speed is limited here by that of the port USB 1.1 which is 12 Mb/S, a little slower. In this case each PC to be connected receives an interface.

14.4. VoIP, Voice Over IP

At the beginning of the networks, the connections used telephone wire. Just reward of the things, the connections networks will accept the telephone links and, in general, the way on networks TCP/IP. A distinction before starting. It is imperatively necessary to dissociate VoIP and ToIP. In the first case, the Ethernet network makes it possible to make forward the word. In the second case, software makes it possible "to telephone" via Internet network. ToIP is thus related to the software than with the infrastructure network. The advantage is especially related to the long-range communications (via Internet). Nevertheless, this solution also functions on the internal cable network of the company with a communication towards operators using a particular telephone exchange on the site of the company (allowing to connect telephones within the company), making forward signal TCP/IP voice on Internet network to reinject it on either another connection Voice/Over IP, or like a normal telephone call. VOiP uses telephones (and telephone exchanges) particular. Technology currently evolves/moves with corrections, in particular on the level of the losses of packages, problems of echo, transfer time of the voice or even of the variations of times between the various parts of the aural signal, which made sometimes the message incomprehensible. Several protocols are currently used: . H 323: the standard currently most widespread but guaranteed not a quality of the service. This technology (hardware and software) is in particular used by Net meeting of Microsoft. . SIP (session Protocol Initiation): new standard closer to the data-processing world than of telephony, the messages are of similar format to a text application (like navigation HTTP). This guarantees a better quality of reception of the signal. This protocol also allows a better establishment in the programs. SIP consists of 8 routines: Invite, Register, Bye, ack, chancel, options, subscribe and notify. Coupled to XML, it carries out to under-potocole IPTML (Final IP Markup Language). The whole of the 2 should make it possible to gather texts, sounds, videos in the same transfer of data.

The reader should not thus think too much in term of communication Internet, but well in telephone term of connection forwarding on Internet.

15. Touch screen monitor and Video multi-media projector

15.1. Introduction - 15.2. Touch monitor - 15.3. Video projector

15.1. Introduction.
In first year, we had approached CRT monitors and the flat-faced monitors. These technologies are largely widespread. To perfect our knowledge, let us see the two other types "screening": the touch monitor and the video projector.

15.2. Touch screen monitor.

The touch monitors directly make it possible to order Windows while pressing on the monitor with the finger or pens special. This technique is not very precise for normal programs, but are used rather easily with professional programs conceived for stores, HORECA, hospitals applications, or in certain industries. Approximately, these monitors are identical to normal monitors (CRT or flat). An additional connection connects on the serial port or USB following the models, replacing the mouse.

These monitors include/understand various parts:

y

y y

a tactile paving stone installed on the internal monitor of manner (in the past, one found panel with fixed on monitor but they disappeared). It provides a power according to a matrix which indicates the place precisely where one supports. a controller who allows to indicate the exact place and sends it as for a click mouse towards the PC via the port series or USB a software which emulates a mouse according to the signals provided by the controller.

The tactile paving stone is cut according to lines and columns. The lines and the columns are separate. When a point is pressed, the line and the column where one supports come into contact making short-circuit. The controller determines the place according to the line and the column.

For example, if we support on the intersection of lines 1 and columns 3, the flow of these 2 only lines is cut. This determines the exact position where the finger is posed. On the first touch monitors, one even directly posed a grid on the front face of the cathode ray tube. Since, several types of touch monitors are developed. Each one has its advantages and its defects.

15.2.1. Resistive touch monitor

The touch monitors answer the pressure of a finger or a pen. They generally include/understand a base out of glass or acrylic resin which is traversed by a grid containing of the resistive and conductive layers. The interior layer is separated by invisible points. These monitors are generally the least expensive. Nevertheless, their clearness is less compared to a normal monitor. They are nevertheless very solid, including under chemical conditions or liquids. Application: chemical restaurants, factories, some medical applications.

