SYSTEM ADMINISTRATION Chapter 14 Network Operating Systems

advertisement
SYSTEM ADMINISTRATION
Chapter 14
Network Operating Systems
UNIX/Linux
• UNIX is one of the oldest of the network operating
systems, built more than 30 years ago.
• The development of UNIX was based on three criteria:
• It had to simple and elegant.
• It had to be written in a high-level programming
language.
• It had to allow for reuse of code.
• The original developers at Bell Labs met all three criteria.
• Because of the antitrust laws of the 1970s, Bell Labs
could not profit from the sale of the computers and
hardware. They allowed the source code to be
distributed for a small licensing fee.
(continued)
UNIX/Linux
(continued)
• Developers at the University of California-Berkeley
enhanced the original source code and expanded the
OS to include a TCP/IP subsystem. This version of UNIX
became known as BSD (Berkeley Software Distribution)
UNIX.
• Two organizations share the management and
ownership of UNIX today. The Santa Cruz Operation
(SCO) owns the rights to the source code, and can
distribute it as it sees fit. The Open Group owns the
UNIX trademark. The Open Group must test and verify
the source code before any other entity can market a
new version with the UNIX name.
(continued)
UNIX/Linux
(continued)
• Two types of code exist: proprietary and open
source.
– Proprietary code gives administrators the confidence
that the version of UNIX they are using will do what
the code was designed to do and that the developers
of that particular version can be held accountable for
the function of the operating system.
– Open source UNIX allows any organization to create
UNIX-like OS’s such as Linux and GNU. There is no
generalized support or accountability with open
source UNIX.
Disaster Planning
• UNIX has three basic components: the kernel, the
shell, and the applications.
• Many of the UNIX commands seem cryptic. Some of
the more common commands are:
• ls
• cat file
• who
• grep
– When using the ls command to list files, the
display will include the name, size of the file, a
numeric identifier for the owner, and the access
rights for users and groups.
Security
• UNIX uses file and directory rights to restrict access
to resources.
• Rights are assigned to users, groups, or anyone.
• The rights employed by UNIX are:
– Read
– Write
– Execute
• In order to modify the rights to a file or directory, the
chmod utility is executed against the file or directory,
usually with one or more symbols or switches.
Samba
• Samba is the application that gives UNIX the ability
to see and use NetBIOS resources and talk to
Windows operating systems.
• This interoperability is provided by CIFS and SMB.
• The four services Samba provides are:
– File and print services
– Authentication and authorization
– Name resolution
– Service announcement (browsing)
• Samba and UNIX use applications called daemons
to provide these services.
NetWare
• NetWare is a network operating system that was
developed in the late 1980s.
• Many versions of NetWare are in use today.
NetWare 3.12/3.2
• NetWare 3.12/3.2 is based on a bindery that
maintains information about users and groups. The
three files that comprise the bindery are the
NET$OBJ, NET$PROP, and NET$VAL.
• NetWare requires software on the client machine to
access the resources of the network.
• The workstation operating systems that are
compatible with NetWare client software are DOS,
Windows 9.X, Windows NT, Windows 2000,
Windows XP, and Macintosh.
(continued)
NetWare 3.12/3.2
(continued)
• Special pieces of software run on the NetWare
server, called NetWare Loadable Modules (NLMs).
Most NLMs have an extension of “.NLM”, but some
are very specialized. The different types of NLMs
are:
– .DSK
– .NAM
– .LAN
Novell Directory Services (NDS)
• Novell Directory Services is an X.500 standard
directory service environment built by Novell in
about 1994.
• The NDS uses containers to hold leaf objects or
other containers. This is the logical organization of
the NDS.
• The containers that are supported by NDS include
the [ROOT], the Organization, and the
Organizational Unit.
• To manage the objects of the NDS, the administrator
will use the NWAdmin utility.
(continued)
NDS
(continued)
• The Monitor utility is loaded at the server. It keeps
track of things like number of users logged in,
remaining physical memory, and the state of the
available file storage space.
• The NDS database is maintained much like the DNS
database of the Internet. Copies of portions of the
database can be stored on different servers,
providing fault tolerance to the NDS. That is called
partitioning.
NetWare 4.1
• The release of NetWare 4.1 included three new
features:
– NetWare Application Launcher (NAL)
– Support for thousands of connections per server
– The NWAdmin utility
• NetWare 4.1 was the first fully functional version of
the NDS.
NetWare 4.11 (IntraNetWare)
• NetWare 4.11 is also called IntraNetWare because it
was the first version to include Web server and ftp
applications, making the intranet a reality.
• DNS and DHCP services were also included in this
version.
NetWare 5.0
• With this version, Novell introduced Pure IP, a real, much
more generic TCP/IP protocol stack for NetWare
products. This made NetWare a more attractive
commodity because now administrators only needed to
run one protocol on the network (TCP/IP) and all clients
and servers could talk to each other.
• Additional features of this version include:
– Long file name support by default
– ConsoleOne, a Java-based management utility
– Network Address Translation (NAT)
– NetWare Distributed Print Services (NDPS)
NetWare 5.1
• This version did not make major changes to the
NOS or to NDS.
• One new option that was added was the NetWare
Management Portal, which allows browser-based
management of the NDS and resources.
NetWare 6.0
• Novell has taken NetWare 6.0 into the global market
with several new features and tools.
• The eDirectory is a stand-alone, cross-platform
directory service that is the foundation for a global
directory service.
• iPrint and iFolder support the anytime, anywhere
user access to NetWare resources.
• DNS/DHCP now have Web-based management
utilities that only require a browser interface and no
longer require specific client software.
