NET 121b: Essentials of Networking

Chapter 10: Internetworking Servers

Objectives:

This chapter discusses features of several types of servers that provide network services. The objectives important to this chapter are:

  1. Servers and services
  2. Common server types
  3. Protocols used by different servers
  4. Commonly used daemons
  5. Pros and cons of several servers
Concepts:

The chapter begins with the information that the word server can mean a particular computer, but more often it means a program running on that computer that provides specific kinds of network services.

Classic descriptions of network services list five types:

  • File services
  • Print services
  • Message services
  • Application services
  • Database services

File Services
  • File Transfer - This is the ability to copy and share files across a network. Before networks, it was necessary to copy files to disk or tape to move a file from one computer to another. Having to physically carry the disks from machine to machine gave us the phrase "sneaker net".
  • File Storage and Data Migration - Files may be stored on media immediately accessible by a computer, like a hard drive. This is called online storage.
    Files may also be stored in larger media than hard drives, like tape carousels and jukeboxes, that take a few moments for the automated functions of a system to load on request. This is called nearline storage. No user intervention is required to load the tape in nearline storage, since it is automated.
    Offline storage is when files are stored on disks or tapes that have to be physically loaded into a machine by an operator before they are available to the system.
  • File Update Synchronization - This is a function that is needed when multiple users access copies of shared data files separately, and the changes made by each user need to be incorporated into all copies of the file. The system may determine which file is the most recently changed and copy it over all other copies. This does not necessarily incorporate all changes, so user intervention is often necessary, unless care is taken to make sure that two copies of a file are not changed differently by two users before synchronization takes place.
  • File Archiving - This is another term for file backup. It is the practice of making a safety copy of files. On a network, an operator may be able to backup several servers at once, instead of having to travel to each one.

Print Services
  • Providing Multiple Access - A printer has, at best, two interfaces for user input. Most companies will not want to buy a printer for each employee. Sharing printers on a network makes much more sense, because you will use one interface (where the network connects to the printer) and any network user may send print jobs to it.
  • Eliminating Device Constraints - Printer cables are required to be rather short. This limits the location of printers. Network cables eliminate this problem, since they can be longer. Networked printers may be located in central areas.
  • Handling and Queuing Simultaneous Requests - Most users will not send print jobs at the same time, but in any large organization simultaneous requests will happen, due to size or workflow. The network stores requests in queues or buffers, and processes them as the printers become ready for new jobs.
  • Sharing Specialized Equipment - Special printers, like color lasers, high speed and special format printers are expensive. Sharing them on a network can grant or restrict access to them as necessary for the organization.
  • Network Fax Service - Sending a print job to a networked fax machine is more efficient than printing an image, scanning it into the fax and sending it to the recipient. It saves steps and is easily available to more users. It also sends a clearer, cleaner image than the older method.
Message Services
  • Electronic Mail - The purpose of e-mail is to send messages. Current applications also include viewers, schedulers, and such. Critical features are the ability to present different file formats, and to transport the message based on where the sender and recipient are in the network.
  • Integrated E-mail and Voice Mail - Voice mail systems run on specialized computers. Integrating them with the network may eventually lead to hearing a text message over a phone or reading a text version of a phone message on a screen.
  • Object Oriented Applications - Message services are used by objects to pass information back and forth. Objects are like program components that interact with each other in a system to keep from having to repeat the same computer code over and over in many applications.
  • Workgroup Applications - two types of these applications are discussed:
    • Workflow management - This kind of application can eliminate paper flow by sending electronic forms to people on the network. They fill out the form and it is sent to whoever needs it.
    • Linked-object documents - This type of document shares information with other sources, like the Object Linking and Embedding process used in Microsoft Office documents. Messaging services are used to update charts, figures and other parts of the document from actual sources.
  • Directory Services - Also called Directory Synchronization, this service tracks information about resources on the network, and constantly updates directories that retain information about location, address routing and other network related data.
Application Services

Application services perform some processing tasks for clients. Two ways they do this:

  • Coordinate hardware and software, determining where best to run a utility or application.
  • Increase network capabilities by making more power available to more users.
Database Services

The last classic type is Database Services. This is different from file services, in that information is stored and retrieved, not files. Using specialized servers, client-server databases optimize tasks by having the client formulate the data requests, and processing the information returned (called manipulation and presentation). The server receives the requests, searches the information storage and passes it back to the client.

The text presents several other server types:

HTTP Servers

HTTP servers are usually called web servers. HTTP is the protocol used for most web requests. As already discussed in the text, the standard port for HTTP is port 80. The transmission of any file by an HTTP server will include a label about the file's MIME (Multipurpose Internet Mail Extension) type. Think of a MIME type as a reference to what application to use to open, read, or process a file.

Web servers are typically configured with a one or more default page names. This makes it easier to create a URL to the starting point of a web site. You lead people to a site with enough information to get to the directory the site starts in, but you leave off the name of the starting file. The server then delivers the file in that directory that has the default name. This does not save much typing for the user, but it helps.

Another feature that allows simplifications for users is the use of aliases. You can configure the server to point to any drive or subdirectory it has access to when the user browses to a particular URL. This allows you to create links that look like they are all in one file structure even if they are not.

When setting up a web site, you must take care to grant the permissions needed to users of the site. Most web sites are on UNIX systems, which have only three kinds of permissions: read, write, and execute. If you grant read permissions to users, they can read web pages, but not execute programs on the site. If you grant execute permissions to specific files, you will also need to grant execute permissions to the directories that hold those files. This seems odd, but it is true.