15.2.2. Infra-red touch monitor

These touch monitors are traversed not by electric cables, but by infra-red raies (invisible with the naked eye). Instead of integrating the tactile part on the monitor, the grid is placed in front of the monitor. A diode and an electric eye (which provides a power in the presence of light) are installed at each ends of lines or columns. While supporting on a given place, one thus breaks luminous flow. Like this type of monitor does not include moving parts, they are particularly solid also. Nevertheless, their use is limited in certain parts where the luminosity is too large, as vis-a-vis with a window, under certain angles.

15.2.3. Acoustic technology of surface. (Surface Acoustic Wave, SAW)

It is technology more currently advances some. They function in the same way as the infra-red monitors. Two sound frequencies are generated, one coming from the left, one of the top of the monitor, moving through all the monitor. The signals rebound continuously on the edges until the moment when they reach the side opposite of the emission. When a finger touches the monitor, the sound wave is absorbed, and is returned more slowly towards the opposite probe. The delay makes it possible to determine co-ordinates X and y of the point of impact. With the difference of 2 other technologies, part Z can also be given. This makes it possible for example to determine if the person supports more or less extremely. As the front face of the monitor is out of glass (idem that for a normal monitor), they can also be wet. Clearness is particularly high for this type of monitors.

15.2.4. Capacitive.
The capacitive tactile paving stones consist of a surface out of glass traversed by a grid of capacitive load. With the difference of the resistive monitors, the fingers cannot be used on this type of monitors. You must obligatorily use a conductive special pen. While supporting on a given place, one creates a capacitive connection which modifies the frequency of an oscillating circuit following the place of the impact. This frequency (or rather the difference) is used to determine the place. These monitors are solid with an excellent clearness. They are usable in practically all the environments.

15.2.5. Comparison
Surface Acoustic Wave means good Finger or broad pen do not resist water, likely of moulds

Resistive resolution of touched clearness Operation

Infra-red

Capacitive

High Means finger or pen Can be damaged by pointed objects

High good finger or pen

High good special pen

Durability

very high

very high

15.3. Video projector

The videos projectors make it possible to post the videos sources coming from various sources on a distant monitor of the projector: computers but also TV, video tape recorder... In the case of the TV, several standards are represented according to the country. Standard NTSC is used in the United States in general on the American continent. France uses the standard SECAM while the majority of the other European countries use the system STAKE. The video projectors are characterized by their luminosity expressed in Lumens. For small rooms and a restricted number listeners, 600 lumens is sufficient. On the other hand, for rooms of 600 semi-enlightened people, 2000 Lumens is a minimum. The luminosity also determines the maximum distance between the support of projection (monitor) and the projector. The resolution of a projector is in conformity with the definitions of the graphics accelerators. The resolution of posting is thus determined by the resolution selected about the PC and the maximum resolution of the projector. This intervenes only for "data-processing" postings, the definition of a DVD being lower than that of VGA.
Normalizes VGA SVGA Horizontal resolution * vertical resolution 640 * 480 800 * 600

XVGA SXGA HDTV HDTV more QXGA

1024 * 768 1280 * 1024 1920 * 1080 1920 * 1200 2048 * 1536

The videos projectors generally integrate several connectors of entry, as well dataprocessing as video. Certain projectors allow the use of a laser mouse which replace the mouse directly on the projection monitor. High speakers are sometimes added in the case. They are insufficient for normal presentations. Certain projectors make it possible to reverse the image. This makes it possible to hang the projector with the ceiling with back. One finds in the market of the TV-Hifi of monitors LCD (or even monitor plasma) of the same type as the monitors. This technology was already seen in first. One finds three technology: LCD, CRT and DMD.

