Chapter 14: Network Operating Systems
Chapter Outline
1. On the Test
3.1: Identify the basic capabilities (i.e., client support, interoperability,
authentication, file and print services, application support, and security) of the
following server operating systems: UNIX/Linux; NetWare; Windows;
Macintosh.
2. UNIX/Linux
a. UNIX is one of the oldest of the network operating systems, built nearly
30 years ago.
b. The development of UNIX was based on three criteria:
i. It had to simple and elegant
ii. It had to be written in a high-level programming language.
iii. It had to allow for reuse of code.
c. The original developers at Bell Labs met all three criteria.
d. Because of the antitrust laws of the 1970s, Bell Labs could not profit from
the sale of the computers and hardware. They allowed the source code to
be distributed for a small licensing fee.
e. Developers at the University of California-Berkeley enhanced the original
source code, and expanded the OS to include a TCP/IP subsystem. This
version of UNIX became known as BSD (Berkeley Software Distribution)
UNIX.
f. Two organizations share the management and ownership of UNIX today.
The Santa Cruz Operation (SCO) owns the rights to the source code, and
can distribute it as it sees fit. The Open Group owns the UNIX trademark.
The Open Group must test and verify the source code before any other
entity can market a new version with the UNIX name.
g. Two types of code exist: proprietary and open source.
h. Proprietary code gives administrators the confidence that the version of
UNIX they are using will do what the code was designed to do and that
the developers of that particular version can be held accountable for the
function of the operating system.
i. Open source UNIX allows any organization to create UNIX-like OS’s
such as Linux and GNU. There is no generalized support or accountability
with open source UNIX.
j. UNIX has three basic components: the kernel, the shell, and the
applications.
k. Many of the UNIX commands seem cryptic. Some of the more common
commands are:
i. ls
ii. cat file
iii. who
iv. grep
l. When using the ls command to list files, the display will include the name,
size of the file, a numeric identifier for the owner, and the access rights for
users and groups.
3. Security
a. UNIX uses file and directory rights to restrict access to resources.
b. Rights are assigned to users, groups, or anyone.
c. The rights employed by UNIX are:
i. Read
ii. Write
iii. Execute
d. In order to modify the rights to a file or directory, the chmod utility is
executed against the file or directory, usually with one or more symbols or
switches.
4. Samba
a. Samba is the application that gives UNIX the ability to see and use
NetBIOS resources and talk to Windows operating systems.
b. This interoperability is provided by CIFS and SMB.
c. The four services Samba provides are:
i. File and print services
ii. Authentication and authorization
iii. Name resolution
iv. Service announcement (browsing)
d. Samba and UNIX use applications called daemons to provide these
services.
5. NetWare
a. NetWare is a network operating system that was developed about 15 years
ago.
b. Many versions of NetWare are in use today.
6. NetWare 3.12/3.2
a. NetWare 3.12/3.2 is based on a bindery that maintains information about
users and groups. The three files that comprise the bindery are the
NET$OBJ, NET$PROP, and NET$VAL.
b. NetWare requires software on the client machine to access the resources
of the network.
c. The workstation operating systems that are compatible with NetWare
client software are DOS, Windows 9.X, Windows NT, Windows 2000,
Windows XP, and Macintosh.
d. Special pieces of software run on the NetWare server called NetWare
Loadable Modules (NLMs). Most NLMs have an extension of NLM, but
some are very specialized. The different types of NLMs are:
i. .DSK
ii. .NAM
iii. .LAN
7. Novell Directory Services (NDS)
a. Novell Directory Services is an X.500 standard directory service
environment built by Novell in about 1994.
b. The NDS uses containers to hold leaf objects or other containers. This is
the logical organization of the NDS.
c. The containers that are supported by NDS include the [ROOT], the
Organization, and the Organizational Unit.
d. To manage the objects of the NDS, the administrator will use the
NWAdmin utility.
e. The Monitor utility is loaded at the server. It keeps track of things like
number of users logged in, remaining physical memory, and the state of
the available file storage space.
f. The NDS database is maintained much like the DNS database of the
Internet. Copies of portions of the database can be stored on different
servers, providing fault tolerance to the NDS. That is called partitioning.
8. NetWare 4.1
a. The release of NetWare 4.1 included three new features:
i. NetWare Application Launcher (NAL)
ii. Support for thousands of connections per server
iii. The NWAdmin utility.
b. NetWare 4.1 was the first fully functional version of the NDS.
9. NetWare 4.11
a. NetWare 4.11 is also called IntraNetWare because it was the first version
to include Web server and ftp applications, making the intranet a reality.
b. DNS and DHCP services were also included in this version.
10. NetWare 5.0
a. NetWare 5.0 was a major milestone for Novell because this version
introduced Pure IP, a real, much more generic TCP/IP protocol stack for
NetWare products. This made NetWare a more attractive commodity
because now administrators only needed to run one protocol on the
network (TCP/IP) and all clients and servers could talk to each other.
b. Additional features of this version include:
i. Long file name support by default
ii. ConsoleOne, a Java-based management utility
iii. Network Address Translation (NAT)
iv. NetWare Distributed Print Services (NDPS)
11. NetWare 5.1
a. This version did not make major changes to the NOS or to NDS.
b. One new option that was added was the NetWare Management Portal,
which allows browser-based management of the NDS and resources.
