Chapter 11 Advanced NOS Administration 11.1 Backups 11.2 Drive Mapping 11.3 Partition and Processes Management 11.4 Monitoring Resources 11.5 Analyzing.

Chapter 11 Advanced NOS Administration

11.1 Backups

11.2 Drive Mapping

11.3 Partition and Processes Management

11.4 Monitoring Resources

11.5 Analyzing and Optimizing Network Performance

Backups

Overview of Backup Methods

• The backup process involves copying data from one computer to some other reliable storage medium for safekeeping.

• Once the data has been archived, the system administrator can then restore data to the system from any previously recorded backup.

• Considerations that are relevant for storage devices:

– Cost – Size – Manageability – Reliability

Overview of Backup Methods

• There are four types of backup procedures that define how the backup will take place:– Full - will backup everything on the hard drive at the

scheduled point in the day

– Partial - backs up selected files

– Incremental - only the files that have changed since the last backup will be selected for back up

– Differential - backs up files created or changed since the last normal or incremental backup

Installing Backup Software

• With the release of Windows 2000, the backup utility that existed with Windows NT was greatly enhanced.

• This Windows NT tool has replaced RDISK, and it is now used to back up the Registry.

• It is no longer confined to only tapes as output media, and it offers a number of other possibilities as well.

Installing Backup Software

• The Linux OS includes two utilities that can perform backups.

• They are tar and cpio. The tar utility, which is a tape archiever, combines multiple files into a single file that can be copied to the media.

• The cpio utility is used to copy in/out. • It can perform three basic actions, one of which must

be specified:– -i To extract from an archive

– -o To make a new archive– -p To print/pass (through the files)

Backup Hardware

• The most common backup hardware device used before and now is some form of magnetic tape drive.

• Tape devices are known for their long-lasting performance, which is partly due to the tape drive mechanics that some systems include.

• There are a variety of tape devices that use different tape formats for storing data.

• Many tape drives can also compress the data before it is stored on the tape.

• In most cases the compression ratio is 2:1.

Backup Hardware

• Quarter Inch Cartridge (QIC, pronounced “quick”), is a tape standard.

• Travan tape drives have a higher storage capacity than the older QIC tape drives. The most recent standard implemented on Travan tape drives was hardware compression.

Backup Hardware

• 8mm tape technology uses a tape similar to 8mm videotape and the same helical scan system used by a VCR.

• Mammoth 8mm tape technologies are an improvement on the original 8mm tape technologies with higher storage capacities and faster transfer speeds.

• AIT technology uses 8mm tapes that use the helical scan recording hardware, which is much like a VCR and have memory in the tape cartridge, known as Memory-In-Cassette (MIC).

Backup Hardware

• The Digital Audio Tape (DAT) tape standard uses 4mm digital audiotapes to store data in the Digital Data Storage (DDS) format.

• Digital Linear Tape (DLT) technology offers high capacity and relatively high-speed tape backup capabilities. DLT tapes record information on the tape in a linear format.

• Linear Tape-Open (LTO) technology comes in two distinct forms. – One is designed for high storage

capacity (Ultrium), and the other is designed for fast access (Accelis).

Backup Strategies

• There are several accepted backup strategies, and many of them are based on this popular Grandfather-Father-Son (also known as Child-Parent-Grandparent) method.

• This backup strategy uses three sets of tapes for daily, weekly, and monthly backups.

Automating Backups

• System backups should be performed at regular intervals to provide consistent data protection.

• Automation of such regularly scheduled events is an important backup consideration.

• Automation not only increases backup consistency but also gives system administrators more time to address other important network issues.

• The most common automated backup procedure consists of a system administrator inserting a tape into the drive at the end of the day.

• The system performs the regularly scheduled nightly backup of data onto the tape.

• The system administrator ejects that tape the next day and stores it for a predetermined period of time.

Drive Mapping

What is Drive Mapping?

• Drive mapping is a useful tool that allows an administrator to share resources that are stored on a server.

• The client computers that are connected to the network assign a drive letter that will act as a direct path to access those resources stored on a server over the network.

• After a user identifies a network resource to be used locally, the resource can be "mapped" as a drive.

Mapping Drives in Windows Networks

• To map a drive with Windows Explorer, navigate to the folder on the remote system in Windows Explorer by selecting Network > Neighborhood > Server name > Shared folder name.

• Another way to do this is to choose the Tools menu, and then choose Map Network Drive.

• The net use command can be used instead of mapping drives through Windows Explorer.

• net use can also be incorporated into a login script that automatically runs when the user logs in to the network.

