Network Plus 2005 In Depth
.pdf
402 |
|
Chapter 8 NOS AND WINDOWS SERVER 2003-BASED NETWORKING |
|
|
|||
|
|
|
|
|
|
7. Select the type of group you want to create: Security or Distribution. A Security |
|
NET+ |
|
||
3.1 |
|
group is the type you would use to grant a group of users privileges to shared |
|
|
|
resources, whereas Distribution groups are used solely for sending e-mail messages to |
|
|
|
a group of users through mail server software such as the Microsoft Exchange Server. |
|
|
|
After you have made your selection, click OK to finish creating the new group. |
|
|
|
Modifying the properties of a group account is similar to modifying the properties of a user |
|
|
|
account. To modify the properties of your newly created group, double-click the group in the |
|
|
|
right pane of the Active Directory Users and Computers snap-in window. This opens the |
|
|
|
group’s Properties dialog box, which contains four tabs: General, Members, Member Of, and |
|
|
|
Managed By. Through this dialog box, you can add user accounts to the group, make the |
|
|
|
group a member of another group, and specify which user account will manage the group. |
|
|
|
As mentioned earlier, users and groups are virtually useless unless they have some rights to the |
|
|
|
server’s data and system directories. |
|
|
|
|
|
Internetworking with Other Network Operating Systems
NET+ |
Windows Server 2003 can communicate with almost any kind of client and, given the proper |
3.1software and configuration, with the other major NOSs. Interoperability is a major concern,
3.2as more organizations face the challenge of dealing with mixed networks. In the interest of the
3.4consumer, Microsoft and other NOS vendors have made efforts to close the gap. You will encounter situations in which Windows Server 2003 must coexist on the same network with NetWare, UNIX, Linux, Mac OS X Server, or several of these. This section focuses on Microsoft’s solution to the interoperability question.
You might think that establishing communications between two NOSs is simply a matter of installing the same protocol on both systems. For example, you might think that because both NetWare and Windows Server 2003 can run the TCP/IP protocol, the two should be able to communicate directly. In fact, a protocol match is merely one part of the interoperability equation.
To enable clients connected to a NetWare server (version 5.x or 6.x) to view and access resources managed by a Windows Server 2003 server, Microsoft recommends installing its File and Print Services for NetWare on the Windows server. After this is installed, the Windows server will appear to NetWare clients as simply another NetWare file or print server; users will not be able to distinguish it from a NetWare server. File and Print Services for NetWare is one application belonging to the Microsoft Windows Services for NetWare package, a collection of software that simplifies the integration of Windows Server 2003 servers and NetWare servers on the same network. Another application that belongs to this package is the MSDSS (Microsoft Directory Synchronization Services). When installed on a Windows Server 2003 server, this
CHAPTER SUMMARY |
Chapter 8 403 |
NET+ |
software can synchronize information between an Active Directory database and a NetWare |
3.1eDirectory database. On a network that runs both Windows and NetWare servers, synchro-
3.2nization means that objects and their attributes are identical across a network, no matter on
3.4which type of server they were created or modified. Because both NetWare versions 5.x or 6.x and Windows Server 2003 rely on directories that follow the same LDAP standards, sharing data is simple. To run MSDSS, the Windows server must be configured as a domain controller.
For NetWare clients that rely on the IPX/SPX protocol, additional software is necessary to access a Windows Server 2003 server. One possibility is for clients that depend on the Windows Server 2003 server to run Microsoft’s CSNW (Client Services for NetWare). CSNW is a service that in conjunction with NWLink enables the client to log on directly to the NetWare server to access its printers, files, and other resources. If your network includes both Windows Server 2003 and NetWare servers, and both use TCP/IP as their preferred protocol, you do not necessarily have to install CSNW (nor do you need to install NWLink). Instead, on each workstation you could install Novell’s recommended client software to access NetWare servers in addition to Microsoft’s Client for Networks to access Windows Server 2003 computers. Client Services for NetWare is not supported by the 64-bit versions of Windows Server 2003, such as the Enterprise Edition.
When interconnecting UNIX, Linux, or Mac OS X Server with Windows Server 2003 networks, you can assume that both rely on the TCP/IP protocol. However, you cannot assume both use the same directory structure. If a UNIX type of server does have an LDAP-compat- ible directory installed, Microsoft provides software for integrating the UNIX-type of directory with Active Directory. This software is installed on the Windows server and allows clients attached to the UNIX-type of server to access Windows Server 2003 resources as if they were resources on the UNIX-type of server. It belongs to Microsoft’s Windows Services for UNIX.
