Networking and Servers

UNIT 1
Myicon.ico
1. INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Definition of Computer Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2. Components of Data communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3. Types of computer networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.1. Local Area Networks (LANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.2. Metropolitan Area Network (MAN) . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.3. Wide Area Network (WAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.4. Virtual Private Network (VPN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.4.1. Protocols used in VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3.4.2. Internet-based VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3.4.3. Intranet-based VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3.5. Personal Area Network (PAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2. NETWORKING DEVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1. Repeater . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2. Hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.1.1. Passive Hubs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1.2. Active Hubs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 9 2.1.3. Intelligent Hubs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3. Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.4. Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.5. Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.6. Network Interface Card (Ethernet) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 12 2.7. Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.8. VoIP (Voice over Internet Protocol) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.8.1. Types of VoIP Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.9. Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 14 2.10. Connectors RJ 45 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 15 2.11. Direction of transmission or Data Flow . . . . . . . . . . . . . . . . . . . . . . . . .. 16 2.11.1. Simplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.11.2. Half-Duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.11.3. Full-Duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3. TRANSMISSION MEDIUM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.1. Unguided Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.2. Guided Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.3. Twisted-Pair Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.3.1. UTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3.2. STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.4. Coaxial cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.5. Optical Fiber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.6. Comparison of Different mode of Optical Fibers . . . . . . . . . . . . . . . . . . . 21
SANDEEP, MITHILESH , SYEDUL , RABI KANT
http://san24mca.blogspot.com/
4. TRANSMISSION IMPAIRMENT.. 22 4.1. Attenuation... 22 4.2. Distortion.. 22 4.3. Noise......... 23 4.3.1. Signal-to-Noise Ratio (SNR).... 23 4.3.2. Throughput.... 23 5. ACCESS POINT............................. 24 5.1 What is Wi-Fi?...............................................................................24 5.2 Types of Access Points..25 5.2.1 Motorola AP-5131..26 5.3 AP-5131 Configuration..28 6. SWITCH..35 6.1 TYPE OF SWITCHES ..35 6.1.1 Two-Layer Switches....35 6.1.2 Three-Layer Switches..36 6.2 LAN Switch Mechanism and Its Advantages37 6.3 VLAN.....37 6.3.1 Advantages of VLANs...38 6.3.2 Types of VLANs.38 7. NETWORK TOPOLOGY..39 7.1 Star Topology 39 7.2 Ring Topology ...40 7.3 Bus Topology 41 7.4 Mesh Topology .. 41 7.5 Tree Topology ...42 7.6 Hybrid Topology ...43 8. OSI REFERENCE MODEL44 8.1 Physical Layer ...45 8.2 Data Link Layer 46 8.3 Network Layer ..47 8.4 Transport Layer .47 8.5 Session Layer 48 8.6 Presentation Layer 48 8.7 Application layer ...49 9. FIREWALL.50 9.1 How Does Firewall Management Work?.......................................50 9.2 Firewall techniques50 9.2.1 Packet filtering firewall..50 9.2.2 Stateful firewall..51
SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
9.2.3 Deep packet inspection firewall..51 9.2.4 Application-aware firewall..51 9.2.5 Application proxy firewall..51 9.3 Firewall Rules.52 9.4 Types of Firewall52 9.4.1 Software firewall.52 9.4.2 Hardware firewall..53 9.5 The Advantages and Disadvantages of Firewall .. 53 9.5.1 Advantages .53 9.5.2 Disadvantages .54 10. UTM..55 10.1 How UTM secures the network55 10.2 Advantages ..56 10.3 Features56 10.4UTM Appliance Benefits..............................................................56 11. PROTOCOL...57 11.1 FTP [File Transfer Protocol]57 11.1.1 Anonymous FTP58 11.1.2 How FTP Works?..........................................................58 11.2 TELNET [TErminaL NETwork]..58 11.3 Simple Mail Transfer Protocol (SMTP)......................... .............59 11.4 POP3.61
3
UNIT -2
1.WEB SERVER .65 1.1 IIS...65 1.1.1 Installation...66 1.1.2 Security Features.70 1.2 Apache Web Server ..70 1.2.1 Features ..71 1.2.2 Use...71 2. TEMINAL SERVER72 2.1Terminal Services Architecture .72 2.1.1 Multi-user kernel ...72 2.1.2 Remote Desktop client 72 2.1.3 Terminal Services licensing service...72 2.1.4 Session Directory Services.72 2.2 Components73 2.3 Installation & Configuration Terminal Services75 2.4 How to connect client with Terminal server.82 2.5 Advantages.83 3. WINDOWS SERVER UPDATE SERVICES (WSUS)..84 3.1 Installation .84 3.1.1 Software Requirements .. 84 3.1.2 Minimum Hardware Requirements ...84 3.1.3 Installation Steps85 3.2 Configuring the network87 3.3 To specify the way this server will obtain updates87 3.4 Start WSUS87 3.4.1 Configure updates and synchronization.87 3.4.2 Configure client updates.88 4.BLADE SERVER.89 4.1 Need Of Blade Server.89 4.2 Features .89 4.2.1 Virtualization.89 4.2.2 Hot Swapping.90 4.2.3 Power..90 4.2.4 Cooling ..90 4.2.5 Storage90 4.2.6 LED Indicators...90 4.3 Specification...91 4.4 Components Of Blade Server.91 4.4.1.Chassis92 4.4.2 Management server 92 4.4.3 SAN & KVM. 92 4.5 RAID..93
4.5.1. Advantages And Disadvantages Of Raid.94 4.6 Configuration. 954.6.1. Using the Configuration /Setup Utility program....95 4.6.2. Using the PXE boot agent utility program ....97
4.7 Configuring The Gigabit Ethernet Controllers .97
4.8. Blade Server Advantages And Disadvantages.........98 4.8.1. Advantages........98 4.8.2. Disadvantages........99 5. DHCP Server...100 5.1 Installing DHCP Server is very easy in win server 2003.101 5.2 Configuring DHCP...110 5.3 Advantages and Disadvantages ...112
UNIT 1 NETWORKING
1. INTRODUCTION
A network is a set of machines/devices (often referred to as nodes) connected by communication links to communicate with each other. A node can be a computer, printer, or any other device capable of sending and/or receiving data generated by other nodes on the network.
Two machines may be directly connected, or can communicate through other machines Some machines are sources and destinations of data. Some devices do not generate data, but facilitate in the transfer (ex. a router) Networks are an interconnection of two or more computers such that they can share resources and information. These computers can be linked together using a wide variety of Cables, or telephone, or through satellites.
1.1 Definition of Computer Network

A computer network is an interconnected collection of autonomous computers.

Two computer are interconnected if they are able to exchange information Two computers are autonomous if they are capable of operating independently, that is, neither is capable of forcibly starting, stopping, or controlling the other.
1.2 Components communication
of
Data
A data communications system has five components.
1. Message : The message is the information (data) to be communicated. Popular 2. 3. 4. SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
5.
form of information includes text, numbers, pictures, audio, and video. Sender : The sender is the device that sends the data message. It can be a computer, workstation, telephone handset, video camera, and so on. Receiver : The receiver is the device that receives the message. It can be a computer, workstation, telephone handset, video camera, and so on. Transmission medium : The transmission medium is the physical path by which a message travels from sender to receiver. Example of Transmission media include twisted pair wire, coaxial cable, fiber-optic cable, and radio waves. Protocol : A protocol is a set of rules that govern data communications. It
represents an agreement between the communicating devices. Without a protocol, two devices may be connected but not communicating, just as a person speaking French cannot be understood by a person who speaks only Japanese.
1.3 Types of computer networks

1.3.1 Local Area Networks (LANs) : The computers are geographically close together (that is, in the same building). It confined to a single building or group of building, Home, Office Building Or School or University (KIIT). It is Either Wired or
wireless media. Wireless LANs are the newest evolution in LAN technology.LAN size is limited to a few kilometers. 1.3.2 Metropolitan Area Network (MAN) : A metropolitan area network (MAN) is a network with a size between a LAN and a WAN. It covers the area inside a town or city. It consists of multiple LANs. It is larger than local-area networks (LANs) but smaller than wide-area networks (WANs). It is characterized by very high-speed connections using fiber optical cable or other digital media. Example- Telephone company network and cable TV network 1.3.3 Wide Area Network (WAN) : A wide area network (WAN) provides longdistance transmission of data, image, audio, and video information over large geographic areas thats may comprise a country, a continent, or even the whole world. It covers a large Geographical area (Kilometers).It consists of two or more LANs.
1.3.4 Virtual Private Network (VPN) : A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions, and government agencies use VPN technology to enable remote users to securely connect to a private network. A VPN can connect multiple sites over a large distance just like a Wide Area Network (WAN). VPNs are often used to extend intranets worldwide to disseminate information and news to a wide user base. Educational institutions use VPNs to connect campuses that can be distributed across the country or around the world. In order to gain access to the private network, a user must be authenticated using a unique identification and a password. An authentication token is often used to gain access to a private network through a personal identification number (PIN) that a user must enter. The PIN is a unique authentication code that changes according to a specific frequency, usually every 30 seconds or so. 1.3.4.1 Protocols used in VPN : There are a number of VPN protocols in use that secure the transport of data traffic over a public network infrastructure. Each protocol varies slightly in the way that data is kept secure. IP security (IPSec) is used to secure communications over the Internet. IPSec traffic can use either transport mode or tunneling to encrypt data traffic in a VPN. The difference between the two modes is that transport mode encrypts only the message
within the data packet (also known as the payload) while tunneling encrypts the entire data packet. IPSec is often referred to as a "security overlay" because of its use as a security layer for other protocols. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) use cryptography to secure communications over the Internet. Both protocols use a "handshake" method of authentication that involves a negotiation of network parameters between the client and server machines. To successfully initiate a connection, an authentication process involving certificates is used. Certificates are cryptographic keys that are stored on both the server and client. Point-To-Point Tunneling Protocol (PPTP) is another tunneling protocol used to connect a remote client to a private server over the Internet. PPTP is one of the most widely used VPN protocols because of it's straightforward configuration and maintenance and also because it is included with the Windows operating system. Layer 2 Tunneling Protocol (L2TP) is a protocol used to tunnel data communications traffic between two sites over the Internet. L2TP is often used in tandem with IPSec (which acts as a security layer) to secure the transfer of L2TP data packets over the Internet. Unlike PPTP, a VPN implementation using L2TP/IPSec requires a shared key or the use of certificates. Typical VPN connections are either Internet-based or intranet-based.
1.3.4.2 Internet-based VPNs : By using an Internet-based VPN connection, you can avoid long-distance and 1-800 telephone charges while taking advantage of the global availability of the Internet.
1.3.4.3 Intranet-based VPNs : The intranet-based VPN connection takes advantage of IP connectivity on an organization intranet.
Advantage:1. 2. 3. 4. 5. 6.
Cost Saving Improved Scalability Improved Security Better Performance Flexibility and Reliability Greater Access to mobile user
Disadvantage:1. Less Bandwidth than Dedicated Line 2. Lack of Security 1.3.5 Personal Area Network (PAN) :
Personal devices of one individual: His/her PC, laptop, cell phone, PDA To allow devices to communicate and work together. To permit devices to become smarter: spontaneously, network and work together. PANs feasibility is growing with improvement of wireless technology:
Bluetooth enabling devices to communicate automatically and wirelessly when they are in range. PANs can keep portable devices synchronized with a desktop PC. E-clothing products (Jacket) equipped with a battery pack and devices.
10
2. NETWORKING DEVICES
Computer network devices also known as communication devices and they constitute a data communication network. Network components and devices are the physical entities connected to a network. There are many types of network devices and increasing daily. The basic network devices are: Computers either a PC or a Server, Hubs, Switches, Bridges, Routers, Gateways, Network interface cards (NICs), Wireless access points (WAPs), Printers and Modems. In an Ethernet or WAN network, the data communication cannot be performed without these devices. Network devices are components used to connect computers or other electronic devices together so that they can share files or resources like printers or fax machines. A full list of Computer networking devices is units that mediate data in a computer network. Computer networking devices are also called network equipment, Intermediate Systems (IS) or Interworking Unit (IWU). Units which are the last receiver or generate data are called hosts or data terminal equipment. These devices are broken into two classifications.

11
End User Devices : Include computers, printers, scanners, and other devices that provide services directly to the user. Network devices : Include all devices that connect the end-user devices to allow them to communicate.
End user devices that provide users with a connection to the network are also called hosts. These devices allow users to share, create, and obtain information. Host devices can exist without a network, but without a network, host capabilities are greatly reduced. Host devices are physically connected to the network media using a network interface card (NIC). They use this connection to perform the tasks of sending e-mails, printing reports, scanning pictures, or accessing databases.
2.1 Repeater
Repeaters are networking devices that exist at Layer 1, the Physical layer, of the OSI reference model. To understand how a repeater works, it is important to understand that as data leaves a source and goes out over the network, it is transformed into either electrical or light pulses that pass along the networking medium. These pulses are called signals. When signals leave a transmitting station, they are clean and easily recognizable. A network repeater is a device used to expand the boundaries of a wired or wireless (WiFi) local area network (LAN).
Repeaters are relatively simple pieces of equipment consisting of an antenna, duplexer, receiver and transmitter. The reason that repeaters are needed is because a radio's power is limited by its antenna size. The purpose of a repeater is to regenerate incoming electrical, wireless or optical signals that are weaker signals and then broadcast it. With physical media like Ethernet or Wi-Fi, data transmissions can only span a limited distance before the quality of the signal degrades. Repeaters attempt to preserve signal integrity and extend the distance over which data can safely travel.
12
Repeater is to retime network signals at bit level, allowing them to travel a longer distance on the medium. The term repeater originally meant a single port in device and a single port out device. Today multiple-port repeaters also exist. Repeaters are classified as layer 1 devices in the OSI model because they act only on the bit level and look at no other information.
2.2 Hub
The central connecting device in a computer network is known as a hub. A USB hub is a device that expands a single USB port into several so that there are more ports available to connect devices to a host system. Every computer is directly connected with the hub. When data packets arrives at hub, it broadcast them to all the LAN cards in a network and the destined recipient picks them and all other computers discard the data packets. Hub has five, eight, sixteen and more ports and one port is known as uplink port. Here are three types of network hubs: Passive Hubs, Active Hubs and Intelligent Hubs. 2.2.1 Passive Hubs : One of the types of a network hub is the so-called passive hub. It's a pass-through that does not do anything more than just broadcast signals it receives through its input port, then sends it out through the output port. It does not do anything to regenerate or process the signals because it only functions as a connector of different wires in a topology. 2.2.2 Active Hubs : An active hub works more than just a connector but also regenerates the data bits to ensure the signals are strong. Another name for an active hub is a multiport repeater. It provides an active participation in the network aside from acting as an interface. It participates in the data communication, such as storing signals received through the input ports, before forwarding them. It can monitor the data it is forwarding and sometimes help improve signals before forwarding them to other connections. Such a feature makes troubleshooting of network problems easier. 2.2.3 Intelligent Hubs : An intelligent hub can perform everything that the passive hub and active hub do, and help manage the network resources effectively to ensure that the performance of the network is highly efficient. An intelligent hub can help in troubleshooting by pinpointing the actual location of the problem and help identify the root cause and resolution. It is very adaptable to different technologies without any need to change its configuration. The intelligent hub performs different functions such as bridging, routing, and switching and network management. Hubs are considered Layer 1 devices because they only regenerate the signal and repeat it out all their ports (network connections). Hubs amplify signals and propagate signals through the network. Hubs do not require filtering and path determination or switching.
13
2.3Bridge
The bridges used in computer networking are not like your typical bridge. A bridge device filters data traffic at a network boundary. Bridges serve a similar function as switches. Bridges reduce the amount of traffic on a LAN by dividing it into two segments. A bridge works on the principle that each network node has its own address. A bridge forwards the packets based on the address of the particular destination node. Bridges operate at the data link layer (Layer 2) of the OSI model, which means the bridge cannot read IP addresses, but only the outermost hardware address of the packet. In our case the bridge can read the Ethernet data which gives the hardware address of the destination address, not the IP address. The hardware address is also called the MAC (media access control) address. Bridges inspect incoming traffic and decide whether to forward or discard it. To determine the network segment a MAC address belongs to, bridges use one of:
Transparent Bridging - They build a table of addresses (bridging table) as they receive packets. If the address is not in the bridging table, the packet is forwarded to all segments other than the one it came from. This type of bridge is used on Ethernet networks. Source route bridging - The source computer provides path information inside the packet. This is used on Token Ring networks.
Bridges can be used to: Expand the distance of a segment. Provide for an increased number of computers on the network. Reduce traffic bottlenecks resulting from an excessive number of attached computers.
2.4 Switch
A network switch or switching hub is a computer networking device that connects network segments. Switch is multi-port device. A networking switch runs in full-duplex mode, meaning a machine on the LAN can receive and transmit data simultaneously. This is much faster than a networking hub. In the Open
14
Systems Interconnection (OSI) communications model, a switch performs the layer2 or Data-Link-Link function. Some newer switches also perform routing functions (layer3 or the Network layer functions in OSI) and are sometimes called IP switches. A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). Switch provides similar functions as a hub or a bridge but has more advanced features that can temporarily connect any two ports together. It contains a switch matrix or switch fabric that can rapidly connect and disconnect ports. Unlike Hub, a switch only forward frame from one port to the other port where the destination node is connected without broadcast to all other ports.
2.5 Router
In an environment consisting of several network segments with different protocols and architecture, a bridge may not be adequate for ensuring fast communication among all of the segments. A complex network needs a device, which not only knows the address of each segment, but also can determine the best path for sending data and filtering broadcast traffic to the local segment. Such device is called a Router. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called routing, which is somewhat like switching, but a router is different from a switch. Routers work at the Network layer of the OSI model meaning that the Routers can switch and route packets across multiple networks. They do this by exchanging protocol-specific information between separate networks. Routers have access to more information in packets than bridges, and use this information to improve packet deliveries. Routers are usually used in a complex network situation because they provide better traffic management than bridges and do not pass broadcast traffic. Routers can share status and routing information with one another and use this information to bypass slow or malfunctioning connections. When data packets are transmitted over a network (say the Internet), they move through many routers (because they pass through many networks) in their journey from the source machine to the destination machine. Routers work with IP packets, meaning that it works at the level of the IP protocol. Each router keeps information about its neighbors (other routers in the same or other networks). This information includes the IP address and the cost, which is in terms of time, delay and other network considerations. This information is kept in a routing table, found in all routers. Routers do not look at the destination node address; they only look at the network address. Routers will only pass the information if the network address is
15
known. This ability to control the data passing through the router reduces the amount of traffic between networks and allows routers to use these links more efficiently than bridges . Unlike bridges and switches, which use the hardware-configured MAC address to determine the destination of the data, routers use the logic network address such as IP address to make decisions.
2.6 Network Interface Card (Ethernet)