Mapping Drives in Linux Networks

• A client computer running Linux must be mapped in a slightly different way. • Use the mount command to establish a connection to the shared directory on the

server. • Entering the syntax will map a drive to a Linux/UNIX share. • The local directory designation that points to the remote share denoted by the first

part of the command is called the directory mount point. • The mount point location must already exist before a share can be mapped to it.

mount servername:/directory/subdirectory /localdirectory

Mapping Drives in Novell Networks

• Mapping a drive to a share on a NetWare server can be done using Windows Explorer. • If the NetWare client machines are running Windows 95, 98, NT, 2000, or XP, follow the

same process for mapping drives on a Microsoft network.• A drive can be mapped at the command line by using the map command.• This map command can also be put in a login script that executes automatically as the

user logs into the network.

Partition and Processes Management

Using fdisk, mkfs, and fsck

• fdisk is a text-based and requires the use of one-letter commands to manipulate the options.

• type m or ? at the fdisk prompt to obtain a list of the commands that can be used.

• Once the partition changes have been made, a filesystem must be created on the partition.

• This is also referred to as formatting the partition.

• Use the mkfs utility to create a filesystem in Linux.

Using fdisk, mkfs, and fsck

• The fsck utility is used to check file systems for errors, which occur more frequently than the need to add, remove, or format partitions.

• It is a good idea to use this utility often to check for file system integrity.

Managing System Processes with cron Jobs

• The way to schedule tasks to run at regular intervals on a Linux system is with Cron Programs.

• Also known as Cron jobs, they schedule system maintenance tasks that are performed automatically.

• System Cron jobs are controled via the /etc/crontab file.

• The file begins with a set of environmental variables. These sets certain parameters for the Cron jobs such as the PATH and MAILTO

• The other lines in this file specify the minute, hour, date, month, and day of the week the job will run.

Core Dumps

• Core Dump is a recording of the memory that a program was using at the time it crashed.

• The purpose of Core Dumps is to allow programmers to study the file to figure out exactly what caused the program to crash.

Viewing Running Processes

• The processes that are currently running on a Linux system can be viewed by using the ps command.

• The ps command has a variety of options that can be used with it to manipulate its output.

• These options can be used together to display specific output using the ps command.

• There can be some considerable output that is generated when a command such as ps -a --forest is executed.

Core Dumps

• The top command functions much like the Windows 2000 Performance tool by providing detailed information regarding CPU and RAM usage.

• Sometimes a process will cause the system to lock up.

• The kill command can be used to terminate the process.

• The signal option represents the specified signal that is sent to the process.

• There are 63 different parameters that can be entered for the signal that is sent to the process.

Assigning Permissions for Processes

• Typically, programs have the same types of permission and can read the same files as the user who runs that program.

• There are certain programs that require additional permission to be run by certain users.

• Regular users cannot execute the su command because it requires root account privileges.

• Programs such as these are run using the SUID or SGID bit, which allows these programs to be run under the permission of another user.

Monitoring Resources

Disk Management

• By regularly using error-checking and defragmentation programs and continually managing free disk space, the system administrator can maintain healthy hard drives.

• One preventive disk management tool available to system administrators is the use of "quotas" for user accounts.

• A quota acts as a storage ceiling that limits the amount of data each user can store on the network.

Memory Usage

• Memory diagnostic tools that allow RAM intensive applications to be discovered, and stopped if necessary, are typically built into most NOS platforms.

• System administrators can compensate for the lack of physical memory through the use of "virtual memory".

• Virtual memory allocates space on the hard drive (swap partition or file) and treats it as an extension of the system RAM.

CPU Usage

• All information used by the NOS, including the NOS itself, is processed millions of times per second by the CPU to display this information to the user.

• Built-in tools are commonly provided to allow system administrators to monitor the current level of CPU activity.

• This feedback is often presented in terms of the percentage of the CPU currently being used and is refreshed at frequent intervals.

Reviewing Daily Logs

• Most computer programs, servers, login processes, as well as the system kernel, record summaries of their activities in log files.

• These summaries can be used and reviewed for various things, including software that might be malfunctioning or attempts to break into the system.

• In Windows 2000, the Computer Management tool allows users to browse the logged events generated by the NOS.

Reviewing Daily Logs

• Linux uses log daemons to control the events that are entered in the system log.

• Most of the Linux system’s log files are located in the /var/log directory.

• The log files that are located in this directory are maintained by the system log daemon (syslogd) and the kernel log daemon (klogd).

• These two daemons are configured using the syslog.conf file.

Checking Resource Usage on Windows 2000 and Windows XP

• System resources are monitored in Windows 2000 and Windows XP with the Performance tool.

• This application is found under the Start Menu > Programs > Administrative Tools > Performance menu option.

• Users can then right-click on the graph and select Add Counters to specify which system resources to monitor in the graph.

Checking Resource Usage on Linux

• The df command is used to display the amount of disk space currently available to the various filesystems on the machine.

• When a directory name is specified, the du command returns the disk usage for both the contents of the directory and the contents of any subdirectories beneath it.

• The top command functions much like the Windows 2000 Performance tool by providing detailed information regarding CPU and RAM usage.

Analyzing and Optimizing Network Performance

Key Concepts in Analyzing and Optimizing Network Performance

• The network administrator should make time to devise a proactive plan for managing the network.

