|
|
NET 121b: Essentials of Networking
Chapter 10: Internetworking Servers
Objectives:
This chapter discusses features of several types of servers that provide
network services. The objectives important to this chapter are:
- Servers and services
- Common server types
- Protocols used by different servers
- Commonly used daemons
- Pros and cons of several servers
Concepts:
The chapter begins with the information that the word server can
mean a particular computer, but more often it means a program
running on that computer that provides specific kinds of network services.
Classic descriptions of network services list five types:
- File services
- Print services
- Message services
- Application services
- Database services
File Services
- File Transfer - This is the ability to copy and share files
across a network. Before networks, it was necessary to copy files to
disk or tape to move a file from one computer to another. Having to
physically carry the disks from machine to machine gave us the phrase
"sneaker net".
- File Storage and Data Migration - Files may be stored
on media immediately accessible by a computer, like a hard drive.
This is called online storage.
Files may also be stored in larger media than hard drives, like tape
carousels and jukeboxes, that take a few moments for the automated
functions of a system to load on request. This is called nearline
storage. No user intervention is required to load the tape in nearline
storage, since it is automated.
Offline storage is when files are stored on disks or tapes that
have to be physically loaded into a machine by an operator
before they are available to the system.
- File Update Synchronization - This is a function that is needed
when multiple users access copies of shared data files separately, and
the changes made by each user need to be incorporated into all copies
of the file. The system may determine which file is the most recently
changed and copy it over all other copies. This does not necessarily
incorporate all changes, so user intervention is often necessary, unless
care is taken to make sure that two copies of a file are not changed
differently by two users before synchronization takes place.
- File Archiving - This is another term for file backup.
It is the practice of making a safety copy of files. On a network, an
operator may be able to backup several servers at once, instead of having
to travel to each one.
Print Services
- Providing Multiple Access - A printer has, at best, two interfaces
for user input. Most companies will not want to buy a printer for each
employee. Sharing printers on a network makes much more sense,
because you will use one interface (where the network connects to the
printer) and any network user may send print jobs to it.
- Eliminating Device Constraints - Printer cables are
required to be rather short. This limits the location
of printers. Network cables eliminate this problem, since they
can be longer. Networked printers may be located in central areas.
- Handling and Queuing Simultaneous Requests - Most users
will not send print jobs at the same time, but in any large organization
simultaneous requests will happen, due to size or workflow. The
network stores requests in queues or buffers, and processes
them as the printers become ready for new jobs.
- Sharing Specialized Equipment - Special printers, like color
lasers, high speed and special format printers are expensive. Sharing
them on a network can grant or restrict access to them
as necessary for the organization.
- Network Fax Service - Sending a print job to a networked fax
machine is more efficient than printing an image, scanning it
into the fax and sending it to the recipient. It saves steps
and is easily available to more users. It also sends a clearer,
cleaner image than the older method.
Message Services
- Electronic Mail - The purpose of e-mail is to send
messages. Current applications also include viewers, schedulers, and
such. Critical features are the ability to present different
file formats, and to transport the message based on where the
sender and recipient are in the network.
- Integrated E-mail and Voice Mail - Voice mail systems
run on specialized computers. Integrating them with the network
may eventually lead to hearing a text message over a phone or reading
a text version of a phone message on a screen.
- Object Oriented Applications - Message services are used by
objects to pass information back and forth. Objects are like
program components that interact with each other in a system to keep
from having to repeat the same computer code over and over in many applications.
- Workgroup Applications - two types of these applications are
discussed:
- Workflow management - This kind of application can eliminate
paper flow by sending electronic forms to people on the network.
They fill out the form and it is sent to whoever needs it.
- Linked-object documents - This type of document shares information
with other sources, like the Object Linking and Embedding process
used in Microsoft Office documents. Messaging services are used
to update charts, figures and other parts of the document from actual
sources.
- Directory Services - Also called Directory Synchronization,
this service tracks information about resources on the network, and
constantly updates directories that retain information about location,
address routing and other network related data.
Application Services
Application services perform some processing tasks for
clients. Two ways they do this:
- Coordinate hardware and software, determining where best to run a
utility or application.
- Increase network capabilities by making more power available to more
users.
Database Services
The last classic type is Database Services. This is different from file
services, in that information is stored and retrieved, not
files. Using specialized servers, client-server databases optimize
tasks by having the client formulate the data requests,
and processing the information returned (called manipulation
and presentation). The server receives the requests,
searches the information storage and passes it back to the
client.
The text presents several other server types:
HTTP Servers
HTTP servers are usually called web servers. HTTP is the protocol used
for most web requests. As already discussed in the text, the standard
port for HTTP is port 80. The transmission of any file by an HTTP
server will include a label about the file's MIME (Multipurpose
Internet Mail Extension) type. Think of a MIME type as a reference
to what application to use to open, read, or process a file.
Web servers are typically configured with a one or more default page
names. This makes it easier to create a URL to the starting point of a
web site. You lead people to a site with enough information to get to
the directory the site starts in, but you leave off the name of
the starting file. The server then delivers the file in that directory
that has the default name. This does not save much typing for the user,
but it helps.
Another feature that allows simplifications for users is the use of aliases.
You can configure the server to point to any drive or subdirectory it
has access to when the user browses to a particular URL. This allows you
to create links that look like they are all in one file structure even
if they are not.
When setting up a web site, you must take care to grant the permissions
needed to users of the site. Most web sites are on UNIX systems, which
have only three kinds of permissions: read, write, and execute.
If you grant read permissions to users, they can read web pages, but not
execute programs on the site. If you grant execute permissions
to specific files, you will also need to grant execute permissions
to the directories that hold those files. This seems odd, but it
is true.
Access to web sites can be granted through passwords or other
authentication. Sites that require passwords typically use some form of
encryption.
