COMP1321 Digital Infrastructure Richard Henson February 2014.

COMP1321COMP1321

Digital InfrastructureDigital Infrastructure

Richard HensonRichard Henson

February 2014February 2014

Week 14: Client-Server Week 14: Client-Server NetworksNetworks

• In particular… Client-Server Platforms In particular… Client-Server Platforms for for Operating Systems….Operating Systems….

Client-Server Platforms for Client-Server Platforms for

Operating SystemsOperating Systems

•Users use client machinesUsers use client machines

•Administrators manage server machines Administrators manage server machines to provide network resourcesto provide network resources

•Clients and servers mutually dependentClients and servers mutually dependent

server client

2121stst Century Platforms Century Platforms

•Unix already popular, but Unix already popular, but technicaltechnical

•Windows 2000 Server easier Windows 2000 Server easier maintained alternative…?maintained alternative…?

•DEC VAX “fell of a cliff”DEC VAX “fell of a cliff” Intel platform survived threats from RISC Intel platform survived threats from RISC

architecture…architecture…• 64-bit alpha platform never that popular64-bit alpha platform never that popular• rights to alpha chip bought by Intel (!)rights to alpha chip bought by Intel (!)

• never even offered when XP (client-based) never even offered when XP (client-based) was launched…was launched…

TWO Features of TWO Features of Windows 2000 ServerWindows 2000 Server

•Active DirectoryActive Directorycentralised resource cataloguingcentralised resource cataloguingcontrol over users via group policycontrol over users via group policy

•Scalability:Scalability:multiple domainsmultiple domainshierarchy of trusted domains based hierarchy of trusted domains based

on DNS namingon DNS naming

Platforms at Client-end Platforms at Client-end and Server-endand Server-end

•Windows became 64-bit on an Intel Windows became 64-bit on an Intel platform:platform:on server motherboardson server motherboards

• Windows 2003 onwardsWindows 2003 onwardson workstations (Vista onwards…)on workstations (Vista onwards…) Due to Microsoft’s disastrous (mis)launch of Due to Microsoft’s disastrous (mis)launch of

Vista…Vista… Apple Apple client platformclient platform had a chance to had a chance to

emerge and develop a good range of appsemerge and develop a good range of apps ensured success of i-player & i-phoneensured success of i-player & i-phone

Windows 2003 Server – Windows 2003 Server – what was new?what was new?

•Main difference at kernel level in Main difference at kernel level in 64-bit option64-bit option32-bit kernel unchanged…32-bit kernel unchanged…

•Functional enhancements:Functional enhancements:GDI+ interfaceGDI+ interfaceenhanced Active Directoryenhanced Active DirectoryGroup Policy Management ConsoleGroup Policy Management Console

BIOS DevelopmentsBIOS Developments

•Earlier motherboards…Earlier motherboards… single chip containing the BIOS on ROM and single chip containing the BIOS on ROM and

a writeable CMOS areaa writeable CMOS area 16-bit command line interface 16-bit command line interface

•More recent motherboards use EFI More recent motherboards use EFI (Extensible Firmware Interface)(Extensible Firmware Interface) 32-bit command line32-bit command line only really exploited with Windows 7, and only really exploited with Windows 7, and

2008 Server…2008 Server…

Windows 2008 Server – Windows 2008 Server – what was new?what was new?

•Virtualisation platformVirtualisation platformknown as Hyper-Vknown as Hyper-V

•PowerShellPowerShellmore powerful range of command more powerful range of command

line optionsline options

•More efficient use of Active More efficient use of Active Directory across enterprise Directory across enterprise networks for user account controlnetworks for user account control

•others….others….

Virtualisation (Windows 2008 Virtualisation (Windows 2008 Server, Citrix, VMware, etc.)Server, Citrix, VMware, etc.)

• The use of software to allow a The use of software to allow a piece of hardware to run piece of hardware to run multiple operating system multiple operating system images at the same timeimages at the same time Windows OS under Mac OS…Windows OS under Mac OS… multiple versions of Windows multiple versions of Windows

OS on the same PCOS on the same PC

• Slightly different from Slightly different from terminal services but getting terminal services but getting popular…popular…

• Enables the creation of a Enables the creation of a “virtual” (rather than actual) “virtual” (rather than actual) version of any software version of any software environment on the desktop, environment on the desktop, e.g. Operating Systems, a e.g. Operating Systems, a server, a storage device or server, a storage device or networks, an applicationnetworks, an application

More about booting More about booting to an Intel platformto an Intel platform

•BIOS coordinates with “master boot BIOS coordinates with “master boot record” (MBR) on boot partition record” (MBR) on boot partition

•Should seek out a “boot loader” Should seek out a “boot loader” program and operating systemprogram and operating systemand partition(s) containing the different and partition(s) containing the different

media prepared in different waysmedia prepared in different ways

•Hard disk still the conventional boot Hard disk still the conventional boot mediummediumpartitions give choice of bootable mediapartitions give choice of bootable media

