Deployment Aids Sysprep used to help deploy Server and Advanced Server. – Sysprep prepares a Pro...
-
Upload
monica-harper -
Category
Documents
-
view
223 -
download
1
Transcript of Deployment Aids Sysprep used to help deploy Server and Advanced Server. – Sysprep prepares a Pro...
Deployment Aids
• Sysprep used to help deploy Server and Advanced Server.– Sysprep prepares a Pro or Server
installation for duplication to identical hardware.• Run sysprep, cut an image, copy image• Deletes security identifiers, user and system
specific data• Regenerates on reboot
Deployment
• Remote OS Installation– Server hosted equivalent CD
• Remote Installation Service
– Requires DNS, DHCP, Active Dir.– Installed on a shareable volume– Can’t be on the server’s system drive
• Formatted as NTFS
Command Interface
• Start / Run / Command– Example
• Netstat /?
Naming Conventions
• Distinguished Name DN– Defines the domain and the related containers in
which the object resides.
• Relative Distinguished Name RDN– An attribute of an object
• Globally Unique Identifier – Avoids duplication, ensures uniqueness, a 128 bit
number assigned to an object on creation and stored with it.
Naming Conventions
• User Principal Name UPN– Combines the user account name with the
domain name where the account exists
• Domain Component DC
• Organizational Unit OU
• Common Name CN
Microsoft & Directory Services
• MS does not support an extension of LDAP, called LDAP Duplication Update Protocol.– Violation of directory rules can lead to
cascading errors in directory– Uses synchronization to populate and update
directories
Microsoft & Directory Services
• Microsoft left out major portions of the X.500 protocol in the AD.– B/C Dependent on OSI networking layer and
lack of public interest.– Elements include:
• Dir. Access Prot, Dir. Systems Prot., Dir Info Shadowing Prot.,Dir Operational Binding Management Prot.
What is a directory service?
• A directory is like a database, but tends to contain more descriptive, attribute-based information. The information in a directory is generally read much more often than it is written.
• Directory updates are typically simple all-or-nothing changes, if they are allowed at all.
• Directories are tuned to give quick-response to high-volume lookup or search operations.
LDAP
• Lightweight Directory Access Protocol.
• A directory service protocol that runs over TCP/IP.
• The details of LDAP are defined in RFC 1777 "The Lightweight Directory Access Protocol."
LDAP
• The LDAP directory service model is based on entries.
• An entry is a collection of attributes that has a name, called a distinguished name (DN).
• Each of the entry's attributes has a type and one or more values.
LDAP
• Types are typically mnemonic strings, like "cn" for common name, or "mail" for email address. – mail attribute might contain the value
"[email protected]– jpegPhoto attribute would contain a
photograph in jpeg format
How is the information arranged?
• Directory entries are arranged in a hierarchical tree-like structure that reflects political, geographic and/or organizational boundaries.
• Entries representing countries appear at the top of the tree.
• Below them are entries representing states or national organizations.
• Below them might be entries representing people, organizational units, printers, documents,
How is the information referenced?
• Entry is referenced by its distinguished name, constructed by taking the name of the entry itself (called the relative distinguished name, or RDN) and concatenating the names of its ancestor entries.– For example, the entry for Rick Evans in the example
above has an RDN of "cn=Rick Evans" and a DN of "cn=Rick Evans, o=PSU, c=US". The full DN format is described in RFC 1779, "A String Representation of Distinguished Names."
Resources
• http://www.oblix.com/pointofentry/ldap/index.html
Trusts
• Two-way transitive trust– Automatically achieved between domains in
the same tree or can be established between domains on separate trees.
• Explicit one-way trust– Created between specific domains in two
different forests and provide one-way restricted permissions.
Domain Trees & Child Domains
• When should a child be created?– Is decentralized administration desired– Do you need tight/localized administration– Do business activities dictate separate
domains– Do account policies need to differ
Domain Trees & Child Domains
• When should a forest be created?– Are the business activities extremely different?– Are there reasons for maintaining separate identities
• Unique trade names
– Do joint venture or partner relationships exist that require tighter control over network resources.