The text offers a list of commonly used web servers: Apache is
often used on UNIX systems, and on Microsoft servers as well. Internet
Information Server (IIS) is a Microsoft product, meant to run
on NT, Windows 2000, Windows 2003, and later Microsoft servers.
Proxy Servers
A proxy server can perform several functions. We have discussed the Network
Address Translation (NAT) function. Another is providing firewall
service. The text explains this as preventing your internal users from
access some outside resources, and preventing outside users from accessing
some internal resources.
A proxy server can also provide a cache of web pages that your
internal users have accessed, in order to provide a faster delivery of
them later. This sounds good, but it is not useful for pages that are
dynamic in nature. It would be fine to cache reference works, but not
very practical to cache weather data.
Mail Servers
Standard Internet mail protocols are supported by different servers.
POP servers, IMAP servers, and SMTP servers are all possible. These do
not replace the actual mail application programs that might be used, such
as Microsoft Exchange, Novell GroupWise, or UNIX programs like Pine and
Elm.
DNS Servers
DNS service has been discussed already. The server that provides Domain
Name Service is part of a hierarchy of servers, each of which can
refer to another server for information it does not have itself.
The text says that this server runs as a daemon.
The origin of the phrase may come from James Clerk Maxwell, who explained
a physics phenomenon with a metaphor about a demon
(daemon) that sat in the background and waited for opportunities to carry
out the tasks it was charged with. Any program that runs in the background,
waiting to be called forth for its appointed task can be called a daemon.
On UNIX and Novell systems, the program that is the DNS server is called
named. It is common on a UNIX system for the name of a daemon program
to end in the letter d. Examples: smtpd, telnetd, and named
are all UNIX daemon programs for the protocols suggested by the first
parts of their names.
FTP Server
File Transfer Protocol is the most common kind of file service
provided in an Internet environment. The text notes that FTP service can
include the security of user IDs and passwords, but it warns that FTP
itself will send the ID and password in plain text. This lack of encryption
makes simple FTP unacceptable for secure transmissions.
News Servers
A News server uses Network News Transfer Protocol (NNTP)
to provide information to newsgroups. A newsgroup is similar to a mailing
list: you can be added to it, to have information sent to you regularly.
You can also browse news storage on the net, and add to it yourself. Since
newsgroup information can be monitored, but is not guaranteed to be accurate,
it should not be considered authoritative.
Certificate Servers
To understand a Certificate Server, you have to understand public and
private key cryptography. A key is an algorithm, a method of turning plain
text into encrypted text, and vice versa. Keys are also used to encrypt
and decrypt messages. In a private key system, the senders
and receivers of messages all use the same key.
Public key cryptography is an encoding scheme that assigns every user
two keys. These keys are used to prove the identity of the
sender of a message. This is its method of authentication.
Messages sent across IP networks can easily be intercepted, and are subject
to eavesdropping. It is a good idea to use encryption for any transmission
of a financial or sensitive nature.
The public key method uses two different keys. Either of
the keys can be used to encrypt a message. Whichever key is used
to encrypt the message, the other key must be used to decrypt
it. One of the two keys is called a user's public key. This key
is delivered to anyone who needs it, and is used to decrypt messages that
were encrypted with the user's other key, the private key. (The
private key is never given to anyone except the key's owner.) This
method proves to message recipients that the message originated from the
owner of the private key. Likewise, messages sent to
the owner can be encrypted with the public key, and
can only be decrypted with the owner's private key, ensuring
security.
The process of delivering public keys to people who need them is a problem.
How do you know that the proof you are accepting is reliable? Public keys
need to be verified by a Certificate Authority (CA).
Novell and other Network vendors provide a CA in their Certificate
Servers. Now the terminology changes a bit. Messages may be sent to
a server/provider with a digital signature. A user can create a
digital signature with their private key, and register that digital signature
with a Certificate Authority. The signature may also be created by the
CA and delivered to the user, since the CA may be the source of both of
the user's keys.
Example: A user sends a message to an online vendor, including
a digital signature, created with the user's private key. That signature
may be verified with the CA that the user is registered with. The CA receives
a request for verification from the vendor and checks out the signature.
If the signature is valid, the CA then sends an encrypted message to the
vendor including the public key of the original user, allowing the vendor
to read the digital signature. In this way, the vendor does not get the
user's information until it has been established that the message is really
from the user.
Encryption can also be done strictly with public and private keys.
Consider buying something online, using a web browser. The buyer is sent
the public key of the store through the browser. The browser encrypts
the buyer's credit card data, and sends to the store's server. The server
decrypts the data using the store's private key. (A problem
exists here: the store has no way to send encrypted data back to the buyer,
unless the buyer has a public and private key of his/her own. So, a key
pair can be created for the buyer as well.)
More terminology: a public key certificate is a digital message
signed with a private key. A public key certificate is generated by a
trusted entity, as described above, called a certificate authority (CA).
Public key certificates can also be called digital public key certificates,
digital IDs, digital passports, or certificates.
Directory Servers
Directory services are discussed above. The text adds the ideas that
directories of services can include lists of the other kinds of servers,
lists of users and resources, and pointers to resources.
Choosing Products
The text discusses several features of products that might influence
you choice to use one or another competing product. For example, Apache
is free, but it is not supported by any particular company. IIS is called
free, but you need a Microsoft server to run it on. On the other hand,
you can get support for it from a very large vendor. The question of support
may lead you to choose a commercial product instead of an open source
product.
Another feature to base a decision on is complexity. It makes
little sense to buy a product that will take months to learn, if you have
no time to do so, or if you do not need the complexity of the product.
In the same vein, the complex product may be much more scalable,
able to grow with your needs. If this is more important, you should consider
the longer learning curve as a necessary evil.
|