Another application belonging to the Windows Services for UNIX package allows clients on Windows Server 2003 networks to access UNIX-type of servers and use their files and account privileges. The Windows Services for UNIX include the ability for the client to be recognized by a UNIX-type of server’s file system and utilities for manipulating files and directories. There are also other, simpler utilities that Microsoft clients can use to access UNIX-type of servers (for example, a simple FTP client). In the next chapter, you will learn how UNIX-type of clients can connect and act as clients to Windows servers.
Chapter Summary
NOSs are entirely software-based and can run on a number of different hardware platforms and network topologies.
Network administrators choose an appropriate NOS according to what’s compatible with the existing infrastructure; whether it supports the applications, services, and security required by the environment; whether it will grow with the organization; whether the vendor will provide reliable technical support; and whether it fits in the budget.
404Chapter 8 NOS AND WINDOWS SERVER 2003-BASED NETWORKING
A redirector, which belongs to the Presentation layer of the OSI Model, is inherent in both the NOS and the client operating system. On the client side, it intercepts client communications and decides whether the request is meant for the server or for the client.
When a client attempts to log on, the NOS receives the client’s request for service and tries to match the user name and password with the name and password in its user database. If the passwords match, the NOS grants the client access to resources on the network, according to limitations. This process is known as authentication.
A directory is an NOS’s method of organizing and managing objects, such as users, printers, server volumes, and applications. It is sometimes compared to a tree, because it has one common starting point and branches into multiple containers, which may branch into additional containers.
A file system is an operating system’s method of organizing, managing, and accessing its files through logical structures and software routines. In general, when installing Windows Server 2003, you will want to choose the NTFS file system.
For clients to share a server application, the network administrator must assign users rights to the directories where the application’s files are installed. Users will need at least the rights to access and read files in those directories. For some applications, users may also need rights to create, erase, or modify files associated with the application. Users are organized into groups to streamline administration.
For clients to share a network printer, the printer must be created as an object, assigned a name and properties, and then shared among clients. Users or groups may be assigned different levels of privileges to operate printers.
The type of multitasking supported by NetWare, UNIX, Linux, Mac OS X Server, and Windows Server 2003 performs one task at a time, allowing one program to use the processor for a certain period of time, and then suspending that program to allow another program to use the processor. This is called preemptive multitasking.
Multiprocessing splits tasks among multiple processors to expedite the completion of any single instruction. It’s a great advantage for servers with high CPU utilization, because it improves performance.
Windows Server 2003 requires the following minimum hardware: Pentium processor with a minimum clock speed of 133 MHz (though at least 550 MHz is recommended), 128 MB of RAM (though at least 256 MB is recommended), at least 1.5 GB free hard disk space for system files, and a pointing device. A CD-ROM and a NIC that are included on the Microsoft HCL (Hardware Compatibility List) are optional.
The Windows Server 2003 memory model assigns each process its own 32-bit (or in some versions, 64-bit) memory area. This memory area is a logical subdivision of the entire amount of memory available to the server. Assigning processes separate areas makes the processes less prone to interfering with each other when they run simultaneously.
The description of object types, or classes, and their required and optional attributes that are stored in Active Directory is known as a schema.
KEY TERMS |
Chapter 8 405 |
Domains define a group of systems and resources that share common security and management policies. The database that domains use to record their objects and attributes is contained within Active Directory. Domains are established on a network to make it easier to organize and manage resources and security.
To collect domains into logical groups, Windows Server 2003 uses a domain tree (or simply, tree). At the base of the tree is the root domain. From the root domain, child domains branch out to separate objects with the same policies. Underneath the child domains, multiple organizational units branch out to further logically subdivide the network’s systems and objects. A collection of domain trees is known as a forest.
Each tree, domain, container, and object has a unique name that becomes part of the namespace. The names of these elements may be used in one of three different ways to uniquely identify an object in a Windows Server 2003 tree: as a distinguished name, as a relative distinguished name, and as a user principal name.
