260 likes | 623 Views
Chapter 9 Looking at Servers and Their Network Operating Systems (NOSs) Microsoft Windows Servers Windows servers began as Microsoft Windows NT Advanced Server 3.1, a 32-bit network operating system.
E N D
Chapter 9 Looking at Servers and Their Network Operating Systems (NOSs)
Microsoft Windows Servers • Windows servers began as Microsoft Windows NT Advanced Server 3.1, a 32-bit network operating system. • Back when it was first introduced, everyone was excited about the “new technology,” which is what NT stands for. • The graphical user interface (GUI), or desktop, looked identical to that of Windows 3.1, which explained why the first version was called 3.1. • The NOS was quickly replaced by Windows NT 3.5, which was almost immediately replaced by Windows NT 3.51.
Microsoft Windows Servers • Windows NT 3.51 was eventually followed by Windows NT 4.0. • This version had a new desktop that looked exactly the same as that of Windows 95, which was released less than a year before Windows NT 4.0. • (One thing to keep in mind about any version of Windows NT is that there are two types, one for clients and the other for servers.)
Windows NT Domains • Windows NT uses domains as logical boundaries that house servers, user accounts, and resources. • While a domain is similar to a workgroup, it uses a central directory service that authenticates the users when they log on.
Windows NT Domains • Servers with a copy of the directory service database (which is called the Security Account Manager, or SAM) are called domain controllers; there is one primary domain controller (PDC), and the rest are backup domain controllers (BDCs). • A BDC can’t create new users in the domain, because it contains a read-only copy of the SAM.
Windows NT Domains • If an administrator makes any changes through an administrative console on any PC or server in the network, the changes appear to take place locally, but in fact they take place only on the PDC. • BDCs provide a measure of redundancy, so if the PDC fails, a BDC can provide authentication services so that users can log on and access network resources. • In the event of a total PDC failure, a network administrator can convert a BDC into a PDC. The rest of the servers, and the workstations, are members of the domain.
Trust Relationships • Because each domain’s PDC has a separate SAM, the user of one domain can’t access resources owned by another domain. • To overcome this flaw, domains can be joined together in a trust relationship. • Once a trust relationship has been created, a user in a trusted domain can be granted access to a resource in a trusting domain.
Trust Relationships • They are NOT transitive.
Domain Models • Single domain: • This model consists of a PDC, workstations, and users that are all members of the same domain. There might be one or more BDCs. There are no trust relationships.
Domain Models • Master domain: • This model has at least two, and possibly more, domains—a master domain, which contains user accounts, and at least one resource domain, which contains resources such as printers, files, and so on. • Every resource domain trusts the master domain, but the master domain doesn’t trust any resource domains.
Domain Models The Master trusts none other!
Domain Models • Multiple master domain: • This model builds on the master domain model in that it has two or more master domains and one or more resource domains. • Each master domain contains user accounts and trusts the other master domain(s). • Resource domains contain network resources such as files and printers. • Each resource domain trusts all of the master domains
Domain Models Masters only trust other masters.
Domain Models • Complete trust domain: • This model resembles a spider web. • It contains two or more domains in which every domain trusts every other domain. • Each domain can contain user accounts or resources, or both.
Domain Models Everybody trusts everybody!
Organizing Users into Groups • Windows NT domains use special groups to function between domains. • There are two types of groups—global and local. • A user account created within a domain is actually a global user account, whereas a user account created on a standalone computer is a local user account. • Global users function within a domain in the same way global groups do.
Organizing Users into Groups • The local group is created within a local security database on the server, as are local users. • This group is local to the server and is not applied to any other server or workstation on the network. • Local user accounts and groups can be granted access only to the resources on the server or Windows NT workstation they reside on.
Windows 2000 and Active Directory • Windows 2000 uses a much different method of managing users and computers—the Active Directory, which is a true hierarchical directory service that provides secure authentication for users who want to access resources on the network.
Windows 2000 and Active Directory • The Active Directory is hierarchical because it uses the Domain Name System (DNS), which is a globally accessible table of domain names and corresponding IP addresses. • By using DNS, the Active Directory is able to integrate with the Internet and services that are offered via the Internet. • This is a drastic leap for Windows servers from the flat-file database that the SAM offered.
Windows 2000 and Active Directory • By using DNS, the Active Directory becomes hierarchical at the domain level, and it affects the trust relationships between domains that are within the Active Directory. • Active Directory still uses the logical organization known as a domain, but it is not named “DOMAIN” with a NetBIOS name. Instead, it is named “domain.com” with a DNS name. • The forest is a new logical grouping of domains that lies within the Active Directory. Trust relationships are both reciprocal and transitive within an Active Directory forest.
Windows 2000 and Active Directory • The Active Directory is a distributed directory service, which means that the actual database is distributed throughout the domain controllers on the network. • There are domain controllers, but there is no such thing as a PDC or BDC within the Active Directory. • Every domain controller is created equally.
Windows 2000 and Active Directory • Because all domain controllers are equal, if one goes down, the others will still be able to provide the same services. • In general, when you’re planning domains, remember that you should always have at least two domain controllers per domain for redundancy.
Windows NT File System • NTFS supports long filenames, as opposed to the “8.3” filename system used by FAT in which 8.3 referred to the requirement that each filename be a maximum of eight letters long, followed by a period and then a maximum three-letter extension. • File access in NTFS is provided at the user level. An administrator can assign access rights to both files and directories. • This can be performed using Windows Explorer in Windows NT and in Windows 2000.
Windows NT File System • Both Windows 2000 and Windows XP provide NTFS version 5. NTFS 5 offers file compression to optimize file storage. (This is a property of each of the files.) • Another way that NTFS optimizes file storage is by using large partitions. NTFS provides for volumes, which associate a single drive letter with a collection of free space regions that can be spread across several hard drives.
Windows NT File System • A volume can even be a Redundant Array of Inexpensive Disks (RAID), created through the NOS. • In Windows 2000 and later, you use Disk Management to manage hard disks. In Windows NT, you use Disk Administrator.