Security
• Novell uses four levels of security: login, rights, attribute,
and file server.
• Login security pertains to the password policies required
by the business operation.
• Rights security is used to control access to files and
directories. The file and directory rights include:
• Supervisor
• Write
• File Scan
• Read
• Create
• Modify
• Erase
• Access Control
(continued)
Security
(continued)
• Novell uses a philosophy that says users shouldn’t have
access to a resource until they are given that access.
• Rights in NetWare file systems are inherited.
– Rights will flow down the directory and file tree until
they are stopped or until they have reached a terminal
file.
• Attribute security supersedes any file and directory
rights.
– Attributes are special settings that control what can
be done with the file or directory.
• File server security refers to the physical safety of the file
servers.
– Physical safety includes preventing access by
unauthorized people as well as climate control and
availability of proper fire extinguishers.
Windows
• The Windows family of operating systems dates back to
1990, when Windows 3.0 was released as a desktop
operating system.
• Enhancements to the product include Windows 3.1, 3.11,
Windows 95, Windows 98, Windows ME, the
development of the NT products, Windows 2000, and
Windows XP.
• Microsoft was also developing the server products
through the development cycle of the workstation
products.
• Windows NT server (version 3.1) was first released in
1993, followed closely by NT 3.5 and NT 3.51.
• In 1996, NT 4.0 was released, followed by Windows
2000 server.
NT 4.0
• NT 4.0 stabilized the NT product.
• It enhanced the domain environment from earlier
products
• NT uses a master domain model in which one
domain maintains user accounts, and one server,
the primary domain controller (PDC), holds the only
read-write copy of the domain database.
• Backup domain controllers (BDCs) store a read-only
copy of the database and they get their updates
from the PDC.
(continued)
NT4.0
(continued)
• NT 4.0 is a full 32-bit operating system.
• Applications running in 32-bit are maintained in a
memory space that is separate from any other 32-bit
application. If one 32-bit application fails, the others
stay up and running, but the administrator can shut
down just the offending application.
(continued)
NT 4.0
(continued)
• Microsoft tools for Novell include:
• Client Services for NetWare (CSNW)
• Gateway Services for NetWare (GSNW)
– GSNW, loaded at the NT 4.0 server, allows NetWare
resources be accessed as if they were part of the NT
server.
• Through service packs and option packs, new features
and tools are added to the NT 4.0 operating system.
– Option Pack 4 added a stable Web and FTP server
product to NT, a Web server management utility
called Site Server Express, and the Certificate Server
product to support advanced security.
Windows 2000/Active Directory
Services (ADS)
• Windows 2000 and the Active Directory Services
(ADS) conform to the X.500 standards for directory
services environments.
• ADS uses the domain name system naming
convention to uniquely identify objects within the
ADS.
• ADS distributes the information about objects in the
database across multiple AD servers. This provides
fault tolerance for the database, and makes this
model a multimaster system (no one server is in
charge).
(continued)
Windows 2000/Active Directory
Services (ADS) (continued)
• The objects used by ADS include the domain, the
tree, the forest, and the organizational unit.
• The domain is a security boundary because the
password policy affects all objects in the domain, but
not outside the domain. The password policy is set
at the domain level and will be applied to all objects
regardless of their organizational unit membership.
(continued)
Windows 2000/Active Directory
Services (ADS) (continued)
• A tree is a set of domains that share a contiguous
name space.
• A forest is a set of trees that share the same
schema for the database.
• Some of the new features of Windows 2000,
besides the Active Directory, include enhanced
installation services, Dynamic DNS to support the
Active Directory, encryption of files at the storage
point, the MMC, and enhanced routing and remote
access services.
Security
• Security in Windows 2000 is managed at two levels:
Group policy settings and file and folder security.
• Group Policy can be applied at the site, domain, or
organizational unit level.
• Group Policy does not “tattoo” the registry of the
machine. Rather, the settings are session-specific
and can be refreshed if there is a policy change
during a session.
File and Folder Permissions
• Windows 2000 uses NTFS permissions at the folder
or file level to give access to resources. The
permissions available for folders include:
•
•
•
•
•
•
Full Control
Modify
Read and Execute
List Folder Contents
Read
Write
• File permissions include:
•
•
•
•
•
Full Control
Modify
Read and Execute
Read
Write
Permission Management
• NTFS permissions apply when the user is sitting at the
resource (the local machine) and accessing resources.
• When users access resources across the network, share
permissions are assigned and combined with the NTFS
permissions for the effective permissions to the
resource. Share permissions are:
• Full Control
• Read
• Change
• Each NTFS and share permission has both an “allow”
and a “deny” option.
• Auditing allows the administrator to keep track of access
to resources.
Macintosh
• The history of the Macintosh goes back to 1983
when the Lisa computer and LisaDesk operating
system were released.
• The Macintosh operating system is a very userfriendly OS that is used by artists, graphic artists,
and the education community.
• The most recent version of the operating system is
Mac OS X. Apple integrated a UNIX-based kernel in
this recent version.
(continued)
Macintosh
(continued)
• Mac computers and the operating system function
with both the AppleTalk protocol and TCP/IP, making
them able to coexist on a network.
• Many network operating systems include software
add-ins or clients to allow Macintosh machines to
communicate with and use resources from NetWare
and Windows servers.
(continued)
Macintosh
(continued)
• The Mac environment does not support a classic
server element, but does have server services for
the sharing of resources among the network users.
• Security for the Mac includes local user account
security.
• Non-critical services are turned off by default with
the Mac OS, thus preventing accidental weak
portals into the network.
Download