Prior to installation, you need to make a number of decisions regarding your server and network pertaining to the domain or workgroup characteristics, file system, disk partitioning, optional services to be installed, administrator password, protocols to be installed, and server name.
Adding users and groups is accomplished through an administrative tool called Active Directory Users and Computers.
For integrating Windows Server 2003 clients and resources with NetWare 5.x or 6.x clients and server resources, Microsoft provides a suite of applications known as Microsoft Windows Services for NetWare. In this package are tools for synchronizing Active Directory with NetWare’s directory database and for allowing NetWareattached clients to view Windows file and print resources as if they belonged to a NetWare server.
For integrating Windows Server 2003 clients and resources with UNIX-type of clients and server resources, Microsoft provides a suite of applications known as Microsoft Windows Services for UNIX. In this suite are tools for synchronizing data between Active Directory and a UNIX-type of server’s directory (if one exists), and for allowing UNIX-attached clients to view Windows file and print resources as if they belonged to a UNIX-type of server.
Key Terms
3-tier architecture—A client/server environment that uses middleware to translate requests between the client and server.
account—A record of a user that contains all of her properties, including rights to resources, password, user name, and so on.
Active Directory—The Windows Server 2003 method for organizing and managing objects associated with the network.
406 Chapter 8 NOS AND WINDOWS SERVER 2003-BASED NETWORKING
Administrator—A user account that has unlimited privileges to resources and objects managed by a server or domain. The Administrator account is created during NOS installation.
AFP (AppleTalk Filing Protocol or Apple File Protocol)—The native file access protocol used by Macintosh computers.
Apple File Protocol—See AFP.
AppleTalk Filing Protocol—See AFP.
asymmetric multiprocessing—A multiprocessing method that assigns each subtask to a specific processor.
attribute—A variable property associated with a network object. For example, a restriction on the time of day a user can log on is an attribute associated with that user object.
branch—A part of the organizational structure of an operating system’s directory that contains objects or other organizational units.
CDFS (CD-ROM File System)—The read-only file system used to access resources on a CD. Windows Server 2003 supports this file system to allow CD-ROM file sharing.
CD-ROM File System—See CDFS.
child domain—A domain established within another domain in a Windows Server 2003 domain tree.
CIFS (Common Internet File System)—A file access protocol. CIFS runs over TCP/IP and is the standard file access protocol used by Windows operating systems.
class—A type of object recognized by an NOS directory and defined in an NOS schema. Printers and users are examples of object classes.
Client Services for NetWare (CSNW)—A Microsoft program that can be installed on Windows clients to enable them to access NetWare servers and make full use of NetWare’s eDirectory, its objects, files, directories, and permissions.
CN (common name)—In LDAP naming conventions, the name of an object.
Common Internet File System—See CIFS.
common name—See CN.
container—See organizational unit.
DC (domain component)—In LDAP naming conventions, the name of any one of the domains to which an object belongs.
digital versatile disc—See DVD.
directory—In general, a listing that organizes resources and correlates them with their properties. In the context of network operating systems, a method for organizing and managing objects.
KEY TERMS |
Chapter 8 407 |
distinguished name—See DN.
DN (distinguished name)—A long form of an object’s name in Active Directory that explicitly indicates the object name, plus the names of its containers and domains. A distinguished name includes a DC (domain component), OU (organizational unit), and CN (common name). A client uses the distinguished name to access a particular object, such as a printer.
domain—A group of users, servers, and other resources that share account and security policies through a Windows Server 2003 network operating system.
domain account—A type of user account on a Windows Server 2003 network that has privileges to resources across the domain onto which it is logged.
domain component—See DC.
domain controller—A Windows Server 2003 computer that contains a replica of the Active Directory database.
domain local group—A group on a Windows Server 2003 network that allows members of one domain to access resources within that domain only.
domain model—In Microsoft terminology, the type of client/server network that relies on domains, rather than workgroups.
domain tree—A group of hierarchically arranged domains that share a common namespace in the Windows Server 2003 Active Directory.
DVD (digital versatile disc)—A type of optical disk capable of storing large amounts of data, including audio and video files. Several DVD standards exist, but all have a minimum storage capacity of 4.7 GB.
explicit one-way trust—A type of trust relationship in which two domains that belong to different NOS directory trees are configured to trust each other.