• Enforcing direct administrative and security restrictions
User accounts
• Unique identifier– SID – security identifier– User and group SID’s form the security token– Unique, must be regenerated if account is
deleted.– Mapped to the Access control list
• DACL – discretionary access control list is a security descriptor, who has permission to use.
Profiles
• Local User – maintained on each system in the users profile directory.
• Roaming – allows users to move from system to system, located in shared directory of server.
• Mandatory – restricted by sysadmin to permit consistent desktops.– Ntuser.dat to Ntuser.man
Contents Profile Directory
• Cookies
• Desktop
• Favorites
• My documents
• Start Menu
All users profile
• Application Data
• Local Settings
• NetHood – domains & files accessed
• PrintHood
• Recent
• Send To
• Templates for Office Apps.
Novell NetWare
• 1983 – NetWare/86 file & print sharing• NetWare 286 – multitasking• NetWare 386 – larger networks• NetWare 4.11- IntraNetware• NetWare 4.2 – NetWare for small Business• NetWare 3.2 mid size networks/older cpus• 1998 Netware 5.0 – larger networks• 2003 Netware 6.5 - Internet
NetWare
• IP protocol– Backward compatible to IPX
• Java enabled
• NSS – Novell Storage System– Volumes & Mounts
File Server Capacity
Capability Netware 5 Netware 4
Concurrent Open files
1019 100,000
Directory Entries per volume
1019 16 million
Volumes per sever Unlimited 64
Segments per volume
Unlimited 8
Max Disk Cap 8TB 4TB
Max File Size 8TB 4GB
NetWare
• NetWare Loadable Modules NLM’s– Add hardware without rebooting– Remove without stopping server– Increase volume size while S is running
• Multiprocessor kernel MPK• Supports symmetrical multiprocessing H/W (SMP)• Multithreading• Up to 32 processors - Questionable release date
NetWare
• NetWare Directory Services– Organizes users, groups, devices into a tree
like structure• NDS Tree
– Single user login– Scalable, up to unlimited sizing
• 1999 test had a billion users
NetWare
• Novell's core-services are wrapped around NDS eDirectory, a robust, cross-platform directory service.
• NDS eDirectory ships with NetWare 5.1 and is available in versions that run natively on Linux, Solaris, and Windows 2000 and NT - no NetWare required.
NetWare
• NDS - NetWare's central feature. All the services that ship in the NetWare 5.1 box, all those available from Novell separately and even most third-party additions plug into the directory to become part of a fabric of integrated services.
• This integration gives administrators a replicated, fail-safe, single point of administration.
• Users, get one place to search for enterprise wide resources and one point of authentication to gain access to those resources.
NetWare
• Fault tolerance (3 Levels)– SFT1 single server, when a sector goes bad,
the bad sector to a good one. Hot fix.• Redundant volume data structures
– SFTII level two, has all the features of one and uses disk mirroring and duplexing
• Duplexing has a controller for each drive
Mirror
Duplex
• Fault tolerance (Cont)– SFTIII Level three consists of SFT II plus
server mirroring, or redundant servers.– Two servers connected using a high speed
Mirrored Server Link (MSL)– Nonstop operation using an entirely
redundant server.
NetWare
• Security– Public key infrastructure PKIS
• Enables public key & cryptography and digital certificates. Local certificate authority & SSL
– Novell International Cryptographic Infrastructure– Enable cryptography services for confidentiality, integrity,
and authentication
– Secure Authentication Services SAS– Auditing
NetWare
NetWare 5.1's security
• built on an RSA dual-key-encrypted security store
• authentication methods-- passwords, tokens, biometrics, smartcards and X.509 certificates
• Cryptography services in the form of Novell's International Cryptographic Infrastructure (NICI) ship with and plug into NetWare's modular security services and provide DES/RC2/RC4 data encryption of 56-bit to unlimited strength.
