Professional Documents
Culture Documents
Microsoft Press
A Division of Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052-6399
Copyright © 2002 by Microsoft Corporation
All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form
or by any means without the written permission of the publisher.
Library of Congress Cataloging-in-Publication Data
Tulloch, Mitch.
Microsoft Encyclopedia of Networking, Second Edition / Mitch Tulloch, Ingrid Tulloch.--2nd ed.
p. cm.
Includes index.
ISBN 0-7356-1378-8
1. Computer networks--Encyclopedias. I. Tulloch, Ingrid. II. Title.
v
Contents
802.6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 802.16 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
802.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 802.17 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
802.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 1000BaseCX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
802.9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 1000BaseLX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
802.10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 1000BaseSX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
802.11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 1000BaseT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
802.11a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 1000BaseTX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
802.11b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 1000BaseX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
802.12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 1394 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
802.13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 1822 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
802.14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 3270 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
802.15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 5250 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
A
A+ Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
A record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 ACM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
A6 record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 ACPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
AAA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 ACR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
AAAA record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Active Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
AAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Active Digital Profile (ADPr) . . . . . . . . . . . . . . . . . 55
AATP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Abilene . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Active Directory Client . . . . . . . . . . . . . . . . . . . . . . 58
absolute path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Active Directory Domains and Trusts . . . . . . . . . . . 58
Abstract Syntax Notation One (ASN.1) . . . . . . . . . 41 Active Directory Installation Wizard . . . . . . . . . . . 58
acceptable use policy . . . . . . . . . . . . . . . . . . . . . . . . 42 Active Directory schema . . . . . . . . . . . . . . . . . . . . . 60
access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Active Directory Service Interfaces (ADSI) . . . . . . 60
access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Active Directory Sites and Services . . . . . . . . . . . . 61
access control entry (ACE) . . . . . . . . . . . . . . . . . . . 44 Active Directory Users and Computers . . . . . . . . . . 62
access control list (ACL) . . . . . . . . . . . . . . . . . . . . . 44 active hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Accessibility Options . . . . . . . . . . . . . . . . . . . . . . . 45 active partition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Accessibility Wizard . . . . . . . . . . . . . . . . . . . . . . . . 46 Active Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
access list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 active scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
access mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Active Server Pages (ASP) . . . . . . . . . . . . . . . . . . . 63
access method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Active Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
access mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 active volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
access point (AP) . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 active window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
access provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 ActiveX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
access token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 ActiveX component . . . . . . . . . . . . . . . . . . . . . . . . . 65
account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 ActiveX controls . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
account domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 ActiveX Data Objects (ADO) . . . . . . . . . . . . . . . . . 66
account lockout . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
account operator . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 adaptive acceleration . . . . . . . . . . . . . . . . . . . . . . . . 68
Account Operators group . . . . . . . . . . . . . . . . . . . . 53 Adaptive Differential Pulse-Code
ACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Modulation (ADPCM) . . . . . . . . . . . . . . . . . . . 68
ACK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 ADC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
vi
Contents
vii
Contents
viii
Contents
ix
Contents
x
Contents
xi
Contents
xii
Contents
xiii
Contents
xiv
Contents
xv
Contents
xvi
Contents
xvii
Contents
xviii
Contents
xix
Contents
Integrated Services Digital Network (ISDN) . . . . 600 Internet Mail Access Protocol
Integrated Windows Authentication . . . . . . . . . . . 605 version 4 (IMAP4) . . . . . . . . . . . . . . . . . . . . . 627
Intel-based platform . . . . . . . . . . . . . . . . . . . . . . . 605 Internet Printing Protocol (IPP) . . . . . . . . . . . . . . 628
intelligent hub. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605 Internet Protocol (IP) . . . . . . . . . . . . . . . . . . . . . . . 628
Intelligent Input/Output (I2O) . . . . . . . . . . . . . . . . 605 Internet protocols . . . . . . . . . . . . . . . . . . . . . . . . . 629
IntelliMirror . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 Internet Protocol Security (IPsec) . . . . . . . . . . . . . 630
Interactive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 Internet Relay Chat (IRC) . . . . . . . . . . . . . . . . . . . 631
interactive logon . . . . . . . . . . . . . . . . . . . . . . . . . . 606 Internet Research Task Force (IRTF) . . . . . . . . . . 632
inter-exchange carrier (IXC) . . . . . . . . . . . . . . . . . 607 Internet Security and Acceleration
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608 Server (ISA Server) . . . . . . . . . . . . . . . . . . . . 632
interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609 Internet Server API (ISAPI) . . . . . . . . . . . . . . . . . 632
interface converter . . . . . . . . . . . . . . . . . . . . . . . . . 609 Internet service provider (ISP) . . . . . . . . . . . . . . . 633
interference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610 Internet Society (ISOC) . . . . . . . . . . . . . . . . . . . . . 634
Interim Interswitch Signaling Protocol (IISP) . . . 610 internetwork . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 634
Interior Border Gateway Protocol (IBGP) . . . . . . 611 Internetwork Operating System (IOS) . . . . . . . . . 634
interior gateway protocol (IGP) . . . . . . . . . . . . . . 611 Internetwork Packet Exchange (IPX) . . . . . . . . . . 636
Interior Gateway Routing Protocol (IGRP) . . . . . 611 interprocess communication (IPC) . . . . . . . . . . . . 637
interior routing protocol . . . . . . . . . . . . . . . . . . . . 612 Inter-Switch Link (ISL) . . . . . . . . . . . . . . . . . . . . . 638
intermediary device . . . . . . . . . . . . . . . . . . . . . . . . 612 intranet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638
Intermediate Language (IL) . . . . . . . . . . . . . . . . . 613 intrusion detection system (IDS) . . . . . . . . . . . . . . 638
International Mobile inverse multiplexer (IMUX) . . . . . . . . . . . . . . . . . 640
Telecommunications-2000 (IMT-2000) . . . . . 613 inverse multiplexing . . . . . . . . . . . . . . . . . . . . . . . 640
International Organization for Inverse Multiplexing over ATM (IMA) . . . . . . . . . 641
Standardization (ISO) . . . . . . . . . . . . . . . . . . 614 inverse query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
International Telecommunication Union (ITU) . . 615 IOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642
Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615 IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642
Internet2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617 IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642
Internet access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617 IP/ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643
Internet Architecture Board (IAB) . . . . . . . . . . . . 618 IPC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643
Internet Assigned Numbers Authority (IANA) . . . 618 Ipconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643
Internet Cache Protocol (ICP) . . . . . . . . . . . . . . . . 619 IP Fax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
Internet Connection Firewall (ICF) . . . . . . . . . . . . 619 IPng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
Internet Control Message Protocol (ICMP) . . . . . 620 IP over ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
Internet Corporation for Assigned IPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
Names and Numbers (ICANN) . . . . . . . . . . . 621 IP PBX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
Internet Engineering Task Force (IETF) . . . . . . . . 621 IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
Internet Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . 622 IP storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
Internet Explorer Administration Kit (IEAK) . . . . 622 IP telephony . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646
Internet File System (iFS) . . . . . . . . . . . . . . . . . . . 623 IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646
Internet Group Management Protocol (IGMP) . . . 623 IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646
Internet guest account . . . . . . . . . . . . . . . . . . . . . . 624 IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
Internet Information Services (IIS) . . . . . . . . . . . . 625 IPX/SPX-Compatible Protocol . . . . . . . . . . . . . . . 647
Internet Inter-Orb Protocol (IIOP) . . . . . . . . . . . . 626 IRC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
Internet Key Exchange (IKE) . . . . . . . . . . . . . . . . 626 IrDA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
Internet Locator Service (ILS) . . . . . . . . . . . . . . . 626 IrDA Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
xx
Contents
xxi
Contents
xxii
Contents
xxiii
Contents
xxiv
Contents
xxv
Contents
O
OASIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875 Open Shortest Path First (OSPF) . . . . . . . . . . . . . 884
object (Active Directory) . . . . . . . . . . . . . . . . . . . . 875 open source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 887
object identifier (OID) . . . . . . . . . . . . . . . . . . . . . . 876 Open Systems Interconnection (OSI)
object linking and embedding (OLE) . . . . . . . . . . 877 reference model . . . . . . . . . . . . . . . . . . . . . . . 888
object (programming) . . . . . . . . . . . . . . . . . . . . . . 878 optical carrier (OC-x) level . . . . . . . . . . . . . . . . . . 890
OBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878 optical Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . 890
OCSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878 optical networking . . . . . . . . . . . . . . . . . . . . . . . . . 890
OC-x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878 opto isolator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 891
ODBC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878 Orange Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 892
ODI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878 organizational unit (OU) . . . . . . . . . . . . . . . . . . . . 893
OFDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878 Organization for the Advancement of
offline browsing . . . . . . . . . . . . . . . . . . . . . . . . . . 878 Structured Information Systems (OASIS) . . . 894
Offline Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 879 Orthogonal Frequency Division
OID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 879 Multiplexing (OFDM) . . . . . . . . . . . . . . . . . . 895
OLAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 879 OS/2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895
OLE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 879 OSI model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895
OLE DB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 879 OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895
OLE DB for OLAP . . . . . . . . . . . . . . . . . . . . . . . . 881 OS X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 896
online analytical processing (OLAP) . . . . . . . . . . 881 OU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 896
Online Certificate Status Protocol (OCSP) . . . . . . 882 Outlook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 896
OnNow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 882 Outlook Express . . . . . . . . . . . . . . . . . . . . . . . . . . 896
OOB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883 out-of-band management (OBM) . . . . . . . . . . . . . 897
OpenBSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883 out-of-band (OOB) signaling . . . . . . . . . . . . . . . . 898
