460 likes | 583 Vues
Chapter 10 Networking With Windows. Market Leader GUI “Tools in the Box” Support. History 1985 – MS Net 1993 – NT 3.1 1995 – NT 3.51 1996 – NT 4.0 2000 – Win 2000 2003 – Server 2003 Longhorn Blackcomb. Why Microsoft. Goals.
E N D
Market Leader GUI “Tools in the Box” Support History 1985 – MS Net 1993 – NT 3.1 1995 – NT 3.51 1996 – NT 4.0 2000 – Win 2000 2003 – Server 2003 Longhorn Blackcomb Why Microsoft
Goals • To ensure that network resources such as files, folders, and printers are available to users • To secure the network so that available resources are only accessible to users who have been granted the proper permissions
Windows Server 2003 Editions • Multiple versions of Windows Server 2003 exist • Each version is defined to meet the need of a certain market segment • Versions Include: • Standard Edition • Enterprise Edition • Datacenter Edition • Web Edition
Standard Edition • Designed for everyday needs of small to mediumbusinesses or as a departmental server for larger organizations • Provides file and print services, secure Internet connectivity, centralized management of network resources • Logical upgrade path for Windows 2000 Server • Can be used as a domain controller, member server, or standalone server
Enterprise Edition • Generally used for medium to large businesses • Designed for organizations that require better performance, reliability, and availability than Standard Edition provides • Provides support for mission-critical applications • Available in both 32 and 64-bit editions
Datacenter Edition • Designed for mission-critical applications, very large databases, and information access that requires the highest levels of availability • Can only be obtained from Original Equipment Manufacturers (OEMs)
Web Edition • Lower-cost edition • Designed for hosting and deploying Web services and applications • Meant for small to large companies or departments that develop and/or deploy Web services • Can only be obtained from Original Equipment Manufacturers (OEMs)
Two Different Operating Modes User Mode OS/2 Application Win32Application Virtual DOSMachine (VDM) POSIX Application LogonProcess Win32Subsystem OS/2 Subsystem POSIX Subsystem SecuritySubsystem Kernel Mode Executive Services
Apps Apps The Intel Memory Model Kernel Mode • Win2K Operating System Executive Services always operate in Ring 0 • Executive Services cannot be paged out to Virtual Memory (Hard Disk) • User Mode Applications run through Application Programming Interfaces (API’s) to request services from Executive Services Executive ServicesRing 0 Ring 1 Ring 2 Ring 3 User Mode
Architectural Layers • User mode • Processes protected by the OS • No direct access to hardware • Kernel mode • Processes protected by the CPU • Direct access all hardware and memory
User Mode • Environment subsystems • Provides API’s for • CSRSS.EXE - Windows 32bit Applications • OS/2 – DOS 16bit Applications • Unix compatible Applications • Integral subsystems • Security • Tracking user rights and permissions • Login authentication
Kernel Mode • Executive • Manages all I/O • Communications between clients and servers • LPC – Local Procedure Call • RPC – Remote Procedure Call • VMM • Hardware Abstraction Layer (HAL) • Library of hardware routines • Makes OS portable • Kernel-mode drivers • Device drivers programs that control devices • WDM - Windows Driver Model • Support of Windows 98/ME
The FAT File System • File Allocation Table (FAT) • File location and Attributes • Two copies of the FAT are stored on the volume. • FAT16 • DOS thru Windows Server 2003 • FAT32 (VFAT) • Windows 95 OSR2 and above • You can move or copy files between FAT and NTFS volumes.
