3 Difference between Win 2000 family members Common OS functions No Disk Fault- tolerance No Advanced Network Management functions Disk Fault-Tolerance Active Directory Clustering Network Load-Balancing Workstation OSServer Operating systems
4 Directory Service Provides: Single login and Resource lookup.
5 Active Directory Central Database that store information about all Network resources Tools for managing network resources (find, add, remove, etc.) Central Database used for: Resource lookup (Searching for specific resources) User authentication (login)
6 Active Directory Individual resources are called objects Objects belong to a Classes Each Class has its own attributes & properties User accountsComputersPrintersDomains Object classes Object name Object unique Identifier Required attributes Optional attributes Parent relationship Username User’s full name Password Account description Remote access OK Username: John Full mane: Johnny Doe Passord: 12#$ms Description: Consultant in Sales depart.
7 Clustering Technique for providing uninterrupted service (even in case of hardware/software failure) Combining two or more servers into one virtual server Services installed on external storage Users connect to the virtual server (18.104.22.168 in illustration) One of the clustered servers provides the service at a time
8 Load Balancing Load balancing = Distributing the load among multiple computers No External disk containing services to be provided Multiple independent servers configure to participate in the load balancing Same service with the same content on each server Users connect to the virtual server (22.214.171.124 in illustration) Users’ requests are redirected to one server at a time so that the load is distributed among all the servers Webservice Virtual server 126.96.36.199
10 Workgroup vs. Domain Domain: A logical grouping of servers and other network resources that share a central directory database (Active Directory) Types of computer in a domain: Domain controllers (DC) running a Server OS Each domain controller maintains a copy of Active Directory Each domain controller can authenticate users Member server (MS) running a Server OS. A MS is not configured as a DC A MS doesn't store a copy of AD A MS cannot authenticate users Client computers running a Workstation OS Domain administrator has absolute right to set policies within a domain Note: A domain does not refer to a single location. In a domain, computers can share physical proximity on a small LAN or can be located in different corners of the world.
11 Workgroup vs. Domain Workgroup: A logical grouping of networked computers that share resources such as files and printers. Called Peer-to-Peer network because computers can share resources as equals, without a dedicated server. In a Workgroup, each server and each workstation maintains a local database which contains user accounts and resource security information for that computer In a Workgroup, the administration of user accounts and resource security is decentralized: A user must have a user account on each computer the user needs to access Any change to a user account must be made on each computer
12 File Systems: FAT vs. NTFS Disks can be formatted using, basically, two types of formatting systems: FAT & NTFS Windows 2000 supports both File Allocation Table (FAT) and NT File System (NTFS) FAT: Is an older file system designed for computers with small disk storage Offers less data security than NTFS Long file names (<= 256 characters) File-level and directory level security Data compression Disk quotas management for disk usage control File encryption NTFS Features FAT16FAT32NTFS Supported by MS- DOS, Win 3.x and Win 95 v.1 ? YESNO Supported by Win 95 OSR2 & Win 98? YES NO Supported by Win NT 3.51 & Win NT 4.0? YES YES (NTFS 4.0) Supported by Win 2000? YES (All ver.)
14 Basic disk A physical disk that can be accessed by MS-DOS and all Windows-based operating systems. Basic disks can contain up to 4 primary partitions, or 3 primary partitions and an extended partition with multiple logical drives. Primary partition 1 Primary partition 2 Primary partition 3 Primary partition 4 Primary partition 1 Primary partition 2 Primary partition 3 Extended partition A primary partition is a portion of a physical disk that functions as though it were a physically separate disk. You create a primary partition, then you format it with a file system (FAT or NTFS,) and then assign a drive letter to it (e.g. C:, D:, F:, etc.) A primary partition can start the OS (contain the boot files) A special kind of partition used to create one or more logical drives After you create a logical drive, you format it and assign it a drive letter (e.g. G:, H:, etc.) An extended partition cannot start the OS. Note: With GPT (GUID partition table) disk-partitioning scheme that is used by the Extensible Firmware Interface (EFI) in Itanium-based computers, we can create up to 128 (primary) partitions per disk
15 Dynamic disk With Win 2000, you can convert a Basic disk to a Dynamic disk With a dynamic disk, you can create an unlimited number of volumes Volume C: Volume D: Volume E: Configuration partition (1 MB) Etc…. Dynamic disks provide features that basic disks do not, such as: the ability to create volumes that span multiple disks (spanned and striped volumes), and the ability to create fault tolerant volumes (mirrored and RAID-5 volumes). A spanned volume is a dynamic volume consisting of disk space on more than one physical disk. Spanned volumes are not fault tolerant and cannot be mirrored. A striped volume is a dynamic volume that stores data in stripes on two or more physical disks. Striped volumes do not provide fault tolerance. If a disk in a striped volume fails, the data in the entire volume is lost. Special partition automatically created to store the configuration of the disk
16 Mirrored volume A fault-tolerant volume that duplicates data on two physical disks If one of the physical disks fails, the data on the failed disk becomes unavailable, but the system continues to operate. You can create mirrored volumes only on dynamic disks. file1file3file2file4 file1file3file2file4
17 RAID-5 volume A fault-tolerant volume with data and parity striped intermittently across three or more physical disks. Parity is a calculated value that is used to reconstruct data after a failure If a portion of a physical disk fails, Windows recreates the data that was on the failed portion from the remaining data and parity. You can create RAID-5 volumes only on dynamic disks, Disk 1 Disk 2 Disk 3 Disk 4 Disk 5 ParityData ParityData ParityData ParityData Parity
18 Converting Basic disk to Dynamic disk For the conversion to succeed: any disks to be converted must contain at least 1 MB of space for the dynamic disk database. Note: Windows 2000 automatically reserve this space when creating partitions or volumes on a disk (This space may exist even if it is not visible in Disk Management.) Once converted: a dynamic disk will not contain primary partitions or logical drives a dynamic disk cannot be accessed by MS-DOS, Windows 95, Windows 98, Windows Millennium Edition, Windows NT, or Windows XP Home Edition When you convert a basic disk to a dynamic disk: any existing partitions or logical drives on the basic disk become simple volumes on the dynamic disk.