• CDs & USBs only have one partitionCDs & USBs only have one partition

Partitions, Hard Disks and Partitions, Hard Disks and Multiple Operating Multiple Operating

SystemsSystems•MBR must be on the first (C:) partitionMBR must be on the first (C:) partition

•Possible to have different operating Possible to have different operating systems on the same hard disk…systems on the same hard disk… varieties of Windowsvarieties of Windows varieties of Unix…varieties of Unix…

•BUT…BUT… Master Boot Record systems different on Master Boot Record systems different on

Unix and WindowsUnix and Windows still possible to have ONE Unix partition…still possible to have ONE Unix partition…

Storage of User/System Storage of User/System Settings for clients: The Settings for clients: The

RegistryRegistry•Early Windows extended DOS text files of Early Windows extended DOS text files of

system & user settings:system & user settings: SYSTEM.INI enhanced CONFIG.SYSSYSTEM.INI enhanced CONFIG.SYS WIN.INI enhanced AUTOEXEC.BATWIN.INI enhanced AUTOEXEC.BAT

•Windows 95 created “The Registry”Windows 95 created “The Registry” two dimensional structure for user and system two dimensional structure for user and system

informationinformation principles extended in Windows NT v4principles extended in Windows NT v4

• system and user settings downloadable to local registry system and user settings downloadable to local registry across the across the networknetwork

Viewing/Editing the Viewing/Editing the RegistryRegistry

•REGEDT32 from command prompt…REGEDT32 from command prompt…look but don’t touch!look but don’t touch! contents should not be changed manually contents should not be changed manually

unless you really know what you are doing!!!unless you really know what you are doing!!!

•Registry data that is loaded into Registry data that is loaded into memory can also be overwritten by memory can also be overwritten by data:data:from local profilesfrom local profilesdownloaded across the network…downloaded across the network…

DomainsDomains•Microsoft name for network Microsoft name for network

infrastructure universally known as infrastructure universally known as LANsLANs

•Similar to Internet use of “domain Similar to Internet use of “domain names” and DNSnames” and DNS

•Domain can be serviced by a number of Domain can be serviced by a number of serversserverscan be dedicated for particular purposescan be dedicated for particular purposessupport very many userssupport very many users

Logon to NetworkLogon to Network

•Once the operating system has Once the operating system has been loaded…been loaded…user logon screen presenteduser logon screen presented

•Rapid local boot is fine…Rapid local boot is fine…but most organisational computers but most organisational computers

are on networks…are on networks…• why? why?

why does network logon take so long?why does network logon take so long?

““Policies”: Controlling User Policies”: Controlling User and System Settingsand System Settings

•The Windows user’s desktop is controlled The Windows user’s desktop is controlled with policieswith policies user policiesuser policies system policiessystem policies

•Configuring and using policies - essential Configuring and using policies - essential part of any network administrator’s job! part of any network administrator’s job! could be 100s or 1000s of systems, & userscould be 100s or 1000s of systems, & users

System SettingsSystem Settings

•For configuration of hardware For configuration of hardware and softwareand softwaredifferent types of system need different types of system need

different settingsdifferent settingssystem settings for a given computer system settings for a given computer

may need to be changed for particular may need to be changed for particular users e.g. to change screen refresh users e.g. to change screen refresh rate for epilepticsrate for epileptics

User SettingsUser Settings

•More a matter of convenience for the More a matter of convenience for the useruser mandatory profilesmandatory profiles

• users all get the same desktop settings!users all get the same desktop settings!• anything added is lost during logoff!anything added is lost during logoff!

roaming profiles - desktop settings roaming profiles - desktop settings preserved between user sessionspreserved between user sessions• saved across the network…saved across the network…

What is The Registry?What is The Registry?•A hierarchical store of system and user A hierarchical store of system and user

settingssettings

•Five basic subtrees:Five basic subtrees: HKEY_LOCAL_MACHINEHKEY_LOCAL_MACHINE : local computer info. : local computer info.