Network interface cards (NICs) are installed in a computer to allow it to communicate with a network. They provide a transparent interface between the network and the computer. An Ethernet network interface card is installed in an available slot inside the computer. The NIC assigns a unique address called a MAC (media access control) to the machine. The MACs on the network are used to direct traffic between the computers. The back plate of the network interface card features a port that looks similar to a phone jack, but is slightly larger. This port accommodates an Ethernet cable, which resembles a thicker version of a standard telephone line. Ethernet cable must run from each network interface card to a central hub or switch. The hub or switch acts like a relay, passing information between computers using the MAC addresses and allowing resources like printers and scanners to be shared along with data. NICs come in many shapes and sizes. They can be installed internally or externally, although an internal installation is more likely. The picture illustrates an internally installed combo (more than one type of connection) card. This card is somewhat unusual in that it supports three connections:

The upper connection is an RJ45 female for UTP media. The middle connection is a BNC connector for thin coaxial media. The lower connection is a DB-15 connector for a thick Ethernet viper tap.
In order for a NIC to operate effectively, it must be able to carry out its interface tasks with minimum disruption to the CPU of the computer in which it is installed. Four methods of NIC to computer data transfer are used:
Bus mastering DMA (direct memory access): Data enters the NIC from the network. The NIC's own CPU stores data in the NIC's RAM. NIC's CPU sends data to computer's motherboard when the network transmission is complete.
16
The computer's CPU is not interrupted - the NIC's CPU has ultimate responsibility for data transfer.
DMA: Data enters the NIC from the network. The NIC's CPU interrupts the computer's CPU. The computer's CPU stops other tasks and transfers the network data into its RAM.
Programmed I/O (input/output): Data enters the NIC from the network. The NIC's CPU loads the network data into a motherboard I/O address. The computer's CPU checks the I/O address for any network data. If there is any data, the computer's CPU transfers the data to its RAM.
Shared memory: Data enters the NIC from the network. The NIC's CPU stores the data in the NIC's RAM. The NIC's CPU interrupts the computer's CPU. The computer's CPU stops other tasks and transfers the network data into its RAM.
2.7 Modem
A modem (modulatordemodulator) is a device that modulates an analog carrier signal to encode digital information, and also demodulates such a carrier signal to decode the transmitted information. The goal is to produce a signal that can be transmitted easily and decoded to reproduce the original digital data. Modems can be used over any means of transmitting analog signals, from driven diodes to radio. The most familiar example is a voice band modem that turns the digital data of a personal computer into analog audio signals that can be transmitted over a telephone line. Modems are generally classified by the amount of data they can send in a given time, normally measured in bits per second (bit/s, or bps). They can also be classified by Baud, the number of times the modem changes its signal state per second. Asymmetric Digital Subscriber Line (ADSL) is one form of the Digital Subscriber Line technology, a data communications technology that enables faster data transmission over copper telephone lines than a conventional voice band modem can provide. It does this by utilizing frequencies that are not used by a voice telephone call. Currently, most ADSL communication is full-duplex. Full-duplex ADSL communication is usually achieved on a wire pair by either frequency-division duplex (FDD), echo-cancelling duplex (ECD), or time-division duplex (TDD). With standard ADSL, the band from 26.000 KHz to 137.825 kHz is used for upstream communication, while 138 kHz 1104 kHz is used for downstream communication.
17
2.8 VoIP (Voice over Internet Protocol)

VoIP (Voice over Internet Protocol) is simply the transmission of voice traffic over IP-based networks. VoIP is a general term for a family of transmission technologies for delivery of voice communications over IP networks such as the internet or other packed switched networks. VoIP systems employ session control protocols to control the set-up and tear-down of calls as well as audio codec which encode speech allowing transmission over an IP network on digital audio via an audio stream. There are three methods of connecting to a VoIP network: Using a VoIP telephone Using a "normal" telephone with a VoIP adapter Using a computer with speakers and a microphone
2.8.1 Types of VoIP Calls

VoIP telephone calls can be placed either to other VoIP devices, or to normal telephones on the PSTN (Public Switched Telephone Network). Calls from a VoIP device to a PSTN device are commonly called "PC-toPhone" calls, even though the VoIP device may not be a PC. Calls from a VoIP device to another VoIP device are commonly called "PCto-PC" calls, even though neither device may be a PC.
2.9 Gateway
Gateways make communication possible between different architectures and environments. They repackage and convert data going from one environment to another so that each environment can understand the other's environment data. A gateway repackages information to match the requirements of the destination system. Gateways can change the format of a message so that it will conform to the application program at the receiving end of the transfer. A gateway links two systems that do not use the same: Communication protocols Data formatting structures Languages Architecture
For example, electronic mail gateways, such as X.400 gateway, receive messages in one format, and then translate it, and forward in X.400 format used by the receiver, and vice versa.
18
2.10 Connectors RJ 45
Registered Jack-45, an eight-wire connector used commonly to connect computers onto Local-area networks (LAN), especially Ethernets.
2.9.1 Configuring straight and cross patch cords: Straight connection: It is used in LAN End1 1. White(orange) 2. Orange 3. White(green) 4. Blue 5. White(Blue) 6. Green 7. White(Brown) 8. Brown
End 2 1. White(orange) 2. Orange 3. White(green) 4. Blue 5. White(Blue) 6. Green 7. White(Brown) 8. Brown
Cross connection: It is used in computer to computer data transform. End1 1.White(orange) 2.Orange 3.White(green) 4.Blue 5.White(Blue) 6.Green 7.White(Brown) End 2 1.White(Green) 2.Green 3.White(Orange) 4.Blue 5.White(Blue) 6.Orange 7.White(Brown) 8.Brown
19
8.Brown
2.11 Direction of transmission or Data Flow:

Communication between two devices can be simplex, half duplex, and full duplex.
20
2.11.1 Simplex In simplex mode, the communication is unidirectional, as on a one way street. Only one of the two devices on a link can transmit; the other can only receive. In other words, Simplex refers to one-way communications where one party is the transmitter and the other is the receiver. An example: simple radio, which you can receive data from stations but can't transmit data. Keyboards and Traditional Monitors are example of simplex devices. The keyboard can only introduce input; the monitor can only accept output.
2.11.2 Half-Duplex In half-duplex mode, each station can both transmit and receive, but not at the same time. When one device is sending, the other can only receive, and vice versa. It refers to two-way communications where only one party can transmit at a time. I.e. in both directions but one at a time. The entire capacity of a channel is taken over by whichever of the two devices is transmitting at the time. The half-duplex mode is used in cases where there is no need for communication in both directions at the same time. Example: a walkie-talkie and CB(citizen band)radios .
2.11.3 Full-Duplex Full-Duplex:-In full duplex mode, both stations can transmit and receive simultaneously. It refers to the transmission of data in two directions simultaneously. For example, a telephone conversation because both parties can talk and listen at the same time. In full duplex mode signals going in either direction share the capacity of the link. It can occur in two ways either two separate physical paths or the capacity of the channel is divided between signals traveling both directions.
21
3. TRANSMISSION MEDIUM
A transmission medium is a material substance (solid, liquid or gas) which can propagate energy waves. For example, the transmission medium for sound received by the ears is usually air, but solids and liquids may also act as transmission media for sound. In other word, the transmission medium is the physical path by which a message travels from sender to receiver. Example of Transmission media include twisted pair wire, coaxial cable, fiber-optic cable, and radio waves. The absence of a material medium (the vacuum of empty space) can also be thought of as a transmission medium for electromagnetic waves such as light and radio waves. Signals are usually transmitted over some transmission media that are broadly classified in to two categories:-
3.1 Unguided Media:

This is the wireless media that transport electromagnetic waves without using a physical conductor. Signals are broadcast through air. This is done through radio communication, satellite communication and cellular telephony.
3.2 Guided Media:

These are those that provide a conduit from one device to another that include twisted-pair, coaxial cable and fiber-optic cable. A signal traveling along any of these media is directed and is contained by the physical limits of the medium. Twisted-pair and coaxial cable use metallic that accept and transport signals in the form of electrical current. Optical fiber is a glass or plastic cable that accepts and transports signals in the form of light.
3.3 Twisted-Pair Cable :

A twisted pair consists of two conductors (normally copper), each with its own plastic insulation, twisted together, as shown in Figure.
One of the wires is used to carry signals to the receiver, and the other is used only as a ground reference. The receiver uses the difference between the two. In addition to the signal sent by the sender on one of the wires, interference (noise) and crosstalk may affect both wires and create unwanted signals. If the two wires are parallel, the effect of these unwanted signals is not the same in both wires because they are at different locations relative to the noise or crosstalk sources (e.g., one is closer and the other is farther). This results in a difference at the receiver. By twisting the pairs, a balance is maintained. Twisted-pair cable used in communications is categories in two different categories :
22
3.3.1 UTP The most common twisted-pair cable used in communications is referred to as unshielded twisted-pair (UTP).
3.3.2 STP IBM has also produced a version of twisted-pair cable for its use called shielded twisted-pair (STP). STP cable has a metal foil or braided-mesh covering that encases each pair of insulated conductors. Although metal casing improves the quality of cable by preventing the penetration of noise or crosstalk, it is bulkier and more expensive
3.4 Coaxial cable

Coaxial cable, or coax, is an electrical cable with an inner conductor surrounded by a flexible, tubular insulating layer, surrounded by a tubular conducting shield.
Coaxial cable is used as a transmission line for radio frequency signals, in applications such as connecting radio transmitters and receivers with their antennas, computer network (Internet) connections, and distributing cable television signals. One advantage of coax over other types of transmission line is that in an ideal coaxial cable the electromagnetic field carrying the signal exists only in the space between the inner and outer conductors. This allows coaxial cable runs to be installed next to metal objects such as gutters without the power losses that occur in other transmission lines, and provides protection of the signal from external electromagnetic interference.
23
3.5 Optical Fiber

An optical fiber cable is a cable containing one or more optical fibers. The optical fiber elements are typically individually coated with plastic layers and contained in a protective tube suitable for the environment where the cable will be deployed. Optical Fiber consists of thin glass fibers that can carry information at frequencies in the visible light spectrum and beyond.
The typical optical fiber consists of a very narrow strand of glass called the Core. A typical Core diameter is 62.5 microns (1 micron = 10-6 meters). Around the Core is a concentric layer of glass called the Cladding. Typically Cladding has a diameter of 125 microns .Coating the cladding is a protective coating consisting of plastic, it is called the Jacket. Its purpose is to provide protection for the cladding and core against such hazards as abrasion and moisture. There are 3 primary types of transmission modes using optical fiber: They are a) Step Mode Index b) Graded Mode Index c) Single Mode Index Step Mode Index has a large core the light rays tend to bounce around, reflecting off the cladding, inside the core. This causes some rays bounce back and forth taking a longer path. Some take the direct path with hardly one reflections taking shorted path.
The result is that the light rays arrive at the receiver at different times. The signal becomes longer than the original signal. Typical Core diameter is 62.5 microns and cladding diameter is 125 microns. LED light sources are used. Graded Mode Index has a gradual change in the Core's Refractive Index. This causes the light rays to be gradually bent back into the core path. This is
24
represented by a curved reflective path. The result is a better receive signal than Step Index. Typical Core diameter: 42.5 microns & cladding diameter 145.5 microns. LED light sources are used.
Single Mode Index has separate distinct Refractive Indexes for the cladding and core. The light ray passes through the core with relatively few reflections off the cladding. Single Mode is used for a single source of light (one color) operation. The core diameter is very small: 9 microns & cladding diameter is 177.5 microns. It requires a laser.
3.6 Comparison of Different mode of Optical Fibers:
25
4. TRANSMISSION IMPAIRMENT
Signals travel through transmission media, which are not perfect. The imperfection causes signal impairment. This means that the signal at the beginning of the medium is not the same as the signal at the end of the medium. What is sent is not what is received. Three causes of impairment are attenuation, distortion, and noise.
4.1 Attenuation
Attenuation means a loss of energy. When a signal, simple or composite, travels through a medium, it loses some of its energy in overcoming the resistance of the medium. To compensate for this loss, amplifiers are used to amplify the signal. Figure shows the effect of attenuation and amplification.
Decibel To show that a signal has lost or gained strength, engineers use the unit of the decibel. The decibel (dB) measures the relative strengths of two signals or one signal at two different points. Note that the decibel is negative if a signal is attenuated and positive if a signal is amplified. dB =10 log10 p2/p1
4.2 Distortion
Distortion means that the signal changes its form or shape. Distortion can occur in a composite signal made of different frequencies. Each signal component has its own propagation speed (see the next section) through a medium and, therefore, its own delay in arriving at the final destination. Differences in delay may create a difference in phase if the delay is not exactly the same as the period duration. In other words, signal components at the receiver have phases different from what they had at the sender. The shape of the composite signal is therefore not the same. Figure shows the effect of distortion on a composite signal.
26
4.3 Noise
Noise is another cause of impairment. Several types of noise, such as thermal noise, induced noise, crosstalk, and impulse noise, may corrupt the signal. Thermal noise is the random motion of electrons in a wire which creates an extra signal not originally sent by the transmitter. Induced noise comes from sources such as motors and appliances. These devices act as sending a antenna, and the transmission medium acts as the receiving antenna. Crosstalk is the effect of one wire on the other. One wire acts as a sending antenna and the other as the receiving antenna. Impulse noise is a spike (a signal with high energy in a very short time) that comes from power lines, lightning. Figure shows the effect of noise on a signal.
4.3.1 Signal-to-Noise Ratio (SNR)

As we will see later, to find the theoretical bit rate limit, we need to know the ratio of the signal power to the noise power. The signal-to-noise ratio is defined as SNR = average signal power/average noise power
SNR is actually the ratio of what is wanted (signal) to what is not wanted (noise). A high SNR means the signal is less corrupted by noise; a low SNR means the signal is more corrupted by noise. As SNR is the ratio of two powers, it is often described in decibel units, SNR dB , defined as 4.3.2 Throughput SNR cm =10 log10 SNR
27
The throughput is a measure of how fast can send data through a network. In other words, the bandwidth is a potential measurement of a link, the throughput is an actual measurement of how fast data can send.
5. ACCESS POINT
An access point is nothing but a router that releases IP. Access point gets its IP address range from the port address of the switch as port of switches are configured according to VLAN. Access points are configured and installed according o the signal location etc. They have 14 broadcasting channels of 22 MHz each and separated by 5 MHz guard band. If two devices come under same channel then they will establish path in a loop with each other. In this case they can communicate with each other only and not with any other device. All access points are connected to managed switch from where DHCP server is connected in data centre. From access points stations are connected. We can also configure access point as DHCP server. Access points can release up to a maximum of 60 IP addresses and it varies with the device. Access point devices can configure MAC address within itself. Access points are distinguished by SSID (Service Set Identifier) and we can have multiple SSID to allocate particular bandwidth. It also helps in managing access points. Access points are mainly used in Wi-Fi technology to transmit data to and from wireless clients.
5.1 What is Wi-Fi?