open database connectivity (ODBC) . . . . . . . . . . . 883 outsourcing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 899
Open Data-link Interface (ODI) . . . . . . . . . . . . . . 884 owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 899
P
P2P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 901 partition (disk) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 911
P3P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 902 passive hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 911
package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 902 passive optical network (PON) . . . . . . . . . . . . . . . 911
packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903 passive termination . . . . . . . . . . . . . . . . . . . . . . . . 912
packet assembler/disassembler (PAD) . . . . . . . . . 903 pass-through authentication . . . . . . . . . . . . . . . . . 913
packet filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . 904 password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 913
packet forwarding . . . . . . . . . . . . . . . . . . . . . . . . . 906 Password Authentication Protocol (PAP) . . . . . . . 914
packet switching . . . . . . . . . . . . . . . . . . . . . . . . . . 906 PASTE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914
packet-switching services . . . . . . . . . . . . . . . . . . . 908 PAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914
PAD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 909 patch cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 914
PAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910 patch panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 915
PAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910 path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916
parallel transmission . . . . . . . . . . . . . . . . . . . . . . . 910 pathping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917
parent domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910 PBX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 918
parity information . . . . . . . . . . . . . . . . . . . . . . . . . 910 PCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 918
partition (Active Directory) . . . . . . . . . . . . . . . . . . 911 PCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 918
xxvi
Contents
xxvii
Contents
xxviii
Contents
xxix
Contents
xxx
Contents
xxxi
Contents
xxxii
Contents
V
V.35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1163 virtual memory . . . . . . . . . . . . . . . . . . . . . . . . . . 1174
V.90 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1163 virtual private network (VPN) . . . . . . . . . . . . . . . 1174
V.92 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1165 virtual server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1176
value entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1165 virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1177
variable-length subnet mask (VLSM) . . . . . . . . . 1166 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1179
VBScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1167 VLSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1180
vCalendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1168 Voice over IP (VoIP) . . . . . . . . . . . . . . . . . . . . . . 1180
vCard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1168 voice profile for Internet mail (VPIM) . . . . . . . . 1184
VDSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1168 VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1185
Very-high-rate Digital Subscriber Line VoIP gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1185
(VDSL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1168 volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1187
virtual circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1169 volume set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1187
virtual directory . . . . . . . . . . . . . . . . . . . . . . . . . . 1170 VPIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1187
virtual hosting . . . . . . . . . . . . . . . . . . . . . . . . . . . 1170 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1187
virtual LAN (VLAN) . . . . . . . . . . . . . . . . . . . . . 1170 V-series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1187
W
W3C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1189 Windows 3.11 . . . . . . . . . . . . . . . . . . . . . . . . . . . 1207
wall plate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1189 Windows 95 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1207
WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1190 Windows 98 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1209
WAN services . . . . . . . . . . . . . . . . . . . . . . . . . . . 1190 Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . 1209
WAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1191 Windows CE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1211
wavelength division multiplexing (WDM) . . . . . 1191 Windows commands . . . . . . . . . . . . . . . . . . . . . . 1212
WBEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1192 Windows Distributed interNet Applications
W-CDMA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1192 Architecture (Windows DNA) . . . . . . . . . . . 1214
WDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1192 Windows DNA . . . . . . . . . . . . . . . . . . . . . . . . . . 1215
Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1192 Windows Explorer . . . . . . . . . . . . . . . . . . . . . . . . 1215
Web application . . . . . . . . . . . . . . . . . . . . . . . . . . 1192 Windows for Workgroups . . . . . . . . . . . . . . . . . . 1216
Web-Based Enterprise Management Windows Internet Name Service (WINS) . . . . . . 1217
(WBEM) . . . . . . . . . . . . . . . . . . . . . . . . . . . 1192 Windows Management Instrumentation
Web browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1193 (WMI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1218
Web content switch . . . . . . . . . . . . . . . . . . . . . . . 1194 Windows Me (Windows Millennium
Web hosting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1194 Edition) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219
Web page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1195 Windows Millennium Edition
Web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1195 (Windows Me) . . . . . . . . . . . . . . . . . . . . . . . 1219
Web-to-host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1196 Windows .NET Server . . . . . . . . . . . . . . . . . . . . . 1219
well-known port numbers . . . . . . . . . . . . . . . . . . 1197 Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219
WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1203 Windows NT Challenge/Response
wide area network (WAN) . . . . . . . . . . . . . . . . . . 1203 Authentication . . . . . . . . . . . . . . . . . . . . . . . 1222
Wideband Code Division Multiple Windows NT Directory Services (NTDS) . . . . . 1222
Access (W-CDMA) . . . . . . . . . . . . . . . . . . . 1204 Windows NT LAN Manager Authentication . . . 1223
WiFi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1205 Windows Script Host (WSH) . . . . . . . . . . . . . . . 1223
Windows 3.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1205 Windows Sockets . . . . . . . . . . . . . . . . . . . . . . . . 1223
xxxiii
Contents
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1261
xxxiv
Acknowledgments
I would like to welcome and acknowledge my wife, Ingrid Tulloch, as co-author for this second edition of the
Microsoft Encyclopedia of Networking. Ingrid is a skilled researcher whose research has contributed extensively to
both this edition and the previous one, and I thank Microsoft Press for their willingness to recognize her contribution
to this project by adding her name next to mine.
My thanks also to the terrific team at Microsoft Press, including Juliana Aldous (Acquisions Editor) and Maureen
Zimmerman (Project Editor), and at nSight, especially Susan McClung (Project Manager), Ari Globerman and John
Panzarella (Technical Editors), and Joseph Gustaitis (Copy Editor).
Thanks to David L. Rogelberg and Neil Salkind, my agents at Studio B Literary Agency, and to all the other won-
derful people there.
Finally, thanks to my many readers and friends whose suggestions and comments regarding the first edition have
been incorporated into this new edition and have helped make it what it is—the BEST networking encylopedia
EVER!
Mitch Tulloch
www.mtit.com
xxxv
Preface to the
Second Edition
Welcome to the second edition of the popular Microsoft frequently divided into a number of different sub-
Encyclopedia of Networking, the premier resource for sections for greater clarity and more logical treat-
network architects, system engineers, network adminis- ment of the subject. Headings for these subsections
trators, and IT professionals. The purpose of this Pref- include Overview, History, Types, Uses, Com-
ace is to briefly describe the new and exciting changes parison, Architecture, Implementation, Examples,
found in this new edition, which can be summarized by Advantages and Disadvantages, Issues, Notes, and
the simple word more. Specifically, in this new edition For More Information.
of this encyclopedia you’ll find
● More coverage of key platforms. Coverage of the
● More coverage of key networking concepts and Microsoft Windows NT platform and applications
technologies. We’ve added hundreds of new arti- has been de-emphasized in this edition to make
cles covering the latest networking technologies, room for coverage of Windows 2000, Windows XP,
including wireless networking, 3G cellular commu- and Microsoft’s new .NET framework. In addition,
nication, broadband Internet access, LAN-host inte- increased coverage of popular UNIX platforms
gration, network management, network security, and open-source technologies such as Linux and
network troubleshooting, disaster recovery, enter- Apache has been included. Overall, this new edition
prise applications, P2P technologies, virus protec- is less Microsoft-centric than the first edition, and
tion, carriers and service providers, and e-business instead focuses more on general networking con-
standards and technologies. In addition, coverage cepts, technologies, and services with fair cover-
of basic networking standards, protocols, architec- age of competing platforms from many different
tures, and technologies has been enhanced and vendors.
extended throughout the work by including new
● Up-to-date coverage of standards, products, and
articles on cabling standards, routing protocols,
services. The networking world has changed con-
security protocols, signal encoding methods,
siderably since the first edition of this encyclopedia
encryption schemes, component architectures,
came out, with the Application Services Provider
WAN services, multilayer switching, tape formats,
marketplace exploding and then imploding, home-
multiplexing methods, remote access, terminal-
grown intranets evolving into powerful Enterprise
based computing, Voice over IP, and the organiza-
Knowledge Portals, Token Ring and FDDI going
tion and operation of the Internet. And that’s only
the way of the dinosaur, 3G expectations being
scratching the surface!
replaced by 2.5G realities, XML standards prolifer-
● More depth of coverage in key articles. Essential ating but failing to displace EDI in the marketplace,
technologies and standards, such as 802.11b wire- and new vendors and service providers appearing,
less, ATM, Bluetooth, cellular communications, merging, and going bankrupt faster than fruit flies
Classless Interdomain Routing, DSL, DNS, Ether- can multiply. As a result of these changes, every
net, frame relay, Gigabit Ethernet, GSM, and ISDN, article in this work has been thoroughly revised and
are covered in much more detail than they were in updated to include the latest and most accurate
the first edition. In addition to a brief definition information possible. In addition, many articles
and overview of the subject, longer articles are include two special subsections: Marketplace,
xxxvii
Preface to the Second Edition
xxxviii
Introduction
Welcome to the second edition of the Microsoft Ency- could also focus our discussion on the different types of
clopedia of Networking, a general survey of computer networks, including
networking concepts, technologies, and services. This
● Personal area networks (PANs), once the stuff of
work is intended to be a comprehensive, accurate, and
science fiction but rapidly becoming a reality as the
up-to-date resource for students, system engineers,
mobile knowledge workers of today carry around
network administrators, IT (information technology)
an array of cell phones, Personal Digital Assistants
implementers, and computing professionals from all
(PDAs), pagers, and other small devices
walks of life. Before we outline this work’s scope and
coverage, we will ask a simple question that is surpris- ● Local area networks (LANs), which can range from
ingly difficult to answer: what is networking? a few desktop workstations in a Small Office/Home
Office (SOHO) to several thousand workstations
and dozens of servers deployed throughout dozens
What Is Networking?
of buildings on a university campus or in an indus-
In the simplest sense, networking means connecting
trial park
computers so that they can share files, printers, applica-
tions, and other computer-related resources. The advan- ● Metropolitan area networks (MANs), which span
tages of networking computers are fairly obvious: an urban area and are generally run by telcos and
other service providers to provide companies with
● Users can save their important files and documents
high-speed connectivity between branch offices and
on a file server. This is more secure than storing
with the Internet
them on workstations because a file server can be
backed up in a single operation. ● Wide area networks (WANs), which might take the
form of a company’s head office linked to a few
● Users can share a network printer, which costs
branch offices or an enterprise spanning several
much less than having a locally attached printer for
continents with hundreds of offices and subsidiaries
each user’s computer.
