Professional Documents
Culture Documents
Sa CH2
Sa CH2
1
Introduction
One basic choice that you must make before you proceed any further in building your
network is to decide which network operating system (NOS) to use as the foundation for your
network.
All NOSs must provide certain core functions, such as connecting to other computers on the
network, sharing files and other resources, and providing security.
Network operating systems (NOS) typically are used to run computers that act as servers.
Network operating systems are also designed for client computers and provide functions so
the distinction between network operating systems and standalone operating systems is not as
much as great.
2
Cont…
Security.
LANs were originally designed to connect a small number of computers into what later came
to be called a workgroup or peer to peer.
Computers running Microsoft operating systems in the same workgroup may share files,
printers, or Internet connection.
4
The Purpose of Workgroups in Computer Networking
In computer networking, a workgroup is a collection of computers on a local area network (LAN) that
share common resources and responsibilities. The term is most commonly associated with Microsoft
Windows workgroups but also applies to other environments.
However, while all three are similar, they don't function in the exact same way as domains and Home
Groups.
Microsoft Windows workgroups organize PCs as peer-to-peer local networks that facilitate easier
sharing of files, internet access, printers and other local network resources. Each computer that's a
member of the group can access the resources being shared by the others, and in turn, can share its
5
own resources if configured to do so.
Cont…
All Windows computers are automatically assigned to a default group named WORKGROUP
Admin users can change the workgroup name from Control Panel.
Note that workgroup names are managed separately from computer names.
To access shared resources on other PCs within its group, a user must know the name of the
workgroup that computer belongs to plus the username and password of an account on the
remote computer.
Windows workgroups can contain many computers but work best with 15 or fewer. As the
number of computers increases, a workgroup LAN eventually become very difficult to
administer and should be re-organized into multiple networks or a client-server network 6
Windows Workgroups vs Homegroups and Domains
Windows domains support client-server local networks. A specially configured computer
called the Domain Controller running a Windows Server operating system serves as a central
server for all clients.
Windows domains can handle much more computers than workgroups due to maintaining
centralized resource sharing and access control.
A client PC can belong only to a workgroup or to a Windows domain but not both - assigning
a computer to the domain automatically removes it from the workgroup.
7
Cont…
Home Groups are designed to simplify the management of workgroups for administrators,
particularly homeowners. Instead of requiring an administrator to manually set up shared user
accounts on every PC, Home Group security settings can be managed through one shared
login. Plus, Home Group communication is encrypted and makes it simple to share even single
files with other Home Group users.
Joining a Home Group does not remove a PC from its Windows workgroup; the two sharing
methods co-exist. Computers running versions of Windows older than Windows 7, however,
cannot be members of Home Groups.
8
Cont…
Note: Home Group settings can be found in Control Panel > Network and the Internet >
Home Group. You can join Windows to a domain through the same process undergone for
joining a workgroup; just choose the Domain option instead.
9
Domain
A domain, in the context of networking, refers to any group of users, workstations, devices,
printers, computers and database servers that share different types of data via network
resources.
In other words, a domain is a collection of objects that share the same database.
That means, in our workgroup example you would create one central Active Directory
database and connect workgroup computers 1 and 2 to this database domain.
10
Cont…
A domain has a domain controller that governs all basic domain functions and manages
network security.
Thus, a domain is used to manage all user functions, including username/password and shared
system resource authentication and access.
A domain is also used to assign specific resource privileges such as user accounts.
The advantage of the Domain is that all it makes user management much easier by sharing
access information to all systems in the domain. That ways you don’t have to define a user
account for everyone on every system, you simply create the user credentials once and that’s
its Domain networks are the norm for large corporate environments that have dedicated
servers. 11
Domain Name System
The Domain Name System (DNS) is basically a large database which resides on various computers and it
contains the names and IP addresses of various hosts on the internet and various domains.
The Domain Name System is used to provide information to the Domain Name Service to use when queries
are made. The service is the act of querying the database, and the system is the data structure and data itself.
The Domain Name System is similar to a file system in Unix starting with a root. Branches attach to the root
to create a huge set of paths. Each branch in the DNS is called a label. Each label can be 63 characters long,
but most are less. Each text word between the dots can be 63 characters in length, with the total domain
name (all the labels) limited to 255 bytes in overall length.
The domain name system database is divided into sections called zones. The name servers in their
respective zones are responsible for answering queries for their zones.
12
Cont…
A zone is a subtree of DNS and is administered separately. There are multiple name servers for
a zone. There is usually one primary nameserver and one or more secondary name servers. A
name server may be authoritative for more than one zone.
Structure and message format
At the top is what is called the root and it is the start of all other branches in the DNS tree. It is
designated with a period. Each branch moves down from level to level.
When referring to DNS addresses, they are referred to from the bottom up with the root
designator (period) at the far right. Example: "myhost.mycompany.com.".
13
14
Domain Name Servers (DNS)
Domain Name Servers (DNS) are the Internet's equivalent of a phone book.
They maintain a directory of domain names and translate them to Internet Protocol (IP)
addresses. This is necessary because, although domain names are easy for people to remember,
computers or machines, access websites based on IP addresses. Each computer on the Internet is
assigned a unique address, called an IP address. A typical IP address looks like this:
199.123.456.7
It is very difficult to keep in mind the IP addresses of all the websites we visit daily. Words are
easier to remember than strings of numbers. This is where domain names come into the picture.