Wi-Fi stands for wireless fidelity. It is a wireless technology that uses radio frequency to transmit data through the air. Wi-Fi standards use the Ethernet protocol and CSMA/CD (Carrier Sense Multiple Access with Collision Detection) for path sharing. In short wi-fi is meant to be used generically when referring to any type of 802.11 networks. Access points are configured using the 802.11 standards. 802.11 refers to a family of specifications developed by IEEE for wireless LAN technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. There are several specifications in 802.11 family: 802.11a 802.11b 802.11e 802.11f 802.11g 802.11h 802.11i
28
802.11
The original WLAN standard. Supports 1Mbps to 2 Mbps. Spectrum 2.4 GHz. Layer 3 data rate 1.2Mbps. Transmission FHSS/DSSS. Limited bit rate but higher range. High speed WLAN standard for 5 GHz band spectrum. Supports 54 Mbps. Layer 3 data rate 33Mbps. Transmission through OFDM. Smallest range of all 802.11 standards but higher bit rate in less crowded spectrum. WLAN standard for 2.4 GHz band. Supports a maximum of 11 Mbps. Layer 3 data rate 6-7 Mbps. Transmission by DSSS. Compatible with 802.11 Widely deployed due to higher range but bit rate is too slow for many emerging applications. Address quality of service requirements for all IEEE WLAN radio interfaces. Defines inter-access point communications to facilitate multiple vendor-distributed WLAN networks. Establishes an additional modulation technique for 2.4 GHz band. Intended to provide speeds up to 54 Mbps. Layer 3 data rate is 32 Mbps. Transmission through OFDM. Compatible with 802.11 and 802.11b due to narrow spectrum. Includes much greater security. Defines spectrum management of 5 GHz band for use in Europe and Asia Pacific. Address the current security weakness for both authentication and encryption protocols. The standard encompasses 802.1X, TKIP, and AES protocols.
802.11a
802.11b
802.11e 802.11f 802.11h 802.11i

802.11g
29
.
5.2 Types of Access Points:

Different types of access points are available in the market now-a-days likeAvaya AP-6, Motorola AP-5131, D-Link DWL-3200AP, Cisco, Linksys etc.
5.2.1 Motorola AP-5131:

Electrical Characteristics : Operating Voltage Operating current 48 Vdc (Nom) 200 mA (Peak) @ 48 Vdc 170 mA (Nom) @ 48 Vdc Radio Characteristics : Transmitter Power
22 dBm Maximum (country, channel and data rate dependent) 802.11b/g 19 dBm +/- dBm @1, 2, 5.5, 11 Mbps 19 dBm +/- dBm @6 and 9 Mbps 18 dBm +/- dBm @12 and 18 Mbps 17 dBm +/- dBm @24 and 36 Mbps 16 dBm +/- dBm @48 and 54 Mbps 802.11a 17 dBm +/- dBm @6 and 9 Mbps 16 dBm +/- dBm @12 and 18 Mbps 15 dBm +/- dBm @24 and 36 Mbps 14 dBm +/- dBm @48 and 54 Mbps
Operating Channels
802.11a radio- Channels 1-35 (4920-5825 MHz) 802.11b/g radio- Channels 1-13 (2412-2472 MHz) 802.11a radio 6, 9, 12, 18, 24, 36, 48 and 54 Mbit/sec
30
Radio Data Rates
802.11g radio 6, 9, 12, 18, 24, 36, 48 and 54 Mbit/sec 802.11b radio 1, 2, 5.5, 11 Mbps Wireless Medium Direct Sequence Spread Spectrum (DSSS) Orthogonal Frequency Division Multiplexing (OFDM)
Antenna Options : Both Radio 1 and Radio 2 require 1 antenna and can optimally use two antennas per radio (4 antennas total for dual-radio models). Two antennas per radio provide diversity that can improve performance and signal reception. Motorola supports 2 antenna suites for the AP-5131. Radio 1 supports the 2.4 GHz radio and Radio 2 refers to the AP-5131 5.2 GHz radio. However, there could be some cases where a dual-radio AP-5131 is performing a Rogue AP detector function. In this scenario, the AP-5131 is receiving in either 2.4 GHz or 5.2 GHz over Radio 1 or Radio 2 antennas depending on which radio is selected for the scan.
LED indicators : AP-5131 utilizes seven LED indicators. Five LEDs display within four LED slots on the front of the AP-5131 (on top of the AP-5131 housing) and two LEDs (for above the ceiling installations) are located on the back of the device (the side containing the LAN, WAN and antenna connectors). The five AP-5131 top housing LEDs have the following display and functionality:Boot and Power Status Error Conditions Solid white indicates the AP-5131 is adequately powered. Solid red indicates the AP-5131 is experiencing a problem condition requiring immediate attention.
31
Ethernet Activity 802.11a Radio Activity 802.11b/g Radio Activity
Flashing white light indicates data transfers and Ethernet activity. Flickering amber indicates beacons and data transfers over the AP-5131 802.11a radio. Flickering green indicates beacons and data transfers over the AP-5131 802.11b/g radio.
The LEDs on the rear of the AP-5131 are viewed using a single (customer installed) extended light pipe, adjusted as required to suit above the ceiling installations. The LEDs displayed using the light pipe have the following colour display and functionality:Boot and Power Status Error Conditions Solid white indicates the AP-5131 is adequately powered. Blinking red indicates the AP-5131 Rogue AP Detection feature has located a rogue device. Solid red indicates the AP-5131 is experiencing a problem condition requiring immediate attention.
5.3 AP-5131 Configuration :

1. Start browser and enter the following IP address in the address field http://10.1.1.1 The AP-5131 login screen displays.
32
2. Log in using admin as the default user ID and motorola as the default password. If the default login is successful, the Change Admin Password window displays. 3. Change the password.
To define basic AP-5131 configuration:

1. Select System Configuration
Quick Setup from the AP-5131 menu tree.
2. Enter a System Name for the AP-5131. The system name is useful if multiple devices are being administered. 3. Select the Country for the AP-5131s country of operation from the dropdown menu. The AP-5131 prompts the user for the correct country code on the first login. A warning message also displays stating that an incorrect country setting may result in illegal radio operation. Selecting the correct country is central to legally operating the AP-5131. Each country has its own regulatory restrictions concerning electromagnetic emissions and the maximum RF signal strength that can be transmitted. To ensure compliance with national and local laws, be sure to set.
33
4. Optionally enter the IP address of the server used to provide system time to the AP-5131 within the Time Server field. Once the IP address is entered, the AP-5131s Network Time Protocol (NTP) functionality is engaged automatically.
5. Click WAN tab to set minimum set of parameters for using the WAN
interface.
a. Select the Enable WAN Interface checkbox to enable a connection between the AP-5131 and a larger network or outside world through the WAN port. Disable this option to effectively isolate the AP-5131s WAN connection. No connections to a larger network or the internet will be possible. MUs cannot communicate beyond the configured subnets. b. Select the This Interface is a DHCP Client checkbox to enable DHCP for the AP-5131 WAN connection. This is useful, if the target corporate network or Internet Service Provider (ISP) uses DHCP.
34
c. Specify an IP address for the AP-5131s WAN connection. d. Specify a Subnet Mask for the AP-5131s WAN connection. This number is available from the ISP for a DSL or a cable-modem connection or from an administrator if the AP-5131 connects to a larger network. e. Specify a Default Gateway address for the AP-5131s WAN connection. The ISP or a network administrator provides this address. f. Specify the address of a Primary DNS Server. The ISP or a network administrator provides this address. 1. Optionally use the Enable PPP over Ethernet checkbox to enable point-topoint over Ethernet (PPPoE) for a high speed connection that supports this protocol. a. Select the Keep Alive checkbox to enable occasional communications over the WAN port even when the client communications to the WAN are idle. Some ISPs terminate inactive connections, while others do not. In either case, enabling Keep-Alive maintains the WAN connection, even when there is no traffic. If the ISP drops the connection after the idle time, the AP-5131 automatically re-establishes the connection to the ISP. b. Specify a Username entered when connecting to the ISP. c. Specify a password entered when connecting to the ISP.
1. Click the LAN tab to set a minimum set of parameters to use the AP-5131 LAN interface.
35
a. Select the Enable LAN Interface checkbox to forward data traffic over the AP-5131 LAN connection. The LAN connection is enabled by default. b. Use This Interface drop-down menu to specify how network address information is defined over the AP-5131s LAN connection. Select DHCP Client if the larger corporate network uses DHCP. Select DHCP Server to use the AP-5131 as a DHCP server over the LAN connection. c. Enter the network-assigned IP Address of the AP-5131. d. The Subnet Mask defines the size of the subnet. e. Enter a Default Gateway to define the IP address of a router the AP-5131 uses on the Ethernet as its default gateway. f. Enter the Primary DNS Server IP address. g. If using DHCP Server use the Address Assignment Range parameter to specify a range of IP address reserved for mapping clients to the IP addresses.
1. Enable the radio(s) using the Radio Enable checkbox(es). If using a single radio model, enable the radio, then select either 802.11a(5GHz) or 802.11b/g(2.4GHz) from the RF Band of Operation field. 2. Select the WLAN#1 tab to define its ESSID security scheme for basic operation. a. Enter the ESSID (Extended Services Set Identification) and name associated with the WLAN. b. Use the Available On checkboxes to define whether the target WLAN is operating over the 802.11a or 802.11b/g radio. Ensure the radio selected has been enabled. c. Even an AP-5131 configured with minimal values must protect its data against theft and corruption. A security policy should be configured for WLAN1 as part of basic configuration outlined in this guide. 1. Click Apply to save any changes to the AP-5131 Quick Setup screen.
Static WEP keys:
36
Wired Equivalent Privacy (WEP) is a part of 802.11 specifications. Static WEP key operation requires keys on the client and AP that are used to encrypt data sent between them. With WEP encryption, sniffing is eliminated and session hijacking is difficult (or impossible). Client and AP are configured with a set of 4 keys, and when decrypting each is used in turn until decryption is successful. This allows keys to be changed dynamically.
37
To configure WEP128 : 1. From the AP-5131 Quick Setup Screen. Click the Create button to the right of the Security Policy item. The New Security Policy screen displays with the Manually Pre-shared key/No authentication and No Encryption options selected. 2. Ensure the Name of the security policy entered suits the intended configuration or function of the policy. Multiple WLANs can share the same security policy. 3. Select the WEP 128 (104 bit key) checkbox. The WEP 128 Setting field displays within the New Security Policy screen. 4. Configure the WEP 128 Setting field as required to define the pass key used to generate the WEP keys. 5. Click the Apply button to save the security policy and return to the AP-5131 Quick Setup screen.
38
6. SWITCH
A LAN switch is a local area networking device that prevents data packet collision, and maximizes transmission speed as well as bandwidth allocation. This is a good replacement to a network hub and solves problems associated with expanding networks. Switch is an intelligent, active hub that establishes, maintains, and changes logical connections over physical circuits. Switches flexibly connect transmitters and receivers across networks of interconnected ports and links, thereby allowing network resources to be shared by large numbers of end users. LAN switches are packet switches that can support multiple simultaneous transmissions, reading the destination address of each frame and forwarding it directly to the port associated with the target device. There is a figure of switch with 8 ports.
6.1 TYPE OF SWITCHES

When we use the term switch, we must be careful because a switch can mean two different things. We must clarify the term by adding the level at which the device operates. We can have a two-layer switch or a three-layer switch. A three-layer switch is used at the network layer; it is a kind of router. The two-layer switch performs at the physical and data link layers. 6.1.1 Two-Layer Switches A switch works at Layer 2 of the OSI model (data-link). It is a LAN device that can also be called a multi-port bridge. A switch switches Ethernet frames between Ethernet devices. This switches do not care about IP addresses nor do they even examine IP addresses as the frames flow through the switch. However, unlike a hub that just duplicates data and sends it out all ports. A two-layer switch, as a bridge does, makes a filtering decision based on the MAC address of the frame it received. However, a two-layer switch can be more
39
sophisticated. It can have a buffer to hold the frames for processing. It can have a switching factor that forwards the frames faster. Some new two-layer switches, called cut-through switches, have been designed to forward the frame as soon as they check the MAC addresses in the header of the frame. A bridge with a few ports can connect a few LANs together. A bridge with many ports may be able to allocate a unique port to each station, with each station on its own independent entity. This means no competing traffic (no collision, as we saw in Ethernet).
6.1.2 Three-Layer Switches A router, on the other hand, works at Layer 3 of the OSI model (Network). It is a WAN device that connects a LAN to a WAN or a subnetted LAN to another subnetted LAN. A router routes IP packets between IP networks. Routers do this using an IP routing table. In that table, they have either static or dynamic routes. When an IP packet comes in, the router looks up the destination IP in the IP routing table. If that destination IP is not found in the table the router drops the packet, unless it has a default route. Routers form broadcast domains because they drop broadcast packets. A three-layer switch is a router, but a faster and more sophisticated. The switching fabric in a three-layer switch allows faster table lookup and forwarding. According to the configuration and monitoring capability of switches. It categories in to two categories that is, Managed and Unmanaged Switches. Unmanaged switches : An unmanaged switch simply allows Ethernet devices to communicate with one another, such as a PC or network printer, and those are typically what we call plug and play. They are shipped with a fixed configuration and do not allow any changes to this configuration.
Managed switches : Managed switches provide all the features of an unmanaged switch and provide the ability to configure, manage, and monitor your LAN. And this gives you greater control over how data travels over the network and who has access to it. Also, managed switches use protocols such as the Simple Network Management Protocol, or what we call SNMP, for monitoring the devices on the network. SNMP is a protocol that facilitates the exchange of management information between network devices. SNMP queries can determine the health of the network or the status of a particular device. By displaying this data in an easily understood format, IT managers located at a central site can monitor the performance of the network and quickly detect and repair network problems without having to physically interact with the switch. Another important feature of a managed switch is redundancy. Redundancy provides the ability to safeguard a network in case a connection or cable fails by providing an alternate data path for traffic. Managed switches incorporate what is
40
called Spanning Tree Protocol standard, or STP, to provide path redundancy in the network. Using the spanning-tree algorithm, STP provides redundant paths while preventing loops that are created by multiple active paths between switches. STP allows for one active path at a time between two network devices, preventing loops and establishing the redundant links as a backup to keep integrated systems available and preventing expensive downtime, which network administrator can appreciate.
6.2 LAN Switch Mechanism and Its Advantages

In a network where a LAN switch is used, each node gets a direct connection to a switch. That is, a node gets a dedicated connection to the switch which only it (the node or the computer) and the switch use. This dedicated connection makes it possible for one node to maximize use of the bandwidth available to it. After all, no other node is competing with it for bandwidth. This means speedy data transmission. Moreover, the connection between the node and the switch can be made using cabling which has a separate route for data that the node is sending out and a separate route for data that the switch is forwarding to the node. This eliminates problems of data collision. The LAN switch is especially a vast improvement over the network hub since it has the ability to read the source and destination node of a data packet and forward the packet only to the destination node. Whenever the node transmits data meant for another node in the local area network, the switch intercepts the data, determines the destination and forwards the transmission to its intended destination. Since a data packet does not get broadcasted to unnecessary segments, network congestion is minimized and network bandwidth is conserved.
6.3 VLAN
VLAN stands for virtual local area network. A LAN can be divided into several logical LANs called VLANs. This virtual LAN is also an IP subnet. The whole idea of VLAN technology is to divide a LAN into logical, instead of physical, segments. Each VLAN is a work group in the organization. If a person moves from one group to another, there is no need to change the physical configuration. The group membership in VLANs is defined by software, not hardware. Any station can be logically moved to another VLAN. All members belonging to a VLAN can receive broadcast messages sent to that particular VLAN. A virtual local area network (VLAN) is configured by software, not by physical wiring. Membership in a VLAN can be based
41
on port numbers, MAC addresses, IP addresses, IP multicast addresses, or a combination of these features. VLANs are cost and time-efficient, can reduce network traffic, and provide an extra measure of security. In a traditional VLAN, switches tag the VLAN traffic, and only the devices on the same VLAN can communicate with one another. If devices on different VLANs need to communicate, they would talk to each other via a trunk port on a router. That trunk port and the processing power of the router would create a bottleneck for communications. With a Layer 3 switch, routing and trunking are performed at very high speeds. Besides the functionality mentioned above, a VLAN has a number of other features such as: Performance & broadcast control Segregating departments or project networks Security
6.3.1 Advantages of VLANs VLANs allow network administrators to organize LANs logically instead of physically. This is a key benefit. This allows network administrators to perform several tasks:
Easily move workstations on the LAN Easily add workstations to the LAN Easily change the LAN configuration Easily control network traffic Improve security
6.3.2 Types of VLANs Three basic VLAN types that are used to determine and control VLAN membership assignments: Port-based VLANs MAC address based VLANs Protocol-based VLANs
42
7. NETWORK TOPOLOGY
A network topology describes the configuration of a network (how the network components are connected together). There are FIVE main topologies.
Factors for selecting topologies Desired Performance Desired Reliability Size(No of nodes) Expandability of the system Cost of the components Delays involved in routing
7.1 Star Topology :