Does not change no matter which user is logged Does not change no matter which user is logged onon

HKEY_USERSHKEY_USERS : default user settings : default user settings HKEY_CURRENT_USERHKEY_CURRENT_USER : current user settings : current user settings HKEY_CLASSES_ROOTHKEY_CLASSES_ROOT : software config data : software config data HKEY_CURRENT_CONFIGHKEY_CURRENT_CONFIG : “active” hardware : “active” hardware

profileprofile

•Each subtree contains one or more Each subtree contains one or more subkeys…subkeys…

Location of the Windows Location of the Windows RegistryRegistry

•In XP…In XP… c:\windows\system32\config folderc:\windows\system32\config folder

•Six files (no extensions):Six files (no extensions): SoftwareSoftware System – hardware settingsSystem – hardware settings Sam, SecuritySam, Security

• not viewable through regedt32not viewable through regedt32

Default – default userDefault – default user Sysdiff – HKEY USERS subkeysSysdiff – HKEY USERS subkeys Also to be considered: ntuser.datAlso to be considered: ntuser.dat

• user settings that override default user settings that override default useruser

Emergency Recovery if Emergency Recovery if Registry lost or badly Registry lost or badly

damageddamaged•Backup registry files created during text-Backup registry files created during text-

based part of windows installationbased part of windows installation alsoalso stored in: stored in:

• c:\windows\system32\configc:\windows\system32\config• have .sav suffixhave .sav suffix

only updated if “R” option is chosen during a only updated if “R” option is chosen during a windows recovery/reinstallwindows recovery/reinstall

•NEVER UPDATED backup is saved toNEVER UPDATED backup is saved to C:\windows\repair folderC:\windows\repair folder no user and software settingsno user and software settings reboots back to reboots back to “Windows is now setting up”“Windows is now setting up”

Backing up the RegistryBacking up the Registry

•Much forgotten… an oversight that may Much forgotten… an oversight that may later be much regretted!!!later be much regretted!!! can copy to tape, USB stick CD/DVD, or diskcan copy to tape, USB stick CD/DVD, or disk rarely more than 100 Mbrarely more than 100 Mb

•Two options;Two options; Use third-party backup toolUse third-party backup tool

• e.g e.g http://www.acronis.co.uk Use windows “backup”Use windows “backup”

• not recommended by experts!not recommended by experts!• but already there & does work!but already there & does work!• to copy the registry if this tool is chosen, a to copy the registry if this tool is chosen, a

“system state” backup option should be selected“system state” backup option should be selected

System Policy FileSystem Policy File

•A collection of registry settings A collection of registry settings downloaded from the domain controller downloaded from the domain controller during logonduring logon

•Can apply different system settings to a Can apply different system settings to a computer, depending on the user or computer, depending on the user or group logging ongroup logging on

•Can overwrite:Can overwrite: local machine registry settingslocal machine registry settings current user registry settingscurrent user registry settings

•Should therefore only be used by those Should therefore only be used by those who know what they are doing!!!who know what they are doing!!!

System Policy FileSystem Policy File•Saved as NTCONFIG.POLSaved as NTCONFIG.POL

•Normally held on Domain ControllersNormally held on Domain Controllers read by local machine during logon procedureread by local machine during logon procedure provides desktop settings, and therefore used to provides desktop settings, and therefore used to

control aspects of appearance of the desktopcontrol aspects of appearance of the desktop

•Different NTCONFIG.POL settings can be Different NTCONFIG.POL settings can be applied according to:applied according to: UserUser GroupGroup ComputerComputer

•Users with roaming profiles additionally Users with roaming profiles additionally save desktop settings to their profile folderssave desktop settings to their profile folders

Characteristics of Characteristics of Microsoft “domains”Microsoft “domains”

•Not the same as DNS domainsNot the same as DNS domains

•Really just another way of saying Really just another way of saying LAN or client-server networkLAN or client-server network

•Server controlledServer controlledbut server needs to be elevated to but server needs to be elevated to

domain controller statusdomain controller statusneeds to install “DNS server”needs to install “DNS server”

Domains and Active Domains and Active DirectoryDirectory

•Active Directory…Active Directory…logically connects servers togetherlogically connects servers togetherservers create domains…servers create domains…can use connections between servers can use connections between servers

to model the DNS system on a to model the DNS system on a Microsoft networkMicrosoft network

•But things can go wrong…But things can go wrong…knowledge of DNS servers requiredknowledge of DNS servers required

Internet Domain NamingInternet Domain Naming

•An attempt to give logical names to An attempt to give logical names to computers directly hooked up to the computers directly hooked up to the InternetInternet

•First defined back in 1983, through three First defined back in 1983, through three early RFCs…early RFCs… 881: The Domain Names Plan and Schedule 881: The Domain Names Plan and Schedule

(revised, 897, 921)(revised, 897, 921) 882: CONCEPTS and FACILITIES (revised, 882: CONCEPTS and FACILITIES (revised,

1034)1034) 883: IMPLEMENTATION and SPECIFICATION 883: IMPLEMENTATION and SPECIFICATION

(revised, 1035)(revised, 1035)

The DNS SystemThe DNS System

•First defined in RFC 1101: First defined in RFC 1101: “ “DNS Encoding of Network Names and Other Types”DNS Encoding of Network Names and Other Types”

•First recognisable as x.y.z format through First recognisable as x.y.z format through RFC 1183:RFC 1183:

“ “New DNS RR DefinitionsNew DNS RR Definitions””