NetWare 5.1's security
• NetWare 5.1 automatically creates a directory-based CA and generates a server certificate, which it uses for the Web-accessible NetWare Management Portal (NMP) and the Enterprise Web Server.
NetWare 5.1's security
• SSL-enabled and secure out of the box with NetWare 5.1
• NetWare supports minimum password lengths, intruder detection lockout and unique passwords– does not have a built-in method for
identifying weak passwords or forcing users to use punctuation marks or other special characters in their passwords.
NetWare
• DNS & DHCP
• LDAP
• Web Server– Netscape FastTrack Server
• FTP & Unix printing services
• NIS, telnet, XConsole
NetWare
• Client support– Windows– UNIX– OS/2– MacOS– DOS
NetWare
• ZENWorks – Zero Effort Networks
NetWare
• NetWare NFS services– Two parts NFS gateway & NFS server
• Gateway permits clients to access a Unix file system as a NetWare volume
– NFS server exports NetWare volumes to Unix and other NFS clients
• Access is granted using traditional Unix Mount commands
– Line printer/Line printer Daemon LPR/LPD– Built on Sun’s NFS services 2.0
NetWare
• NDS for Non-NetWare Platforms– NDS for NT
• NWAdmin Snap-in
– NDS for Unixware– NDS for Solaris– Others
NetWare
• NDS Directory Tree– Graphical display of the network– Consists of objects that are resources– Displays relationships– Objects have properties and values
• Property defines a function• Value are the data for the property
NetWare
• NDS tree Objects– Container (4)
• Root• Country• Organization• Organizational Unit
– Leaf objects• User, printer, file server (16)
NetWare
• File System– File Server– Volumes– Directories– Files
• Rights Supervisor,R,W,Create,Erase,Modify,File Scan,Access Control
NetWare
• Web-based management tool- NMP– create and delete NDS users and groups,
manage the Enterprise Web Server, the NetWare Web Search Server and the NetWare News Server.
– access volume management, trustee assignments, server management, NDS management, remote-server access to other NetWare 5.1 server portals and limited access to the file systems on NetWare 5 and 4.x servers in the same tree.
NetWare
– The NMP provides hardware information, console screens and server-health monitors.
– mount and dismount volumes, set volume attributes and server parameters, restart servers, manage connections, broadcast messages to connected users, view statistics and graphical representations of server performance, debug problems, and execute console commands.
Costs
• Windows 2000 Advanced Server, $3,999 with 25 client access licenses
• NetWare 5.1, $3,155 for 25-connections
• Solaris 8, free, Sun Microsystems
NetWare 6 Features • There are a broad range of features.• Many features are not available in other
NOSs.
Storage Management • Server storage is divided into logical
volumes.
• A volume may be one or more hard drives, CD-ROMs, DVDs, or SANs.
• A storage volume can contain eight terabytes.
Storage Management
Storage Management• NetWare supports storage virtualization.• Storage pools can be from 1 to 254 volumes.• Storage pools can exceed the physical storage
currently available.
Deployment• No additional client software is required to
connect to a NetWare server.• NetWare automatically recognizes and supports
protocols from different client operating systems.• NetWare 6 can be installed incrementally to
existing networks.
iPrint• Any LAN printer can be accessible through the
Internet.• iPrint can create a facility floor plan that shows
the physical location of printers.• Users click on the printer icon to select the
printer to use.• Printer drivers are automatically downloaded
and installed.
iPrint
iFolder• Provides remote users a simple means of
accessing files on a NetWare server.• Files and directories are accessed by special
software or a Web browser.• Transmitted files are encrypted.• iFolder provides synchronization.
eDirectory • eDirectory is Novell NetWare’s directory service.• It can manage users running different NOSs.• It can create dynamic groups.• Persistent search can take action whenever
change occurs.
User Accounts• Performed at ConsoleOne • Name• Surname• Password