12. NetWare 6.0
a. Novell has taken NetWare 6.0 into the global market with several new
features and tools.
b. The eDirectory is a stand-alone cross-platform that is the foundation for a
global directory service.
c. iPrint and iFolder support the anytime, anywhere user access to NetWare
resources.
d. DNS/DHCP now have Web-based management utilities that only require a
browser interface and no longer require specific client software.
13. Security
a. Novell uses four levels of security: login, rights, attribute, and file server.
b. Login security pertains to the password policies required by the business
operation.
c. Rights security is used to control access to files and directories. The file
and directory rights include:
i. Supervisor
ii. Write
iii. File Scan
iv. Read
v. Create
vi. Modify
vii. Erase
viii. Access Control
d. Novell uses a philosophy that says users should not have access to a
resource until they are given that access.
e. Rights in NetWare file systems are inherited. That is to say, rights will
flow down the directory and file tree until they are stopped or until they
have reached a terminal file.
f. Attribute security supersedes any file and directory rights. Attributes are
special settings that control what can be done with the file or directory.
g. File server security refers to the physical safety of the file servers.
Physical safety includes preventing access by unauthorized people as well
as climate control and availability of proper fire extinguishers.
14. Windows
a. The Windows family of operating systems dates back to 1990 when
Windows 3.0 was released as a desktop operating system.
b. Enhancements to the product include Windows 3.1, 3.11, Windows 95,
Windows 98, Windows ME, and the development of the NT products.
c. Microsoft was also developing the server products through the
development cycle of the workstation products.
d. Windows NT server (version 3.1) was first released in 1993, followed
closely by NT 3.5 and NT 3.51.
e. In 1996, NT 4.0 was released, followed by Windows 2000 server.
15. NT 4.0
a. NT 4.0 stabilized the NT product.
b. It enhanced the domain environment from earlier products.
c. NT uses a master domain model where one domain maintains user
accounts, and one server, the Primary Domain Controller (PDC) holds the
only read-write copy of the domain database.
d. Backup Domain Controllers (BDCs) store a read-only copy of the
database and they get their updates from the PDC.
e. NT 4.0 is a full 32-bit operating system.
f. Applications running in 32-bit are maintained in a memory space that is
separate from any other 32-bit application. If one 32-bit application fails,
the others stay up and running, but the administrator can shut down just
the offending application.
g. Microsoft includes tools for Novell interoperability with the Client
Services for NetWare (CSNW) and Gateway Services for NetWare
(GSNW). GSNW, loaded at the NT 4.0 server, allows NetWare resources
to be accessed as if they were part of the NT server.
h. Through service packs and option packs, new features and tools are added
to the NT 4.0 operating system. Option Pack 4 added a stable Web and
FTP server product to NT, as well as a Web server management utility
called Site Server Express and the Certificate Server product to support
advanced security.
16. Windows 2000/Active Directory Services
a. Windows 2000 and the Active Directory Services (ADS) conform to the
X.500 standards for directory services environments.
b. ADS uses the Domain Name System naming convention to uniquely
identify objects within the ADS.
c. ADS distributes the information about objects in the database across
multiple AD servers. This provides fault tolerance for the database, and
makes this model a multimaster system (no one server is in charge).
d. The objects used by ADS include the domain, the tree, the forest, and the
organizational unit.
e. The domain is a security boundary because the password policy affects all
objects in the domain, but not outside the domain. The password policy is
set at the domain level and will be applied to all objects regardless of their
organization unit membership.
f. A tree is a set of domains that share a contiguous name space.
g. A forest is a set of trees that share the same schema for the database.
h. Some of the new features of Windows 2000, besides the Active Directory,
include enhanced installation services, Dynamic DNS to support the
Active Directory, encryption of files at the storage point, the MMC, and
enhanced routing and remote access services.
17. Security
a. Security in Windows 2000 is managed at two levels: Group Policy
settings and file and folder security.
b. Group Policy can be applied at the site, domain, or organizational unit
level.
c. Group Policy does not “tattoo” the registry of the machine. Rather, the
settings are session-specific and can be refreshed if there is a policy
change during a session.
d. Windows 2000 uses NTFS permissions at the folder or file level to give
access resources. The permissions available for folders include:
i. Full Control
ii. Modify
iii. Read and Execute
iv. List Folder Contents
v. Read
vi. Write
e. File permissions include:
i. Full Control
ii. Modify
iii. Read and Execute
iv. Read
v. Write
f. NTFS permissions apply when the user is sitting at the resource (the local
machine) and accessing resources.
g. When users access resources across the network, share permissions are
assigned and combined with the NTFS permissions for the effective
permissions to the resource. Share permissions are:
i. Full Control
ii. Read
iii. Change
h. Each NTFS and share permission has both an “allow” and a “deny”
option.
i. Auditing allows the administrator to keep track of access to resources.
18. Macintosh
a. The history of the Macintosh goes back to 1983 when the Lisa computer
and LisaDesk operating system were released.
b. The Macintosh operating system is a very user-friendly OS that is used by
artists, graphic artists, and the education community.
c. The most recent version of the operating system is Mac OS X. Apple
integrated a UNIX-based kernel in this recent version.
d. Mac computers and the operating system function with both the
AppleTalk protocol and TCP/IP, making it able to coexist on a network.
e. Many Network operating systems include software add-ins or clients to
allow Macintosh machines to communicate with and use resources from
NetWare and Windows servers.
f. The Mac environment does not support a classic server element, but does
have server services for the sharing of resources among the network users.
g. Security for the Mac includes local user account security.
h. Noncritical services are turned off by default with the Mac OS, thus
preventing accidental weak portals into the network..