FAT (file allocation table)—The original PC file system designed in the 1970s to support floppy disks and, later, hard disks. FAT is inadequate for most server operating systems because of its partition size limitations, naming limitations, and fragmentation and speed issues.
FAT16 (16-bit file allocation table)—A file system designed for use with early DOSand Windows-based computers that allocates file system space in 16-bit units. Compared to FAT32, FAT16 is less desirable because of its partition size, file naming, fragmentation, speed, and security limitations.
FAT32 (32-bit file allocation table)—An enhanced version of FAT that accommodates the use of long filenames and smaller allocation units on a disk. FAT32 makes more efficient use of disk space than the original FAT.
file access protocol—A protocol that enables one system to access files on another system.
file allocation table—See FAT.
408 Chapter 8 NOS AND WINDOWS SERVER 2003-BASED NETWORKING
File and Print Services for NetWare—The Microsoft application that, when installed on a Windows Server 2003 server, makes the server’s file and print resources appear to NetWareattached clients as NetWare directory resources. File and Print Services for NetWare is part of the Microsoft Windows Services for NetWare software package.
file system—An operating system’s method of organizing, managing, and accessing its files through logical structures and software routines.
forest—In the context of Windows Server 2003, a collection of domain trees that use different namespaces. A forest allows for trust relationships to be established between trees.
global group—A group on a Windows Server 2003 network that allows members of one domain to access resources within that domain as well as resources from other domains in the same forest.
globally unique identifier—See GUID.
graphical user interface—See GUI.
group—A means of collectively managing users’ permissions and restrictions applied to shared resources. Groups form the basis for resource and account management for every type of network operating system, not just Windows Server 2003. Many network administrators create groups according to department or, even more specifically, according to job function within a department.
Guest—A user account with very limited privileges that is created during the installation of a network operating system.
GUI (graphical user interface)—A pictorial representation of computer functions and elements that, in the case of network operating systems, enables administrators to more easily manage files, users, groups, security, printers, and other issues.
GUID (globally unique identifier)—A 128-bit number generated and assigned to an object upon its creation in the Windows Server 2003 Active Directory. Network applications and services use an object’s GUID to communicate with it.
Hardware Compatibility List—See HCL.
HCL (Hardware Compatibility List)—A list of computer components proven to be compatible with Windows Server 2003. The HCL appears on the same CD as your Windows Server 2003 software and on Microsoft’s Web site.
inherited—A type of permission, or right, that is passed down from one group (the parent) to a group within that group (the child).
LDAP (Lightweight Directory Access Protocol)—A standard protocol for accessing network directories.
leaf object—An object in an operating system’s directory, such as a printer or user, that does not contain other objects.
Lightweight Directory Access Protocol—See LDAP.
KEY TERMS |
Chapter 8 409 |
local account—A type of user account on a Windows Server 2003 network that has rights to the resources managed by the server the user has logged on to.
map—The action of associating a disk, directory, or device with a drive letter.
member server—A type of server on a Windows Server 2003 network that does not hold directory information and therefore cannot authenticate users.
Microsoft Directory Synchronization Services—See MSDSS.
Microsoft Management Console—See MMC.
Microsoft Windows Services for NetWare—A suite of tools for integrating Windows 2000 Server or Windows Server 2003 servers with NetWare servers. The suite includes a tool for synchronizing data from NetWare directories with Active Directory, a tool for migrating files from a NetWare server to a Windows Server 2003 server, and File and Print Services for NetWare, which allows a Windows Server 2003 computer to appear as a NetWare server to NetWare clients.
middleware—The software that sits between the client and server in a 3-tier architecture. Middleware may be used as a messaging service between clients and servers, as a universal query language for databases, or as means of coordinating processes between multiple servers that need to work together in servicing clients.
MMC (Microsoft Management Console)—A customizable, graphical network management interface used with Windows Server 2003.
MSDSS (Microsoft Directory Synchronization Services)—An application that, when installed on a Windows Server 2003 server, can synchronize information between an Active Directory database and a NetWare eDirectory database.
multiprocessing—The technique of splitting tasks among multiple processors to expedite the completion of any single instruction.
multitasking—The ability of a processor to perform multiple activities in a brief period of time (often seeming simultaneous to the user).
namespace—The complete database of hierarchical names (including host and domain names) used to resolve IP addresses with their hosts.
New Technology File System—See NTFS.