•Explained including IANA (administration Explained including IANA (administration of first level domains) through RFC 1591 of first level domains) through RFC 1591 (1994) (1994)

“ “Domain Name System Structure and Delegation”Domain Name System Structure and Delegation”

DNS and DNS ZonesDNS and DNS Zones•The DNS system is The DNS system is

hierarchicalhierarchical

•A DNS Zone is defined as:A DNS Zone is defined as:“… “… a portion of the global a portion of the global

Domain Name System (DNS) Domain Name System (DNS) namespace for which namespace for which administrative responsibility administrative responsibility has been delegated”has been delegated” it refers to the lower level it refers to the lower level

domains logically connected to domains logically connected to any one particular root domain any one particular root domain (e.g. .us or .com)(e.g. .us or .com)

z

ay

x

DNS entry x.y.zDNS Zone: zComputers within z zone: a, x and y

Naming a Server within Naming a Server within a DNS Zonea DNS Zone

•Windows 2003 Servers promoted to Windows 2003 Servers promoted to domain controllers are assumed to domain controllers are assumed to be part of the DNSbe part of the DNSnamed accordingly within a hierarchy named accordingly within a hierarchy

of domain namesof domain namesDNS Server needs to be installed at DNS Server needs to be installed at

this point…this point…• assists Active Directory with domain name assists Active Directory with domain name

record keepingrecord keeping• provides options for storing DNS/IP address provides options for storing DNS/IP address

pairspairs

WINS, DNS, and WINS, DNS, and IP addressingIP addressing

•Older versions of Windows used Older versions of Windows used “Windows Internet Naming Service”“Windows Internet Naming Service”look up service including NetBIOS look up service including NetBIOS

names and corresponding IP addressesnames and corresponding IP addresses

•Now, DNS is increasingly replacing Now, DNS is increasingly replacing WINS:WINS:DNS server manages access to network DNS server manages access to network

name/IP address look upname/IP address look up

Managing Domain UsersManaging Domain Users•Active Directory installed when server Active Directory installed when server

promoted to domain controllerpromoted to domain controller

•Users gain access via client machinesUsers gain access via client machines to even enable user log on, a client machine to even enable user log on, a client machine

must have an account in that domainmust have an account in that domain client details stored in active directoryclient details stored in active directory

•User must have a domain accountUser must have a domain account details stored in “Active Directory”…details stored in “Active Directory”… entry in database of usernames/passwords entry in database of usernames/passwords

essential for successful login matchessential for successful login match

Potential Installation Potential Installation Traps & ErrorsTraps & Errors

•Quite a lot of hardware has to be Quite a lot of hardware has to be correctly configuredcorrectly configured

•Not plug-and-play?Not plug-and-play?need to install software manuallyneed to install software manually

•Not on the HCL?Not on the HCL?Need to get drivers from the Need to get drivers from the

manufacturer & install from separate manufacturer & install from separate mediamedia

•All these potential problems can All these potential problems can prevent installation from proceeding prevent installation from proceeding to completionto completion

Potential Installation Potential Installation Traps & ErrorsTraps & Errors

•The most common problem post-The most common problem post-installation is that files become installation is that files become corruptcorrupt

•This will mean that the system This will mean that the system boot up process will be boot up process will be suspended indefinitely as the suspended indefinitely as the system looks in vain for the system looks in vain for the missing filemissing file

Correcting Correcting Installation ErrorsInstallation Errors

•Each NOS should have a system to allow Each NOS should have a system to allow recovery from a failed installationrecovery from a failed installation With Windows 2000/3, it is “recovery console”With Windows 2000/3, it is “recovery console”

•Such a “recovery” system should allow Such a “recovery” system should allow the system to reboot to at least a the system to reboot to at least a command promptcommand prompt allowing the necessary file(s) to be re-allowing the necessary file(s) to be re-

installed…installed…

•The computer should then again boot up The computer should then again boot up satisfactorilysatisfactorily

Installing ClientsInstalling Clients

•Will be necessary if:Will be necessary if:Existing client software not compatible Existing client software not compatible

with server-side or is upgraded for other with server-side or is upgraded for other reasonsreasons

Existing client software becomes faulty Existing client software becomes faulty or will not connect to the domainor will not connect to the domain

New computer to be added to the New computer to be added to the domaindomain

Automatic InstallationsAutomatic Installations

•The first server on the network should The first server on the network should always be installed manuallyalways be installed manually

•However, NOSs allow capabilities for the However, NOSs allow capabilities for the “automatic” installation of clients“automatic” installation of clients

•This means that all the questions that are This means that all the questions that are asked by the installation process must be asked by the installation process must be answered on a text file or “script” that answered on a text file or “script” that can be accessed during the automatic can be accessed during the automatic installinstall with Windows 2000/3 this is known as with Windows 2000/3 this is known as

UNATTEND.TXTUNATTEND.TXT