19 Converting Dynamic disk to Basic disk The disk must be empty before you can change it back to a basic disk Converting a Dynamic disk to Basic disk causes all data to be lost If you want to keep your data, back it up or move it to another storage device You must remove all volumes from the dynamic disk
20 Limitations of Dynamic disk Dynamic disks are not supported on: Portable computers Removable disks Detachable disks that use Universal Serial Bus (USB) or IEEE 1394 (also called FireWire) interfaces, Disks connected to shared SCSI buses Dynamic volumes (and the data they contain) cannot be accessed by, or created on: Computers running MS-DOS, Windows 95, Windows 98, Windows Millennium Edition, Windows NT 4.0, or Windows XP Home Edition
22 Shared Folders To see all shared folders on a computer: 1)Click Start. Then click Run 2)Type \\ComputerName (where ComputerName is a valid network computer name like SRVDC18) 3)Click OK. To share a folder on a computer: 1)Open My Computer (Right-click/Open) 2)Select disk, then the folder to share 3)Right-click the selected folder 4)Click Properties 5)Click the Sharing tab 6)Check Share this folder 7)Click Apply, and then OK. Requirements for creating a shared folder: Any supported File system (FAT, NTFS) If server in a domain, you must be Administrator or Server Operator If server in a workgroup, you must be Administrator or Power user If Client computer running a Workstation OS, you must be Administrator or Power user Note: Users that are granted the Create Permanent Shared Objects right can also create shared folders on the computer where the right is assigned OR 1)Open Computer Management 2)In the console tree, double-click Shared Folders 3)Click Shares
23 Shared Folder Permissions Multiple Permissions If a user is assigned a permission for a Shared folder and If the use user belongs to a group to which a different permission is assigned, Then the user’s effective permissions are the combination of the user and group permissions Deny overrides other permissions If you deny a shared folder permission to a user and If you allow the same permission to a group the user belongs to Then the user will not have that permission. Copying or Moving Shared folders If you copy a Shared folder, the original Shared folder is shared but not the copy If you move a Shared folder, it is no longer shared.
24 NTFS Permissions Multiple Permissions NTFS file permissions take priority over NTFS folder permissions A user can always access files for which he/she has permissions using UNC. E.g. \\SRVDC16\Data\file1.txt Denying a permission for a user block that permission, even if the permission is granted to a group the user belongs to. Permission Inheritance By default, permissions assigned to the parent folder are inherited at subfolder and file level To prevent automatic inheritance, explicit permissions assignment must be done at subfolder and/or file levels. Copying or Moving Files and Folders When a file/folder is moved within an NTFS partition, it retains its permissions When a file/folder is copied to another NTFS partition, it inherits the permissions of the destination folder When a file/folder is copied to a FAT partition, it loses its NTFS permissions
27 Dfs: Scenario 1 Problems if there are dozens of servers Server 2 \Data Server 3 \Sales Server 1 \Install Server 4 \Policy Dfs not used Four shared folders on 4 different servers User need to know servers and folders names to access resources User need to connect to each server
28 Dfs: Scenario 2 Server4 \Policy Server 2 \Data Server 1 \Install Server 3 \Sales Using Dfs Have a server with Dfs and Dfs links created User need to connect to a single server User doesn’t need to know servers and folders names Dfs server Link to Install Link to Policy Link to Data Link to Sales
29 Dfs implementation in Win 2000 Standalone Dfs Created on standalone servers (Workgroup) Doesn’t take advantage of the Active Directory Offer a single level of Dfs links There are two Dfs models: Domain-Based Dfs Created on a Domain controller or Member server (in a Domain) Uses Active Directory Offer a deep hierarchy Dfs links
30 Dfs implementation in Win 2000 Only 1 Dfs root per server is allowed Dfs can be created on FAT or NTFS partitions To create a standalone Dfs root, use the Distributed File System snap-in
31 Disk Quotas Disk Quotas needed because Many users save data on shared folders Users must be prevented from filling disk capacity Disk Quotas options Enable Disk quotas w/o limiting disk usage Set a default quota for all users Determine quotas on per-user basis