Chapter 5 Managing a Server

Overview  Server management  Examine networking models  Learn how users are authenticated  Manage users and groups  Manage file system permissions

Managing a Server  Managing a server Access to the server  Who has permission to access Access restrictions to the server and its resource  File, printer, etc. Access control schemes can be through  LAN  Internet

Network Models  Network model How the server is configured and interact with the network  Two basic network models Microsoft LAN Approach  LAN Domain  Working Group Client/Server

Microsoft LAN Networking Models- Workgroup  Treats each computer in the network as an equal or peer Also called peer-to-peer networking  Each computer can be a client and a server When you allow others to access resources on your computer, your computer is acting as a server When you access resources on another computer, your computer is acting as a client

Microsoft LAN Networking Models- Workgroup  Appropriate for networks with 10 or less computers  A number of disadvantages Need user names and passwords of users who need resources Difficult to keep track of changing passwords Most users do not want to administer resources on their computer

Microsoft LAN Networking Models- Domain  One or more centralized servers (single domain) Single, centralized logon Single point of control Users can be given access to resources anywhere in the domain

Client/Server Networking Model  Networking in Linux follows the client/server model Server provides the resource (web server) Client talks to the server (browser, program)  Server has a corresponding program that communicates with the client (runs in the background) In Windows the server program called service In Linux the server program called daemon in Linux

A Brief History: Open Platform  The good old days Octopus-like mainframes Only a few venders to choose from Farms of disks where required Applications were specific for each machine  Open platform New client/server architecture Open system allowed mix-and-match  Different application technologies could be purchased from different venders  Examples: server platform, client platform, network protocols, middleware software, etc.

What is Client/Server (C/S) Computing  It started as PCs became more powerful PCs were no longer dumb terminals  Provides an open and flexible environment  C/S is considered as a form of distributed software

Distinct characteristics of C/S Server provides the service Client is considered as the customer requesting the service The server service can be shared among a number of clients Clients must request or initiate the service The location of the server in the network is transparent to clients Transaction between C/S is message-passing based C/S architecture is scalable  horizontally (more clients can added)  Vertically (more servers can be added) The server is centrally maintained where as clients are independent of each other

Systems with C/S Architecture  File servers File sharing and file processing  Data base servers Passing file results Example: Query in DBMS server Typically one single request/reply  Transaction servers Transaction server includes DBMS and transaction monitoring Server has remote procedures run online by the client  web servers Superfat servers and thin clients Uses HTTP protocol Java was first to introduce interactive C/S forms Client Server Internet Client JAVA Client HTML Application

Client/Server Models  Where to push the application to  Fat clients The bulk of the application is running on the client The client knows how the data is organized and where it is Different clients access the same applications different ways  Fat servers The server more complicated The clients are less complex More of the code runs on the server The network interaction is minimized Server Client Application

Middleware Software  It is the (/) between client and server which glues them together Allowing the client request for a service and the server providing it  Middleware can also be between server/server  Two broad classes General  LAN servers, TCP/IP, Communication stacks, Queuing services, etc. Application specific  Used to accomplish a specific task  Groupware specific: SMTP  Internet specific: HTTP  Database specific: SQL

Two-Tier vs. Three-Tier Architecture  Same basic idea as fat-client versus fat-server  Depends on how the application is divided between the server and the client  Two-tier servers Examples: file servers and database server In this case the process (application logic) is buried within the client or server (or both)  Three-tier servers Examples: Web and distributed objects In this case the process is run on the middle-tier – separated from the user and data interface They can integrate the data from multiple sources More robust and more scalable

Client/Server Building Blocks  Purpose How to divide the application between the client and server What are different functionalities of client and server  Basic client server model Fits various applications  Small office  Small business  Enterprise  Global Client Server ClientServer Middle ware Single Machine ClientServer Middle ware Client Middle ware C/S Middle ware C/S

Server Scalability PC Server  Asymmetric Multi- processing  Superserver symmetric Multi- processing  Superserver Multiservers

Server Scalability  Superserver A very powerful server Single-server or multiserver Each server can have a single processor or multiprocessor Multiprocessing can be Asymmetric or Symmetric  Multiprocessing  Asymmetric: each processor is dedicated to a specific task  Fully symmetric (SMP): applications are divided into threads and threads are sent to available processors Examples: 32-bit NT, Unix, NetWare Requires 3 basic functionalities:  Global scheduling  I/O sharing structure  OS access sharing  Multiservers Pool of servers, providing more processing power (also called a cluster) They divide the task between different servers  Server lite As opposed to full blown servers Provides a background process on the client machine that can accept unsolicited networks request (refreshing database, synchronizing time, etc.)

Authenticating Users  Process of determining a user's true identity  Three basic methods What you know – user name and passwords What you have – entry card Who you are – biometrics

Implementing an Authentication System  If a Windows network has older computers running NT, 95, or 98, the server must use NTLM  It is not as secure as Kerberos, which is the default for Windows 2000, 2003, and XP Authentication system developed by MIT Allows two parties exchange private information Uses the ticket (key) mechanism

Managing Users and Groups  Users need accounts to access resources on a server On a Web server there is a restricted account that is used on behalf of Internet users  In a LAN, users with common resource needs are put in a group and the group is given access to the resource

Domain Users and Groups in Windows  Local accounts exist on a single computer and can be used to control resources only on that computer  Domain accounts can be used to control resources on all the computers that are part of the domain  Active Directory (AD) allows domains to be grouped into a forest Microsoft Exchange requires AD Local Acc. Forest

Groups in Windows  Domain local groups have members from the same domain Assign permissions to resources in the same domain  Global groups have members from the same domain Can be used to assign permissions to resources in any domain  Universal groups can have members from any domain Can be used to assign permissions to resources in any domain

File System Permissions  Permission allow you to control access to the resources on a computer such as a Web page, a document, or a program  In Windows, the NTFS file system is required in order to assign permissions  All Linux file systems incorporate permissions

File System Permissions in Windows PermissionDescription Full ControlFull Control includes all other permissions and allows you to take ownership of the file or folder and change the attributes of a file ModifyAllows read, write, and delete ReadWith this permission, you can read files but cannot execute them WriteWhen set on a file, this permission allows you to write to files; when set on a folder, you can write to the folder Read & ExecuteRead files and run programs List Folder ContentsThis permission allows you to view the contents of a folder

File System Permissions in Linux Permission type When used with filesWhen used with directories ReadRead a file or copy a fileList the contents of a directory WriteWrite to the file, including deleting the file Create files ExecuteExecute programs and shell scripts, which are text files containing Linux commands Modify the file permissions

Linux Permissions  Permissions are set for user, group, and others  Each permission is set with a single digit from 0 to 7 based on the combination of permissions read = 4 write = 2 execute = 1

Using chmod to Set Permissions CommandPermissions OwnerGroupOther chmod 755 myfile rwxr-x chmod 540 myfile r-xr----- chmod 744 myfile rwxr--

Do the following labs  Project 5-5 to 5-8 using Linux Giving control to groups