● The Internet, the world’s largest network and the
● Users can share groupware applications running on
“network of networks”
application servers, which enables users to share
documents, send messages, and collaborate On the other hand, we could also focus on the different
directly. networking architectures in which these various types
of networks can be implemented, including
● The job of administering and securing a company’s
computer resources is simplified since they are con- ● Peer-to-peer networking, which might be imple-
centrated on a few centralized servers. mented in a workgroup consisting of computers
running Microsoft Windows 98 or Windows 2000
The above definition of networking focuses on the basic
Professional
goals of networking computers together: increased
manageability, security, cost-effectiveness, and effi- ● Server-based networking, which might be based on
ciency over non-networked systems. However, we the domain model of Windows NT, the domain
trees and forests of Active Directory directory
xxxix
Introduction
service in Windows 2000, or another architecture ● Equipment for organizing, protecting, and trouble-
such as Novell Directory Services (NDS) for Novell shooting LAN and WAN hardware, such as racks,
NetWare cabinets, surge protectors, line conditioners, unin-
terruptible power supplies (UPSs), KVM switches,
● Terminal-based networking, which might be the
and cable testers
traditional host-based mainframe environment;
the UNIX X Windows environment; the terminal ● Cabling technologies such as coaxial cabling,
services of Windows NT Server 4 Enterprise twinax cabling, twisted-pair cabling, fiber-optic
Edition; Windows 2000 Advanced Server; or cabling, and associated equipment such as connec-
Citrix MetaFrame tors, patch panels, wall plates, and splitters
Or we could look at the various networking technolo- ● Unguided media technologies such as infrared
gies used to implement these architectures, including communication, wireless cellular networking, and
satellite networking, along with their associated
● LAN technologies such as Ethernet, Token Ring,
hardware
Fiber Distributed Data Interface (FDDI), Fast
Ethernet, Gigabit Ethernet (GbE), and the emerging ● Data storage technologies such as redundant array
10G Ethernet (10GbE) of independent disks (RAID), network-attached
storage (NAS), and storage area networks (SANs)
● WAN technologies such as Integrated Services Dig-
along with their associated hardware, plus various
ital Network (ISDN), T-carrier leased lines, X.25,
enabling technologies, including Small Computer
frame relay, Asynchronous Transfer Mode (ATM),
System Interface (SCSI) and Fibre Channel
Synchronous Optical Network (SONET), Digital
Subscriber Line (DSL), and metropolitan Ethernet Or we could talk about various technologies that
enhance the reliability, scalability, security, and man-
● Wireless communication technologies such as the
ageability of computer networks, including
wireless LAN (WAN) standards 802.11a and
802.11b, and the consumer wireless technologies ● Technologies for implementing network security,
HomeRF and Bluetooth including firewalls, proxy servers, and virtual pri-
vate networking (VPN), and such devices as smart
● Cellular communication systems such as Time
cards and firewall appliances
Division Multiple Access (TDMA), Code Division
Multiple Access (CDMA), Global System for ● Technologies for increasing availability and reli-
Mobile Communications (GSM), and the emerging ability of access to network resources, such as clus-
3G cellular communication standards tering, caching, load balancing, Layer 7 switching,
and terminal services
In addition, we could consider the hardware used to
implement these different networking technologies, ● Network management technologies such as Simple
including Network Management Protocol (SNMP), Remote
Network Monitoring (RMON), Web-Based Enter-
● LAN devices such as repeaters, concentrators,
prise Management (WBEM), Common Information
bridges, hubs, Ethernet switches, and routers
Model (CIM), and Windows Management Instru-
● WAN devices such as modems, ISDN terminal mentation (WMI)
adapters, Channel Service Units (CSUs), Data
Returning to a more general level, networking can also
Service Units (DSUs), packet assembler/disassem-
be thought of as the various standards that underlie the
blers (PADs), frame relay access devices
different networking technologies and hardware men-
(FRADs), multiplexers (MUXes), and inverse
tioned above, including
multiplexers (IMUXes)
xl
Introduction
● The Open Systems Interconnection (OSI) network- ● Electronic messaging protocols such as X.400,
ing model from the International Organization for Simple Mail Transfer Protocol (SMTP), Post Office
Standardization (ISO) Protocol version 3 (POP3), and Internet Mail
Access Protocol version 4 (IMAPv4)
● The G-series, H-series, I-series, T-series, V-series,
and X-series standards from the International Tele- ● Directory protocols such as X.500’s Directory
communication Union (ITU) Access Protocol (DAP) and the Lightweight Direc-
tory Access Protocol (LDAP)
● Project 802 of the Institute of Electrical and Elec-
tronics Engineers (IEEE) ● Security protocols such as Password Authentication
Protocol (PAP), Challenge Handshake Authentica-
● The Requests for Comment (RFC) series from the
tion Protocol (CHAP), Windows NT LAN Manager
Internet Engineering Task Force (IETF)
(NTLM) Authentication, Kerberos, IP Security
● Various standards developed by the World Wide Protocol (IPsec), Secure Sockets Layer (SSL), and
Web Consortium (W3C), the Frame Relay Forum, public key cryptography standards and protocols
the ATM Forum, the Gigabit Ethernet Alliance, and
● Serial interface standards such as RS-232, RS-422/
other standards organizations
423, RS-485, V.35, and X.21
Networking protocols deserve special attention in any
We could dig still deeper and discuss the fundamental
definition of the word networking. These protocols
engineering concepts that underlie the various network-
include:
ing technologies and services previously discussed,
● LAN protocols such as NetBEUI, Internetwork including
Packet Exchange/Sequenced Packet Exchange
● Impedance, attenuation, shielding, near-end
(IPX/SPX), Transmission Control Protocol/Internet
crosstalk (NEXT), and other characteristics of
Protocol (TCP/IP), and AppleTalk
cabling and other transmission systems
● WAN protocols such as Serial Line Internet Proto-
● Signals and how they can be multiplexed using
col (SLIP), Point-to-Point Protocol (PPP), Point-to-
time-division, frequency-division, statistical, and
Point Tunneling Protocol (PPTP), and Layer 2 Tun-
other multiplexing techniques
neling Protocol (L2TP)
● Transmission parameters including bandwidth,
● Protocols developed within mainframe computing
throughput, latency, jabber, jitter, backbone,
environments, such as Systems Network Architec-
handshaking, hop, dead spots, dark fiber, and late
ture (SNA), Advanced Program-to-Program Com-
collisions
munications (APPC), Synchronous Data Link
Control (SDLC), and High-level Data Link Control ● Balanced vs. unbalanced signals, baseband vs.
(HDLC) broadband transmission, data communications
equipment (DCE) vs. data terminal equipment
● Routing protocols such as the Routing Information
(DTE), circuit switching vs. packet switching,
Protocol (RIP), Interior Gateway Routing Protocol
connection-oriented vs. connectionless communica-
(IGRP), Open Shortest Path First (OSPF) Protocol,
tion, unicast vs. multicast and broadcast, point-
and Border Gateway Protocol (BGP)
to-point vs. multipoint links, direct sequencing vs.
● Internet protocols such as the Hypertext Transfer frequency hopping methods, and switched virtual
Protocol (HTTP), File Transfer Protocol (FTP), circuit (SVC) vs. permanent virtual circuit (PVC)
Network News Transfer Protocol (NNTP), and the
Domain Name System (DNS)
xli
Introduction
We could also talk about the different types of providers communication (IPC) technologies such as Remote
of networking services, including Procedure Calls (RPCs) and named pipes, and
Internet standards such as the popular Hypertext
● Internet service providers (ISPs), application ser-
Markup Language (HTML) and the Extensible
vice providers (ASPs), and integrated communica-
Markup Language (XML) family of standards
tions providers (ICPs)
● Tools for integrating networking technologies in
● Telcos or local exchange carriers (LECs), including
heterogeneous environments, such as Gateway Ser-
both Regional Bell Operating Companies (RBOCs)
vices for NetWare (GSNW), Services for Macin-
and competitive local exchange carriers (CLECs), that
tosh, Services for UNIX on the Windows 2000
offer such popular broadband services as Asymmetric
platforms, and Microsoft Host Integration Server,
Digital Subscriber Line (ADSL) and High-bit-level
all of which provide connectivity with mainframe
Digital Subscriber Line (HDSL) through their central
systems
office (CO) and local loop connection
On an even deeper level, we could focus on the various
● Inter-exchange carriers (IXCs) that provide popular
administration tools for managing networking hard-
WAN services such as dedicated leased lines and
ware, platforms, services and protocols, including
frame relay for the enterprise (large companies)
● The Microsoft Management Console (MMC) and
● Local loop alternatives including cable modems,
its various snap-ins in the Windows 2000 and
fixed wireless, and satellite networking companies
Windows .NET Server platforms
We could also list the various software technologies
● The various ways routers and network appliances
vendors have developed that make computer network-
can be administered using Telnet, terminal pro-
ing both useful and possible, including
grams, and the universal Web browser interface
● Network operating systems such as Windows,
● Popular TCP/IP command-line utilities such as arp,
Novell NetWare, UNIX, and Linux
ping, ipconfig, traceroute, netstat, nbtstat, finger,
● Specialized operating systems such as Cisco Sys- and nslookup
tems’ Internetwork Operating System (IOS), which
● Platform-specific command-line utilities such as
runs on Cisco routers, and the variant of IOS used
various Windows commands used for automating
on Cisco’s Catalyst line of Ethernet switches
common administration tasks
● Directory systems such as Microsoft Corporation’s
● Cross-platform scripting languages that can be used
domain-based Active Directory, Novell Directory
for system and network administration, including
Services (NDS), and various implementations of
JavaScript, VBScript, and Perl
X.500 and LDAP directory systems
We could also look at various enterprise applications
● File systems such as NTFS file system (NTFS) on
widely used in networked environments, including
Windows platforms and distributed file systems
such as the Network File System (NFS) developed ● Enterprise Resource Planning (ERP) and Customer
by Sun Microsystems for the UNIX platform Relationship Management (CRM) platforms
● Programming languages and architectures for ● Enterprise Information Portal (EIP) and Enterprise
developing distributed computing applications, Knowledge Portal (EKP) platforms
such as the C/C++ and Java languages, Microsoft’s
● The Microsoft .NET Enterprise Server family of
ActiveX and Sun’s Jini technologies, component
applications that includes Microsoft Application
technologies such as Distributed Component
Center Server, BizTalk Server, Commerce Server,
Object Model (DCOM) and COM+, interprocess
xlii
Introduction
Exchange Server, Host Integration Server, Internet To continue the story, the quality and reliability of the
Security and Acceleration Server, Mobile Informa- PSTN increased significantly in 1962 with the introduc-
tion Server, and SQL Server tion of pulse code modulation (PCM), which converted
analog voice signals into digital sequences of bits. A
I think that you can see by now that we could go on and
consequent development was the first commercial
on, slowly unpeeling our answer to the question “What
touch-tone phone, which was introduced in 1962.
is networking?” like the many layers of an onion. And it
Before long, digital phone technology became the
is pretty obvious by now that there is more to network-
norm, and DS-0 (Digital Signal Zero) was chosen as the
ing than just hubs and cables! In fact, the field of com-
basic 64-kilobit-per-second (Kbps) channel upon which
puter networking today is almost overwhelming in its
the entire hierarchy of the digital telephone system was
breadth and complexity, and one could spend a lifetime
built. A later development was a device called a channel
studying only one small aspect of the subject.
bank, which took 24 separate DS-0 channels and com-
This has not always been the case. Let’s take a look now bined them together using time-division multiplexing
at how the field of computer networking has reached the (TDM) into a single 1.544-Mbps channel called DS-1
amazing point where it is today. or T1. (In Europe, 30 DS-0 channels were combined to
make E1.) When the backbone of the Bell telephone
system finally became fully digital years later, the trans-
The History of Networking
mission characteristics improved significantly for both
Because networking is such a broad and complex sub-
voice and data transmission due to higher quality and
ject, no single event represents its point of origin. How-
less noise associated with Integrated Services Digital
ever, we can arbitrarily decide on the 1960s as the
Network (ISDN) digital lines, though local loops have
formative period for the field, since that is when the
remained analog in many places. But that is getting a
computer began to affect significantly the lives of ordi-
little ahead of the story.
nary individuals and the day-to-day operation of both
business and government. The first communication satellite, Telstar, was launched in
1962. This technology did not immediately affect the net-
1960s
working world because of the high latency of satellite links
In the 1960s computer networking was essentially syn-
compared to undersea cable communications, but it even-
onymous with mainframe computing, and the distinc-
tually surpassed transoceanic underwater telephone cables
tion between local and wide area networks did not yet
(which were first deployed in 1965 and could carry 130
exist. Mainframes were typically “networked” to a
simultaneous conversations) in carrying capacity. In fact,
series of dumb terminals with serial connections run-
early in 1960 scientists at Bell Laboratories transmitted a
ning on RS-232 or some other electrical interface. If a
communication signal coast-to-coast across the United
terminal in one city needed to connect with a main-
States by bouncing it off the moon! By 1965 popular com-
frame in another city, a 300-baud long-haul modem
mercial communication satellites such as Early Bird were
would use the existing analog Public Switched Tele-
being widely deployed and used.
phone Network (PSTN) to form the connection. The
technology was primitive indeed, but it was an exciting As an interesting aside, in 1961 the Bell system pro-
time nevertheless. I remember taking a computer sci- posed a new telecommunications service called TEL-
ence class in high school toward the end of the decade, PAK, which it claimed would lead to an “electronic
and having to take my box of punch cards down to the highway” for communication, but it never pursued the
mainframe terminal at the university and wait in line for idea. Could this have been an early portent of the
the output from the line printer. Alas, poor Fortran, I “information superhighway” of the mid-1990s?
knew thee well!
