انستیتیوت تکنالوجی معلوماتی دیپارتمنت تکنالوجی معلوماتی IT 424 NETWORK ADMINISTRATION

Covered Topics:  Information models and directory service  Network administration model  Network management Technologies  Creating infrastructure  System maintenance model  Configuration policy  Methods  Automation of host configuration  Preventative host maintenance  SNMP tool Unit 3

Information models and directory service  One way of binding together an organization is through a structured information model – a database of its personnel, assets and services  Directory service: A collection of open systems that cooperate to hold a logical database of information about a set of objects in the real world  Directory services are often referred to using the terms White Pages and Yellow Pages that describe how a directory is used.  If one starts with a lookup key for a specific resource, then this is called White Pages lookup – like finding a number in a telephone book.

Information models and directory service (Cont.)  If one does not know exactly what one is looking for, but needs a list of possible categories to match, such as in browsing for users or services, then the service is referred to as Yellow Pages.  An implementation of yellow pages called Yellow Pages or YP was famously introduced into Unix by Sun Microsystems and later renamed the Network Information Services (NIS) in the 1980s due to trademark issues with British Telecom(BT).  they were used for storing common data about users and user groups

X.500 information model  In the 1970s, attempts were made to standardize computing and telecommunications technologies.  One such standard that emerged was the OSI (Open Systems Interconnect) model (ISO 7498), which defined a seven-layered model for data communication.  In 1988, ISO 9594 was defined, creating a standard for directories called X.500.  X.500 specifies a Directory Access Protocol (DAP) for addressing a hierarchical directory, with powerful search functionality.

X.500 information model (Cont.)  Since DAP is an application layer protocol, it requires the whole OSI management model stack of protocols in order to operate.  This required more resources than were available in many small environments  LDAP was thus defined and implemented in a number of draft standards.  The current version is LDAP v3, defined in RFC 2251–2256.  LDAP is an Internet open standard and is designed to be inter-operable between various operating systems and computers.  It employs better security than previous open standards (like NIS).

X.500 information model (Cont.)  It is therefore gradually replacing, or being integrated with, vendor specific systems including the Novell Directory Service (NDS) and the Microsoft Active Directory (AD).  All of the entries in an X.500 directory are arranged hierarchically, forming a Directory Information Tree (DIT).

Unix legacy directories  Before networking became commonplace, Unix hosts stored directory information in the /etc file directory, in files such as /etc/passwd, /etc/services and so on.  In the 1980s this was extended by a network service that could bind hosts together with a common directory for all hosts in a Local Area Network.  Sun Microsystems, who introduced the service, called it ‘YP’ or Yellow Pages, but later had to change the name to the Network Information Service (NIS)

Unix legacy directories  The original NIS directory was very popular, but was both primitive, non- hierarchical and lacked an effective security model and was thus replaced by ‘NIS+’ which was able to add strong authentication to queries, and allow modernized and more flexible schema.  NIS+ never really caught on, and it is now being replaced by an open standard LDAP(Lightweight Directory Access Protocol).

OpenLDAP  The OpenLDAP implementation is the reference implementation for Unix- like systems.  The strength of LDAP is its versatility and interoperability with all operating systems.  Its disadvantage is its somewhat arbitrary and ugly syntactical structure, and its vulnerability to loss of network connectivity.

Novell Directory Service – NDS  Novell Netware was originally a centralized sharing service that allowed a regiment of PCs to connect to a common disk and a common printer, thus allowing expensive hardware to be shared amongst desktop PCs.  As PCs have become more network-able, Netware has developed into a sophisticated directory-based server suite.  The Novell directory keeps information about all devices and users within its domain: users, groups, print queues, disk volumes and network services.

Active Directory – AD  Early versions of Windows were limited by a flat host infrastructure model that made it difficult to organize and administer Windows hosts rationally by an information model.  Active Directory is the directory service introduced with and integrated into Windows  It replaces the Domain model used in NT4, and is based on concepts from X.500.  It is LDAP compatible.

Active Directory – AD (Cont.)  In the original Windows network software, naming was based around proprietary software such as WINS(Windows Internet Name Service).  Windows has increasingly embraced open standards like DNS, and has chosen the DNS naming model for LDAP integration.  The Active Directory is still being developed.

Network administration models  Central management ‘star’ model  The traditional (idealized) model of host configuration is based on the idea of remote management (e.g. using SNMP).  Here one has a central manager who decides and implements policy from a single location, and all networks and hosts are considered to be completely reliable.  The manager must monitor the whole network, using bi-directional communication.  This leads to an N: 1 ratio of clients to manager

Network administration models (Cont.)  Central management ‘star’ model

Network administration models (Cont.)  Mesh topology with centralized policy and local enforcement  Communication over a mesh topology, with policy choice made hierarchically.  Sub-controllers (dark nodes) edit policy as received from the central controller, and pass the result to members of the local group  The final step in increasing autonomy is the free exchange of information between arbitrary hosts.  Hosts can now offer one another information, policy or source materials in accordance with an appropriate trust model.