• This plan enables the detection of small problems before they become large ones.

• The three key concepts in analyzing and optimizing network performance include:

– Bottlenecks – Baselines – Best practices

Bottleneck

• A bottleneck is the point in the system that limits the data throughput, which is the amount of data that can flow through the network.

• The primary performance-monitoring tool for Microsoft’s Windows 2000 Server is called Performance.

• Performance can monitor nearly all hardware and software components on a Windows 2000 server.

Bottleneck

• The various versions of the UNIX/Linux operating systems have command-line utilities that can be used to monitor performance of the UNIX/Linux network server.

• The primary tools are sar, vmstat, iostat, and ps. • The flags used by these commands can vary among

the different versions of UNIX/Linux. • Use the UNIX/Linux man command to get specifics

about the use of these commands. • The information displayed by the man command also

tells how to interpret the output generated by the command.

Baselines

• The baseline measurements should include the following statistics:– Processor, Memory, Disk

subsystem, Network queue length

• Determine how efficiently a network is performing by comparing various measurements to the same measurements taken at an earlier time.

• This point of comparison is called a baseline, which is the level of performance that is acceptable when the system is handling a typical workload.

Determining Internet Connection Speed

• The speed of a connection is limited by its lowest-speed component or the bottleneck.

• This means that even if the equipment is capable of a 50-kbps connection, the connection will be at the slower speed if the remote modem supports only 33.6-kbps.

Network Monitoring Software

• The network monitor that comes with Windows NT and Windows 2000 is a functional and useful tool for performing routine protocol analysis.

• Network Monitor can be used to display the individual frames of captured data.

• The figure shows that packets for several different protocols have been captured, including TCP, UDP, and SMB.

Network Monitoring Software

• The Sniffer products enable sophisticated filtering based on pattern matches, IP/IPX addresses, and so on.

• Sniffer Pro includes a traffic generator to assist in testing new devices or applications.

• It can be used to simulate network traffic or to measure response times and hop counts.

• Sniffer uses a dashboard-style interface.

Network Management Software

• Microsoft SMS is a high-end network management package that provides hardware and software inventory by installing the client agent on target computers.

• One of the most useful features of SMS is its software distribution feature.

• The distribution package contains the information used by SMS to coordinate the distribution of the software.

Network Management Software

• ManageWise includes an alarm/notification feature, NetWare LANalyzer agent, the management agent, Intel LANDesk Manager, Desktop Manager, and LANDesk virus protection.

• Tivoli is capable of providing a complete view of the network topology.

• Reporting tools enable customization of the view in which the data is presented, and "smart sets" can be created that group data logically.

Management Software for Small and Medium-Sized Networks

• SNMP is a protocol that is included in most implementations of TCP/IP. It has several advantages:– Simplicity, low cost, relative

ease of implementation, low overhead on the network, supported by most network hardware devices

• It uses a hierarchical database called a Management Information Base (MIB) to organize the information it gathers about the network.

Management Software for Small and Medium-Sized Networks

• Common Management Information Protocol (CMIP) was designed to improve on SNMP and expand its functionality.

• It works in much the same way as SNMP, but it has better security features.

• Also, it enables notification when specified events occur.

• Since the overhead for CMIP is considerably greater than that which is required for SNMP, it is less widely implemented.

• CMIP is based on the OSI protocol suite.

Management Service Provider (MSP)

• A new development in network management is the Management Service Provider (MSP).

• A company subscribes to an MSP service, which provides performance monitoring and network management.

• This saves the organization the cost of buying, installing, and learning to use monitoring and management software.

SNMP Concepts and Components

• There are two main parts to SNMP: 1. Management side – The management station is the centralized

location from which users can manage SNMP.

2. Agent – The agent station is the piece of equipment from which issuers are trying to extract data.

• At least one management system is needed to even be able to use the SNMP Service.

• Certain commands can be issued specifically at the management system.

SNMP Concepts and Components

• The SNMP agent is responsible for complying with the requests and responding to the SNMP manager accordingly.

• Generally, the agent is a router, server, or hub. • The agent is usually a passive component only

responding to a direct query. • In one particular instance, however, the agent is the

initiator, acting on its own without a direct query. • This special case is called a trap. • A trap is set up from the management side on the

agent.

SNMP Structure and Functions

• The data that the management system requests from an agent is contained in a Management Information Base (MIB).

• The namespace for MIB objects is hierarchical.

• It is structured in this manner so that each manageable object can be assigned a globally unique name.

• After the SNMP agent is installed, it must be configured with an SNMP community name.

• The default SNMP community name is Public.

SNMP Structure and Functions

• These three steps show what SNMP is really doing

• A community is a group of hosts running the SNMP Service to which they all belong.

• There really is no established security with SNMP. The data is not encrypted.

• Notification is possible using SNMP and will vary on an operating system–by–operating system basis.