15.3.1. Technology LCD (Liquid Crytal Display)

Video-projectors LCD are most current and most transportable since their weight often turns to the turn of 3 kg. Of a compact weight, their luminosity is sufficient for the majorities of the presentations and the home cinema. Other side of the coin, the lamp is relatively expensive and fragile (2000 hours typical lifespan, of 1500 to 4000 hours). The pencil of light generated by the lamp crosses a panel made up of a multitude of points (liquid crystals). The orientation of each crystal is determined by an electric field. According to the orientation, the light will be more or less important on the monitor according to three basic colors'. The maximum resolution is determined by the number of these crystals. Tri-LCD technology is a derivative. The videos-projectors using this technology uses 1 not friends 3 panels luminous. The quality of the image is appreciably improved with higher resolutions. In the 2 cases, the precision of the image is degraded with the distance. This explains why each projector has a maximum size of posting. A manual adjustment nevertheless is envisaged on the objective.

15.3.2. The projectors videos Tritube.

This technology made famous for Belgian firm BARCO uses a similar technique with that of the TV. Although most luminous with true contrasts (the black is indeed black), this technology is used little out of data-processing projectors. This technology allows the largest postings (up to 10 meters length) with one lifespan old lamps 10.000 hours. Contrary to other technologies, the lamp opera hat not but wears. The disadvantages are nevertheless numerous: delicate adjustment (practically a technician with each change of place of the projector requires), obstruction important, fixed objective (not of zoom) As these projectors allow a projection only in the darkness, these projectors are reserved for true the cinema, especially considering their price.

15.3.3. Projectors DMD (DIGITAL Micro mirror Device) or DLP (DIGITAL Processing Light)
Invented by Texas Instrument, technology DLP rests on a matrix of mirrors called DMD. It east is similar with that of the LCD, except that the crystals liquid are replaced by small mirrors controlled by transistors. The mirrors rotate on their axis to determine which light is projected along an axis from + 10 A DMD chip makes approximately 2 cm 2 and contains between 500.000 and 1.300.000 microphone-mirrors. The luminosity is higher than that of the LCD with a rate of excellent contrast (though lower than that of the tri-tube). This technology is integrated so much in home cinema than in data-processing video projection and will replace technology LCD in the long term. Nevertheless, as for projectors LCD, the lifespan of the lamp (and its price) makes it not easily usable for an intensive use.

The light is projected by the lamp on an optics of correction. It crosses then a chromatic wheel (separation of the colors) which is again corrected by an optics of control. System DMD controlled by the chart with processor DLP then will transmit (or not) towards the monitor via a lens of projection. The chromatic wheel with some side effects on the image in particular a small effect of flutter.

17. Exercise: connection router - firewall hardware with an ADSL RJ45 modem.
17.1. Introduction - 17.2. Modem ADSL Tornado Copperjet 812 - 17.3. Router - Firewall Hardware - Switch - 17.4. Parameter setting network and Internet of the connected PC 17.5. Log of a connection Internet.

17.1. Introduction
Without the practice, the theory is not used for large thing. This Internet connection sharing exercise takes again the connection and the parameter setting of a router - firewall material with a modem ADSL RJ45 (a router used like bridge, simple modem ADSL), the whole connected to an Ethernet network. This protected professional installation is reserved for the companies.

If you buy a modem directly with your web access supplier, not of problem, it is configured thanks to a specific file. On the other hand, if you buy an equipment outside, you must practically reinvent the wheel, without technical support. The tricks given here will be used to facilitate the life for other connections ADSL. Parameters Internet given below are specific to the Internet Access supplier SKYNET (Belgium).

17.2. The modem - router ADSL

The modem ADSL is a tornado Copperjet 812 of Allied Data, modem ADSL RJ45 accepting up to 8 Mb/s in down load (Internet towards PC) if the subscription allows it and integrated router. Opposite front, 6 Led to post the speed of connection ADSL, 2 for the type of connection, 1 Led for the presence of the ADSL, 1 for the emission and 1 for the reception. A LED posts the presence of an Ethernet connection. The front face also included a button to take again the starting configuration of the manufacturer (push between 5 and 10 seconds). Opposite back, a catch of Ethernet connection towards the network or the chart, 1 catch of connection cables telephone for network ADSL. Two models of connection are proposed. Maybe, connection with a HUB (or a switch). The apparatus is then used as router ADSL and directly allows the division of connection Internet.