The year 1969 witnessed an event whose full signifi-
cance was not realized until more than two decades
xliii
Introduction
later: namely, the development of the ARPANET Many important standards for computer systems also
packet-switching network. ARPANET was a project of evolved during the 1960s. In 1962, IBM introduced the
the U.S. Department of Defense’s Advanced Research first 8-bit character encoding system, called Extended
Projects Agency (ARPA), which became DARPA in Binary-Coded Decimal Interchange Code (EBCDIC).
1972. Similar efforts were underway in France and the A year later the competing American Standard Code
United Kingdom, but it was the U.S. project that even- for Information Interchange (ASCII) was introduced.
tually evolved into the present-day Internet. (France’s ASCII ultimately won out over EBCDIC even though
MINTEL packet-switching system, which was based on EBCDIC was 8-bit and ASCII was only 7-bit. The
the X.25 protocol and which aimed to bring data net- American National Standards Institute (ANSI) formally
working into every home, did take off in 1984 when the standardized ASCII in 1968. ASCII was first used in
French government started giving away MINTEL ter- serial transmission between mainframe hosts and dumb
minals; by the early 1990s, more than 20 percent of the terminals in mainframe computing environments, but it
country’s population was using it.) The original ARPA- was eventually extended to all areas of computer and
NET network connected computers at Stanford Uni- networking technologies.
versity, the University of California at Los Angeles
Other developments in the 1960s included the devel-
(UCLA), the University of California at Santa Barbara
opment in 1964 of IBM’s powerful System/360 main-
(UCSB), and the University of Utah, with the first node
frame computing environment, which was widely
being installed at UCLA’s Network Measurement Cen-
implemented in government, university, and corporate
ter. A year later, Harvard University, the Massachusetts
computing centers. In 1966, IBM introduced the first
Institute of Technology (MIT), and a few other promi-
disk storage system, which employed 50 metal platters,
nent institutions were added to the network, but few of
each of which was 2 feet (0.6 meter) wide and had a
those involved could imagine that this technical experi-
storage capacity of 5 MB. IBM created the first floppy
ment would someday profoundly affect modern society
disk in 1967. In 1969, Intel Corporation released a
and the way we do business.
RAM chip that stored 1 KB of information, which at the
The year 1969 also saw the publication of the first time was an amazing feat of engineering.
Request For Comments (RFC) document, which speci-
1970s
fied the Network Control Protocol (NCP), the first
Although the 1960s were the decade of the mainframe,
transport protocol of ARPANET. The informal RFC
the 1970s gave birth to Ethernet, which today is by far
process evolved into the primary means of directing the
the most popular LAN technology. Ethernet was born in
evolution of the Internet and is still used today.
1973 in Xerox Corporation’s research lab in Palo Alto,
That same year, Bell Laboratories developed the UNIX California. (An earlier experimental network called
operating system, a multitasking, multiuser network ALOHAnet was developed in 1970 at the University of
operating system (NOS) that became popular in aca- Hawaii.) The original Xerox networking system was
demic computing environments in the 1970s. A typical known as X-wire and worked at 2.94 Mbps. X-wire was
UNIX system in 1974 was a PDP-11 minicomputer experimental and was not used commercially, although
with dumb terminals attached. In a configuration with a number of Xerox Palo Alto workstations used for
768 kilobytes (KB) of magnetic core memory and a word processing were networked together in the White
couple of 200-megabyte (MB) hard disks, the cost of House using X-wire during the Carter administration.
such a system would have been around $40,000. I In 1979, Digital Equipment Corporation (DEC), Intel,
remember working in those days on a PDP-11 in the and Xerox formed the DIX consortium and developed
cyclotron lab of my university’s physics department, the specification for standard 10-Mbps Ethernet, or
feeding in bits of punched tape and watching lights thicknet, which was published in 1980. This standard
flash. It was an incredible experience. was revised and additional features were added in the
following decade.
xliv
Introduction
The conversion of the backbone of the Bell telephone IBM S/360, DEC-10, Honeywell, and other mainframe
system to digital circuitry continued during the 1970s and minicomputer systems linked together. The initial
and included the deployment in 1974 of the first digital design of ARPANET called for a maximum of 265
data service (DDS) circuits (then called the Dataphone nodes, which seemed like a distant target in the early
Digital Service). DDS formed the basis of the later 1970s. The initial protocol used on this network was
deployment of ISDN and T1 lines to customer premises, NCP, but this was replaced in 1982 by the more power-
and AT&T installed its first digital switch in 1976. ful TCP/IP protocol suite. In 1975 the administration of
ARPANET came under the authority of the Defense
In wide area networking, a new telecommunications
Communications Agency.
service called X.25 was deployed toward the end of the
decade. This new system was packet-switched, in con- ARPANET protocols and technologies continued to
trast to the circuit-switched PSTN, and later evolved evolve using the informal RFC process developed in
into public X.25 networks such as GTE’s Telenet Pub- 1969. In 1972 the Telnet protocol was defined in RFC
lic Packet Distribution Network (PDN), which later 318, followed by FTP in 1973 (RFC 454). ARPANET
became SprintNet. X.25 was widely deployed in became an international network in 1973 when nodes
Europe, where it still maintains a large installed base, were added at the University College of London in the
especially for communications in the banking and United Kingdom and at the Royal Radar Establishment
financial industry. in Norway. ARPANET even established an experimen-
tal wireless packet-switching radio service in 1977,
In 1970 the Federal Communications Commission
which two years later became the Packet Radio Net-
(FCC) announced the regulation of the fledgling cable
work (PRNET).
television industry. Cable TV remained primarily a
broadcast technology for delivering entertainment to Meanwhile, in 1974 the first specification for the Trans-
residential homes until the mid-1990s, when technolo- mission Control Protocol (TCP) was published. Prog-
gies began to be developed to enable it to carry broad- ress on the TCP/IP protocols continued through several
band services to residential subscribers. Cable modems iterations until the basic TCP/IP architecture was for-
now compete strongly with Digital Subscriber Line malized in 1978, but it was not until 1983 that ARPA-
(DSL) as the main two forms of broadband Internet NET started using TCP/IP instead of NCP as its
access technologies. primary networking protocol.
Despite all these technological advances, however, tele- The year 1977 also saw the development of UNIX to
communications services in the 1970s remained uninte- UNIX Copy (UUCP), a protocol and tool for sending
grated, with voice, data, and entertainment carried on messages and transferring files on UNIX-based net-
different media. Voice was carried by telephone, which works. An early version of the USENET news system
was still analog at the customer premises; entertainment using UUCP was developed in 1979. (The Network
was broadcast using radio and television technologies; News Transfer Protocol [NNTP] came much later, in
and data was usually carried over RS-232 or Binary 1987.)
Synchronous Communication (BSC) serial connections
In 1979 the first commercial cellular phone system
between dumb terminals and mainframes (or, for
began operation in Japan. This system was analog in
remote terminals, long-haul modem connections over
nature, used the 800-MHz and 900-MHz frequency
analog telephone lines).
bands, and was based on a concept developed in 1947 at
The 1970s were also notable for the growth of ARPA- Bell Laboratories.
NET, which grew throughout the decade as addition-
An important standard to emerge in the 1970s was the
al hosts were added at various universities and gov-
public-key cryptography scheme developed in 1976 by
ernment institutions. By 1971 the network had 19
Whitfield Diffie and Martin Hellman. This scheme
nodes, mostly consisting of a mix of PDP-8, PDP-11,
xlv
Introduction
underlies the Secure Sockets Layer (SSL) protocol In 1975, Bill Gates and Paul Allen licensed their BASIC
developed by Netscape Communications, which is still computer programming language to MITS, the Altair’s
the predominant approach for ensuring privacy and manufacturer. BASIC was the first computer language
integrity of financial and other transactions over the specifically written for a personal computer. Gates and
World Wide Web (WWW). Without SSL, popular Allen coined the name “Microsoft” for their business
e-business sites such as Amazon and eBay would have a partnership, and they officially registered it as a trade-
hard time attracting customers! mark the following year. Microsoft Corporation went on
to license BASIC to other personal computing platforms
Among other miscellaneous developments during this
such as the Commodore PET and the TRS-80. I loved
decade, in 1970 IBM researchers invented the relational
BASIC in those early days, and I still do!
database, a set of conceptual technologies that has
become the foundation of today’s distributed applica- 1980s
tion environments. In 1971, IBM demonstrated the first In the 1980s the growth of client/server LAN architec-
speech recognition technologies—which have since led tures continued while that of mainframe computing
to those annoying automated call handling systems environments declined. The advent of the IBM PC in
found in customer service centers! IBM also developed 1981 and the standardization and cloning of this archi-
the concept of the virtual machine in 1972 and created tecture led to an explosion of PC-based LANs in busi-
the first sealed disk drive (the Winchester) in 1973. In nesses and corporations around the world, particularly
1974, IBM introduced the Systems Networking Archi- with the release of the IBM PC AT hardware platform
tecture (SNA) for networking its mainframe computing in 1984. The number of PCs in use grew from 2 million
environment. In 1971, Intel released its first micropro- in 1981 to 65 million in 1991. Novell, which appeared
cessor, a 4-bit processor called the 4004 that ran at a on the scene in 1983, soon became a major player in file
clock speed of 108 kilohertz (kHz), a snail’s pace by and print servers for LANs with its Novell NetWare
modern standards but a major development at the time. platform.
