Santa Cruz Operation _SCO_ by pengxuebo

VIEWS: 9 PAGES: 32

									SYSTEM ADMINISTRATION
      Chapter 14
  Network Operating Systems
                    UNIX/Linux
• UNIX is one of the oldest of the network operating
  systems, built more than 30 years ago.
• The development of UNIX was based on three criteria:
       • It had to simple and elegant.
       • It had to be written in a high-level programming
         language.
       • It had to allow for reuse of code.
• The original developers at Bell Labs met all three criteria.
• Because of the antitrust laws of the 1970s, Bell Labs
  could not profit from the sale of the computers and
  hardware. They allowed the source code to be
  distributed for a small licensing fee.

(continued)
                  UNIX/Linux
                    (continued)

• Developers at the University of California-Berkeley
   enhanced the original source code and expanded the
   OS to include a TCP/IP subsystem. This version of UNIX
   became known as BSD (Berkeley Software Distribution)
   UNIX.
• Two organizations share the management and
   ownership of UNIX today. The Santa Cruz Operation
   (SCO) owns the rights to the source code, and can
   distribute it as it sees fit. The Open Group owns the
   UNIX trademark. The Open Group must test and verify
   the source code before any other entity can market a
   new version with the UNIX name.
(continued)
                  UNIX/Linux
                     (continued)
• Two types of code exist: proprietary and open
  source.
   – Proprietary code gives administrators the confidence
     that the version of UNIX they are using will do what
     the code was designed to do and that the developers
     of that particular version can be held accountable for
     the function of the operating system.
   – Open source UNIX allows any organization to create
     UNIX-like OS’s such as Linux and GNU. There is no
     generalized support or accountability with open
     source UNIX.
            Disaster Planning
• UNIX has three basic components: the kernel, the
  shell, and the applications.
• Many of the UNIX commands seem cryptic. Some of
  the more common commands are:
       • ls
       • cat file
       • who
       • grep
   – When using the ls command to list files, the
     display will include the name, size of the file, a
     numeric identifier for the owner, and the access
     rights for users and groups.
                      Security
• UNIX uses file and directory rights to restrict access
  to resources.
• Rights are assigned to users, groups, or anyone.
• The rights employed by UNIX are:
   – Read
   – Write
   – Execute
• In order to modify the rights to a file or directory, the
  chmod utility is executed against the file or directory,
  usually with one or more symbols or switches.
                     Samba
• Samba is the application that gives UNIX the ability
  to see and use NetBIOS resources and talk to
  Windows operating systems.
• This interoperability is provided by CIFS and SMB.
• The four services Samba provides are:
   – File and print services
   – Authentication and authorization
   – Name resolution
   – Service announcement (browsing)
• Samba and UNIX use applications called daemons
  to provide these services.
                  NetWare

• NetWare is a network operating system that was
  developed in the late 1980s.

• Many versions of NetWare are in use today.
              NetWare 3.12/3.2
• NetWare 3.12/3.2 is based on a bindery that
  maintains information about users and groups. The
  three files that comprise the bindery are the
  NET$OBJ, NET$PROP, and NET$VAL.
• NetWare requires software on the client machine to
  access the resources of the network.
• The workstation operating systems that are
  compatible with NetWare client software are DOS,
  Windows 9.X, Windows NT, Windows 2000,
  Windows XP, and Macintosh.

(continued)
           NetWare 3.12/3.2
                   (continued)
• Special pieces of software run on the NetWare
  server, called NetWare Loadable Modules (NLMs).
  Most NLMs have an extension of “.NLM”, but some
  are very specialized. The different types of NLMs
  are:
   – .DSK
   – .NAM
   – .LAN
Novell Directory Services (NDS)
• Novell Directory Services is an X.500 standard
  directory service environment built by Novell in
  about 1994.
• The NDS uses containers to hold leaf objects or
  other containers. This is the logical organization of
  the NDS.
• The containers that are supported by NDS include
  the [ROOT], the Organization, and the
  Organizational Unit.
• To manage the objects of the NDS, the
  administrator will use the NWAdmin utility.