Maybe, connection directly on a PC provided with a chart network Ethernet 10 (or 100). In this case, the apparatus is used as modem ADSL.

We will use a similar connection to the second solution. The second apparatus (a firewall - router Hardware) below will be used him as router and the Tornado router will be used in "Pont mode" (finally like simple modem). Notice the difference in connection to the level of cable RJ45. In the case of a PC, one uses a cross cable RJ45. In our case, as it acts of a router and not of a HUB, we will also use a cross cable. Modems TORNADO are solid but have a complex documentation systematically and... a configuration using an application software. This often poses problems with the new operating systems (incompatible programs). Modem ADSL must be directly connected on a chart network to be configured. The installation of the program is with the range of any processing user. After the installation, one finds 2 software: one of configuration and a monitor. You can check by the monitor the version hard firmware. As models itself can be parameterized only of direct connection, let us start with this one.

The use of this modem requires the loading of one profiles (a specific file). Let us click on Edit/new profiles to create such profiles. Once the recorded file, the following window appears. Here all modes of use of this modem. We will see them in turn, with each time the use and the configurations.

17.2.1. bridged mode (bridge)

This bridge mode allows the connection of the modem like footbridge. In this mode, we use only the modem part of the router, all the other functions are deseabled (login and password, NAT, firewall possible...). In the window, we return:

1.address IP Lan: defined by the user in class 3 of IP addresses, is 192.168.0.0. to 192.168.255.255. This corresponds to the beach of the internal addresses network. Let us decide for example 192.168.1.2.We will take again this address in all the following cases. 2. Subnet mask: mask sub-network. In the majority of the cases, this mask is 255.255.255.0 3. The address gateway, is the address of the footbridge, typically that of the router: Let us take 192.168.1.1. 4. VPI/VCI. First problem, these data are seldom provided 5. PCR (Peek Cell Misses). This number must lie here between 0 and 500.000. As this represents maximum speed, I type 500000. Notice that in another router, the default value was 864000. 6. Packet Filter: filtering of the data, either no (by defect), or lets pass only packets PPP (Forward), or only IP. Leave by defect in the majority of the cases. Leave the other default settings. 7. DNS relay must be address TCP/IP of the modem in the event of bridged., but it is not necessary in this mode

17.2.2. Routed mode, modem installed on a HUB.

This mode makes it possible to make a bridge between a local area network and a network WAN at fixed address IP. The parameters are practically identical, except that: You must specify the address Wan (Internet). In the case of a connection ADSL with address TCP/IP fixes, it is the working method. You can also use in this case the modem out of server DHCP (configuration automatic addresses TCP/IP). The data are identical to the bridged mode for the remainder.

17.2.3. PPPoA Mode.

This mode PPPoA and the PPPoE following is used for a direct connection Internet (case where the modem is directly connected on a network adapter. In Europe, the PPPoE mode and the PPoA mode can both beings employed. This depends on the modem type and of web provider. In theory, the PPPoE mode is used by modems RJ45, PPPoA for modem USB. By configuring a TORNADO 810 (successor of the 812 introduced here, firewall integrated), the configuration on a subscription tiscali.be functioned only with the PPPoA mode. A large difference compared to the preceding modes, you must type here the login and the password provided by the supplier of access. For recall, the login is a loginfourni@provider In the case of skynet, it will be of the gv52222@SKYNET type. The password is that provided by the supplier of access (provider). Protocol PAP/CHAP is to be tested for each supplier. VPI/VCI is specific to the supplier. NAT (translation of address) must be notched when your address LAN differs from your address WAN, which is in the large majority of the cases the case. The program asks for the type of connection here. In our case, it is Ethernet and us stoppers the address and the usual mask: 198.162.1.2 - 255.255.255.0. This address is necessary for later configuration (case of a direct connection). Type address DNS relay. This one must be the address provided in DNS in the local area network (on each station), but it is not obligatory to type one of them, in particular in the operating systems 2000, XP and superiors

who include it automatically. We will see DHCP server later.