The FAT16 File System • Supports up to 2TB • Limited to 4 partitions • 4 primary or • 3 primary and 1 extended • Limited to 4Gb • Maximum file size 2GB • Short file names 8.3
Structure FAT16 Disk • Basically the directory • Name • Attribute • Create data • Modified data • Starting Cluster • File size
FAT32 (VFAT) • FAT32 supports partitions larger than those handled by FAT16. • 2047 GB theoretical • Win2K+ limit 32GB • Maximum file size 4 GB • Supports long file names – 255 characters
NTFS • Supported by Windows NT and above • Partition size up to 2TB • Supports up 264 bytes - 16 exabytes • Maximum file size limited by volume size • Supports long file names – 255 characters • Compression • Encryption • Enhanced Security • Journaling
Introduction to NTFS • Should try to format Windows 2000 partitions with NTFS • Guarantees the consistency of the volume by using standard transaction logging and recovery techniques • Supports all Windows 2000 operating system features • Allows you to set local permissions on files and folders that specify which groups and users have access to them
CD and DVD Support • CD‑ROM File System (CDFS) • Uppercase 32 character names • 8 level directory tree • Universal Disk Format (UDF) • Logical/Physical sector size same for entire volume • Block size should be set to logical sector size • Physical sector size same for all media in volume set • DVD support
Basic vs Dynamic • Basic storage • Industry standard • Contains partitions, extended partitions, & logical drives • Default for new disk added to Win2k • Backward compatible with WinNT • Dynamic storage • Win2K feature • Single partition includes entire disk • Disk is divided into volumes • May span multiple physical disks • Can resize as needed • Upgrade a basic disk to a dynamic disk
Windows Networking Concepts • Two different security models used in Windows environments • Workgroup • Domain • Three roles for a Windows Server 2003 system in a network • Standalone server • Member server • Domain controller
Workgroups • A workgroup is a logical group of computers • Characterized by a decentralized security and and administration model • Authentication provided by a local account database – Security Accounts Manager (SAM) • Limitations • Users need unique accounts on each workstation • Users manage their own accounts (security issues) • Not very scalable
Workgroups (cont) • Peer to Peer connections emphasized • Each machine must have a user database • Machines can connect in the network without security if “Guest” Account active without password.
Domains • Must have at least one Win2000 Server to define domain. • Centralized Administration of Accounts & Security • One Account, One Logon, One Password • Domain not reliant on physical factors • One security policy for entire domain
Domains (cont) • Computers join domains, not users • Each computer continues to maintain it’s own database. • Domain Administrator automatically local admin.
Differences between Domains • Windows NT 4.0 Servers • Must have a “Master” computer acting as the Primary Domain Controller • Can have secondary computers acting as Backup Domain Controllers • Once Server is established as a Domain Controller, it cannot be shifted to another Domain • Domains are limited to 40,000 entries (i.e. Users, Groups, etc.)
Differences between Domains • Windows 2000+ Servers • Domain controller(s) maintain the Active Directory data store • Domain controllers can shift between domains • Windows 2000 Domains do not have the limitation on entries that NT 4.0 Domains experience.
Domains • A domain is a logical group of computers • Characterized by centralized authentication and administration • Authentication provided through centralized Active Directory • Active Directory database can be physically distributed across domain controllers • Requires at least one system configured as a domain controller
Member Servers • A member server • Has an account in a domain • Is notconfigured as a domain controller • Typically used for file, print, application, and host network services • All 4 Windows Server 2003 Editions can be configured as member servers
Windows Networking Concepts • Two different security models used in Windows environments • Workgroup • Domain • Three roles for a Windows Server 2003 system in a network • Standalone server • Member server • Domain controller
Domain Controllers • Explicitly configured to store a copy of Active Directory • Service user authentication requests • Service queries about domain objects • May be a dedicated server but is not required to be
Windows NT • Primary Domain Controller (PDC) • Read/Write copy of SAM • Backup Domain Controller (BDC) • Read only replica copy of SAM • Trust relationships explicitly setup • Not transitive
NT — Domains • NT uses the concept of a domain to manage global access rights within groups. • A domain is a group of machines running NT server that share a common security policy and user database. • NT provides four domain models to manage multiple domains within a single organization. • Single domain model, domains are isolated. • Master domain model, one of the domains is designated the master domain. • Multiple master domain model, there is more than one master domain, and they all trust each other. • Multiple trust model, there is no master domain. All domains manage their own users, but they also all trust each other.
Single domain model • Simplest Windows NT domain model • One domain that services every user and resource
Master domain model • Uses a single domain to exert control over user account information • Separate resource domains manage resources such as networked printers
What’s Next Active Directory