Access to web sites can be granted through passwords or other authentication. Sites that require passwords typically use some form of encryption.

The text offers a list of commonly used web servers: Apache is often used on UNIX systems, and on Microsoft servers as well. Internet Information Server (IIS) is a Microsoft product, meant to run on NT, Windows 2000, Windows 2003, and later Microsoft servers.

Proxy Servers

A proxy server can perform several functions. We have discussed the Network Address Translation (NAT) function. Another is providing firewall service. The text explains this as preventing your internal users from access some outside resources, and preventing outside users from accessing some internal resources.

A proxy server can also provide a cache of web pages that your internal users have accessed, in order to provide a faster delivery of them later. This sounds good, but it is not useful for pages that are dynamic in nature. It would be fine to cache reference works, but not very practical to cache weather data.

Mail Servers

Standard Internet mail protocols are supported by different servers. POP servers, IMAP servers, and SMTP servers are all possible. These do not replace the actual mail application programs that might be used, such as Microsoft Exchange, Novell GroupWise, or UNIX programs like Pine and Elm.

DNS Servers

DNS service has been discussed already. The server that provides Domain Name Service is part of a hierarchy of servers, each of which can refer to another server for information it does not have itself.

The text says that this server runs as a daemon. The origin of the phrase may come from James Clerk Maxwell, who explained a physics phenomenon with a metaphor about a demon (daemon) that sat in the background and waited for opportunities to carry out the tasks it was charged with. Any program that runs in the background, waiting to be called forth for its appointed task can be called a daemon.

On UNIX and Novell systems, the program that is the DNS server is called named. It is common on a UNIX system for the name of a daemon program to end in the letter d. Examples: smtpd, telnetd, and named are all UNIX daemon programs for the protocols suggested by the first parts of their names.

FTP Server

File Transfer Protocol is the most common kind of file service provided in an Internet environment. The text notes that FTP service can include the security of user IDs and passwords, but it warns that FTP itself will send the ID and password in plain text. This lack of encryption makes simple FTP unacceptable for secure transmissions.

News Servers

A News server uses Network News Transfer Protocol (NNTP) to provide information to newsgroups. A newsgroup is similar to a mailing list: you can be added to it, to have information sent to you regularly. You can also browse news storage on the net, and add to it yourself. Since newsgroup information can be monitored, but is not guaranteed to be accurate, it should not be considered authoritative.

Certificate Servers

To understand a Certificate Server, you have to understand public and private key cryptography. A key is an algorithm, a method of turning plain text into encrypted text, and vice versa. Keys are also used to encrypt and decrypt messages. In a private key system, the senders and receivers of messages all use the same key.

Public key cryptography is an encoding scheme that assigns every user two keys. These keys are used to prove the identity of the sender of a message. This is its method of authentication.

Messages sent across IP networks can easily be intercepted, and are subject to eavesdropping. It is a good idea to use encryption for any transmission of a financial or sensitive nature.

The public key method uses two different keys. Either of the keys can be used to encrypt a message. Whichever key is used to encrypt the message, the other key must be used to decrypt it. One of the two keys is called a user's public key. This key is delivered to anyone who needs it, and is used to decrypt messages that were encrypted with the user's other key, the private key. (The private key is never given to anyone except the key's owner.) This method proves to message recipients that the message originated from the owner of the private key. Likewise, messages sent to the owner can be encrypted with the public key, and can only be decrypted with the owner's private key, ensuring security.

The process of delivering public keys to people who need them is a problem. How do you know that the proof you are accepting is reliable? Public keys need to be verified by a Certificate Authority (CA).

Novell and other Network vendors provide a CA in their Certificate Servers. Now the terminology changes a bit. Messages may be sent to a server/provider with a digital signature. A user can create a digital signature with their private key, and register that digital signature with a Certificate Authority. The signature may also be created by the CA and delivered to the user, since the CA may be the source of both of the user's keys.

Example: A user sends a message to an online vendor, including a digital signature, created with the user's private key. That signature may be verified with the CA that the user is registered with. The CA receives a request for verification from the vendor and checks out the signature. If the signature is valid, the CA then sends an encrypted message to the vendor including the public key of the original user, allowing the vendor to read the digital signature. In this way, the vendor does not get the user's information until it has been established that the message is really from the user.

Encryption can also be done strictly with public and private keys. Consider buying something online, using a web browser. The buyer is sent the public key of the store through the browser. The browser encrypts the buyer's credit card data, and sends to the store's server. The server decrypts the data using the store's private key. (A problem exists here: the store has no way to send encrypted data back to the buyer, unless the buyer has a public and private key of his/her own. So, a key pair can be created for the buyer as well.)

More terminology: a public key certificate is a digital message signed with a private key. A public key certificate is generated by a trusted entity, as described above, called a certificate authority (CA). Public key certificates can also be called digital public key certificates, digital IDs, digital passports, or certificates.

Directory Servers

Directory services are discussed above. The text adds the ideas that directories of services can include lists of the other kinds of servers, lists of users and resources, and pointers to resources.

Choosing Products

The text discusses several features of products that might influence you choice to use one or another competing product. For example, Apache is free, but it is not supported by any particular company. IIS is called free, but you need a Microsoft server to run it on. On the other hand, you can get support for it from a very large vendor. The question of support may lead you to choose a commercial product instead of an open source product.

Another feature to base a decision on is complexity. It makes little sense to buy a product that will take months to learn, if you have no time to do so, or if you do not need the complexity of the product. In the same vein, the complex product may be much more scalable, able to grow with your needs. If this is more important, you should consider the longer learning curve as a necessary evil.