17.2.4. Mode PPPoE (Not To Point Protocol Over Ethernet), mode by defect in Europe for a direct connection.
The configuration is identical to that PPPoA, except the NAT is of notched office and that protocol PAP/CHAP does not exist, which is logical. 1. Username, for example gv52222@SKYNET 2. Password provided by the internet provider or supplier of access 3. VPI/VCI: 8/35, following the supplier of access (more often country). 4. NAT with notching. 5. Ethernet in our case, always address 198.162.1.2.. and under mask 255.255.255.0 6. DNS relay. This one must be the address provided in DNS in the local area network (on each station), but it is not obligatory to type one of them, in particular in the operating systems 2000, XP and superiors who include it automatically.

17.2.5. Other modes: PPTP and IPoA

These are hybrid modes that I do not see.

17.2.6. With the final one.

In the case of a connection per router, the mode used is bridged, in the case of a connection by HUB or on line, the mode of connection is PPPoE. The only difference between a direct connection and a connection HUB is related to the footbridge which can be indicated in the configuration of the PC (it is not always necessary). In parameters, to select TCP/IP on chart network and to type address TCP/IP of the footbridge, in our case 200.1.1.1. (do not forget to click on adding). And here is for the modem. This part will be enough for all connections modems ADSL. For the small modems, retain at least parameters VPI/VCI.

17.2.7. Configuration DHCP server

This mode makes it possible automatically to allot addresses TCP/IP to the stations by modem (attention with the OS 2000 and XP). For the most current cases, this is not necessary.

One finds address DHCP server, finishing by 0 with always under mask 255.255.255.0. The Serveur address is thus 198.162.1.0. For recall, the DHCP makes it possible an apparatus to provide to all the apparatuses connected on the network an address IP. Arrange determines the beach of address which will be allotted to the stations. In our case, 198.162.1.10 to 198.162.1.30 The Routers address is obligatorily that given to the modem, that is to say 198.162.1.2

17.3. Router - firewall Hardware - Switch 4 ports.

17.3.1. Introduction.
The router - firewall is provided by the firm Zero One Technology. This model is equipped with Switch 4 ports, of a connection towards modem ADSL RJ45 (from where the use above of Copperjet 812), of a router and a firewall integrated hardware.

Several apparatuses of this type exist in practically all the marks. Some with integrated modem, others without... the choice is sufficiently broad.

These apparatuses are configured by telnet or an interface Web, directly by typing the address of the apparatus in the bar of address Internet To explore. In the apparatus above, you must configure your connection TCP/IP PC to obtain an automatic at least address TCP/IP or to form part of the same group is 192.168.1.X by knowing that by defect the address of the router is 192.168.1.1. In the parameters of connections Internet To explore, do not use a proxy at this stage, if not, you will not have an access to the router (or if not, use "Not for the local addresses" with the address of the router in option).

After having typed the address of the apparatus in the bar, connection is done, with a login and a password specific to the apparatus.

17.3.2. ADSL Configuration

Let us start by configuring connection ADSL.

Use PPPoE Yes (Inevitably). Username and password are provided by the supplier of access. The Name Service is sometimes provided by the supplier of access, if not, do not put anything. "Connect one demand" makes it possible to cut connection (and of reconnected) after 120 minutes, but less is clearly advised. If subscription ADSL envisages a fixed address TCP/IP Internet, it must have returned in "Fixed Address". This second part makes it possible to configure the TCP/IP. Either your address TCP/IP Internet is provided automatically by the supplier of access (Obtain IP address Automatically), or it fixed and is provided by this one. Primary parameters DNS and secondary are provided by your supplier of access. Those above are those of Skynet.