When you visit a website, all you need to know is its URL. Computers remember numbers, and
DNS helps us convert the URL into an IP address that the computer can understand.
15
Cont…
• When you type in domain.com into your browser, the browser first needs to get the IP address
of www.domain.com. The browser contacts a DNS server to query the location of the server
where the webpages are stored. Think of it as a directory service of IP address.
• The domain name is the name of a network associated with an organization. For sites in the
United States, domain names typically take the form: org-name.org-type The org-type is usually
one of the following:
com indicates a commercial organization (e.g., a company)
edu indicates an educational organization
org indicates a general (often non-commercial) organization
gov indicates government agency such like U.S.
mil indicates a U.S. military site 16
Cont…
On the Internet, many communications programs deal only with IP addresses, yet allow their users to specify
machines in terms of their host names (or alias host names).
Or a program which already knows the IP address must determine the domain name for the network to which
the machine is connected. Such programs must somehow convert the host names into IP addresses (or vice
versa) behind the scenes. How do they achieve this translation between IP addresses and host names?
The mapping of host names to IP addresses is handled through a service called Domain Name Service (DNS).
Rather than require individual machines, applications, or users to keep up with the constant changes in host
names and IP addresses, a series of special DNS servers across the world (known as "name servers") keep
track of the name/address information for all the computers on the Internet.
Applications that need to determine an IP address from a host name (or vice versa) contact the local "name
server" to supply this information.
17
Cont…
For instance, if you use a web browser to check out the site "web.mit.edu", the program
actually first contacts your local DNS machine to obtain the IP-address that matches the host
name you provided; then the program uses that IP address to complete your request.
• DNS is used much more frequently than is usually supposed: virtually every activity that
moves information across the network (getting web documents, transferring files, sending or
receiving electronic mail) relies on DNS.
18
Continued!!
19
Domain Controllers
• It contains directory containing information about objects in
domain.
• On Microsoft Servers, a domain controller (DC) is a server
computer that responds to security authentication requests
(logging in, checking permissions, etc.) within a
Windows domain.
• It is a server on a Microsoft Windows or Windows network
that is responsible for allowing host access to Windows
domain resources.
20
Cont.
• A domain controller is the centerpiece of the Windows Active
Directory service.
• It authenticates users, stores user account information and enforces
security policy for a Windows domain.
• A domain controller gives access to another domain in a trust
relationship so that a user logging into a domain can access resources
in another domain.
• If the server performing the domain controller role is lost, the domain
can still function.
• If the primary domain controller is not available, the administrator can
designate an alternate domain controller to assume the role.
21
Cont…
22
Cont…
23
Fig 2.2 Subdomain controller
24
Domain Controllers, Member Servers, and Domain Services
When you install Windows Server 2012 on a new system, you can
configure the server to be a member server, a domain controller, or
a standalone server.
The differences between these types of servers are extremely
important.
Member servers are part of a domain but don’t store directory
information.
Domain controllers are distinguished from member servers because
they store directory information and provide authentication and
directory services for the domain.
25
Cont.
27
Windows Active Directory
• Active Directory is hierarchical database enables administrators to
organize users and network resources to reflect the organization of the
environment in which it is used.
• For example, if a company identifies its users and resources primarily
by department or location, Active Directory can be configured to mirror
that structure.
• You can structure Active Directory and organize the objects
representing users and resources in a way that makes the most sense.
• Active Directory offers the following features, among others, that
make it a highly flexible directory service:
28
Cont…
29
Cont.
Active Directory replication is the transfer of information among
domain controllers to make sure all domain controllers have
consistent and up-to-date information.
Scalability—Advanced indexing technology provides high-
performance data access, whether Active Directory consists of a few
dozen or few million objects.
Security—Fine-grained access controls enable administrators to
control access to each directory object and its properties.
Active Directory also supports secure authentication protocols to
maximize compatibility with Internet applications and other systems.
30
Cont…
objects, such as user accounts and groups, but their properties can
solution.
Physical structure
Logical structure
32
Active Director’s Physical structure
33
Fig 2.4 The physical structure of Active Directory
34
Cont…
The physical structure consists of sites and servers configured as domain
controllers.
An Active Directory site is nothing more than a physical location in which
domain controllers communicate and replicate information regularly.
The main reasons for defining multiple sites are to control the frequency
of Active Directory replication and to assign policies based on physical
location.
36
Cont…
37
Cont..
Storing a copy of the domain data and replicating changes to that data
38
Active Directory’s Logical Structure
• A domain is defined as a logical group of network objects (computers,
users, devices) that share the same Active Directory database.
• A tree is a collection of one or more domains and domain trees in a
contiguous namespace, linked in a transitive trust hierarchy.
• At the top of the structure is the forest.
40
Active Directory
A directory service is a repository of information about the resources
—hardware, software, and human—that are connected to a network.
Users, computers, and applications throughout the network can
access the repository for a variety of purposes, including user
authentication, storage of configuration data.
Active Directory, on the other hand, stores all of the domain
information in a common and searchable format.
41
Cont..
42
Cont…
Active Directory provides the following network services:
Lightweight Directory Access Protocol (LDAP) – An open standard used to
access other directory services
Security service using the principles of Secure Sockets Layer (SSL) and
Kerberos-based authentication
43
The Role of a Directory Service
45