The star topology uses a central hub through which all components are connected. In a star topology, each device has a dedicated point-to-point link only to a central controller, usually called HUB. The devices are not directly linked to one another. A star topology does not allow direct traffic between devices. The controller acts as an exchange: if one device wants to send data to another, it sends the data to the controller, which then relays the data to the other connected device. A star topology is less expensive than mesh topology. Each device needs only one link and one I/O port to connect it to any number of others. This factor also makes it easy to install and reconfigure. Computers in a network are usually connected with the hub, switch or router with the Unshielded Twisted Pair (UTP) or Shielded Twisted Pair Cables. Central device (hub):-Contains multiple ports to connect the network devices. All network transmissions sent through it.
43
Advantage: If any comp. fails the remaining N/W is unaffected. (If one link fails, only that link is affected. All other links remain active. ). Only n-1 lines are required for connecting n node. Disadvantages : If the host fails ,the entire network fails.
7.2 Ring Topology :

A ring topology connects six stations. The ring topology connects workstations in a closed loop. Each terminal is connected to TWO other terminals (the next and the previous), with the last terminal being connected to the first. Data is transmitted around the ring in one direction only; each station passing on the data to the next station till it reaches its destination.
Faulty workstations can be isolated from the ring. When the workstation is powered on, it connects itself into the ring. When power is off, it disconnects itself from the ring and allows the information to bypass the workstation. Information travels around the ring from one workstation to the next. Each packet of data sent on the ring is prefixed by the address of the station to which it is being sent to, when a packet of data arrives, the workstation checks to see if the packet address is the same as its own. If it is, it grabs the data in the packet. If the packet does not belong to it, it sends the packet to the next workstation in the ring. Ring systems use 4 pair cables (separate send/receive). The common implementation of this topology is token ring. A break in the ring causes the entire network to fail. No central hub. No central cable. Network devices connected in a ring formation from one device to the next. Data travels from one device to another around the ring in one direction only. There's no danger of collisions because data always flows in one direction. If a connection is broken, the entire network goes down.
44
Advantages : Easy to install Add or delete is easy Fault isolation is simplified
Disadvantages : A break in the ring can disable the entire network Addition of new nodes increases the delay Requires more complicated control then star network
7.3 Bus Topology :

The bus topology connects workstations using a single cable. Each workstation is connected to the next workstation in a point to point fashion. All workstations connect to the same cable.
No central hub. Central cable to which all devices are attached. Data transmission down the line from one device to another .Only one device transmits at a time. Easy to implement and extend. Requires less cable length than a star topology BUT If there is a problem with the cable, the entire network goes down. Performance degrades as additional computers are added or on heavy traffic. Advantage : Ease of installation Disadvantage : Difficult reconnection and fault isolation
7.4 Mesh Topology :
45
In mesh network, each node is directly connected to all nodes on the network. This type of network involves the concept of routes. In this type of network, each node may send message to destination through multiple paths. It means that each node of mesh network has several possible paths to send (or to receive) message, but in
Bus, Star, Ring and Tree topologies each node has only one path. The mesh topology connects all computers to each other. The cable requirements are high, but there are redundant paths built in. Any failure of one computer allows all others to continue, as they have alternative paths to other computers. Mesh topologies are used in critical connection of host computers (typically telephone exchanges). Alternate paths allow each computer to balance the load to other computer systems in the network by using more than one of the connection paths available. Advantage : It has multiple links, so if one route is blocked then other routes can be used for data communication. Each connection can have its own data load, so the traffic problem is eliminated. It ensures the data privacy or security, because every message travels along a dedicated link. Troubleshooting of this topology is easy as compared to other networks. Its performance is not affected with heavy load of data transmission. A mesh topology is robust. Point to point links make fault identification and fault isolation easy
Disadvantage :
It becomes very expensive because a large number of cabling and 110 ports are required. It is difficult to install.
7.5 Tree Topology :

Just as name suggest, the network design is little confusing and complex to understand at first but if we have better understanding of Star and Bus topologies then Tree is very simple. Tree topology is basically the mixture of many Star topology designs connected together using bus topology. Tree topologies are comprised of the multiple star topologies on a bus. Devices like Hub can be directly connected to Tree bus and each hub performs as root of a tree of the network devices. Tree topology is very dynamic in nature and it holds potential of expandability of networks far better than other topologies like Bus and Star.
7.6 Hybrid Topology :

Hybrid network is the combination of different topologies such as star, Ring, Mesh, Bus etc. For example, if a department uses a Bus network, second department uses the ring network, third department uses the Mesh network and fourth department uses the star network. All the networks of different types (of
46
four departments) can be connected together through a central hub (in the form of star network) as shown in the figure below.
Figure(i):- Hybrid topology A star backbone with three bus networks
Figure(ii):-Hybrid topology SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
8. OSI REFERENCE MODEL

ISO is the organization.OSI is the model. The ISO is International Standard Organization. An ISO that cover all aspect of network communication is the Open system Interconnection model. An open system is a set of protocols that allows any two different systems to communicate regardless of their underlying architecture. The OSI model is a layered framework for the design of network systems that allows communication between all types of computer systems.OSI is Open Systems Interconnection. No one really uses this in the real world. A reference model so others can develop detailed interfaces. Task of communication broken up into
47
modules or layers Value: The reference model defines 7 layers of functions that take place at each end of communication and with each layer adding its own set of special related functions. Each layer expects some service from its lower layer, and provides some service to its higher layer Top most layers is application (for ex., email)
8.1. Physical Layer : The physical layer is responsible for movements of individual bits from one hop (node) to the next. Physical interface between data transmission device (e.g. computer) and transmission medium or network. It Specifies raw transmission details like connectors, medium, voltage levels, encodings used etc .Physical topologies are Star and Bus. Line configuration is p2p or multipoint. Transmission mode- Simplex, Half- Duplex, Duplex
Figure:-Physical layer The physical layer is also concerned with the following:
48
Physical characteristic of interfaces and medium ->The physical layer define the characteristics of the interface between the devices and the type of transmission medium.
Representation of bits -> The physical layer data consist of a stream of a bits (sequence of 0s or 1s )with no interpretation .it also defines how 0s and 1s changed into signals. Data rate -> Data rate means the transmission rate (the no of bits sent per second) Synchronization of bits -> Physical layer synchronized the senders and receivers clocks of bit level. Line configuration ->The physical layer is concerned with the connection of devices to the media. Physical topology->The physical topology defines how devices are connected to make a network. Transmission mode-> The physical layer also defines the direction of transmission between two devices :simplex, half-duplex, or full-duplex.
8.2 Data Link Layer :

The data link layer is responsible for moving frames from one hop (node) to the next. It makes the physical layer appear error- free to the upper layer (network layer). It ensures reliable communication between two directly connected nodes. Higher layers can think that a reliable link exists between two machines, and not worry about noise, attenuation, error etc. It Deals with framing, flow control, error control etc. It responsible for Hop-to-Hop
delivery.
Figure:-Datalink layer Other responsibilities of the data link layer include the following: Framing->The data link layer divides the stream of bits received from the network layer into manageable data units called frames. Physical addressing->If frames are to be distributed to different systems on the network, the data link layer adds a header to the frame to define the sender and/or receiver of the frame. Flow control->The data link layer imposes a flow control mechanism to avoid overwhelming the receiver. Error control->Error control is normally achieved through a trailer added to the end of the frame. It also uses a mechanism to recognize duplicate frames. Access control->When two or more devices are connected to the same ink, data link layer protocols are necessary to determine which device has control over the link at any given time.
49
8.3 Network Layer : The network layer is responsible for the delivery of individual packets from the source host to the destination host.
Figure:-Network layer
Routing : Network layer deals primarily with routing , sending packets from SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
source to destination when they are not directly connected. Packets may not reach in order, get lost etc.
Logical addressing : Has some other functionalities like logical addressing.
8.4 Transport Layer : The transport layer is responsible for process to process delivery of the entire message. A process is an application program running on a host.
50
Figure:-Transport layer
Other responsibility of the transport layer include the following: Process to Process Delivery- Reliable, in-order delivery between any two applications (not just machines) Segmentation and Reassembly Connection control- The transport layer can be either connection oriented or connection less. Flow Control- Flow control is performed End to End Error Control- Error correction is usually achieved through retransmission 8.5 Session Layer : The session layer is responsible for network dialog control and synchronization. The services provided by the first three layers (physical, data link, and network) are not sufficient for some process. It establishes, maintains, and synchronizes the interaction among communicating systems.
Figure:-Session layer Specific responsibilities of the session layer include the following: Dialog Control-The session layer allows two systems to enter into a dialog either half duplex or full duplex. Synchronization- The session layer allows to add checkpoints or synchronization points to a stream of data. 8.6 Presentation Layer : The presentation layer is responsible for translation, compression, and encryption. The presentation layer is concerned with the syntax and semantics of the information exchanged betn two systems.
51
Figure:- Presentation layer Some responsibilities of Presentation layer: Translation-At the sender changes the information from its sender dependent format into a common format. The presentation layer at the receiving machine changes the common format into receiver-dependent format. Encryption-Encrypted the message
Compression- compressed the message.
8.7 Application layer : The application layer is responsible for providing services to the user. The application layer enables the user, whether human or software, to access the network. It provides user interfaces and support for services such as electronic mail, remote file access and transfer, shared database management, and other type of distributed information services.
Figure:-Application layer Specific services provided by the application layer: Network virtual terminal File transfer, access, and management Mail services Directory services
52
9. Firewall
A Firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or internet users from accessing a private network and/or a single computer. The word firewall originally referred literally to a wall, which was constructed to halt the spread of a fire. In the world of computer firewall protection, a firewall refers to a network device which blocks certain kinds of network traffic, forming a barrier between a trusted and an untrusted network. It is analogous to a physical firewall in the sense that firewall security attempts to block the spread of computer attacks. Basically, a firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at
53
private network resources. A firewall is a secure and trusted machine that sits between a private network and a public network.
9.1 How Does Firewall Management Work?

A firewall management program can be configured one of two basic ways: A default-deny policy. The firewall administrator lists the allowed network services, and everything else is denied. A default-allow policy. The firewall administrator lists network services which are not allowed, and everything else is accepted.
9.2 Firewall techniques

9.2.1 Packet filtering firewall This type of firewall has a list of firewall security rules which can block traffic based on IP protocol, IP address and/or port number. Under this firewall management program, all web traffic will be allowed, including web-based attacks. In this situation, you need to have intrusion prevention, in addition to firewall security, in order to differentiate between good web traffic (simple web requests from people browsing your website) and bad web traffic (people attacking your website).A packet filtering firewall has no way to tell the difference. An additional problem with packet filtering firewalls which are not stateful is that the firewall can't tell the difference between a legitimate return packet and a packet which pretends to be from an established connection, which means your firewall management system configuration will have to allow both kinds of packets into the network. 9.2.2 Stateful firewall This is similar to a packet filtering firewall, but it is more intelligent about keeping track of active connections, so you can define firewall management rules such as "only allow packets into the network that are part of an already established outbound connection." You have solved the established connection issue described above, but you still can't tell the difference between "good" and "bad" web traffic. You need intrusion prevention to detect and block web attacks. 9.2.3 Deep packet inspection firewall An application firewall actually examines the data in the packet, and can therefore look at application layer attacks. This kind of firewall security is similar to intrusion prevention technology, and, therefore, may be able to provide some of the same functionality. There are three caveats, however: first, for some vendors, the definition of "deep" extends to some particular depth in the packet and does not necessarily examine the entire packet. This can result in missing some kinds of attacks. Second, depending on the hardware, a firewall may not have adequate processing power to handle the deep packet inspection for your network. Be sure to ask questions about how much bandwidth it can handle while performing such inspection. And finally, embedded firewall management technology may not have the flexibility to handle all attacks. 9.2.4 Application-aware firewall
54
Similar to deep packet inspection except that the firewall understands certain protocols and can parse them, so that signatures or rules can specifically address certain fields in the protocol. The flexibility of this approach to computer firewall protection is great and permits the signatures or rules to be both specific and comprehensive. There are no specific drawbacks to this approach to firewall security as generally it will yield improvements over a standard "deep packet inspection" approach. However, some actual attacks may be overlooked (false negatives) because the firewall security parsing routines are not robust enough to handle variations in real-world traffic. 9.2.5 Application proxy firewall An application proxy acts as an intermediary for certain application traffic (such as HTTP, or web, traffic), intercepting all requests and validating them before passing them along. Again, an application proxy firewall is similar to certain kinds of intrusion prevention. The implementation of a full application proxy is, however, quite difficult, and each proxy can only handle one protocol (e.g. web or incoming email). For an application proxy firewall to be effective as computer firewall protection, it has to be able to understand the protocol completely and to enforce blocking on violations of the protocol. Because implementations of the protocol being examined often do not follow a protocol correctly, or because implementers add their own extensions to a protocol, this can result in the proxy blocking valid traffic (false positives). Because of these kinds of problems, end users will often not enable these technologies.
9.3 Firewall Rules

Firewalls rules can be customized as per your needs, requirements & security threat levels. You can create or disable firewall filter rules based on such conditions as:

IP Addresses: Blocking off a certain IP address or a range of IP addresses, which you think are predatory. Domain names: You can only allow certain specific domain names to access your systems/servers or allow access to only some specified types of domain names or domain name extension like .edu or .mil. Protocols: A firewall can decide which of the systems can allow or have access to common protocols like IP, SMTP, FTP, UDP,ICMP,Telnet or SNMP. Ports: Blocking or disabling ports of servers that are connected to the internet will help maintain the kind of data flow you want to see it used for & also close down possible entry points for hackers or malignant software. Keywords: Firewalls also can sift through the data flow for a match of the keywords or phrases to block out offensive or unwanted data from flowing in.
55
9.4 Types of Firewall

9.4.1 Software firewall: New generation Operating systems come with built in firewalls or you can buy firewall software for the computer that accesses the internet or acts as the gateway to your home network. For individual home users, the most popular firewall choice is a software firewall. Software firewalls are installed on your computer (like any software) and you can customize it; allowing you some control over its function and protection features. A software firewall will protect your computer from outside attempts to control or gain access your computer, and, depending on your choice of software firewall, it could also provide protection against the most common Trojan programs or e-mail worms. Many software firewalls have user defined controls for setting up safe file and printer sharing and to block unsafe applications from running on your system. Additionally, software firewalls may also incorporate privacy controls, web filtering and more. The downside to software firewalls is that they will only protect the computer they are installed on, not a network, so each computer will need to have a software firewall installed on it. 9.4.2 Hardware firewall: A hardware firewall is a small box that connects between your computer and your modem. Hardware firewalls are usually routers with a built in Ethernet card and hub. Your computer or computers on your network connect to this router & access the web. Hardware firewalls can be purchased as a stand-alone product but more recently hardware firewalls are typically found in broadband routers, and should be considered an important part of your system and network set-up, especially for anyone on a broadband connection. Hardware firewalls can be effective with little or no configuration, and they can protect every machine on a local network. Most hardware firewalls will have a minimum of four network ports to connect other computers, but for larger networks, business networking firewall solutions are available. A hardware firewall uses packet filtering to examine the header of a packet to determine its source and
56
destination. This information is compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped.
9.5 The Advantages and Disadvantages of Firewall