(continued)
                       NDS
                    (continued)
• The Monitor utility is loaded at the server. It keeps
  track of things like number of users logged in,
  remaining physical memory, and the state of the
  available file storage space.
• The NDS database is maintained much like the DNS
  database of the Internet. Copies of portions of the
  database can be stored on different servers,
  providing fault tolerance to the NDS. That is called
  partitioning.
                 NetWare 4.1
• The release of NetWare 4.1 included three new
  features:
   – NetWare Application Launcher (NAL)
   – Support for thousands of connections per server
   – The NWAdmin utility
• NetWare 4.1 was the first fully functional version of
  the NDS.
  NetWare 4.11 (IntraNetWare)

• NetWare 4.11 is also called IntraNetWare because it
  was the first version to include Web server and ftp
  applications, making the intranet a reality.

• DNS and DHCP services were also included in this
  version.
                  NetWare 5.0
• With this version, Novell introduced Pure IP, a real,
  much more generic TCP/IP protocol stack for NetWare
  products. This made NetWare a more attractive
  commodity because now administrators only needed to
  run one protocol on the network (TCP/IP) and all clients
  and servers could talk to each other.
• Additional features of this version include:
   – Long file name support by default
   – ConsoleOne, a Java-based management utility
   – Network Address Translation (NAT)
   – NetWare Distributed Print Services (NDPS)
                NetWare 5.1

• This version did not make major changes to the
  NOS or to NDS.

• One new option that was added was the NetWare
  Management Portal, which allows browser-based
  management of the NDS and resources.
                 NetWare 6.0
• Novell has taken NetWare 6.0 into the global market
  with several new features and tools.
• The eDirectory is a stand-alone, cross-platform
  directory service that is the foundation for a global
  directory service.
• iPrint and iFolder support the anytime, anywhere
  user access to NetWare resources.
• DNS/DHCP now have Web-based management
  utilities that only require a browser interface and no
  longer require specific client software.
                        Security
• Novell uses four levels of security: login, rights, attribute,
   and file server.
• Login security pertains to the password policies required
   by the business operation.
• Rights security is used to control access to files and
   directories. The file and directory rights include:
       • Supervisor
       • Write
       • File Scan
       • Read
       • Create
       • Modify
       • Erase
       • Access Control
(continued)
                        Security
                       (continued)
• Novell uses a philosophy that says users shouldn’t have
  access to a resource until they are given that access.
• Rights in NetWare file systems are inherited.
   – Rights will flow down the directory and file tree until
     they are stopped or until they have reached a terminal
     file.
• Attribute security supersedes any file and directory
  rights.
   – Attributes are special settings that control what can
     be done with the file or directory.
• File server security refers to the physical safety of the file
  servers.
   – Physical safety includes preventing access by
     unauthorized people as well as climate control and
     availability of proper fire extinguishers.
                    Windows
• The Windows family of operating systems dates back to
  1990, when Windows 3.0 was released as a desktop
  operating system.
• Enhancements to the product include Windows 3.1,
  3.11, Windows 95, Windows 98, Windows ME, the
  development of the NT products, Windows 2000, and
  Windows XP.
• Microsoft was also developing the server products
  through the development cycle of the workstation
  products.
• Windows NT server (version 3.1) was first released in
  1993, followed closely by NT 3.5 and NT 3.51.
• In 1996, NT 4.0 was released, followed by Windows
  2000 server.
                     NT 4.0
• NT 4.0 stabilized the NT product.
• It enhanced the domain environment from earlier
  products
• NT uses a master domain model in which one
  domain maintains user accounts, and one server,
  the primary domain controller (PDC), holds the only
  read-write copy of the domain database.
• Backup domain controllers (BDCs) store a read-only
  copy of the database and they get their updates
  from the PDC.

(continued)
                       NT4.0
                     (continued)

• NT 4.0 is a full 32-bit operating system.