NTFS (New Technology File System)—A file system developed by Microsoft for use with its Windows NT, Windows 2000 Server, and Windows Server 2003 operating systems. NTFS integrates reliability, compression, the ability to handle massive files, system security, and fast access. Most Windows Server 2003 partitions employ NTFS.
object—A representation of a thing or person associated with the network that belongs in the NOS directory. Objects include users, printers, groups, computers, data files, and applications.
object class—See class.
410 Chapter 8 NOS AND WINDOWS SERVER 2003-BASED NETWORKING
organizational unit—See OU.
OU (organizational unit)—A logical receptacle for holding objects with similar characteristics or privileges in an NOS directory. Containers form the branches of the directory tree.
page file—A file on the hard disk that is used for virtual memory.
paging—The process of moving blocks of information, called pages, between RAM and into a page file on disk.
paging file—See page file.
partition—An area of a computer’s hard disk that is logically defined and acts as a separate disk drive.
per seat—In the context of applications, a licensing mode that limits access to an application to specific users or workstations. In the context of Microsoft’s Windows Server 2003, a licensing mode that requires a license for every client capable of connecting to the Windows Server 2003 server.
per server—A Windows Server 2003 licensing mode that allows a limited number of clients to access the server simultaneously. (The number is determined by your Windows Server 2003 purchase agreement.) The restriction applies to the number of concurrent connections, rather than specific clients. Per server mode is the most popular choice for installing Windows Server 2003.
per user—A licensing mode that allows a fixed quantity of clients to use one software package simultaneously.
physical memory—The RAM chips installed on the computer’s system board that provide dedicated memory to that computer.
preemptive multitasking—The type of multitasking in which tasks are actually performed one at a time, in very brief succession. In preemptive multitasking, one program uses the processor for a certain period of time, then is suspended to allow another program to use the processor.
printer queue—A logical representation of a networked printer’s functionality. To use a printer, clients must have access to the printer queue.
process—A routine of sequential instructions that runs until it has achieved its goal. For example, a spreadsheet program is a process.
RDN (relative distinguished name)—An attribute of an object that identifies the object separately from its related container(s) and domain. For most objects, the relative distinguished name is the same as its common name (CN) in the distinguished name convention.
redirector—A service that runs on a client workstation and determines whether the client’s request should be handled by the client or the server.
relative distinguished name—See RDN.
KEY TERMS |
Chapter 8 411 |
replication—The process of copying Active Directory data to multiple domain controllers. This ensures redundancy so that in case one of the domain controllers fails, clients can still log on to the network, be authenticated, and access resources.
root domain—In Windows Server 2003 networking, the single domain from which child domains branch out in a domain tree.
schema—The description of object types, or classes, and their required and optional attributes that are stored in an NOS’s directory.
Server Message Block—See SMB.
site license—A type of software license that, for a fixed price, allows any number of users in one location to legally access a program.
SMB (Server Message Block)—A protocol for communications and resource access between systems, such as clients and servers. SMB originated at IBM and then was adopted and further developed by Microsoft for use on its Windows operating systems. The current version of SMB is known as the CIFS (Common Internet File System) protocol.
snap-in—An administrative tool, such as Computer Management, that can be added to the MMC (Microsoft Management Console).
swap file—See page file.
symmetric multiprocessing—A method of multiprocessing that splits all operations equally among two or more processors. Windows Server 2003 supports this type of multiprocessing.
thread—A well-defined, self-contained subset of a process. Using threads within a process enables a program to efficiently perform related, multiple, simultaneous activities. Threads are also used to enable processes to use multiple processors on SMP systems.
time-sharing—See preemptive multitasking.
tree—A logical representation of multiple, hierarchical levels in a directory. It is called a tree because the whole structure shares a common starting point (the root), and from that point extends branches (or containers), which may extend additional branches, and so on.
trust relationship—The relationship between two domains on a Windows Server 2003 network that allows a domain controller from one domain to authenticate users from the other domain.
two-way transitive trust—The security relationship between domains in the same domain tree in which one domain grants every other domain in the tree access to its resources and, in turn, that domain can access other domains’ resources. When a new domain is added to a tree, it immediately shares a two-way trust with the other domains in the tree.
UDF (Universal Disk Format)—A file system used on CD-ROMs and DVD (digital video disc) media.
Universal Disk Format—See UDF.