Another significant event was the launching of the
However, the biggest development in the area of LAN
online service CompuServe in 1979, which led to the
networking in the 1980s was the continued evolution and
development of the first online communities.
standardization of Ethernet. While the DIX consortium
The first personal computer, the Altair, went on the mar- worked on Ethernet standards in the late 1970s, the IEEE
ket as a kit in 1975. The Altair was based on the Intel with its Project 802 initiative tried working toward a sin-
8080, an 8-bit processor, and came with 256 bytes of gle unified LAN standard. When it became clear that this
memory, toggle switches, and light-emitting diode goal was impossible, Project 802 was divided into a num-
(LED) lights. Although the Altair was basically for hob- ber of separate working groups, with 802.3 focusing on
byists, the Apple II from Apple Computer, which was Ethernet, 802.4 on Token Bus, and 802.5 on Token Ring
introduced in 1977, was much more. A typical Apple II technologies and standards. The work of the 802.3 group
system, which was based on the Motorola 6502 8-bit pro- resulted in the first Ethernet standard, called 10Base5 or
cessor, had 4 KB of RAM, a keyboard, a motherboard thicknet, which was almost identical to the version devel-
with expansion slots, built-in BASIC in ROM, and color oped by DIX. 10Base5 was called thicknet because it
graphics. The Apple II quickly became the standard used thick coaxial cable, and in 1985 the 802.3 standard
desktop system in schools and other educational institu- was extended to include 10Base2 using thin coaxial
tions. A physics classroom I taught in had one all the way cable, commonly called thinnet.
into the early 1990s (limited budget!). However, it was
Through most of the 1980s, coaxial cable was the main
not until the introduction of the IBM Personal Computer
form of cabling used for implementing Ethernet. A
(PC) in 1981 that the full potential of personal computers
company called SynOptics Communications, however,
began to be realized, especially in businesses.
developed a product called LattisNet that was designed
xlvi
Introduction
for transmitting 10-Mbps Ethernet over twisted-pair tems quickly ported their versions of TCP/IP. Although
wiring using a star-wired topology that was connected PC-based LANs rapidly grew in popularity in business
to a central hub or repeater. This wiring was cheaper than and corporate settings during the 1980s, UNIX continued
coaxial cable and was similar to the wiring used in resi- to dominate in academic and professional high-end com-
dential and business telephone wiring systems. LattisNet puting environments as the mainframe environment
was such a commercial success that in 1990 the 802.3 declined.
committee approved a new standard called 10BaseT for
IBM introduced its Token Ring networking technology
Ethernet that ran over twisted-pair wiring. 10BaseT soon
in 1985 as an alternative LAN technology to Ethernet.
superseded the coaxial forms of Ethernet because of its
IBM had submitted its technology to the IEEE in 1982
ease of installation and because its hierarchical star-
and the 802.5 committee standardized it in 1984. IBM
wired topology was a good match for the architectural
soon supported the integration of Token Ring with its
topology of multistory buildings.
existing SNA networking services and protocols for
In other Ethernet developments, fiber-optic cabling, IBM mainframe computing environments. The initial
first developed in the early 1970s by Corning, found its Token Ring specifications delivered data at 1 Mbps and
first commercial networking application in Ethernet 4 Mbps, but it dropped the 1-Mbps version in 1989
networking in 1984. (The technology itself was stan- when it introduced a newer 16-Mbps version. Interest-
dardized as 10BaseFL in the early 1990s.) In 1988 the ingly, no formal IEEE specification exists for 16-Mbps
first fiber-optic transatlantic undersea cable was laid Token Ring—vendors simply adopted IBM’s technol-
and greatly increased the capacity of transatlantic com- ogy for the product. Efforts were made to develop
munication systems. high-speed Token Ring, but these have finally been
abandoned and today Ethernet reigns supreme.
Ethernet bridges became available in 1984 from DEC
and were used both to connect separate Ethernet LANs Also in the field of local area networking, in 1982 the
to make large networks and to reduce traffic bottlenecks American National Standards Institute (ANSI) began
on overloaded networks by splitting them into separate standardizing the specifications for Fiber Distributed
segments. Routers could be used for similar purposes, Data Interface (FDDI). FDDI was designed to be a
but bridges generally offered better price and perfor- high-speed (100 Mbps) fiber-optic networking technol-
mance, as well as less complexity, during the 1980s. ogy for LAN backbones on campuses and industrial
Again, market developments preceded standards, as the parks. The final FDDI specification was completed in
IEEE 802.1D Bridge Standard, which was initiated in 1988, and deployment in campus LAN backbones grew
1987, was not standardized until 1990. during the late 1980s and the early 1990s. But today
FDDI is considered legacy technology and has been
In the UNIX arena, the development of the Network File
superseded in most places by Fast Ethernet and Gigabit
System (NFS) by Sun Microsystems in 1985 resulted in
Ethernet (GbE).
a proliferation of diskless UNIX workstations having
built-in Ethernet interfaces. This development helped In 1983 the ISO developed an abstract seven-layer
drive the demand for Ethernet and accelerated the evolu- model for networking called the Open Systems Inter-
tion of Ethernet bridging technologies into today’s connection (OSI) reference model. Although some
switched networks. By 1985 the rapidly increasing num- commercial networking products were developed based
bers of UNIX hosts and LANs connected to the ARPA- on OSI protocols, the standard never really took off, pri-
NET began to transform it from what had been mainly a marily because of the predominance of TCP/IP. Other
network of mainframe and minicomputer systems into standards from the ISO and ITU that emerged in the
something like what it is today. The first UNIX imple- 1980s included the X.400 electronic messaging stan-
mentation of TCP/IP came in v4.2 of Berkeley’s BSD dards and the X.500 directory recommendations, both
UNIX, from which other vendors such as Sun Microsys- of which held sway for a while but have now largely
xlvii
Introduction
been supersededX.400 by the Internet’s Simple Mail but ISDN has not caught on in the United States as a
Transfer Protocol (SMTP) and X.500 by Lightweight WAN technology as much as it has in Europe.
Directory Access Protocol (LDAP).
The 1980s also saw the standardization of SONET tech-
A major event in the telecommunications/WAN field in nology, a high-speed physical layer (PHY) fiber-optic
1984 was the divestiture of AT&T as the result of the networking technology developed from time-division
seven-year antitrust suit brought against AT&T by the multiplexing (TDM) digital telephone system technolo-
U.S. Justice Department. AT&T’s 22 Bell operating gies. Before the divestiture of AT&T in 1984, local
companies were formed into 7 new RBOCs (only 4 are telephone companies had to interface their own TDM-
left today). This meant the end of the old Bell telephone based digital telephone systems with proprietary TDM
system, but these RBOCs soon formed the Bellcore schemes of long-distance carriers, and incompatibilities
telecommunications research establishment to replace created many problems. This provided the impetus for
the defunct Bell Laboratories. The United States was creating the SONET standard, which was finalized in
then divided into Local Access and Transport Areas 1989 through a series of Comité Consultatif Interna-
(LATAs), with intra-LATA communication handled by tional Télégraphique et Téléphonique (CCITT; angli-
local exchange carriers (the Bell Operating Companies cized as International Telegraph and Telephone
or BOCs) and inter-LATA communication handled by Consultative Committee) standards known as G.707,
inter-exchange carriers (IXCs) such as AT&T, MCI, G.608, and G.709. By the mid-1990s almost all long-
and Sprint Corporation. distance telephone traffic in the United States used
SONET on trunk lines as the physical interface.
The result of the breakup was increased competition,
which led to new WAN technologies and generally The 1980s brought the first test implementations of
lower costs. One of the first effects was the offering of Asynchronous Transfer Mode (ATM) high-speed cell-
T1 services to subscribers in 1984. Until then, this tech- switching technologies, which could use SONET as the
nology had been used only for backbone circuits for physical interface. Many concepts basic to ATM were
long-distance communication. New hardware devices developed in the early 1980s at the France-Telecom lab-
were offered to take advantage of the increased band- oratory in Lannion, France, particularly the PRELUDE
width, especially high-speed T1 multiplexers, or project, which demonstrated the feasibility of end-to-
muxes, that could combine voice and data in a single end ATM networks running at 62 Mbps. The CCITT
communication stream. The year 1984 also saw the standardized the 53-byte ATM cell format in 1988, and
development of digital Private Branch Exchange (PBX) the new technology was given a further push with the cre-
systems by AT&T, bringing new levels of power and ation of the ATM Forum in 1991. Since then, use of ATM
flexibility to corporate subscribers. has grown significantly in telecommunications provider
networks and has become a high-speed backbone tech-
The Signaling System #7 (SS7) digital signaling system
nology in many enterprise-level networks around the
was deployed within the PSTN in the 1980s, first in
world. However, the vision of ATM on users’ desktops
Sweden and later in the United States. SS7 made new
has not been realized because of the emergence of
telephony services available to subscribers, such as
cheaper Fast Ethernet and GbE LAN technologies and
caller ID, call blocking, and automatic callback.
because of the complexity of ATM itself.
The first trials of ISDN, a fully digital telephony technol-
The convergence of voice, data, and broadcast informa-
ogy that runs on existing copper local loop lines, began in
tion remained a distant vision throughout the 1980s and
Japan in 1983 and in the United States in 1987. All major
was even set back because of the proliferation of net-
metropolitan areas in the United States have since been
working technologies, the competition between cable
upgraded to make ISDN available to those who want it,
and broadcast television, and the slow adoption of
residential ISDN. New services did appear, however,
xlviii
Introduction
especially in the area of commercial online services numerical IP addresses was a headache. DNS greatly
such as America Online (AOL), CompuServe, and simplified that process. Two other Internet protocols
Prodigy, which offered consumers e-mail, bulletin were introduced soon afterwards: NNTP was developed
board systems (BBSs), and other services. in 1987, and Internet Relay Chat (IRC) was developed
in 1988.
A significant milestone in the development of the Inter-
net occurred in 1982 when the networking protocol of Other systems paralleling ARPANET were developed
ARPANET was switched from NCP to TCP/IP. On Jan- in the early 1980s, including the research-oriented
uary 1, 1983, NCP was turned off permanently—any- Computer Science NETwork (CSNET), and the
one who had not migrated to TCP/IP was out of luck. Because It’s Time NETwork (BITNET), which con-
ARPANET, which connected several hundred systems, nected IBM mainframe computers throughout the edu-
was split into two parts, ARPANET and MILNET. cational community and provided e-mail services.