Network administration models (Cont.)  Mesh topology with centralized policy and local enforcement

Network management technologies  The ability to read information about the performance of network hardware via the network itself is an attractive idea.  Suppose we could look at a router on the second floor of a building half a mile away and immediately see the load statistics, or the number of rejected packets it has seen; or perhaps the status of all printers on a subnet.  That would be useful diagnostic information.

Network management technologies (Cont.)  SNMP network management  The Simple Network Management Protocol (SNMP) is a protocol designed to do just this.  SNMP was spawned in 1987 as a Simple Gateway Monitoring Protocol, but was quickly extended and became a standard for network monitoring.  SNMP was designed to be small and simple enough to be able to run on even minor pieces of network technology like bridges and printers.  SNMP has often been criticized for the weak security of its agents, which are configured by default with a clear text password of ‘public’.  Version 3 of the SNMP protocol was finally agreed on and published in December 2002 in order to address these problems, using strong encryption methods.

Network management technologies (Cont.)  SNMP network management  SNMP supports three operations on devices: read, write and notify.  The management console can read and modify the variables stored on a device and issue notifications of special events.

Network management technologies (Cont.)  OSI, TMN and others  The International Telecommunications Union (ITU) has defined the Telecommunications Management Network (TMN) standards for managing telecommunications networks.  It is an alternative scheme designed for telecommunications networks and has a strong relationship with the OSI Management Model known as the Common Management Information Protocol (CMIP).  The ISO 7498 Open System Interconnect (OSI) Model consists of a large number of documents describing different aspects of network communication and management

Network management technologies (Cont.)  Amongst these is the basic conceptual model for management of networked computers. It consists of these issues:  Configuration management  Fault management  Performance management  Security management  Accounting management

Network management technologies (Cont.)  Java Management Extension (JMX)  Java Management Extension (JMX) is Java’s answer to dealing with managed objects.  The basic idea of JMX is not very different to that of SNMP, but the transport mechanisms are integrated into Java’s extensive middleware framework.

Network management technologies (Cont.)  Jini and UPnP: management-free networks  Jini is a Java derivative technology that is aimed at self-configuring ad hoc networks.  A similar project is Microsoft’s Universal Plug’n’Play (UPnP), a peer-to-peer initiative that uses existing standards like TCP/IP, HTTP and XML to perform a similar function.  The aim of these technologies is to eliminate the need for system administrators, by making devices configure themselves.

Creating infrastructure  With the explosion in numbers of hosts combined in networks, several authors have begun to address the problem of defining an infrastructure model which is stable, reproducible and robust to accidents and upgrades.  Until recently, little attention was given to analyzing methodologies for the construction of efficient and stable networks from the ground up.

Principles of stable infrastructure  Any model of system infrastructure must be able to scale efficiently to large numbers of hosts (and perhaps subnets, depending on the local netmask ).  A model which does not scale efficiently with numbers of hosts is likely to fail quickly.  Any model of system infrastructure must have reliability as one of its chief goals.  Down time can often be measured in real money.  Reliability is not just about the initial quality of hardware and software, but also about the need for preventative maintenance.  Reliability is safeguarded by redundancy, or backup services running in parallel

System maintenance models  Unix administrators have run background scripts to perform system checks and maintenance for many years. Such scripts run daily or hourly and make sure that each system is properly configured, perform garbage cleaning and report any serious problems to an administrator.  Windows can be both easier and harder to administrate than Unix. It can be easier because the centralized model of having a domain server running all the network services, means that all configuration information can be left in one place (on the server), and that each workstation can be made to configure itself from the server’s files.

System maintenance models (Cont.)  Several generalized approaches to the management of computers in a network have emerged.  Reboot  With the rapid expansion of networks, the number of local networks has outgrown the number of experienced technicians. The result is that there are many administrators who are not skilled in the systems they are forced to manage.  A disturbing but common belief, which originated in the 1980s microcomputer era, is that problems with a computer can be fixed by simply rebooting the operating system.  Rebooting a multi-user system is dangerous since users might be logged in from remote locations and could lose data and service.

System maintenance models (Cont.)  Manual administration  The default approach to system management is to allow qualified humans to do everything by hand.  This approach suffers from a lack of scalability.  When two manual administrators have a difference of opinion, there can be contention.

System maintenance models (Cont.)  Central control  Another approach to system administration is the use of control systems, in the manner of the star model.  Tivoli, HP OpenView and Sun Solstice are examples of these.  A process on each host reports errors as they occur to the administrator.  In this way the administrator has an overview of every problem on the network from his/her single location and can either fix the problems by hand as they occur (if the system supports remote login), or distribute scripts.

System maintenance models (Cont.)  Immunology (self-maintenance)  A relatively new approach to system management which is growing in popularity is the idea of equipping networked operating systems with a simple immune system.  An immune system is the Fire, Police and Paramedic services as well as the garbage collection agencies.  In an immune system, every host is responsible for automatically repairing its own problems

Reference: Principles of Network and System Administration Second Edition Mark Burgess Oslo University College, Norway Chapter 6 Chapter 7