Chapter 14: Network Operating Systems Chapter Outline 1. On the Test 3.1: Identify the basic capabilities (i.e., client support, interoperability, authentication, file and print services, application support, and security) of the following server operating systems: UNIX/Linux; NetWare; Windows; Macintosh. 2. UNIX/Linux a. UNIX is one of the oldest of the network operating systems, built nearly 30 years ago. b. The development of UNIX was based on three criteria: i. It had to simple and elegant ii. It had to be written in a high-level programming language. iii. It had to allow for reuse of code. c. The original developers at Bell Labs met all three criteria. d. Because of the antitrust laws of the 1970s, Bell Labs could not profit from the sale of the computers and hardware. They allowed the source code to be distributed for a small licensing fee. e. Developers at the University of California-Berkeley enhanced the original source code, and expanded the OS to include a TCP/IP subsystem. This version of UNIX became known as BSD (Berkeley Software Distribution) UNIX. f. Two organizations share the management and ownership of UNIX today. The Santa Cruz Operation (SCO) owns the rights to the source code, and can distribute it as it sees fit. The Open Group owns the UNIX trademark. The Open Group must test and verify the source code before any other entity can market a new version with the UNIX name. g. Two types of code exist: proprietary and open source. h. Proprietary code gives administrators the confidence that the version of UNIX they are using will do what the code was designed to do and that the developers of that particular version can be held accountable for the function of the operating system. i. Open source UNIX allows any organization to create UNIX-like OS’s such as Linux and GNU. There is no generalized support or accountability with open source UNIX. j. UNIX has three basic components: the kernel, the shell, and the applications. k. Many of the UNIX commands seem cryptic. Some of the more common commands are: i. ls ii. cat file iii. who iv. grep l. When using the ls command to list files, the display will include the name, size of the file, a numeric identifier for the owner, and the access rights for users and groups. 3. Security a. UNIX uses file and directory rights to restrict access to resources. b. Rights are assigned to users, groups, or anyone. c. The rights employed by UNIX are: i. Read ii. Write iii. Execute d. In order to modify the rights to a file or directory, the chmod utility is executed against the file or directory, usually with one or more symbols or switches. 4. Samba a. Samba is the application that gives UNIX the ability to see and use NetBIOS resources and talk to Windows operating systems. b. This interoperability is provided by CIFS and SMB. c. The four services Samba provides are: i. File and print services ii. Authentication and authorization iii. Name resolution iv. Service announcement (browsing) d. Samba and UNIX use applications called daemons to provide these services. 5. NetWare a. NetWare is a network operating system that was developed about 15 years ago. b. Many versions of NetWare are in use today. 6. NetWare 3.12/3.2 a. NetWare 3.12/3.2 is based on a bindery that maintains information about users and groups. The three files that comprise the bindery are the NET$OBJ, NET$PROP, and NET$VAL. b. NetWare requires software on the client machine to access the resources of the network. c. The workstation operating systems that are compatible with NetWare client software are DOS, Windows 9.X, Windows NT, Windows 2000, Windows XP, and Macintosh. d. Special pieces of software run on the NetWare server called NetWare Loadable Modules (NLMs). Most NLMs have an extension of NLM, but some are very specialized. The different types of NLMs are: i. .DSK ii. .NAM iii. .LAN 7. Novell Directory Services (NDS) a. Novell Directory Services is an X.500 standard directory service environment built by Novell in about 1994. b. The NDS uses containers to hold leaf objects or other containers. This is the logical organization of the NDS. c. The containers that are supported by NDS include the [ROOT], the Organization, and the Organizational Unit. d. To manage the objects of the NDS, the administrator will use the NWAdmin utility. e. The Monitor utility is loaded at the server. It keeps track of things like number of users logged in, remaining physical memory, and the state of the available file storage space. f. The NDS database is maintained much like the DNS database of the Internet. Copies of portions of the database can be stored on different servers, providing fault tolerance to the NDS. That is called partitioning. 8. NetWare 4.1 a. The release of NetWare 4.1 included three new features: i. NetWare Application Launcher (NAL) ii. Support for thousands of connections per server iii. The NWAdmin utility. b. NetWare 4.1 was the first fully functional version of the NDS. 9. NetWare 4.11 a. NetWare 4.11 is also called IntraNetWare because it was the first version to include Web server and ftp applications, making the intranet a reality. b. DNS and DHCP services were also included in this version. 10. NetWare 5.0 a. NetWare 5.0 was a major milestone for Novell because this version introduced Pure IP, a real, much more generic TCP/IP protocol stack for NetWare products. This made NetWare a more attractive commodity because now administrators only needed to run one protocol on the network (TCP/IP) and all clients and servers could talk to each other. b. Additional features of this version include: i. Long file name support by default ii. ConsoleOne, a Java-based management utility iii. Network Address Translation (NAT) iv. NetWare Distributed Print Services (NDPS) 11. NetWare 5.1 a. This version did not make major changes to the NOS or to NDS. b. One new option that was added was the NetWare Management Portal, which allows browser-based management of the NDS and resources. 12. NetWare 6.0 a. Novell has taken NetWare 6.0 into the global market with several new features and tools. b. The eDirectory is a stand-alone cross-platform that is the foundation for a global directory service. c. iPrint and iFolder support the anytime, anywhere user access to NetWare resources. d. DNS/DHCP now have Web-based management utilities that only require a browser interface and no longer require specific client software. 