9.5.1 Advantages 1. A feeling of increased security that your PC and contents are being protected. 2. Relatively inexpensive or free for personal use. 3. New releases are becoming user friendly. 4. You can monitor incoming and outgoing security alerts and the firewall company will record and track down an intrusion attempt depending on the severity. 5. Some firewalls but not all can detect viruses, worms, Trojan horses, or data collectors. 6. All firewalls can be tested for effectiveness by using products that test for leaks or probe for open ports. 9.5.2 Disadvantages 1. Firewalls evolve due to cracker's ability to circumvent them increases. 2. "Always on" connections created by Cable and DSL connections create major problems for firewalls. This can be compared to leaving you car running with the keys in it and the doors unlocked which a thief may interpret as an invitation to "Please steal me". 3. Firewalls cannot protect you from internal sabotage within a network or from allowing other users access to your PC. 4. Firewalls cannot edit indecent material like pornography, violence, drugs and bad language. This would require you to adjust your browser security options or purchase special software to monitor your children's Internet activity. 5. Firewalls offer weak defense from viruses so antiviral software and an IDS (intrusion detection system) which protects against Trojans and port scans should also complement your firewall in the layering defense. 6. Some firewalls claim full firewall capability when it's not the case. Not all firewalls are created equally or offer the same protection so it's up to the user to do their homework. 7. Cost varies. There are some great free firewalls available to the PC User but there are also a few highly recommended products, which can only be purchased. The difference may be just the amount of support or features that a User can get from a free product as opposed to a paid one and how much support that user thinks he or she will require. 8. A firewall protection is limited once you have an allowable connection open. This is where another program should be in place to catch Trojan horse viruses trying to enter your computer as unassuming normal traffic.
57
9. There have been claims made by IDS (Intrusion Detection System) companies where Trojan's were detected such as the RuX FireCracker v 2.0 which disabled certain Firewalls programs thus leaving the PC vulnerable to malicious actions.
10. UTM
Unified Threat Management (UTM) is a comprehensive solution that has recently emerged in the network security industry. It is the evolution of the traditional firewall into an all-inclusive security product that has the ability to perform multiple security functions in one single appliance: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing and on-appliance reporting. The advantages of unified security lies in the fact that rather than administering multiple systems that individually handle antivirus, content filtering, intrusion prevention and spam filtering functions, organizations now have the flexibility to deploy a single UTM appliance that takes over all their functionality into a single rack mountable network appliance.
10.1 How UTM secures the network

A single UTM appliance makes it very easy to manage a company's security strategy, with just one device to worry about, one source of support and a single way to maintain every aspect of your security solution. The UTM can prove to be more effective a solution as its strength lies in the bundle of solutions which are integrated and designed to work together. Also from one single centralized console, all the security solutions can be monitored and configured. Thus it tweaks the solutions to perfection.
58
In this context, UTMs represent all-in-one security appliances that carry firewall, VPN, gateway anti-virus, gateway anti-spam, intrusion prevention, content filtering, and bandwidth management and centralized reporting as basic features. The UTM is thus, a highly integrated quiver of security solutions, working in tandem that systematically provides network security to organizations. As there is a customized OS holding all these security features at one place, they tend to work in unison, providing a very high throughput. The UTM can prove highly effective because its strength lies in the bundle of solutions which are integrated and designed to work together without treading on each others toes.
10.2 Advantages
1. Reduced complexity: Single security solution. Single Vendor. Single AMC 2. Simplicity: Avoidance of multiple software installation and maintenance 3. Easy Management: Plug & Play Architecture, Web-based GUI for easy management 4. Performance: performance Zero-hour protection without degrading the network
59
5. Troubleshooting: Single point of contact 24 7 vendor support
6. Reduced technical training requirements, one product to learn. 7. Regulatory compliance
10.3 Features
1. Award winning Anti Spam with Grey Listing technology Anti Virus Web Proxy UTM appliance Web Filter Http Proxy spam filters
2. 3. 4. 5. 6. 7. internet filter 8. Intrusion prevention Content Filter 9. P2P Blocking Intrusion Prevention
10.4 UTM Appliance Benefits

1. Bi-directional scanning of all protocols 2. Multiple automated software updates per day 3. Multiple Anti-Virus Vendors supported 4. Intrusion Prevention with Zero Day Protection 5. Full POP3 & SMTP Integration 6. Advanced Anti-Spam with grey listing 7. Spyware is blocked from entering the network 8. Module deactivation capability 9. Scalability for LAN growth 1U Appliance, fully loaded 10. No LAN reconfiguration necessary 11. Wizard configuration setup
11. PROTOCOL
A protocol is a set of rules that govern data communications. It represents an agreement between the communicating devices. Without a protocol, two devices may be connected but not communicating, just as a person speaking French cannot be understood by a person who speaks only Japanese.
11.1 FTP [File Transfer Protocol]
60
Transferring files from one computer to another is one of the most common tasks expected from a networking or internetworking environment. As a matter of fact, the greatest volume of data exchange in the Internet today is due to file transfer. Telnet allows you to interact with an application running on a remote computer, but it
has no facility for enabling you to copy a file from that computers hard disk to yours, nor for you to upload files to the remote system. That function is carried out using File Transfer Protocol (FTP).The FTP specification caters for several different file types, structures and transfer modes, but in practice FTP implementations recognize either text files or binary files. Text files are converted from their native format to 7bit ASCII with each line terminated by a carriage-return, line-feed pair for transmission. They are converted back to the native text file format by the FTP client. FTP therefore provides a cross-platform transfer mechanism for text files. Binary files are transmitted exactly as-is. Data is transferred as a continuous stream of bytes. The TCP transport protocol provides all the reliability, making sure that data that is lost is re-sent and checking that it is received correctly. FTP is unusual compared to other TCP applications in that it uses two TCP connections. A control connection is made to the well-known FTP port number 21, and this is used to send FTP commands and receive replies. A separate data connection is established whenever a file or other information is to be transferred, and closed when the data transfer has finished. Keeping data and commands separate makes life easier for the client software, and means that the control connection is always free to send an ABOR (abort) command to terminate a lengthy data transfer. FTP uses the services of TCP. It needs two TCP connections. The well-known port 21 is used for the control connection and the well-known port 20 for the data connection. Allows a person to transfer files between two machines. Requires a person to supply login name and password to gain entry . Command: ftp <domain_name> ftp <ip_address> 11.1.1 Anonymous FTP
A special form of FTP which has become very popular. Does not require a person to know login name and password. In place of login name, type the word anonymous. In place of password, type the email address. Huge amount of resources are available in anonymous FTP sites.
11.1.2 How FTP Works?
Two connections established: A control connection over port 21, that remains all through a session. A temporary port number, used for every file being transferred. New connection established for every file transfer.
61
11.2 Telnet [TErminaL NETwork]

Telnet is a general purpose client/server application program. Allows a person sitting on one computer to work on another computer. Starts a remote session on another machine. Requires a person to supply login name and password to gain entry. Command: telnet <domain_name> telnet <ip_address> Why required? 1. For using software only available on the remote host. 2. For using devices (like printer) connected to the remote host. Typical scenario Many users do a telnet to a remote server, and work there. Server is a bigger and faster computer. By default connection is established over port 23. Any other port number can also be specified. telnet sca.kiit.ac.in 25
Telnet is a terminal emulation application that enables a workstation to connect to a host using a TCP/IP link and interact with it as if it was a directly connected terminal. It is a client/server application. The server runs on a host on which applications are running, and passes information between the applications and the Telnet clients. The well-known port number for Telnet servers is TCP port 23. Telnet clients must convert the user data between the form in which it is transmitted and the form in which it is displayed. This is the difficult part of the application, the terminal emulation, and has little to do with the Telnet protocol itself. Telnet protocol commands are principally used to allow the client and server to negotiate the display options, because Telnet clients and servers dont make assumptions about each others capabilities.TCP provides the reliability for Telnet, so neither the client nor the server need be concerned about re-sending data that is lost, nor about error checking. This makes the Telnet protocol very simple. There is no special format for TCP segments that contain commands - they simply form part of the data stream. Data is sent, usually as 7-bit ASCII, in TCP packets (which you may recall are called segments). A byte value of 255, interpret as command (IAC), means that the bytes which follow are to be treated as Telnet commands and not user data. This is immediately followed by a byte that identifies the command itself, and then a value. Many commands are fixed length, so the byte after that, if not another IAC, would be treated as user data. To send the byte 255 as data, two consecutive bytes of value 255 are used.
62
11.3 Simple Mail Transfer Protocol (SMTP)
Most widely used application on the Internet . For sending mails: 1. Simple Mail Transfer Protocol (SMTP) 2. Multipurpose Internet Mail Extension(MIME) For receiving mails: 1. Post office protocol version 3 (POP3) 2. Internet Mail Access Protocol (IMAP)
The objective of Simple Mail Transfer Protocol (SMTP) is to transfer mail reliably and efficiently. SMTP is independent of the particular transmission subsystem and requires only a reliable ordered data stream channel. An important feature of SMTP is its capability to relay mail across transport service environments. A transport service provides an inter process communication environment (IPCE). An IPCE may cover one network, several networks, or a subset of a network. It is important to realize that transport systems (or IPCEs) are not one-to-one with networks. A process can communicate directly with another process through any mutually known IPCE. Mail is an application or use of inter process communication. Mail can be communicated between processes in different IPCEs by relaying through a process connected to two (or more) IPCEs. More specifically, mail can be relayed between hosts on different transport systems by a host on both transport systems. Based on RFC 821. Transmits simple text messages only. 7-bit ASCII format . Uses information written on envelope of mail . Message header. Contains recipient address and other information. Does not look at contents. Message body. Mail is created by user agent program (mail client). Messages queued and sent as input to SMTP sender program. Typically a server process. Daemon on UNIX. Send mail or queued mail Mail Message Contents Each queued message has: Message text RFC 822 header with message envelope and list of recipients. Message body, composed by user. A list of mail destinations Derived by user agent / SMTP server from header. May require expansion of mailing lists. SMTP Sender Takes message from queue. Transmits to proper destination host .Via SMTP transaction. Over one or more TCP connections to port 25. When all destinations processed, message is deleted. Optimization If message is sent to multiple users on a given host, it is sent only once. Delivery to users handled at destination host. If multiple messages are ready for given host, a single TCP connection can be used. Saves overhead of setting up and dropping connection. Possible Errors Host unreachable Host out of operation TCP connection fail during transfer Faulty destination address User error
63
Target user address has changed Redirect if possible Inform user if not Sender can re-queue mail, Give up after a period SMTP Protocol Reliability Used to transfer messages from sender to receiver over TCP connection. Uses port number 25. Attempts to provide reliable service. No guarantee to recover lost messages. No end-to-end ACK to sender. Error indication report not guaranteed. SMTP Receiver Accepts arriving message. Places in user mailbox or copies to outgoing queue for forwarding. Receiver must: Verify local mail destinations. Deal with errors Transmission Lack of disk space SMTP Forwarding Mostly direct transfer from sender host to receiver host. May go through intermediate mail servers via forwarding capability. Sender can specify route. SMTP System Overview Commands and responses exchanged between sender and receiver. Initiative with sender. Establishes TCP connection. Sender sends commands to receiver. e.g. HELO <domain><CRLF> Each command generates exactly one reply. e.g. 250 requested mail action ok; completed. SMTP Replies
Starts with 3-digit code. Leading digit indicates category. 2xx -- Positive completion reply 3xx -- Positive intermediate reply 4xx -- Transient negative completion reply 5xx -- Permanent negative completion reply
Operation Phases a) Connection setup b) Exchange of command-response pairs c) Connection termination a) Connection Setup Sender opens TCP connection with receiver. Once connected, receiver identifies itself. 220 <domain> service ready Sender identifies itself. HELLO Receiver accepts senders identification. 250 OK If mail service not available, the second step above becomes: 421 service not available b) Mail Transfer Commands The MAIL FROM command identifies originator. Gives reverse path to be used for error reporting. Receiver returns 250 OK or appropriate failure / error message. One or more RCPT TO commands identify recipients for the message. Separate reply for each recipient. The DATA command transfers message text. End of message indicated by a line containing just period (.)
64
c) Closing Connection Two steps: Sender sends QUIT and waits for reply. Then initiate TCP close operation. Receiver initiates TCP close after sending reply to QUIT. An Example SMTP Session How to connect to an SMTP server? telnet servername 25 A TCP connection gets established over port number 25. The telnet client and the mail server can now start a dialogue.
A user can create a hierarchy of mailboxes in a folder for email storage.
11.4 POP3
The client POP3 software is installed on the recipient machine, and the server POP3 software installed on mail server. The client (user agent) opens a connection with the server on TCP port number 110. Sends user name and password. Can access the mails, one by one. Two modes: Delete mode mails deleted as they are read Keep mode mails remain in the mailbox POP3 has commands for: Log in Log out Fetch messages Delete messages
IMAP4 Provides the following extra features: A user can check the email header before downloading. A user can search the contents of the email for a specific string prior to downloading. A user can create, delete, or rename mailboxes on the mail server.
Multipurpose Internet Mail Extension(MIME) SMTP cannot transmit non-text messages. Solutions (like uuencode) exists on some systems, but are not standardized. Cannot transmit text that includes international characters (e.g. , , , , , , ). Need 8 bit ASCII. Servers may reject mail over certain size. Some SMTP implementations do not adhere to standard. CRLF, truncate or wrap long lines, removal of white space, etc. Overview of MIME Five new message header fields: MIME-version Content-type Content-transfer-encoding Content-Id Content-description A number of content types and transfer encoding formats have been defined. Content Types Text body Multipart Mixed, Parallel, Alternative Message RFC 822, Partial, External-body Image jpeg, gif Video mpeg Audio Basic Application Postscript octet stream
65
MIME Transfer Encodings Specifies how the mail body is wrapped for transmission. Content transfer encoding field can have six possible values. 7bit, 8bit, binary: no encoding done for these three. Provide information about nature of data. Quoted-printable Data mostly printable ASCII characters. Non-printing characters represented by hex code. Base64 Maps arbitrary binary input onto printable output. X-token Named nonstandard encoding. MIME Header Example
Subject: Simple Message MIME-Version: 1.0 Content-type: multipart/mixed; boundary="simple boundary" This is the preamble. It is to be ignored, though it is a handy place for mail composers to include an explanatory note.--simple boundary This is implicitly typed plain text. It does NOT end with a linebreak. -- simple boundary Content-type: text/plain; charset=us-ascii This is explicitly typed plain ASCII text. It DOES end with a linebreak. --simple boundary-This is the epilogue. It is also to be ignored.
From: Indranil Sengupta <isg@iitkgp.ac.in> To: Jaswinder Ahuja <jassi@cadence.com>
66
UNIT - 2 SEVERS
67
A computer, or a software package, that provides a specific kind of service to client software running on other computers. The term can refer to a particular piece of software, such as a WWW server, or to the machine on which the software is running, e.g. "Our mail server is down today, that's why e-mail isn't getting out." A single server machine can (and often does) have several different server software packages running on it, thus providing many different servers to clients on the network. Sometimes server software is designed so that additional capabilities can be added to the main program by adding small programs known as servlets
1. WEB SERVER
A web server is a computer programs that delivers (serves) content, such as this web page, using the Hypertext Transfer Protocol. In other word, a web server is a computer that stores websites and their related files for viewing on the Internet. Visitors wishing to access the sites and files simply type in the corresponding URL to the site they wish to view. Web hosting is big business in the age of electronic commerce. Every Web server has an IP Address and possibly a domain name. For example, if you enter the URL http://www.pcwebopedia.com/index.html in your browser, this sends a request to the server whose domain name is pcwebopedia.com. The server then fetches the page named index.html and sends it to your browser. Any Computer can be turned into a Web server by installing server software and connecting the machine to the Internet. There are many Web server software applications, including public domain software from NCSA and Apache, and commercial packages from Microsoft, Netscape and others.Here is mainly two type of server use in wide range are: - IIS and Apache web server.
1.1 IIS
Internet Information Services (IIS) formerly called Internet Information Server , is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the world's second most popular web server in terms of overall websites behind the industry leader Apache HTTP Server. The protocols supported in IIS 7 include: FTP, FTPS, SMTP, NNTP, and HTTP/HTTPS. IIS is used to make your computer a web server. If we want to have a web server for developing dynamic websites or want to publish website on our own server then we install the IIS. IIS is used on windows plate form. For other plate form we have different web servers. E.g. apache for Linux. IIS takes request from user and executes (response) the required files and sends result back to the user.
68
1.1.1 Installation
To install IIS you must have your operating systems CD (Win XP or Win 2K). Click Start, point to Control Panel and click Add or Remove Programs. Click the Add/Remove Windows Components button in the Add or Remove Programs
On the Windows Components window, click on the Application Server entry and click the Details button
69
On the Application Server page, click on the Internet Information Services (IIS) entry and click the Details button
In the Internet Information Service (IIS) dialog box, put a check mark in the World Wide Web Service check box and click OK
70
Click OK on the Application Server dialog box
Click Next on the Windows Components dialog box
71