Gateways were set up in 1983 to connect CSNET to
The first international use of TCP/IP took place in 1984
ARPANET, and BITNET was similarly connected to
at the Conseil Européen pour la Recherche Nucléaire
ARPANET. In 1989, BITNET and CSNET merged into
(CERN), a physics research center located in Geneva,
the Corporation for Research and Educational Net-
Switzerland. TCP/IP was designed to provide a way of
working (CREN).
networking different computing architectures in hetero-
geneous networking environments. Such a protocol was In 1986 the National Science Foundation NETwork
badly needed because of the proliferation of vendor- (NSFNET) was created. NSFNET networked the five
specific networking architectures in the preceding national supercomputing centers together using dedi-
decade, including “homegrown” solutions developed at cated 56-Kbps lines. The connection was soon seen as
many government and educational institutions. TCP/IP inadequate and was upgraded to 1.544-Mbps T1 lines in
made it possible to connect diverse architectures such 1988. In 1987, NSF and Merit Networks agreed to
as UNIX workstations, VMS minicomputers, and Cray jointly manage the NSFNET, which had effectively
supercomputers into a single operational network. TCP/ become the backbone of the emerging Internet. By
IP soon superseded proprietary protocols such as Xerox 1989 the Internet had grown to more than 100,000
Network Systems (XNS), ChaosNet, and DECnet. It hosts, and the Internet Engineering Task Force (IETF)
has since become the de facto standard for internet- was officially created to administer its development. In
working all types of computing systems. 1990, NSFNET officially replaced the aging ARPA-
NET and the modern Internet was born, with more than
CERN was primarily a research center for high-energy
20 countries connected.
particle physics, but it became an early European pio-
neer of TCP/IP and by 1990 was the largest subnetwork Cisco Systems was one of the first companies in the
of the Internet in Europe. In 1989 a CERN researcher 1980s to develop and market routers for Internet Proto-
named Tim Berners-Lee developed the Hypertext col (IP) internetworks, a business that today is worth
Transfer Protocol (HTTP) that formed the basis of the billions of dollars and is a foundation of the Internet.
World Wide Web (WWW). And all of this developed as Hewlett-Packard was Cisco’s first customer for its rout-
a sidebar to the real research that was being done at ers, which were originally called gateways.
CERN—slamming together protons and electrons at
In wireless telecommunications, analog cellular was
high speeds to see what fragments appeared!
implemented in Norway and Sweden in 1981. Systems
Also important to the development of Internet technol- were soon rolled out in France, Germany, and the
ogies and protocols was the introduction of the Domain United Kingdom. The first U.S. commercial cellular
Name System (DNS) in 1984. At that time, ARPANET phone system, which was named the Advanced Mobile
had more than 1000 nodes and trying to remember their Phone Service (AMPS) and operated in the 800-MHz
xlix
Introduction
frequency band, was introduced in 1983. By 1987 the In miscellaneous developments, IBM researchers
United States had more than 1 million AMPS cellular developed the Reduced Instruction Set Computing
subscribers, and higher-capacity digital cellular phone (RISC) processor architecture in 1980. Apple Com-
technologies were being developed. The Telecommuni- puter introduced its Macintosh computing platform in
cations Industry Association (TIA) soon developed 1984 (the successor of its Lisa system), which intro-
specifications and standards for digital cellular commu- duced a windows-based GUI that was the precursor to
nication technologies. Windows. Apple also introduced the 3.5-inch floppy
disk in 1984. Sony Corporation and Philips developed
A landmark event that was largely responsible for the
CD-ROM technology in 1985. (Recordable CD-R tech-
phenomenal growth in the PC industry (and hence the
nologies were developed in 1991.) IBM released its AS/
growth of the client/server model and local area net-
400 midrange computing system in 1988, which contin-
working) was the release of the first version of Micro-
ues to be popular to this day.
soft’s text-based, 16-bit MS-DOS operating system in
1981. Microsoft, which had become a privately held 1990s
corporation with Bill Gates as president and chairman The 1990s were an explosive decade in every aspect of
of the board and Paul Allen as executive vice president, networking, and we can only touch on a few highlights
licensed MS-DOS version 1 to IBM for its PC. MS- here. Ethernet continued to evolve as a LAN technology
DOS continued to evolve and grow in power and usabil- and began to eclipse competing technologies such as
ity until its final version, MS-DOS 6.22, which was Token Ring and FDDI. In 1991, Kalpana Corporation
released in 1993. (I still carry around a DOS boot disk began marketing a new form of bridge called a LAN
wherever I go in case I need it—don’t you?) Anyway, switch, which dedicated the entire bandwidth of a LAN
one year after the first version of MS- DOS was released to a single port instead of sharing it among several
in 1981, Microsoft had its own fully functional corporate ports. Later known as Ethernet switches or Layer 2
network, the Microsoft Local Area Network (MILAN), switches, these devices quickly found a niche in provid-
which linked a DEC 206, two PDP-11/70s, a VAX 11/ ing dedicated high-throughput links for connecting
250, and a number of MC68000 machines running servers to network backbones. Layer 3 switches soon
XENIX. This type of setup was typical of the heteroge- followed, eventually displacing traditional routers in
neous computer networks that characterized the early most areas of enterprise networking except for WAN
1980s. access. Layer 4 and higher switches are now popular
in server farms for load balancing and fault tolerance
In 1983, Microsoft unveiled its strategy to develop a
purposes.
new operating system called Windows with a graphical
user interface (GUI). Version 1 of Windows, which The rapid evolution of the PC computing platform and
shipped in 1985, used a system of tiled windows that the rise of bandwidth-hungry applications created a
allowed users to work with several applications simul- need for something faster than 10-Mbps Ethernet, espe-
taneously by switching between them. Version 2 was cially on network backbones. The first full-duplex
released in 1987 and supported overlapping windows as Ethernet products, offering speeds of 20 Mbps, became
well as expanded memory. available in 1992. In 1995 work began on a standard for
full-duplex Ethernet; it was finalized in 1997. A more
Microsoft launched its SQL Server relational database
important development was Grand Junction Networks’
server software for LANs in 1988. In its current version,
commercial Ethernet bus, introduced in 1992, which
SQL Server 2000 is an enterprise-class application that
functioned at 100 Mbps. Spurred by this advance, the
competes with other major database platforms such as
802.3 group produced the 802.3u 100BaseT Fast Ether-
Oracle and DB2. IBM and Microsoft jointly released
net standard for transmission of data at 100 Mbps over
their 32-bit OS/2 operating system in 1987 and released
both twisted-pair copper wiring and fiber-optic cabling.
OS/2 1.1 with Presentation Manager a year later.
l
Introduction
Although the jump from 10-Mbps to 100-Mbps Ether- become a strong competitor with telephone-based sys-
net took almost 15 years, a year after the 100BaseT Fast tems such as Asymmetric Digital Subscriber Line
Ethernet standard was released work began on a 1000- (ADSL) and G.Lite, another variant of DSL.
Mbps version of Ethernet popularly known as Gigabit
Also in the 1990s, Voice over IP (VoIP) emerged as the
Ethernet (GbE). Fast Ethernet was beginning to be
latest “Holy Grail” of networking and communications
deployed at the desktop, and this was putting enormous
and promised businesses huge savings by routing voice
strain on the FDDI backbones that were deployed on
telephone traffic over existing IP networks. VoIP tech-
many commercial and university campuses. FDDI also
nology works, but the bugs are still being ironed out and
operated at 100 Mbps (or 200 Mbps if fault tolerance
deployments remain slow. Recent developments in
was discarded in favor of carrying traffic on the redun-
VoIP standards, however, may help propel deployment
dant ring), so a single Fast Ethernet desktop connection
of this technology in coming years.
could theoretically saturate the capacity of the entire
network backbone. Asynchronous Transfer Mode The first public frame relay packet-switching services
(ATM), a broadband cell-switching technology used were offered in North America in 1992. Companies such
primarily in telecommunication/WAN environments, as AT&T and Sprint installed a network of frame relay
was briefly considered as a possible successor to FDDI nodes across the United States in major cities, where cor-
for backboning Ethernet networks together, and LAN porate networks could connect to the service through
emulation (LANE) was developed to carry LAN traffic their local telco. Frame relay began to eat significantly
such as Ethernet over ATM. However, ATM is much into the deployed base of more expensive dedicated
more complex than Ethernet, and a number of compa- leased lines such as the T1 or E1 lines that businesses
nies saw extending Ethernet speeds to 1000 Mbps as a used for their WAN solutions, resulting in lower prices
way to provide network backbones with much greater for these leased lines and greater flexibility of services.
capacity using technology that most network adminis- In Europe frame relay has been deployed much more
trators were already familiar with. As a result, the 802 slowly, primarily because of the widespread deployment
group called 802.3z developed a GbE standard called of packet-switching networks such as X.25.
1000BaseX, which it released in 1998. Today GbE is
The Telecommunications Act of 1996 was designed to
the norm for LAN backbones, and Fast Ethernet is
spur competition in all aspects of the U.S. telecommu-
becoming ubiquitous at the desktop level. Work is even
nications market by allowing the RBOCs access to
underway on extending Ethernet technologies to 10
long-distance services and IXCs access to the local
gigabits per second (Gbps). A competitor of GbE for
loop. The result has been an explosion in technologies
high-speed collapsed backbone interconnects, called
and services offered by new companies called competi-
Fibre Channel, was conceived by an ANSI committee
tive local exchange carriers (CLECs), with mergers and
in 1988 but is used mainly for storage area networks
acquisitions changing the nature of the service provider
(SANs).
landscape almost daily.
The 1990s saw huge changes in the landscape of tele-
The 1990s saw a veritable explosion in the growth of
communications providers and their services. “Conver-
the Internet and the development of Internet technolo-
gence” became a major buzzword, signifying the
gies. As mentioned earlier, ARPANET was replaced in
combining of voice, data, and broadcast information into
1990 by NSFNET, which by then was commonly called
a single medium for delivery to businesses and consum-
the Internet. At the beginning of the 1990s, the Inter-
ers through broadband technologies such as metropolitan
net’s backbone consisted of 1.544-Mbps T1 lines con-
Ethernet, Digital Subscriber Line (DSL), and cable
necting various institutions, but in 1991 the process
modem systems. The cable modem was introduced in
of upgrading these lines to 44.735-Mbps T3 circuits
1996, and by the end of the decade broadband residential
began. By the time the Internet Society (ISOC) was
Internet access through cable television systems had
li
Introduction
chartered in 1992, the Internet had grown to an amazing Apple pioneer Steve Jobs. This software was ported to
1 million hosts on almost 10,000 connected networks. other platforms, and by the end of the decade more than
In 1993 the NSF created Internet Network Information 6 million registered Web servers were running, with the
Center (InterNIC) as a governing body for DNS. In numbers growing rapidly.
1995 the NSF stopped sponsoring the Internet back-
Lynx, a text-based Web browser, was developed in
bone and NSFNET went back to being a research and
1992. Mosaic, the first graphical Web browser, was
educational network. Internet traffic in the United
developed in 1993 for the UNIX X Windows platform
States was routed through a series of interconnected
by Marc Andreessen while he was a student at the
commercial network providers.