For Planet Internet, the primary education DNS is 194.119.232.3 and 194.119.232.2. For Tiscali (Belgium), the primary DNS is 212.35.2.1, the secondary DNS is 212.35.2.2. All these parameters can change. Parameters DNS sunken here must correspond to those established in the DNS of your network adapter, under penalty of not being able surfer (but other connections function).

17.3.3. Configuration IP/Lan

This part makes it possible to configure the router on the internal network. We provide him an address (here 192.180.1.1.) and a mask of sub-network (255.255.255.0) The address "Defect gateway" is generally that of the router (Lan IP address) and must be indicated in the configuration network of each PC

NAT must always be notched.

Other configuration make it possible to modify the passwords and the internal hour of the router. This last option is used by the function firewall.

17.3.4. Other parameter settings

Other parameter settings make it possible to use the router out of DHCP server (cf modem), to configure the router in DMZ (zone demilitarized with 2 routers).....

17.3.5. Firewall integrated hardware.

I will not return too much in the details since this one is specific to this apparatus, only the basic configurations.

Inevitably, you authorize protection firewall. By defect, you leave (forward) connections of the LAN (network interns) to Wan (Internet). In the contrary case, it is difficult in the event of blocking which port is blocked. The following parameter setting makes it possible to block incomplete connections TCP/IP starting from a certain number per minutes (one is never too careful). The attacks DoS (Denied of Service) are massive attacks of incomplete screens on a given address Internet. The target tries to rebuild the messages lower than 64 bits and finally "collapses" under the workload. Port 139 is used in NETBIOS by the division of resources Windows the network (with 137 and 138). To avoid the division of resources (hard disk and repertories via Internet): Not. Enable remote management ... makes it possible to configure the router via Internet, not very advisable, only in limited durations. The last order makes it possible not to answer the orders of the Ping type coming from Internet (addresses IP scanning, orders DOS Ping).

Other orders make it possible to prohibit beaches of addresses or ports of Lan towards Internet and screw poured. The following part makes it possible to send a mall at a given address (here mine) if there is an attack or even in the lower case to send by mall the file LOG.

17.3.6. Ports TCP and UDP to be opened on the firewall

In the parameter setting of this type of firewall, you can block all ports TCP and UDP and open only some of them.

17.4. The parameter setting on the PC.

Once the parameter setting carried out on the various apparatuses, remains to connect the installation. The installation is done in two parts, the parameter setting of the internal connection network and the parameter setting of connection Internet.

17.4.1. The parameter setting network and connection Internet.

As for all connections Internet, protocol TCP/IP must be established on your chart network. Let us take again the parameters of configurations of each PC and select the chart network which will be connected (even via switch or HUB) on the router.

By posting properties TCP/IP of this chart network, one obtains the following window

The IP Address makes it possible either to leave the automatic address (by DHCP), or to specify it. In the case of an automatic address, the configuration of the stations is automated. There are thus no risks to have conflicts of address. On the other hand, the specification of an address has several advantages. Firstly, this makes it possible to find via its single address which PC tries indelicate connections. Secondly, while playing on the firewall, one can use the TCP/IP and refuse that certain PC (via their address IP) are connected on Internet. For example, one can authorize addresses 192.168.1.1 to 192.168.1.100 to connect oneself, but not addresses 192.168.1.101 to 192.168.1.255. The mask of sub-network must be always to parameterize into 255.255.255.0. In the case of division with a PC under Microsoft Windows XP, it is almost the only method of possible connection. Notice that if you do not wish that a PC can be connected on Internet, it is enough not to use TPC/IP as protocol, for example to use NETBUI or IPX for connections networks. These PC consequently are completely hidden in the event of intrusion on the network (except by takeover of a remote PC). The Configuration Wins parameters is of no importance here. Let us interest in the gateway. It must be indicated like that of the router, that is to say in our case: 192.168.1.1. Connection generally goes without but this facilitates connection. Configuration DNS is not obligatory but of many connections do not function without. By practice, I insert it. It must be identical to that established in the router (if not Internet To explore does not function). The field and host name is of no importance but must be indicated under Windows 98. The parameters below are those of Skynet. Attention, return initially the primary education DNS and then the secondary DNS. Those of Planet Internet are in order 194.119.232.3 and 194.119.232.2.

