CHAPTER Other Network Protocols and Services Other Network Protocols and Services • DLC • Network Monitor Agent • Remote Access Service • Services for Macintosh Data Link Protocol (DLC) • Purpose – Communicate with mainframes – Support direct connection of printers using DLC • Example: – MS SNA server uses DLC to access the IBM mainframe Network Monitor Agent (NMA)Service • NIC usage – Collects and displays statistics • System Management Server – Workstations with NMA can be monitored Remote Access Service • Supports remote access – From the workstations to the outside world – From the outside world to the workstations • Required to support the Remote Access Server (RAS) on the network Remote Access Service (RAS) Components Clients, Protocols, WANs, Servers and Security Options © N. Ganesan, All rights reserved. RAS clients • Access the LAN to use its resources • Client access supported – – – – – – – – – Windows XP Windows 2000 Windows NT Windows 98 Windows95 Windows for Workgroups MS-DOS LAN manager Any PPP client Remote Access Protocols • PPP client access can use : – TCP/IP – NetBEUI WAN access • WANs – Acts as facilitator for remote access • Telephone lines using modems or modem pools • DSL • Cable Modem • ISDN • X.25 RAS Server • Facilitates remote dial-in access • Installed on a windows NT/2000/2003 server LAN • Permits up to (256) remote clients to dial-in RAS security • Logon and domain security • Security hosts • Data encryption • Call-back feature WIN NT, WIN WORK GROUP, MS-DOS, LAN MANAGER, ANY PPP CLIENT NT, NetWarE, LAN UNIX, SERVERS LAN MANAGER CLIENTS PPP, SLIP, MS RAS WAN POTS ISDN X.25 RS-232 NULL MODEM SECURITY TCP/IP IPX NetBEUI REMOTE ACCESS servers NT ANY PPP ANY SLIP RAS Hardware Requirements • NIC with NDIS driver • Phone connection – Compatible modem(s) – Multi-port adapter (multiple-serial ports) • X.25 – X.25 smart connection • ISDN – ISDN card Module VPN © N. Ganesan, All rights reserved. VPN Types • Secure VPN • Trusted VPN Secure VPN • IPsec with encryption in either tunnel and transport modes. The security associations can be set up either manually or using IKE with either certificates or preshared secrets. IPsec is described in many RFCs, including 2401, 2406, 2407, 2408, and 2409. • IPsec inside of L2TP (as described in RFC 3193) has significant deployment for client-server remote access secure VPNs. • SSL 3.0 or TLS with encryption. TLS is described in RFC 2246. An excellent book on SSL 3.0 and TLS is "SSL and TLS: Designing and Building Secure Systems" by Eric Rescorla (ISBN 0201615983). • (Source: www.vpnc.org ) Trusted VPN • Layer 2 Trusted VPN • Layer 3 Trusted VPN Layer 2 Trusted VPN • ATM • Frame Relay • Transport of Layer 2 frames over MPLS Layer 3 Trusted VPN • MPLS with constrained distribution of routing information through BGP • BGP – Border Gateway Protocol • MPLS – Multi-protocol Label Switching End of Module Macintosh Services Apple talk File server Print server © N. Ganesan, All rights reserved. Macintosh Service Components • Apple talk protocol – Facilitates the flow of Mac compatible data • File server for Macintosh – Designate a directory for Mac • Print server – Spool Mac print jobs on an NT server Remote Boot LAN Access Without Disks © N. Ganesan, All rights reserved. Remote Boot • Purpose – Access a LAN by booting from the server • Boot information – Stored on the server • Boot initiation – Remote initial program load (RPL) ROM chip – RPL is installed on the NIC Remote Boot Configuration NT SERVER REMOTEBOOT SERVER NT SERVER REMOTE CLIENT Remote Boot Installation • Installed from the NT server distribution disk – CD-ROM or floppy • Remote boot clients sample – Ms-dos – Ms windows 3.1 Network Clients Windows, DOS etc. © N. Ganesan, All rights reserved. Clients Supported: Some Examples • Window XP • Windows 2000 • Windows95 – Built-in networking • Windows for workgroup 3.11 – Built-in networking • • • • Ms LAN manager for ms-dos 2.2x Ms-dos 3.0 clients Ms RAS for ms-dos 1.1a Ms TCP/IP-32 for EFW 3.11 Clients Support Implementation Procedure • Windows 95/98 – Built-in networking supports immediate connection • MS Windows for Workgroup 3.11 – Start the computer – Connect to the server – Initiate the installation process Clients Support Implementation Procedure cont. • MS-DOS clients and others – Create installation disks • Installation disk creation – Create from NT server distribution disks – Implement client access from the installation disks created Client Configuration Requirements • Applications are executed at the workstation • Only file sharing is performed at the server Client Configuration Requirements Cont. • Workstation – Capable of executing all the applications – Minimum requirement • Pentium 4, >2 GHz, 512M Bytes – Preferred • Pentium 4 , 3 GHz, 1G Bytes Client Configuration Requirements cont. • Execution at the file server – Possible with 2003 server – Should be avoided • Remote Boot – Execution takes place at the workstation Client-server Architecture: a Microsoft Example Windows Server WINDOWS XP WINDOWS 2000 NT Resource Sharing An introduction to Files and server disk space sharing © N. Ganesan, All rights reserved. NTFS Installation End Result • Disk partition completed – FAT – NTFS • Operating system installed • Server security domain defined – Primary domain controller – Secondary domain controller – Simple nt server Resource (Server Storage) Configuration • Define directory structure – Application directories – Directories for tools – Home directories for users etc. • Active Directory Resource (Server Storage) Configuration cont. • Install applications – Use the run option in NT, for example • Applications – Database – Word processor etc. NT Resource Sharing Implementation • Sample resources for sharing – Directories – Files • Name the resource to be shared • Then, implement sharing through: – Net share command – The file manager Net Share Implementation • Syntax – Net share sharename=drive:path /user:number or /unlimited /remark:”text” • Example – Net share account c:\act95 Share Name Share Path NTFS Sharing Implementation Through File Manager • Open file manager • Highlight directory or file to be shared • Select disk share as – – – – Provide share name Specify path name Enter comments if desired Specify user limit • Define type of permission granted on the shared object Resource Sharing: Gaining Access From a Client • Connect to the object to be shared • Assign a drive letter • Share the virtual drive • Example: – Share resource account on the server as local virtual drive h: Resource Sharing at the Client; Windows95 Example • Map a local drive letter to the resource object to be shared at the server • Executed from the my computer icon – – – – Right-click on the icon Select map network drive option Select drive letter Define the path name to the object to be shared Resource Sharing; Windows95 cont. • Path name – Must comply with uniform naming convention (UNC) • Compatible with internet naming procedure (TCP/IP) • UNC syntax – \\Server\sharename\folder....\Filename • UNC example – \\Cis560\access NTFS sharing summarized NT SERVER SHARE C:\ACCESS95 AS ACCESS USE DISK SHARE AS FROM FILE MANAGER LINK TO ACCESS AS DRIVE h: USE MAP NETWORK DIRECTORY FROM MY COMPUTER ICON WINDOWS95 CLIENT End of chapter