IIS Server Installation in progress
Click Finish on the Completing the Windows Components Wizard page
72
After installation of IIS a user will be able to configure IIS according to his/her requirement.
1.1.2 Security Features

IIS 5.0 and higher support the following authentication mechanisms: Basic access authentication Digest access authentication Integrated Windows Authentication .NET Passport Authentication (not supported in Windows Server 2008 and above) Client Certificate Mapping IP Security Request Filtering
IIS 7.5 includes the following additional security features:
73
URL Authorization
Authentication changed slightly between IIS 6.0 and IIS 7, most notably in that the anonymous user which was named "IUSR_{machinename}" is a built-in account in Vista and future operating systems and named "IUSR". Notably, in IIS 7, each authentication mechanism is isolated into its own module and can be installed or uninstalled.
1.2 Apache Web Server

The Apache HTTP web Server commonly referred to as Apache, is web server software notable for playing a key role in the initial growth of the World Wide Web. In 2009 it became the first web server software to surpass the 100 million web site milestone. Apache was the first viable alternative to the Netscape Communications Corporation web server (currently known as Sun Java System Web Server), and has since evolved to rival other Unix-based web servers in terms of functionality and performance. The majority of web servers using Apache run a Unixlike operating system. Apache, a public-domain open source Web server developed by a loosely-knit group of programmers. The first version of Apache, based on the NCSA httpd Web server, was developed in 1995. Core development of the Apache Web server is performed by a group of about 20 volunteer programmers, called the Apache Group. However, because the source code is freely available, anyone can adapt the server for specific needs, and there is a large public library of Apache add-ons. In many respects, development of Apache is similar to development of the Linux operating system. The original version of Apache was written for UNIX, but there are now versions that run under OS/2, Windows and other platforms. The name is a tribute to the Native American Apache Indian tribe, a tribe well known for its endurance and skill in warfare. A common misunderstanding is that it was called Apache because it was developed from existing NCSA code plus various patches, hence the name a patchy server, or Apache Server. 1.2.1 Features Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from server-side programming language support to authentication schemes. Some common language interfaces support Perl, Python, Tcl, and PHP. Popular authentication modules include mod_access, mod_auth, mod_digest, and mod_auth_digest, the successor to mod_digest. A sample of other features include SSL and TLS support (mod_ssl), a proxy module (mod_proxy), a URL rewriter (also known as a rewrite engine, implemented under mod_rewrite), custom log files (mod_log_config), and filtering support (mod_include and mod_ext_filter).Virtual hosting allows one Apache installation to serve many different actual websites. For example, one machine with one Apache installation could simultaneously serve www.example.com, www.test.com, test47.test-server.test.com, etc. Apache features configurable error messages, DBMS-based authentication databases, and content negotiation. It is also supported by several graphical user interfaces (GUIs).
74
1.2.2 Use Apache is primarily used to serve both static content and dynamic Web pages on the World Wide Web. Many web applications are designed expecting the environment and features that Apache provides. Apache is used for many other tasks where content needs to be made available in a secure and reliable way. One example is sharing files from a personal computer over the Internet. A user who has Apache installed on their desktop can put arbitrary files in Apache's document root which can then be shared.
2. TEMINAL SERVER
The Terminal Server component of the Microsoft Windows Server 2003 operating system can deliver the Windows desktop, in addition to Windows-based applications, from a centralized server to virtually any desktop computing device, including those that cannot run Windows. Terminal Services transmits only the user interface of the program to the client computer. Terminal services in windows Server 2003 can enhance an enterprises deployment capabilities for a variety of scenarios, allowing substantial flexibility in application and management infrastructure. The client computer then returns keyboard and mouse clicks to be processed by the server. Terminal Server uses the Remote Desktop Protocol (RDP) to communicate between client and server. Client computers connecting to the terminal server can run Windows (including the Microsoft Windows CE operating system) or run on other operating systems such as the Apple Macintosh or even UNIX (using a thirdparty add-on). Each user sees only their individual session, which is managed transparently by the server operating system and is independent of any other client session.
75
2.1Terminal Services Architecture

Terminal Services consists of four components: The Windows Server 2003 multi-user kernel
The Remote Desktop client The Terminal Services Licensing service, and Session Directory Services.
2.1.1 Multi-user kernel : The multi-user kernel extensions, originally developed for Windows NT 4.0 Server, Terminal Server Edition, have been enhanced and fully integrated as a standard part of the Windows Server 2003 family kernel. These are resident on the server at all times, regardless of whether Terminal Services is enabled or not. 2.1.2 Remote Desktop client: The client software is an application that establishes and maintains the connection between a client and a server computer running Terminal Services. 2.1.3 Terminal Services licensing service: This system allows terminal servers to obtain and manage terminal server client access license (TS CAL) tokens for devices and users connecting to a terminal server. 2.1.4 Session Directory Services: The session directory (SD) keeps a list of sessions indexed by user name, and allows a user to reconnect to the terminal server where the users disconnected session resides and resume that session.
2.2 Components
Component Description
76
CSRSS.exe
The Client-Server Runtime Subsystem is the process and thread manager for all logon sessions. Captures the Windows user interface and translates it into a form that is readily converted by RDPWD into the RDP protocol Unwraps the multi-channel data and then transfers it to the appropriate session. Session Manager creates and manages all sessions. Manages client connections and initiates creation and shutdown of connection contexts. The RDP protocol, which listens for RDP client connections on a TCP port. Packages the RDP protocol onto the underlying network protocol, TCP/IP. Runs in the sessions WinLogon process to create processes in the user session. Manages the Windows GUI environment by taking the mouse and keyboard inputs and sending them to the appropriate application. This system service handles user logons and logoffs and processes the special Windows key combination Ctrl-Alt-Delete. WinLogon is responsible for starting the Windows shell (which is usually Windows Explorer).
RdpDD.sys
RdpWD.sys
SMSS.exe Termsrv.exe
Termdd.sys
Tdtcp.sys
Wlnotify.dll
Win32k.sys
WinLogon.exe
As the Windows Server 2003 Terminal Server boots and loads the core operating system, the Terminal Server service (termsrv.exe) is started and begins waiting for session connections. Each connection is given a unique session identifier or SessionID to represent an individual session to the Terminal Server, and each process created within a session is tagged with the associated SessionID to differentiate its namespace from any other session namespaces. The console session (Terminal Server keyboard, mouse, and video) is always the first to load, is treated as a special-case client connection, and is assigned SessionID0. The console session starts as a normal Windows Server 2003 session, with the configured Windows display, mouse, and keyboard drivers loaded.
77
After creating the console session, the Terminal Server service then calls the Windows Session Manager (SMSS.EXE) to create two idle client sessions, which then await client connections. To create the idle sessions, the Session Manager starts the Client-Server Run-time Subsystem (CSRSS.EXE), and a new SessionID is assigned to that process. The CSRSS process also invokes the WinLogon process (WINLOGON.EXE) and the Windows Manager and GDI kernel module (Win32k.sys) under the newly associated SessionID. The Windows image loader recognizes this Win32k.sys as a SessionSpace loadable image by a predefined bit set in the image header. It then relocates the code portion of the image into physical memory with pointers from the virtual kernel address space for that session if Win32k.sys has not already been loaded. By design, it always attaches to a previously loaded images code (Win32k.sys) if one already exists in memory (that is, from any active application or session). The data (or nonshared) section of this image is then allocated to the new session from a newly created Session Space pageable kernel memory section. Unlike the console session, Terminal Server client sessions are configured to load separate drivers for the display, keyboard, and mouse. The display driver is the Remote Desktop Protocol (RDP) display device driver (rdpdd.dll), and the mouse and keyboard drivers are replaced with the RDP driver Rdpwd.sys. These drivers allow the RDP client session to be both available and interactive, remotely. Finally, Terminal Server also invokes a connection listener thread for the RDP protocol (Termdd.sys), which listens for RDP client connections on a TCP port. At this point, the CSRSS process exists under its own SessionID namespace, with its data instantiated per process as necessary. Any processes created from within this SessionID will execute within the Session Space of the CSRSS process automatically. This prevents processes with different SessionIDs from accessing another session data.
2.3 Installation & Configuration Terminal Services

Use the following steps: 1. 2. 3. 4. 5. 6. 7. Choose the licensing mode. Configure the Terminal Server role. Create an administrator account. Create a computer account and connect to the network. Configure Terminal Server licensing. Redirect My Documents folders. Install client applications.
Step 1: Choose the Licensing Mode : To use Terminal Server in your organization, you are required to have a Windows Server 2003 license for every terminal server that you deploy in your organization as well as Terminal Server Client Access Licenses (CALs) for devices that access the terminal servers. For terminal servers that are running Windows Server 2003, there are two types of Terminal Server CALs: Per Device
78
Per User
Which CAL you choose depends on how you plan to use Terminal Server. By default, Terminal Server is configured in Per Device mode, but it can be switched to Per User mode using the Terminal Services Configuration tool (TSCC.msc). You can serve both license types from the same license server. A Terminal Server license server on your network manages the Terminal Services CALs. A license server stores all Terminal Server CAL tokens that have been installed for a terminal server and tracks the license tokens that have been issued to clients. Per Device Licensing Mode A Per Device CAL provides each client computer the right to access a terminal server that is running Windows Server 2003. The Per Device CAL is stored locally and presented to the terminal server each time the client computer connects to the server. Per Device licensing is a good choice for: Hosting a users primary desktop for devices the customer owns or controls. Thin clients or computers that connect to a terminal server for a large percentage of the working day. This type of licensing is a poor choice if you do not control the device accessing the server, for example, computers in an Internet caf, or if you have a business partner who connects to your terminal server from outside your network. Per User Licensing Mode In Per User licensing mode you must have one license for every user. With Per User licensing, one user can access a terminal server from an unlimited number of devices and only needs one CAL rather than a CAL for each device. Per User licensing is a good choice in the following situations: Providing access for roaming users. Providing access for users who use more than one computer, for example, a portable and a desktop computer. Providing ease of management for organizations that track access to the network by user, rather than by computer. In general, if your organization has more computers than users, Per User licensing might be a cost-effective way to deploy Terminal Server because you only pay for the user to access Terminal Server, rather than paying for every device from which the user accesses Terminal Server. Check the EULA for the applications that you plan to host to determine if they support per user licensing.
79
Step 2: Configure the Terminal Server Role On the server running Windows Server 2003 that you plan to use as an additional server, configure the Terminal Server role. To install Terminal Server 1.Log on to the additional server using the local administrator account. 2. Verify that the Windows Time service is configured and running, and that the time is correct. 3. Click Start, click Manage Your Server, and then click Add or remove a role. The Configure Your Server Wizard starts. 4. Click OK on the Preliminary Steps page. 5. On the Server Role page, select the Terminal server check box, and then click Next. 6. Click Next on the Summary of Selections page to begin the configuration. Your computer will restart as part of the configuration.
Step 3: Create an Administrator Account Next, create a domain administrator account in order to manage your additional server.
To create an administrator account for the additional server 1. Log on to the computer running Windows Server 2003 using the local administrator account. 1. Click Start, and then click Server Management. 2. In the console tree, click Users. 3. In the details pane, click Add a User. 4. The Add User Wizard starts. On the Template Selection page, in the Templates dialog box, click Administrator Template. On the Set Up Client Computer page, click Do not set up a computer. On the Completing the Add User Wizard page, click Finish. Step 4: Create a Computer Account and Connect to the Network Next, create a domain administrator account in order to manage your additional server.
To create an administrator account for the additional server 1. Log on to the computer running Windows Small Business Server 2003 using the local administrator account. 1. Click Start, and then click Server Management. 2. In the console tree, click Users.
80
In the details pane, click Add a User. 4. The Add User Wizard starts. On the Template Selection page, in the Templates dialog box, click Administrator Template. On the Set Up Client Computer page, click Do not set up a computer. On the Completing the Add User Wizard page, click Finish.
3.
Step 5: Create a Computer Account and Connect to the Network Next, create an account for your additional server on the Windows Small Business Server network, and then join the server to the network. To create a computer account 1. Log on to the computer running Windows Small Business Server 2003 using the built-in Administrator account. 1. Click Start, and then click Server Management. 2. In the console tree, click Server Computers. 3. In the details pane, click Set Up Server Computers. The Set Up Server Wizard starts. 4. Follow the instructions in the wizard for creating a server computer. To connect the terminal server to the network 1. On the new server, log on using the built-in Administrator account. 1. In Internet Explorer, go to http://ServerName/connectcomputer, and then click Connect to the network now. 2. Follow the instructions in the wizard to connect this computer to the network. Use the administrator user name and password that you created when you ran the Add User Wizard. Step 6: Configure Terminal Server Licensing After you have joined the additional server to the network, configure the server with Terminal Server licensing. For information about adding an additional server, click Start, click Help and Support, and then search for "Terminal Server Licensing."
To configure Terminal Server Licensing 1. Click Start, click Control Panel, and then click Add or Remove Programs. 1. Click Add/Remove Windows Components. 2. In the Components dialog box, click Terminal Server Licensing, and then click Next. 3. On the Terminal Server Licensing Setup page, click Next to accept the default on that page.
4.
81
Provide the file system location where the license server database should be installed on the Terminal Server license server, click Next, and then click Finish. The default location for the license server database is systemroot\System32\LServer.
Activating the License Server : After a Terminal Server license server is activated, it becomes the repository for Terminal Server client licenses. A Terminal Server license server can issue temporary licenses for clients that allow use of terminal servers for up to 120 days from the date of the first client logon. After this evaluation period ends, a terminal server can no longer allow clients to connect unless it locates a Terminal Server license server to issue client licenses. Licensing wizard properties, such as activation method and company information, set during the activation process, can be changed later. To activate the license server 1. Click Start, click Control Panel, click Administrative Tools, and then click Terminal Server Licensing. 1. In the console tree, right-click the Terminal Server license server you want to activate, and then click Activate Server to start the Terminal Server License Server Activation Wizard. 2. In Activation method, select Automatic connection (recommended), and then click Next. Follow the instructions in the wizard. Adding Client Licenses to the License Server : You must purchase a client access license for each client computer that connects to the terminal server and install them on the license server for users to be able to use the terminal server. For more information about Terminal Server licensing, click Start, click Help and Support, and then search for "Terminal Server Licensing." To install client license key packs 1. On the terminal server, click Start, click Control Panel, click Administrative Tools, and then click Terminal Server Licensing. 1. Verify that the installation method for the Terminal Server license server is set to Automatic by right-clicking the Terminal Server license server for which you want to install key packs, and then clicking Properties. On the Installation Method tab, change the installation method if necessary. 2. In the console tree, right-click the Terminal Server license server for which you want to install key packs, click Install Licenses to start the Terminal Server CAL Installation Wizard, and then click Next. The previous steps are not necessary if the Terminal Server CAL Installation Wizard is already started.
3.
In Program and Client License Information, provide the required information for your licensing program to receive your key packs, and then click Next.
The Microsoft Clearinghouse processes your request, and installs the encrypted client license key pack on your Terminal Server license server.
4.
Click Finish to complete the process.
The Terminal Server license server can now issue licenses to clients that connect to a Terminal server.
82
Step 7: Redirect My Documents Folders It is recommended that you redirect users My Documents folders to the server running Windows Small Business Server 2003 and apply volume quotas to the folders. By default, users My Documents folders are saved with the user profiles on the terminal server. If you use My Documents Redirection and the backup feature of Small Business Server 2003, your users data will be backed up along with the rest of the server. For information about redirecting users My Documents folders from the terminal server to the Windows Small Business Server 2003, click Start, click Help and Support, and then search for "Folder redirection." To ensure that users My Documents folders synchronize with the server, tell the users to log off from their terminal server sessions rather than simply close the session. Step 8: Install Client Applications You can use the client applications on the computer running Windows Small Business Server 2003 and install them on the terminal server. You can also install other client applications on the terminal server. For more information about installing and running applications with Terminal Server, click Start, click Help and Support, and the search for "Terminal Server." For more information about installing Microsoft Office 2003 in a Terminal Server environment, see the whitepaper "Deploying Office 2003 in a Windows Terminal Services Environment" at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=24921).
Installing Outlook You can install Microsoft Office Outlook 2003 on the terminal server from the server running Small Business Server 2003. To install Outlook 1. On the additional server, log on using the domain administrator account. 1. Click Start, click Run, and then type \\ServerName. 2. Double-click ClientApps, and then double-click outlook2003. Double-click Setup.exe, and then follow the Setup instructions. 3. To close Outlook Setup after installation, click Next, and then click Finish. Ensure that you close the wizard that launches along with Setup. Installing Internet Explorer : You do not need to install Internet Explorer on the terminal server; the correct version of Internet Explorer is included with Windows Server 2003. The Favorites menu and connection settings are configured by Client Setup. Some links on the Favorites menu point to items that require the installation of Microsoft ActiveX controls or certificates. To prepare Internet Explorer for these links, use the following procedure.
83
Configuring Fax for Terminal Server Users : You can configure the server running Windows Small Business Server 2003 as the fax server for Terminal Server users by installing the Fax Service on the server running Windows Small Business Server 2003. For more information about hosting Fax Services on the additional server, click Start, click Help and Support, and then search for "Using Fax." To configure Fax Services for Terminal Server users, you need to configure the terminal server and each client computer that will use the service. Use the following procedure to configure the terminal server for using fax. When you are configuring the client computers to use the Terminal Server, you will also need to configure the client computers to use fax. To configure the terminal server for fax : 1. From the terminal server, click Start, click Control Panel, and then click Add or Remove Programs. 1. Click Add/Remove Windows Components. 2. Select the Fax Services check box, and then click Next. 3. Click Do not share this printer, and then click Next. 4. Click Finish. Step 9: Configure Client Computers : To configure the client computers to access the terminal server, you must install the Remote Desktop Connection on each client computer. After you have installed the Remote Desktop Connection, you can configure the client computers for Fax Services. To install Remote Desktop Connection on client computers : 1. From the client computer, click Start, click Run, and then type: \\ServerName\clientapps Click tsclient. 2. Double-click the Win32 folder, and then double-click Setup.exe. 3. Complete the Remote Desktop Connection - InstallSheild Wizard. To configure client computers to use Fax Services : 1. From each client computer, click Start, click Programs, click Accessories, click Communications, click Remote Desktop Connection, and then log on to the terminal server using the Remote Desktop Connection. 1. Click Start, click Printers and Faxes, and then double-click Add a printer. The Add Printer wizard starts. 2. Click Next. 3. Click A network printer, or a printer attached to another computer, and then click Next. 4. Click Find a printer in the directory, and then click Next .
1.
84
5.
In the Find Printers dialog box, click Find Now.
In the search results list, a printer named Fax should appear. Select the printer named Fax, and then click OK. Click No when asked if you want to set this printer as the default printer, and then click Finish.
6.
2.4 How to connect client with Terminal server
Client To connect to Terminal server remotely following step required. Click Start, click All Programs, click Accessories, click Communication, and then click Remote Desktop Connection. Then a window will be appear like this
85
Here a user can specify his/her requirement. After Click on the Connect button the client will be connected to the terminal server and a terminal server GUI interface will appear on the client computer .
2.5 Advantages
Advantage Rapid, centralized deployment of applications
Description Terminal server is great for rapidly deploying Windows-based application to computing devices across an enterprise- especially applications that are frequently updated, infrequently used, or hard to manage. When an application is managed on terminal Server, and not on each device, administrators can be certain that users are running the latest version of the application.
Low-bandwidth access to data
Terminal server considerably reduces the amount of network bandwidth required to access data remotely. Using Terminal Server to run an application over bandwidth-constrained connections, such as dial-up or shared WAN links, is very effective for remotely accessing and manipulating large amount s of data because only a screen view of the data is transmitted, rather than the data itself.
86
Windows anywhere
Terminal Server helps users become more productive by enabling access to current applications on any device- including under-powered hardware and Non-Windows desktops. And because Terminal Server lets you use Windows anywhere, you can take advantage of extra processing capabilities from newer, lighter-weight devices such as the Pocket PC.
3.
WINDOWS SERVER UPDATE SERVICES (WSUS)
WSUS provides a software update service for Microsoft Windows operating systems and other Microsoft software. WSUS is a locally managed system that works with the public Microsoft Update website to give system administrators more control. By using Windows Server Update Services, administrators can manage the distribution of Microsoft hotfixes and updates released through automatic updates to computers in a corporate environment. A WSUS server can obtain updates either from Microsoft Update or from another WSUS server, but at least one WSUS server in the network must connect to Microsoft Update to get available updates. The administrator can decide how many WSUS servers should connect directly to Microsoft Update, based on network configuration, bandwidth, and security considerations. These servers can then distribute updates to other downstream WSUS servers. WSUS originated as Software Update Services (SUS), which delivered only operating system hotfixes and patches. WSUS builds on SUS by expanding the range of software it can update. The WSUS infrastructure allows automatic downloads of hotfixes, updates, service packs, device drivers and feature packs to clients in an organization from a central server(s), instead of using the public Microsoft Windows Update website. This saves bandwidth, time and disk space, as the individual computers in a network do not have to connect to an external server themselves, but
87
connect to a local central server. It also increases administrators' control and allows clients to obtain updates in environments that do not have internet access.
3.1 Installation :
3.1.1 Software Requirements : Computer running Windows 2003/2000 Server with Microsoft Windows Server Update Services (WSUS) installed. Microsoft .NET Framework version 2.0 installed on WSUS server.
3.1.2 Minimum Hardware Requirements :
Both the system partition and the partition on which we install WSUS 3.0 SP2 must be formatted with the NTFS file system. Minimum 1 GB of free space on the system partition. Minimum 2 GB of free space on the volume on which database files will be stored. Minimum 20 GB of free space is required on the volume on which content is stored, 30 GB is recommended
3.1.3 Installation Steps:

SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/ 1. Install software by extracting the files in the WSUSEasyReporter.zip file.
2. After extracting the files navigate to the folder where the files where extracted and double-click on the setup.exe file. 3. Click Next on the welcome screen.
88
4. Agree
to
the
End
User
License
Agreement
and
click
Next.
5. In the SQL setup dialog enter the SQL server instance for WSUS. If WSUS database was installed with the default WMSDE database then enter LOCALHOST\WSUS in the SQL Instance textbox. If WSUS database was installed on a different SQL server then enter the name of the SQL server in the SQL Instance textbox. Enter the default Root web location for WSUS. Enter a website title and footer for the WSUS Easy Reporter website. Click Next.
89
1. In the Select Installation Address dialog choose the site that WSUS is installed
in (Default is Default Web Site). * A new website can be created beforehand and then chosen. The website will have to have host headers set and our DNS server should have an alias (CNAME) created for the site. Enter a virtual directory name. This is the name that we will connect to in the address bar of our browser (i.e. http://LOCALHOST/WSUSReports). Click Next.
2. Click Next to start the installation. 3. After the setup is finished read the readme and click Next then Close.
90
3.2 Configuring the network:

After we install Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2), the configuration wizard will launch automatically. We can also run the
wizard later through the Options page of the WSUS Administration Console. By default, WSUS 3.0 SP2 is configured to use Microsoft Update as the location from which to obtain updates. To obtain updates from Microsoft Update, the WSUS server uses port 80 for HTTP protocol and port 443 for HTTPS protocol. This is not configurable. If we have a proxy server on the network, we can configure WSUS 3.0 SP2 to use the proxy server. If there is a corporate firewall between WSUS and the Internet, we might have to configure the firewall to ensure that WSUS can obtain updates. NOTE: Although Internet connectivity is required to download updates from Microsoft Update, WSUS offers us the ability to import updates onto networks that are not connected to the Internet.
3.3 To specify the way this server will obtain updates:

1. From the configuration wizard, after joining the Microsoft Improvement Program, click Next to select the upstream server. 2. If we choose to synchronize from Microsoft Update, we are finished with the Options page. Click Next, or select Specify Proxy Server from the navigation pane. 3. If we choose to synchronize from another WSUS server, specify the server name and the port on which this server will communicate with the upstream server. 4. To use SSL, select the Use SSL when synchronizing update information check box. In that case the servers will use port 443 for synchronization. (Make sure that both this server and the upstream server support SSL.) 5. If this is a replica server, select the This is a replica of the upstream server check box. 6. At this point, we are finished with upstream server configuration. Click Next, or select Specify proxy server from the left navigation pane.
3.4 Start WSUS:

To start the WSUS Administration Console, click Start, point to All Programs, point to Administrative Tools, and then click Windows Server Update Services 3.0. 3.4.1 Configure updates and synchronization: We can do these procedures by using either the WSUS Configuration Wizard or the WSUS Administration Console.

Save and download information about our upstream server and proxy server. Choose the language of the updates. Select the products for which we want to receive updates. Choose the classifications of updates. Specify the synchronization schedule for this server.
91
After we configure the network connection, we can download updates by synchronizing the WSUS server. Synchronization begins when the WSUS server contacts Microsoft Update. After the WSUS makes contact, WSUS determines whether any new updates have been made available since the last time we synchronized. When we synchronize the WSUS server for the first time, all the updates are available and are ready for our approval for installation. The initial synchronization may take a long time. 3.4.2 Configure client updates: In Windows Server Update Services 3.0 (WSUS 3.0 SP2), the WSUS Setup automatically configures IIS to distribute the latest version of Automatic Updates to each client computer that contacts the WSUS server. The best way to configure Automatic Updates depends on the network environment. In an environment that uses Active Directory service, we can use an existing domainbased Group Policy object (GPO) or create a new GPO. In an environment without Active Directory, use the Local GPO. In this step, we will configure Automatic Updates and then point the client computers to the WSUS server.
3. BLADE SERVER
92
A blade server is a stripped down server computer with a modular design optimized to minimize the use of physical space and energy Features and specifications
4.1 NEED OF BLADE SERVER

Generally, all IT departments face a typical challenge of increasing number of servers when different applications require separate infrastructure and platforms. As a result a lot of space is required to house these servers and that is where the problem of real estate management comes in as it leads to an additional financial burden on the company. This is because when you are expanding physically, you not only need the space but also need the standard requirements of building a fresh server room/datacenter which consists of power, cooling, management , etc. You need a more powerful technology which offers the option of expansion, and is less power hungry in the server space. Thus, broadly speaking, consolidation around a lesser number of servers is where blade servers score.
4.2 FEATURES
The different blade manufacturers vary in specific configurations for their blade servers and chassis, but the focus still remains to strip extraneous components from the blades so the blades' components can focus on essential processing and services. Each blade is a server by itself and generally dedicated to a single computing task such as file sharing, SSL, data processing, Web page serving, cache management ,video/audio streaming, or firewall etc. Blade servers provide greater I/0 connectivity, hot swap drives, and RAID-5 capabilities. 4.2.1 Virtualization In a single blade chassis, you can have different operating systems, different memory capacities, a mix and match of 32-bit or 64-bit CPUs, and so on. Once you have these, you can always run virtualization software on top. Also, blades let you pair your dynamic software with dynamic hardware, making deployment and management of virtual servers much easier. 4.2.2 Hot Swapping Hot swapping is the ability to add, remove and replace units at need without having to power-off the chassis. Hot swapping can apply to PSUs, network, management and storage units, and the blade servers themselves. Hot swapping, coupled with
93
redundancy, can give significant reliability benefits. It also aids maintenance, because if a blade develops a problem it can be removed and repaired or replaced without disruption of the other blades in the system. 4.2.3 Power: The blade relies on the chassis to provide Power. In all chassis power switching balances power load and requirements across the component blades' demands. The technology ensures that power isn't wasted running underused blades, but in times of high demand there is sufficient power available. Employing power supply unit redundancy is necessary for critical servers. 4.2.4 Cooling A full chassis may generate considerable heat from the activity of component blades, so high demand blade servers require effective cooling from their chassis to operate efficiently. The chassis' internal management systems may shut down the entire system if the temperature rises above a certain point. It's critical, then, to follow the directions of the blade server chassis' manufacturer when managing the server's cooling. This might include air space around the chassis, the use of plugs for empty bays, and environmental demands for air temperature and humidity. 4.2.5 Storage There may be some limited storage on a blade server, and there may be additional storage provided by a chassis. However, with the use of a SAN ,the chassis and blades can be completely free of storage, removing the inherent heat, noise, and reliability problems from the system completely. Everything from booting to data storage can be done over the SAN, enabling the blade servers to be focused entirely on processing. This configuration can increase reliability and reduce space requirements by partitioning storage resources in one centralized location and computing resources in another. This also eliminates storage Despite the advantages of storage outside the blade chassis, many blades have the capacity to take one or two hard drives, usually SATA. 4.2.6 LED Indicators Blade servers typically have a front panel containing a number of informational LEDs, relating to power and system activity. There may additionally be indicators of system failure, which may be general or specific to blade components. These optional features will invariably come at a cost premium.
4.3 SPECIFICATION
Model: Blade Center HS20 Type 8832
94
Microprocessor Supports up to microprocessor 2
Drivers Support for up to 2 internal IDE 2.5 inch hard disk drive(HDD) Support for up to 2 up to 2 ultra 320 SCSI hot swap HDD available in an optional SCSI storage expansion unit
Integrated functions:
Intel Xenon Processor 512 KB ECC L2cache 533 MHz front side bus(FBS)
Two Gigabit Ethernet controllers ATI Rage XL video controller Light Path DiagnosticsTM Local service processor IDE HDD controller RS-485 interface for communication with Blade Center management module USB buses for communication with keyboard , mouse , diskette drive and CDROM
Environment Memory
Size Height: 24.5 cm Depth: 44.6 cm Width: 2.9 cm
Air temperature : Blade server on :100 C to 350C Altitude : 0 to 914 m Blade server off : -400 to 600C Humidity Blade sever on : 8% to 80% Blade server off : 5% to 80%
Minimum :512 MB Maximum : 4 GB
Maximum weight: 5.4 kg
NOTE: The OS in the blade server must provide USB support for the blade server to recognize and use the keyboard ,mouse ,CD-ROM drive , and diskette drive. The blade center unit uses USB
4.4 COMPONENTS OF BLADE SERVER

1. Chassis 2. Management server
95
3. SAN 4.4.1.Chassis: The chassis forms the housing for the blade servers,
providing the necessary services for the blades. Chassis vary in the number of blades they accept, usually from 6 to 16. It has two view front view and rear view and in between these two view there is a mother board of blade server
Mother view SM Rear M Front board P view
MM
FM
BLOWER PM PM PM SM MM FM
BLADES
PM stands for Power module , which manage the power control for blade server. All the 4 power module work simultaneously and if one fails then other take care of the power control. SM stands for Switch module , which is connected with layer 3 switch . Both the switch module work simultaneously and if one fail then other take care of them. BLOWER is used to keep the temperature of blade server at required level . MM stands for management module . It manage all the deices within a chassis . Here one is primary and another is secondary .When primary works then secondary holds the idle condition .This is called the heart of the System. FM stands for fiber module .Which is connected with SAN. Both the fiber module work simultaneously and if one fail then other take care of them 4.4.2 Management server It use the IBM directory server software and installed in any of the Blade . The blade which has that software will act as an administrator . It manage all the blades. It has two hard disk and a processor of 3.0 MHz
96
4.4.3 Storage Network (SAN)
Area
Storage Area Network (SAN) is a specialized ,high-speed network attaching servers and storage devices and ,for this reason ,it is sometimes referred to as the network behind the servers . A SAN allows any-to any connection across the network ,using internetwork elements such as routers ,gateways ,hubs ,switches and directors . A storage device is a machine that contains nothing but a disk or disks for storing data. This storage area is shared by all blades. The disk of this storage use the RAID technology to store the data. The details of RAID is given in article 4.5 Instead of these three parts there is also a keyboard ,monitor and a mouse to monitor the condition of all the blade servers . Which are attached though the KVM switch.
A KVM ( Keyboard , Visual Display Unit, Mouse) switch is a hardware device that allows a user to control multiple computers from a single keyboard, video monitor and mouse. Although multiple computers are connected to the KVM, typically a smaller number of computers can be controlled at any given time.
4.5 RAID
Redundant Array of Independent Disks (RAID) is the combining of several hard drive into a single unit. There are a number of RAID levels, among them the most popular are RAID 0, RAID 1 and RAID 5, which require controllers to support them. Two or more disk drive are combined and the result is fault tolerance and good performance. These disks drives are usually used on servers . Level Description
Minimum no. of disks
Space Efficiency
Fault Tolerance
Image
97
In a RAID 0 system, data are split up in blocks that get written across all the drives in the array. By using multiple disks (at least 2) at the same time, RAID 0 offers superior I/O performance. This can be RAID performance enhanced further by using 0 multiple controllers, ideally one controller per disk Data are stored twice by writing them to both the data disk (or set of data disks) and a mirror disk (or set of disks).If a disk fails, the controller uses either the data drive or the mirror drive for data RAID recovery and continues operation 1
0 (none )
1 (size of the small -est disk)
n-1 disks
RAID 5 is the most common secure RAID level. It is similar to RAID-3 except that data are transferred to disks by independent read and write operations (not in parallel). The data chunks that are written are also larger. Instead of a dedicated parity disk, parity information is RAID spread across all the 5 drives. You need at least 3 disks for a RAID 5 array
n-1
1 disk
98
4.5.1 ADVANTAGES AND DISADVANTAGES OF RAID
Level RAID 0
Advantages RAID 0 offers great performance, both in read and write operations. There is no overhead caused by parity controls. All storage capacity can be used, there is no disk overhead. The technology is easy to implement.
Disadvantages RAID 0 is not fault-tolerant. If one disk fails, all data in the RAID 0 array are lost. It should not be used on missioncritical systems.
RAID 1
RAID 1 offers excellent read speed and a write-speed that is comparable to that of a single disk. In case a disk fails, data do not have to be rebuild, they just have to be copied to the replacement disk. RAID 1 is a very simple technology.
The main disadvantage is that the effective storage capacity is only half of the total disk capacity because all data get written twice. Software RAID 1 solutions do not always allow a hot swap of a failed disk (meaning it cannot be replaced while the server keeps running). Ideally a hardware controller is used. Disk failures have an effect on throughput, although this is still acceptable. Like RAID 3, this is complex technology.
RAID 5
Read data transactions are very fast while write data transaction are somewhat slower (due to the parity that has to be calculated).
99
4.6 CONFIGURATION
The following configuration programs are provided with the blade server: 1.Configuration /Setup Utility program : This is part of the basic input /output system(BIOS) code in blade server . 2.PXE boot agent utility program : The Preboot eXecution Environment(PXE) boot agent utility program is part of the BIOS code in the blade server . Use it to select the boot protocol and other boot options.
4 .6.1 Using the Configuration /Setup Utility program