National Center for Supercomputing Applications
The first commercial Internet service providers (ISPs) (NCSA). At that time, there were only about 50 known
emerged in the early 1990s when the NSF removed its Web servers, and HTTP traffic amounted to only about
restrictions against commercial traffic on the NSFNET. 0.1 percent of the Internet’s traffic. Andreessen left
Among these early ISPs were Performance Systems school to start Netscape Communications, which
International (PSI), UUNET, MCI, and Sprintlink. (The released its first version of Netscape Navigator in 1994.
first public dial-up ISP was actually The World, with the Microsoft Internet Explorer 2 for Windows 95 was
URL www.world.std.com.) In the mid-1990s, commer- released in 1995 and rapidly became Netscape Naviga-
cial online networks such as AOL, CompuServe, and tor’s main competition. In 1995, Bill Gates announced
Prodigy provided gateways to the Internet to subscribers. Microsoft’s wide-ranging commitment to support and
Later in the decade, Internet deployment grew exponen- enhance all aspects of Internet technologies through
tially, with personal Internet accounts proliferating by the innovations in the Windows platform, including the
tens of millions around the world, new technologies and popular Internet Explorer Web browser and the Inter-
services developing, and new paradigms evolving for the net Information Server (IIS) Web server platform of
economy and business. It would take a whole book to Windows NT. Another initiative in this direction was
talk about all the ways the Internet has changed our lives. Microsoft’s announcement in 1996 of its ActiveX tech-
nologies, a set of tools for active content such as anima-
Many Internet technologies and protocols have come
tion and multimedia for the Internet and the PC.
and gone quickly. Archie, an FTP search engine devel-
oped in 1990, is hardly used today. The WAIS protocol In cellular communications technologies, the 1990s
for indexing, storing, and retrieving full-text docu- were clearly the “digital decade.” The work of the TIA
ments, which was developed in 1991, has been eclipsed resulted in 1991 in the first standard for digital cellu-
by Web search technologies. Gopher, which was cre- lar communication, the TDMA Interim Standard 54
ated in 1991, grew to a worldwide collection of inter- (IS-54). Digital cellular was badly needed because the
connected file systems, but most Gopher servers have analog cellular subscriber market in the United States
now been turned off. Veronica, the Gopher search tool had grown to 10 million subscribers in 1992 and 25 mil-
developed in 1992, is obviously obsolete as well. lion subscribers in 1995. The first tests of this technol-
Jughead later supplemented Veronica but has also ogy, based on Time Division Multiple Access (TDMA)
become obsolete. (There never was a Betty.) technology, took place in Dallas, Texas, and in Sweden,
and were a success. This standard was revised in 1994
The most obvious success story among Internet proto-
as TDMA IS-136, which is commonly referred to as
cols has been HTTP, which, with HTML and the system
Digital Advanced Mobile Phone Service (D-AMPS).
of URLs for addressing, has formed the basis of the
Web. Tim Berners-Lee and his colleagues created the Meanwhile, two competing digital cellular standards
first Web server (whose fully qualified DNS name was also appeared. The first was the CDMA IS-95 stand-
info.cern.ch) and Web browser software using the ard for CDMA cellular systems based on spread spec-
NeXT computing platform that was developed by trum technologies, which was first proposed by
lii
Introduction
QUALCOMM in the late 1980s and was standardized software in 1995, the same year that Sun Microsystems
by the TIA as IS-95 in 1993. Standards preceded imple- announced the Java programming language, which has
mentation, however; it was not until 1996 that the first grown in a few short years to rival C/C++ in popularity
commercial CDMA cellular systems were rolled out. for developing distributed applications. Amazon.com
was launched in 1995 and has become a colossus of
The second system was the Global System for Mobile
cyberspace retailing in a few short years. Microsoft
Communication (GSM) standard developed in Europe.
WebTV (now MSN TV), introduced in 1997, is begin-
(GSM originally stood for Groupe Spéciale Mobile.)
ning to make inroads into the residential Internet market.
GSM was first envisioned in the 1980s as part of the
movement to unify the European economy, and the Euro- Finally, the 1990s were, in a very real sense, the decade
pean Telecommunications Standards Institute (ETSI) of Windows. No other technology has had as vast an
determined the final air interface in 1987. Phase 1 of impact on ordinary computer users as Windows, which
GSM deployment began in Europe in 1991. Since then, brought to homes and workplaces the power of PC com-
GSM has become the predominant system for cellular puting and the opportunity for client/server computer
communication in over 60 countries in Europe, Asia, networking. Version 3 of Windows, which was released
Australia, Africa, and South America, with over 135 in 1990, brought dramatic increases in performance and
mobile networks implemented. However, GSM imple- ease of use over earlier versions, and Windows 3.1,
mentation in the United States did not begin until 1995. released in 1992, quickly became the standard desktop
operating system for both corporate and home users.
In the United States, the FCC began auctioning off por-
Windows for Workgroups 3.1 quickly followed that same
tions of the 1900-MHz frequency band in 1994. Thus
year. It integrated networking and workgroup functional-
began the development of the higher-frequency Per-
ity directly into the Windows operating system, allowing
sonal Communications System (PCS) cellular phone
Windows users to use the corporate computer network
technologies, which were first commercially deployed
for sending e-mail, scheduling meetings, sharing files
in the United States in 1996.
and printers, and performing other collaborative tasks. In
Establishment of worldwide networking and communi- fact, it was Windows for Workgroups that brought the
cation standards continued apace in the 1990s. For power of computer networks from the back room to
example, in 1996 the Unicode character set, a character users’ desktops, allowing them to perform tasks previ-
set that can represent any language of the world in ously possible only for network administrators.
16-bit characters, was created, and it has since been
In 1992, Microsoft released the first beta version of its
adopted by all major operating system vendors.
new 32-bit network operating system, Windows NT. In
In client/server networking, Novell in 1994 introduced 1993 came MS-DOS 6, as Microsoft continued to sup-
Novell NetWare 4, which included the new Novell port users of text-based computing environments. That
Directory Services (NDS), then called NetWare Direc- was also the year that Windows NT and Windows for
tory Services. NDS offered a powerful tool for manag- Workgroups 3.11 (the final version of 16-bit Windows)
ing hierarchically organized systems of network file were released. In 1995 came the long-awaited release of
and print resources and for managing security elements Windows 95, a fully integrated 32-bit desktop operating
such as users and groups. NetWare is now in version 6 system designed to replace MS-DOS, Windows 3.1, and
and NDS is now called Novell eDirectory. Windows for Workgroups 3.11 as the mainstream desk-
top operating system for personal computing. Following
In other developments, the U.S. Air Force launched the
in 1996 was Windows NT 4, which included enhanced
twenty-fourth satellite of the Global Positioning System
networking services and a new Windows 95–style user
(GPS) constellation in 1994, making possible precise
interface. Windows 95 was superseded by Windows 98
terrestrial positioning using handheld satellite com-
and later by Windows Millennium Edition (Me).
munication systems. RealNetworks released its first
liii
Introduction
At the turn of the millennium came the long-anticipated ● Metropolitan Ethernet is the hottest WAN technol-
successor to Windows NT, the Windows 2000 family ogy, letting companies access GbE services with
of operating systems, which includes Windows 2000 plug-and-play simplicity. DSL is having trouble
Professional, Windows 2000 Server, Windows 2000 establishing itself as a viable enterprise option,
Advanced Server, and Windows 2000 Datacenter Ser- mainly due to reliability issues. T1 prices are still
ver. The Windows family has how grown to encompass ridiculously high, but not likely to change much due
the full range of networking technologies, from embed- to consolidation in the service provider industry. And
ded devices and Personal Digital Assistants (PDAs) to despite its lack of glamour, frame relay is going
desktop and laptop computers to heavy-duty servers strong and still growing in the enterprise WAN.
running the most advanced, powerful, scalable, business-
● The Internet is now the blood and backbone of most
critical, enterprise-class applications.
businesses, but the number of Internet businesses
2000 and Beyond that failed in the dot-com bust defies description.
It is early in the new millennium—where are we now The Internet access market continues to consoli-
and where are we going? The first question is relatively date, and broadband Internet access is now in the
easy to answer: tens of millions of subscribers and rising rapidly.
The “Big Three” online portals—MSN, Yahoo!,
● In the LAN field, Ethernet reigns supreme. Token
and AOL—now comprise an estimated 20 percent
Ring and FDDI are dead-end technologies, and
of all Internet traffic. Apart from eBay and Ama-
ATM never caught on.
zon, the number of truly great e-business success
● Microsoft continues to be by far the dominant stories is amazingly small.
player on the desktop, and Windows XP has finally
● B2B (business to business) e-business is on the
united the separate Windows 95, Windows 98,
rise but mostly hidden from view in the form of
Windows Me, and Windows NT/2000 code streams
e-marketplaces for different corporate sectors. And
into a single platform.
XML, which promised to revolutionize e-business,
● In the enterprise (large companies), Windows NT is still a distant second in popularity to good old
and Windows 2000 have proved enormously popu- EDI.
lar as file, print, and application server platforms.
We could say a lot more, but let’s briefly address the
Microsoft Exchange has eclipsed Lotus Notes as
questions, “Where are we going? What might the rest of
the dominant messaging platform, and Microsoft
this decade hold as far as the growth and evolution of
SQL Server is giving Oracle and DB2 a run for their
networking in all its forms?” Here are a few “hedged-
money. IIS and Apache continue to fight it out for
bet” predictions for you to consider:
Web server supremacy, with each side claiming vic-
tory in different market segments. And Linux has ● Will we have 3G wireless broadband connectivity
established a niche for itself in the enterprise and for everyone, everywhere, all the time? Or will
continues to grow, mostly at the expense of Novell most major cellular providers go bankrupt, throw-
NetWare and UNIX platforms. ing a monkey wrench into 3G deployments and put-
ting them years behind schedule?
● Wireless networking using the 802.11b standard has
exploded across the enterprise, but security continues ● Will 10 GbE provide users and companies with
to be a big concern for these networks, as “drive-by unparalleled amounts of bandwidth? Or will
hackers” have shown with their laptops and BMWs. demand for bandwidth rise even more rapidly than
Data transmission over cellular communication new technologies can accomodate?
systems is still incredibly slow in most areas, as 2G
technologies are slowly superseded by 2.5G ones.
liv
Introduction
● Will P2P file sharing platforms finally bring the ● Information about popular software technologies
Internet (and most enterprises) to its knees? Or will used in developing network-aware solutions,
Dense Wavelength Division Multiplexing (DWDM) including such platforms as Windows and Linux
be a knight in shining armor riding to the rescue? and such applications as Apache.
● Will viruses, worms, Trojans, and other forms of Also included in this book are numerous entries from
“malware” continue to wreak havoc with the world areas that are usually considered peripheral to network-
economy? Or will a solution be found to this grow- ing per se, including network-aware programming tech-
ing problem that does not involve disconnecting the nologies such as Java and ActiveX and cryptography
network cable from your computer and locking it in standards used in networking and communication, such
your closet? as Advanced Encryption Standard (AES) and Public
Key Cryptography Standards (PKCS). Networking pro-
● Will Bluetooth usher in an exciting high-tech world
fessionals and students are likely to encounter many of
of bionic humans carrying dozens of spontaneously
these terms in their daily work and reading and will
networked devices all the time? Or will somebody
benefit from the inclusion of this material.
finally invent a single device that does it all?