• Applications running in 32-bit are maintained in a
  memory space that is separate from any other 32-bit
  application. If one 32-bit application fails, the others
  stay up and running, but the administrator can shut
  down just the offending application.


(continued)
                       NT 4.0
                      (continued)
• Microsoft tools for Novell include:
      • Client Services for NetWare (CSNW)
      • Gateway Services for NetWare (GSNW)
   – GSNW, loaded at the NT 4.0 server, allows NetWare
     resources be accessed as if they were part of the NT
     server.
• Through service packs and option packs, new features
  and tools are added to the NT 4.0 operating system.
   – Option Pack 4 added a stable Web and FTP server
     product to NT, a Web server management utility
     called Site Server Express, and the Certificate Server
     product to support advanced security.
 Windows 2000/Active Directory
       Services (ADS)
• Windows 2000 and the Active Directory Services
  (ADS) conform to the X.500 standards for directory
  services environments.
• ADS uses the domain name system naming
  convention to uniquely identify objects within the
  ADS.
• ADS distributes the information about objects in the
  database across multiple AD servers. This provides
  fault tolerance for the database, and makes this
  model a multimaster system (no one server is in
  charge).
(continued)
 Windows 2000/Active Directory
    Services (ADS) (continued)
• The objects used by ADS include the domain, the
  tree, the forest, and the organizational unit.

• The domain is a security boundary because the
  password policy affects all objects in the domain, but
  not outside the domain. The password policy is set
  at the domain level and will be applied to all objects
  regardless of their organizational unit membership.

(continued)
 Windows 2000/Active Directory
    Services (ADS) (continued)
• A tree is a set of domains that share a contiguous
  name space.
• A forest is a set of trees that share the same
  schema for the database.
• Some of the new features of Windows 2000,
  besides the Active Directory, include enhanced
  installation services, Dynamic DNS to support the
  Active Directory, encryption of files at the storage
  point, the MMC, and enhanced routing and remote
  access services.
                    Security
• Security in Windows 2000 is managed at two levels:
  Group policy settings and file and folder security.

• Group Policy can be applied at the site, domain, or
  organizational unit level.

• Group Policy does not “tattoo” the registry of the
  machine. Rather, the settings are session-specific
  and can be refreshed if there is a policy change
  during a session.
   File and Folder Permissions
• Windows 2000 uses NTFS permissions at the folder
  or file level to give access to resources. The
  permissions available for folders include:
      •   Full Control
      •   Modify
      •   Read and Execute
      •   List Folder Contents
      •   Read
      •   Write
• File permissions include:
      •   Full Control
      •   Modify
      •   Read and Execute
      •   Read
      •   Write
      Permission Management
• NTFS permissions apply when the user is sitting at the
  resource (the local machine) and accessing resources.
• When users access resources across the network, share
  permissions are assigned and combined with the NTFS
  permissions for the effective permissions to the
  resource. Share permissions are:
       • Full Control
       • Read
       • Change
• Each NTFS and share permission has both an “allow”
  and a “deny” option.
• Auditing allows the administrator to keep track of access
  to resources.
                   Macintosh
• The history of the Macintosh goes back to 1983
  when the Lisa computer and LisaDesk operating
  system were released.
• The Macintosh operating system is a very user-
  friendly OS that is used by artists, graphic artists,
  and the education community.
• The most recent version of the operating system is
  Mac OS X. Apple integrated a UNIX-based kernel in
  this recent version.

(continued)
                 Macintosh
                   (continued)

• Mac computers and the operating system function
  with both the AppleTalk protocol and TCP/IP,
  making them able to coexist on a network.

• Many network operating systems include software
  add-ins or clients to allow Macintosh machines to
  communicate with and use resources from NetWare
  and Windows servers.

(continued)
                   Macintosh
                     (continued)
• The Mac environment does not support a classic
  server element, but does have server services for
  the sharing of resources among the network users.

• Security for the Mac includes local user account
  security.

• Non-critical services are turned off by default with
  the Mac OS, thus preventing accidental weak
  portals into the network.

								
To top