Turn on the blade server and watch the monitor screen . When the message Press F1 for Configuration/Setup appears ,press F1 Follow the instructions that appears on the screen . Configuration /Setup Utility menu choices : The following choices are on the Configuration /Setup Utility main menu. System Summary : Select this choice to display configuration , including the type ,speed ,and cache sizes of the microprocessor and the amount of installed memory. System Information : Select this choice to display information about your blade server. Product Data : Select this choice to view the machine type and model of your blade server ,the serial number , and the revision level or issue date of the BIOS . Devices and I/O ports : Select this choice to set the system date and time , in 24-hour format (hour:minute:second). System Security : Select this choice to set a power- on password . If your set a power- on password , you must type the power-on password to complete the system startup .
NOTE : If you forget the power-on password , you can regain access to the blade server through one of the following methods Remove the blade server battery and the reinstall it. Change the position of the power-on password override switch to bypass the power-on password check the next time the blade server is turned on .
NOTE : Shut down the OS ,turn off the blade server , and remove the blade server from the BladeCenter unit to access the switches.

Start Options : Select this choice to view or change the start options . This choice appears only on the full Configuration / Setup Utility main menu . Advance Setup : Select this choice to change setting for advanced hardware features . System Partition Visibility : Select this choice to specify whether the System Partition is to be visible or hidden .
100
Memory Settings : Select this choice to manually enable a pair of memory DIMMs. CPU options : Select this choice to enable or disable the microprocessor cache . PCI Bus Control : Select this choice to view and set interrupts for PCI devices and to configure the master-latency-timer value for the blade server. Integrated System Management Processor Settings : Select this choice to enable or disable the Reboot on System NMI option on the menu . If you enable this option , the blade server will automatically restart 60 seconds after the services processor issues a Non-Maskable Interrupt (NMI) to the blade server . Error Logs : Select this choice to view or clear the POST error log.
Select POST Error Log to view the three most recent error codes and messages .

Save Settings : Select this choice to save the changes , made in the settings. Restore Settings : Select this choice to cancel the changes , made in the setting and restore the previous settings. Load Default Settings : Select this choice to cancel the changes ,made in the setting and restore the vendors settings. Exit Setup : Select this choice to exit from the Configuration /Setup Utility program . If you have not saved the changes you have made in the settings, you are whether you want to save the changes or exit without saving them.
4 .6.2 Using the PXE boot agent utility program 1.Turn on the server . 2.When the Broadcom NetXtreme Boot Agent Ctrl+S. NOTE: If the PXE setup prompt is not displayed ,use the Configuration /Setup Utility program to set the enable Ethernet PXE/DHCP option . By default , you have 2 seconds after the prompt appears on the screen to press Ctrl + S. vX.X.X prompt appears ,press
3. Use the arrow keys or press Enter to select a choice from the menu. Press Esc to return to the previous menu. Press the F4 key to exit 4. Follow the instructions on the screen to change the setting of the selected items , then press Enter .
101
4.7 Configuring The Gigabit Ethernet Controllers :
Two Ethernet controllers are integrated on the blade server system board which enables simultaneously transmission and reception of data on the Ethernet Local Area Network (LAN). However a device driver must install to enable the blade server OS to address the Ethernet controllers . For device drivers and information about configuring your Ethernet controllers use the Broadcom NetXtreme Gigabit Ethernet Software .Ethernet controllers support failover, which provides automatic redundancy for Ethernet controllers . Without failover only one Ethernet controller from each server attached to each virtual LAN or subnet. With failover you can configure more than one Ethernet controller from each server to attach to the same virtual LAN or subnet . If you have configured the controllers for failover and the primary link fails , the secondary controller takes over . When the primary link is restored , the Ethernet traffic switches back to the primary Ethernet controller NOTE : To support failover on the blade server Ethernet controllers , the Ethernet switch modules in the BladeCenter unit must have identical configurations to each other.
4.8 BLADE SERVER ADVANTAGES AND DISADVANTAGES

4.8.1 ADVANTAGES Take less space : Greater density and better use of the server form factor highly reduces the total space requirements of the blade server deployment as compared to tower or rack mounted servers. Reduced Power Consumption and Improved Power Management : Power supplied from the blade server chassis highly reduces the total power supply requirement and also reduces the power required per server. Lower Management Cost : server consolidation and resource centralization simplifies server deployment, management and administration and improves management, redundancy and control. Single monitor : KVM switch helps to monitor all the server by only one system . Simplified Cabling : Blade servers simplify cabling requirements and facilitate highly reduced wiring. Most of the wiring related interconnects are inbuilt into the chassis thereby greatly reducing the need for separate wiring. Ease of upgrade - As new processor, communications, storage and interconnect technology becomes available, it can be implemented in blades that install into existing equipment, upgrading server operation at a minimum cost and with no disruption of basic server functionality.
102
Easier Physical Deployment : Since the chassis is responsible for providing the once redundant parts of a server, deployment of a blade server simply involves the placement of the chassis and sliding in the blades. Redundant power modules and consolidated communication bays simplify integration into data centers. Flexibility- Blade systems also provide significant configuration flexibility, offering a choice among myriad servers, I/O options and other internal components. The chassis can accommodate a mix of x86 (Intel or AMD CPUs) and Unix RISC servers, storage blades, workstations and PC blades, as well as multiple I/O connections per blade. 4.8.2 DISADVANTAGES Expensive configuration Although plugging in a new server blade into the blade server is easy once the system is running, initial configuration can be labor-intensive and expensive in complex application environments. This disadvantage comes with the fact that blade servers are specialized computing equipment and their configuration and administration often requires training provided by the vendor which may not be cheap unless you have a special free-training deal with the vendor. Expensive tool ( economies of scale) If you do not fill the blade chassis with server blades, you are not fully utilizing it. Blade chassis are often made to hold 14 or 16 server blades. The general rule of thumb is that blade servers are not suitable and economical for applications requiring less than 5-10 servers. Applications requiring less than 5-10 server blades (10-20 CPUs) are best devoted to standalone server systems. Incompatible Chassis Blade systems vary between manufacturers. Once you bought blade server from a particular vendor, it is not always easy to switch to another vendor because of servicing agreements and also because a competitor is unlikely going to have the same expertise in your equipment as your vendor. You could theoretically use your server blades in competitor's blade chassis, but practically blade chassis are not standardized. It is unlikely that IBM would get together with Dell and HP to share chassis. Chassis is what makes their products unique. Server blades are often designed to only run in the company's own chassis. Business case Blade servers are not the best solution for everything. If you have a very large transaction processing application requiring high read/write ratios, then you may run into bottle neck with your bus speeds, memory limitations, disk access, and network I/O. Email and Web serving are situations where blade computing suits well. Heating and cooling One often forgotten disadvantage is HVAC. While individual stand-alone servers can be distributed throughout the building and may not necessarily need special accommodations for cooling, blade servers being very powerful these days produce massive amounts of heat per square foot. If untreated, this could melt them down. When purchasing blade servers, it is important to keep in mind that additional resources will be needed also for HVAC.
3. SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
103
DHCP SERVER
A DHCP Server assigns IP addresses to client computers. This is very often used in enterprise networks to reduce configuration efforts. All IP addresses of all computers are stored in a database that resides on a server machine. DHCP supports four strategies for IP address allocation. These are independent features. A particular server can offer any or none of them. 1. Manual. The unique client identifier-to-IP address binding has been made by an administrator. Therefore the DHCP service should not reallocate IP addresses of this type to other clients after the lease expires. This type of IP address allocation is useful when the administrator wants a host to maintain the same IP address but still wants to detect when an IP address is no longer being used. An example is a host that provides a service located by the IP address, like mail. 2. Permanent. The server's administrator creates a configuration for the server that includes only IP addresses, and gives this configuration to clients. After an IP address is associated with a MAC address, the association is permanent unless the server's administrator intervenes. Allocating permanent IP addresses has the drawback that such IP addresses cannot be reclaimed automatically. 3. Dynamic (through leases with limited duration). The server tracks leases and gives IP addresses to DHCP clients automatically as they become available when leases expire. No interaction is needed by the administrator. This is the preferred IP address type for non-BOOTP clients. 4. BOOTP. Addresses that are reserved for use by BOOTP clients. This allows an administrator to enter a pool of IP addresses intended only for BOOTP clients.
5.1 Installing DHCP Server is very easy in win server 2003

First you need to go to Start>All Programs>Administrative Tools>Manage Your Server
104
Here you need to select Add or remove a role
Verify the following steps click on Next
105
Select Server Role as DHCP Server option click on Next
Summary selection click on Next
106
Installing DHCP Server in progress
107
Now this will prompt new scope welcome screen click next
A scope is a collection of IP addresses for computers on a subnet that use DHCP.Enter the name and description of your scope click next
108
Now you need to define the range of addresses that the scope will distribute across the network , the subnet mask for the IP address . Enter the appropriate details and click next.
Enter the IP address range that you want to exclude and click on next
Select lease duration how long a client can use an IP address assigned to it from this scope. It is recommended to add longer leases for a fixed network (in the office for example) and shorter leases for remote connections or laptop computers and click next
109
You are given a choice of whether or not you wish to configure the DHCP options for the scope now or later. You can select Yes, I want to radio button and click next
Enter the router, or gateway, IP address click next. The client computers will then know which router to use and click next
110
Enter the DNS and domain name settings can be entered. The DNS server IP address will be distributed by the DHCP server and given to the client click next
111
If you have WINS setup then here is where to enter the IP Address of the WINS server. You can just input the server name into the appropriate box and press Resolve to allow it to find the IP address itself click next
Now you need to activate this scope now and click next
DHCP Server new scope installation was finished and click finish
112
Now your server is now a DHCP server message and click finish
113
5.2 Configuring DHCP
Now you need to go to Start>Administrative Tools>DHCP
Right Click on your server click on Authorize your DHCP Server
Authorization completed now your DHCP server is up and running
114
DHCP servers permit you to reserve an IP address for a client. This means that the specific network client will have the same IP for as long as you wanted it to. To do this you will have to know the physical address (MAC) of each network card. Enter the reservation name, desired IP address, MAC address and description choose whether you want to support DHCP or BOOTP and press add. The new reservation will be added to the list.
So it is very easy to configure DHCP server in win server 2003 now you can configure your windows client pc to check your DHCP server is working or not. If you want to install and configure win server 2003 domain controller with DNS setup check here .
115
5.3 Advantages and Disadvantages
Advantages : DHCP servers offer a number of advantages over earlier methods of getting IP addresses. 1. Automatic management of IP addresses, including the prevention of duplicate IP address problems 2. Allows support for BOOTP clients, so you can easily transition your networks from BOOTP to DHCP 3. Allows the administrator to set lease times, even on manually allocated IP addresses. 4. Allows limiting which MAC addresses are served with dynamic IP addresses 5. Allows the administrator to configure additional DHCP option types, over and above what is possible with BOOTP 6. Allows the definition of the pool or pools of IP addresses that can be allocated dynamically. A user might have a server that forces the pool to be a whole subnet or network. The server should not force such a pool to consist of contiguous IP addresses. 7. Allows the association of two or more dynamic IP address pools on separate IP networks (or subnets). This is the basic support for secondary networks. It allows a router to act as a BOOTP relay for an interface which has more than one IP network or subnet IP address. Here are some features that are not part of the DHCP server itself, but related to the way it is administered. 1. Central administration of multiple servers 2. The ability to make changes while the server is running and leases are being tracked. For example, you can add or take away IP addresses from a pool, or you can modify parameters. 3. The ability to make global modifications (those that apply to all entries) to parameters, or to make modifications to groups of clients or pools 4. The maintenance of a lease audit trail, such as a log of the leases granted Disadvantages:
1. Only some of the DHCP client implementations work properly with the DHCP Server in windows server 2003. 2. The information in DHCP server is automatically delivered to all the DHCP clients Thus , it become important to put correct information into DHCP server. 3. If there is a single DHCP server and it is not available, lease will not be requested or renewed ,this way it will be single point of failure for the network. 4. In order to use DHCP on a multi segment network , DHCP server or relay agent should be placed on each segment .you can also ensure that the router is forwarding Bootstrap protocol Broadcasts. SANDEEP, MITHILESH , SYEDUL , RABI KANT http://san24mca.blogspot.com/
116

Networking and Servers

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Networking and Servers

Încărcat de

Drepturi de autor:

Formate disponibile

UNIT 1

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

1.1 Definition of Computer Network

1.2 Components communication

A data communications system has five components.

1.3 Types of computer networks

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

2.6 Network Interface Card (Ethernet)

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

2.8 VoIP (Voice over Internet Protocol)

2.8.1 Types of VoIP Calls

End 2 1. White(orange) 2. Orange 3. White(green) 4. Blue 5. White(Blue) 6. Green 7. White(Brown) 8. Brown

SANDEEP, MITHILESH , SYEDUL , RABI KANT

2.11 Direction of transmission or Data Flow:

SANDEEP, MITHILESH , SYEDUL , RABI KANT

3.1 Unguided Media:

3.2 Guided Media:

3.3 Twisted-Pair Cable :

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

3.4 Coaxial cable

3.5 Optical Fiber

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

3.6 Comparison of Different mode of Optical Fibers:

SANDEEP, MITHILESH , SYEDUL , RABI KANT

4.3.1 Signal-to-Noise Ratio (SNR)

5.1 What is Wi-Fi?

802.11e 802.11f 802.11h 802.11i

5.2 Types of Access Points:

5.2.1 Motorola AP-5131:

Radio Data Rates

SANDEEP, MITHILESH , SYEDUL , RABI KANT

Ethernet Activity 802.11a Radio Activity 802.11b/g Radio Activity

5.3 AP-5131 Configuration :

SANDEEP, MITHILESH , SYEDUL , RABI KANT

To define basic AP-5131 configuration:

Quick Setup from the AP-5131 menu tree.

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

Static WEP keys:

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

6.1 TYPE OF SWITCHES

6.2 LAN Switch Mechanism and Its Advantages

SANDEEP, MITHILESH , SYEDUL , RABI KANT

SANDEEP, MITHILESH , SYEDUL , RABI KANT

7.1 Star Topology :

7.2 Ring Topology :

SANDEEP, MITHILESH , SYEDUL , RABI KANT

Advantages : Easy to install Add or delete is easy Fault isolation is simplified

7.3 Bus Topology :