13. Security a. Novell uses four levels of security: login, rights, attribute, and file server. b. Login security pertains to the password policies required by the business operation. c. Rights security is used to control access to files and directories. The file and directory rights include: i. Supervisor ii. Write iii. File Scan iv. Read v. Create vi. Modify vii. Erase viii. Access Control d. Novell uses a philosophy that says users should not have access to a resource until they are given that access. e. Rights in NetWare file systems are inherited. That is to say, rights will flow down the directory and file tree until they are stopped or until they have reached a terminal file. f. Attribute security supersedes any file and directory rights. Attributes are special settings that control what can be done with the file or directory. g. File server security refers to the physical safety of the file servers. Physical safety includes preventing access by unauthorized people as well as climate control and availability of proper fire extinguishers. 14. Windows a. The Windows family of operating systems dates back to 1990 when Windows 3.0 was released as a desktop operating system. b. Enhancements to the product include Windows 3.1, 3.11, Windows 95, Windows 98, Windows ME, and the development of the NT products. c. Microsoft was also developing the server products through the development cycle of the workstation products. d. Windows NT server (version 3.1) was first released in 1993, followed closely by NT 3.5 and NT 3.51. e. In 1996, NT 4.0 was released, followed by Windows 2000 server. 15. NT 4.0 a. NT 4.0 stabilized the NT product. b. It enhanced the domain environment from earlier products. c. NT uses a master domain model where one domain maintains user accounts, and one server, the Primary Domain Controller (PDC) holds the only read-write copy of the domain database. d. Backup Domain Controllers (BDCs) store a read-only copy of the database and they get their updates from the PDC. e. NT 4.0 is a full 32-bit operating system. f. Applications running in 32-bit are maintained in a memory space that is separate from any other 32-bit application. If one 32-bit application fails, the others stay up and running, but the administrator can shut down just the offending application. g. Microsoft includes tools for Novell interoperability with the Client Services for NetWare (CSNW) and Gateway Services for NetWare (GSNW). GSNW, loaded at the NT 4.0 server, allows NetWare resources to be accessed as if they were part of the NT server. h. Through service packs and option packs, new features and tools are added to the NT 4.0 operating system. Option Pack 4 added a stable Web and FTP server product to NT, as well as a Web server management utility called Site Server Express and the Certificate Server product to support advanced security. 16. Windows 2000/Active Directory Services a. Windows 2000 and the Active Directory Services (ADS) conform to the X.500 standards for directory services environments. b. ADS uses the Domain Name System naming convention to uniquely identify objects within the ADS. c. ADS distributes the information about objects in the database across multiple AD servers. This provides fault tolerance for the database, and makes this model a multimaster system (no one server is in charge). d. The objects used by ADS include the domain, the tree, the forest, and the organizational unit. e. The domain is a security boundary because the password policy affects all objects in the domain, but not outside the domain. The password policy is set at the domain level and will be applied to all objects regardless of their organization unit membership. f. A tree is a set of domains that share a contiguous name space. g. A forest is a set of trees that share the same schema for the database. h. Some of the new features of Windows 2000, besides the Active Directory, include enhanced installation services, Dynamic DNS to support the Active Directory, encryption of files at the storage point, the MMC, and enhanced routing and remote access services. 17. Security a. Security in Windows 2000 is managed at two levels: Group Policy settings and file and folder security. b. Group Policy can be applied at the site, domain, or organizational unit level. c. Group Policy does not “tattoo” the registry of the machine. Rather, the settings are session-specific and can be refreshed if there is a policy change during a session. d. Windows 2000 uses NTFS permissions at the folder or file level to give access resources. The permissions available for folders include: i. Full Control ii. Modify iii. Read and Execute iv. List Folder Contents v. Read vi. Write e. File permissions include: i. Full Control ii. Modify iii. Read and Execute iv. Read v. Write f. NTFS permissions apply when the user is sitting at the resource (the local machine) and accessing resources. g. When users access resources across the network, share permissions are assigned and combined with the NTFS permissions for the effective permissions to the resource. Share permissions are: i. Full Control ii. Read iii. Change h. Each NTFS and share permission has both an “allow” and a “deny” option. i. Auditing allows the administrator to keep track of access to resources. 18. Macintosh a. The history of the Macintosh goes back to 1983 when the Lisa computer and LisaDesk operating system were released. b. The Macintosh operating system is a very user-friendly OS that is used by artists, graphic artists, and the education community. c. The most recent version of the operating system is Mac OS X. Apple integrated a UNIX-based kernel in this recent version. d. Mac computers and the operating system function with both the AppleTalk protocol and TCP/IP, making it able to coexist on a network. e. Many Network operating systems include software add-ins or clients to allow Macintosh machines to communicate with and use resources from NetWare and Windows servers. f. The Mac environment does not support a classic server element, but does have server services for the sharing of resources among the network users. g. Security for the Mac includes local user account security. h. Noncritical services are turned off by default with the Mac OS, thus preventing accidental weak portals into the network..