After having to start again the PC (at least out of Windows 98), it any more but does not remain to parameterize the connection Internet for this division of connection ADSL by router.

17.4.2. Parameter setting of connection Internet.

To start Internet To explore. If it does not detect connection, to stop the attempt. In small the Tools, select "Options Internet". In the Connections parameters, click on the Configure button.

Notch the box "I want to manually configure my connection or by using a local area network" LAN ". Then "By using a local area network. Leave at this stage the proxy automatically. If your transport is already configured, you do not need more to configure it. In the same , click on the button "Lan Parameters".

To use the proxy your supplier of access (here Skynet), notch the corresponding box and type the address provided by the FAI. In this case, if you use specific connections (the banking software ISABEL for example) or wish to have access to the configuration of the router starting from this PC, you must notch the box "not to use a server proxy for the local addresses and click on the button" Advanced ".

In the exceptions, type address IP of the router and the various desired exceptions. Once these modifications accepted, your connection functions automatically.

Some precautions nevertheless, strip the box "Check the messages every 30 minutes" in the parameters of your transport. Indeed, as the communication towards Internet is transparent, any program can be connected on Internet when he wants. With this option, connection remains permanently open what can cause risks of safety (even if the firewall protects a broad part of the communications, better is worth to remain careful).

17.5. Some example of the life of a connection Internet

Here some examples of file LOG of the firewall hardware (with address nonpermanent Wan TCP/IP), a digest of different protected systems. The last address corresponds to the address of the PC of the internal network at the time of connection. All the lines are not inevitably attempts at intrusion via Internet, one finds ports official IANA (but nothing says that it is not a question of another application, of the typical ports with a Trojan, ports used but closed (of type ICQ, MSN messenger...), ICMP attack of no importance (a ping)... Certain orders test on the router, others directly on the PC (addresses of the type 192.168.X.X). The messages come as much in TCP as in UDP

FC-CLI 1371 TCP Fujitsu Config Protocol IANA official port or? Kill May 07 07:58:44 2002 - policy rule - TCP ] - [ discard ] [ wan, 213.36.127.59, 192.168.1.152:1371

A ping, there is which has fun. Kill May 07 10:37:42 2002 - ICMP attack - ICMP ] - [ discard ] Kill May 07 10:37:45 2002 - ICMP attack - ICMP ] - [ discard ] [ wan, 213.36.100.179, 217.136.190.170:0 [ wan, 213.36.100.179, 217.136.190.170:0

From a PC, always the same one. As the attempts at exit occurred more, rather an application which a Trojan (is not necessary to be paranoiac but lucid) 6667 TCP Trinity 6667 TCP 6667 TCP ircd 6667 TCP WinSatan Schedule Agent

Trojan Trojan Trojan

Internet Relay Chat IANA

ircd ircu ircu

6667 UDP 6667 TCP 6667 UDP

Internet Relay Chat IANA IRCU IRCU IANA IANA

Kill DEC 17 18:27:40 2002 - policy rule - TCP discard ] Kill DEC 17 18:27:42 2002 - policy rule - TCP discard ] ...

[ lan, 192.168.1.97, 213.177.65.17:6667 ] [ lan, 192.168.1.97, 213.177.65.17:6667 ]

-[ -[

Plays coming from outside Kill DEC 17 18:08:08 2002 - policy rule - UDP [ wan, 80.200.150.123,217.136.155.190:27015] -[discard ] Why not test with PC anywhere pcanywherestat 5632 TCP pcANYWHEREstat IANA pcanywherestat 5632 UDP pcANYWHEREstat IANA

Kill DEC 17 23:11:02 2002 - policy rule - UDP 217.136.155.190:5632] - [discard]

[wan, 217.136.191.74,

Unknown but precisely, not official. Wed DEC 18 13:44:57 2002 - policy rule - TCP [ wan, 193.201.103.100, 192.168.1.27:2193 ] - [ discard ] Wed DEC 18 20:42:37 2002 - policy rule - TCP [ wan, 80.200.248.200, 192.168.1.7:1223] - [ discard ] Wed DEC 18 20:42:37 2002 - policy rule - TCP [ wan, 80.200.248.201, 192.168.1.68:1233] - [ discard ] Fri DEC 20 15:42:00 2002 - policy rule - TCP [ wan, 193.201.103.91, 192.168.1.152:3524 ] - [ discard ] Official IANA Wed DEC 18 14:06:11 2002 - policy rule - TCP [ wan, 80.200.248.200, 192.168.1.4:2845] - [ discard ] Wed DEC 18 14:36:18 2002 - policy rule - TCP [ wan, 80.200.248.200, 192.168.1.4:2848] - [ discard ]

Wed DEC 18 15:06:29 2002 - policy rule - TCP discard ]

[ wan, 80.200.248.200, 192.168.1.4:2851] - [

Official IANA for software of control remote of server http://www.folio.com (not sure that it is logical) and always on the same PC in Win2000 Fri DEC 20 16:13:48 2002 - policy rule - TCP [ wan, 80.200.248.200, 192.168.1.27:2242] - [ discard ] Fri DEC 20 16:28:48 2002 - policy rule - TCP [ wan, 80.200.248.200, 192.168.1.27:2242] - [ discard ]

31789 UDP Hack' a' Tack Trojan Wed DEC 18 14:40:20 2002 - policy rule - UDP 217.136.155.190:31789] - [discard ] Thu DEC 19 01:35:59 2002 - policy rule - UDP [discard] Thu DEC 19 17:47:39 2002 - policy rule - TCP [discard] [wan, 217.136.26.127, [wan, 80.247.133.42, 80.200.156.74:31789] [wan, 80.247.133.42, 80.200.156.74:31789] -

http://www.phonefree.com (an employee which has fun?) Fri DEC 20 16:20:53 2002 - policy rule - TCP [wan, 207.46.106.183, 192.168.1.119:1035] - [ discard ] 1812, an official port or CuSeeMe (a video conference software) but which works whereas nobody is in the company and coming from different addresses sources (Wan). Sat DEC 21 01:51:00 2002 - policy rule - UDP 217.136.154.118:1812] - [discard] Sat DEC 21 01:55:26 2002 - policy rule - UDP discard ] Sat DEC 21 01:57:36 2002 - policy rule - UDP discard ] [ wan, 195.250.78.242, [ wan, 218.1.36.50, 217.136.154.118:1812] - [ [ wan, 202.54.74.81, 217.136.154.118:1812] - [

A data-processing attack definitely more serious

Sat DEC 21 20:12:49 2002 - tear drop attack - any [ wan, 192.9.200.32, 217.136.155.185:0] [discard] A TEAR DROP consists in sending information (called OOB = Out Of Band) on wearing of Windows (all poured 32 bits). Information sent is packets TCP which overlaps. When the computer victim receives these packets, it tries to rebuild them. Not arriving there, that causes a planting, a blue screen causing an error of general protection and you have of another choice

only to start again the computer. The tear drop, the new tear and the boink (of the similar attacks) can also affect the systems Linux (lower than 2.0.32), mac and Unix. For found a pretence of localization of the PC which tries the intrusion: tracert 202.54.74.81 for example if this PC is not him also equipped with a firewall A last remark, the addresses network LINKLOCAL always start with 169.254 and have the following format: 169.254.X.X the addresses network LINKLOCAL are reserved for the private addresses and interns and cannot be used on the computers connected by the Division of connection Internet.