Finally, since this is the Microsoft Encyclopedia of Net-
● And will rapid evolution in computer technologies,
working, there is extensive coverage of Microsoft plat-
programming paradigms, networking architectures,
forms and products, including all versions of Windows,
and the Internet make us less human? Or more?
the .NET platform and .NET Server family, services
Let the reader decide—we will give you a partial such as TechNet and MSDN, the Microsoft Web site
answer when the third edition of this book comes out! (one of the largest in the world), and Microsoft Corpo-
ration itself.
The Scope of This Encyclopedia
Now that you have an idea of what networking is all Who This Work Is For
about and how it has evolved over the years, you proba- This book will be an invaluable reference and learning
bly realize that the scope of this encyclopedia is fairly tool for all levels of networking professionals, ranging
broad. Most of the information found in this book falls from the seasoned professional with many years of
into these categories: hands-on experience to the individual pursuing an
entry-level certification such as CompTIA’s Network+.
● Information about networking concepts, technol-
Individuals working toward the popular Microsoft Cer-
ogies, standards, and hardware—including such
tified Systems Engineer (MCSE) will find the book par-
things as Ethernet, Token Ring, bandwidth, latency,
ticularly helpful in their endeavors.
hubs, switches, OSI, and X.500.
Many other professionals will also find this work use-
● Information about the telecommunications indus-
ful, including consultants, IT implementers, sales and
try, including WAN services such as frame relay,
marketing people, and the interested lay reader.
leased lines, and ATM. Also included is coverage of
various wireless networking and cellular communi-
cation technologies. How This Work Is Organized
The articles in this work are listed in alphabetical order,
● Information about the Internet and its standards,
of course, and their lengths range from a few paragraphs
protocols, services, architecture, and implementa-
to several pages. Longer articles are organized for read-
tion—including such things as HTTP, SMTP, Web
ability into a number of subsections, including Over-
servers, Web browsers, TCP/IP, BGP, and ASP.
view, History, Uses, Types, Comparison, Architecture,
lv
Introduction
Disclaimer
Information contained in this work has been obtained
from sources believed to be reliable. Although the
authors and Microsoft Press have made every effort
to be accurate, neither the authors nor the publisher
assume any liability or responsibility for any inaccuracy
or omissions contained in this book, or for any loss or
damage arising from the information presented. In other
words, the information provided in this book is pre-
sented on an “as is” basis. Mention of companies, ser-
vice providers, vendors, and products in this work are
not to be viewed as endorsements by either the authors
or by Microsoft.
lvi
Numbers #
and Symbols
2G
Numbers and Symbols
1Base5
An obsolete 1 megabit per second (Mbps) local area Stands for second generation and refers to widely
network (LAN) networking technology. deployed cellular communications systems such as
Digital Advanced Mobile Phone Service (D-AMPS),
Overview Time Division Multiple Access (TDMA), Code Divi-
1Base5 was actually developed after the 10Base5 Stan- sion Multiple Access (CDMA), Global System for
dard Ethernet specification was ratified but before the Mobile Communications (GSM), and Personal
ratification of the 10BaseT standard. It was developed Communication Services (PCS) systems.
as an initial attempt to deploy computer networking
over existing unshielded twisted-pair (UTP) cabling at a See Also: 3G
time when Ethernet was still based on coaxial cabling.
The popular name for 1Base5 networking technologies 2.5G
was StarLAN because it was wired in a hierarchical star A label some vendors use to refer to several interim cel-
topology. When 10BaseT was ratified as an Institute of lular communications systems currently being deployed
Electrical and Electronics Engineers (IEEE) standard in as a prelude to full third-generation (3G) systems.
1990, however, StarLAN and similar technologies
quickly became obsolete and fell into disuse. Overview
For many cellular systems, upgrading immediately
See Also: 10BaseT, Ethernet from existing second-generation (2G) systems to full
3G functionality is costly and complex. Furthermore,
2B+D some vendors question whether there is a need for the
Basic Rate Integrated Services Digital Network (ISDN) high (2 megabits per second) data rates promised by 3G
service, which uses two B channels and one D channel and suggest that lower data rates in the hundreds of
for signaling and communications. kilobits per second (Kbps) are more than sufficient for
the majority of current applications. They cannot justify
See Also: Integrated Services Digital Network (ISDN) the enormous cost of an upgrade considering the insuf-
ficient demand for the type of interactive multimedia
2B1Q communications that 3G will support. Even 2.5G would
Stands for Two Binary One Quaternary, a physical layer be a significant leap forward from today’s current 2G
encoding mechanism for translating digital information systems, where typical data rates are a mere 9.6, 14.4,
into electrical signals, standardized by the American or 19.2 Kbps.
National Standards Institute (ANSI) and used in Inte-
As a result, some cellular service providers have opted
grated Services Digital Network (ISDN) networks. In
to migrate from 2G to 3G in stages by first upgrading
2B1Q, four electrical amplitude and polarity values are
their existing Time Division Multiple Access (TDMA)
used to represent binary information.
and Code Division Multiple Access (CDMA) networks
See Also: line coding to interim technologies which offer much higher data
transmission rates. These interim 2.5G systems include
Enhanced Data Rates for Global Evolution (EDGE),
1
# 3G 3G
2
3G 3G #
In 1992 the ITU proposed a system called IMT-2000 as environments this slows to 384 Kbps and for fast-
the single global 3G-based standard for cellular com- moving vehicles such as a car on the highway, it is
munications. In 1999 conflicts between carriers, regula- down to 144 Kbps.
tors, and vendors in different countries and regions led
Another proposed 3G system based on TDMA instead
to a compromise version of the IMT-2000 standard. The
of CDMA is called EDGE (Enhanced Data Rates for
agreed-upon standard incorporated a mix of three dif-
Global Evolution). EDGE is an upgrade to existing
ferent proposed versions, two of which use CDMA
General Packet Radio Services (GPRS) systems and
technologies and the third using TDMA. Existing
supports data rates of 384 Kbps.
CDMA providers will find it easier to upgrade to 3G
technologies than TDMA providers will. Prospects
3G was originally envisioned to become widespread by
Types
2000 (hence the name of the original proposed
Qualcomm has proposed a 3G upgrade for its popular
IMT-2000 system), but these systems are only begin-
2G system cdmaOne, used throughout much of Asia
ning to be deployed (now pushed back to between 2003
and North America. The upgrade is called cdma2000
and 2005, depending on the country or region). They
3XMC. It has recently been ratified by the ITU and is
provide data rates less than those anticipated, and have
expected to provide real data rates of 1.117 Mbps.
developed interoperability problems that may not be
Other CDMA providers have proposed that an initial
easily resolved.
upgrade called cdma2000 1XMC be deployed first as
an interim “2.5G” cellular system before full deploy- 3G technology is also expensive to develop and deploy.
ment of cdma2000 3XMC is achieved. The cdma2000 In this regard, Europe has a head start on the United
1XMC technology only supports real data rates of 144 States; however, the total cost of deploying 3G through-
Kbps, although vendor-proprietary extensions have out the European Union (EU) has been estimated to be
been proposed to extend this. as high as $1 trillion. The long-term viability of many
European 3G carriers may be affected by the high
Another 3G CDMA system similar to cdma2000
licensing fees imposed by governments for use of suit-
3XMC and currently being rolled out in some countries
able radio spectrum. Most industry watchers expect a
and regions is called Universal Mobile Telecommunica-
shakeout in the next few years, leaving only giants such
tions System (UMTS) or Wideband CDMA
as Deutsche Telekom, France Telecom, Vodafone, and a
(W-CDMA) (carriers in Europe prefer the UMTS des-
few others.
ignation, but those in North America prefer W-CDMA
or WCDMA). UMTS is designed to interoperate with Many countries and regions, including the United King-
existing GSM networks and will provide a natural dom, Belgium, Germany, and Sweden, hold auctions to
upgrade path for these networks from 2G to 3G. The parcel off portions of 3G spectrum to the highest bid-
first country widely rolling out W-CDMA is Japan, ders. Carriers must quickly recoup these up-front costs
which is using it to replace its Personal Digital Cellular to remain viable. Some countries and regions, such as
(PDC) system, whose capacity is saturated. Unfortu- Norway, Finland, France, and Spain, allocate spectrum
nately, UMTS/W-CDMA cannot be provisioned in the on a fixed-fee basis to first-comers, but this practice is
United States because the frequencies this technology being challenged in the EU courts as a type of subsidy
requires have already been allocated by the Federal that is unfair and anticompetitive.
Communications Commission (FCC) for other uses.
In the United States, AT&T laid out a road map in
UTMS/W-CDMA supports wireless data transmission
December 2000 for its deployment of 3G wireless that
at 2 Mbps. Note, however, that this speed will be
involves several intermediate steps. First, its existing
achievable for stationary users only—for mobile
TDMA network, which carries data at only 19.2 Kbps,
3
# 3.1 kHz bearer service 5-4-3 rule
will be upgraded to GSM with an overlay of GPRS to 3.1 kHz bearer service
support data transmission at 144 Kbps. Then GSM/ A service provided by some telcos for transmitting data
GPRS will be upgraded to EDGE to support data trans- over voice trunk lines.
mission rates of 384 Kbps. Finally, W-CDMA will be
deployed to support data at 2 Mbps. Meanwhile, Overview
CDMA carriers such as Sprint Corporation and Verizon When supporting 3.1 kHz bearer service communica-
Communications are upgrading their systems to tions, telco switches must have trunk-line echo cancel-
cdma2000 and beyond. This split between W-CDMA, lation turned off because echo cancellation will corrupt
supported by AT&T, and cdma2000, supported by Ver- data transmissions sent over voice lines. This service is
izon and Sprint, presents some interoperability prob- a legacy telecommunications technology that is no
lems for users in North America, but efforts are longer widely implemented.
underway to resolve these issues. Notes
Ultimately, when 3G systems are fully operational, they Some carriers call this service data-over-voice (DOV).
will provide mobile users with the equivalent of broad-
band Internet access, opening up a new world of wire- 4G
less Web-based services and applications. An envisioned fourth-generation wireless cellular
Notes system to supersede 3G (third-generation) cellular.
Although 3G wireless systems such as UMTS will be Overview
capable of supporting data transmission speeds of 2 4G is a term sometimes applied to proposed wireless
Mbps, this will be for stationary clients only, which networking systems using Orthogonal Frequency Divi-
includes laptop computers equipped such as 3G PC cards. sion Multiplexing (OFDM). OFDM is a modulation
Transmission speeds for mobile clients such as 3G cell scheme theoretically capable of transmitting data at
phones and handsets will likely top out at 384 Kbps or rates of 622 megabits per second (Mbps), which is
lower, depending on the environment’s reception much higher than the 2 Mbps of the 3G wireless sys-
characteristics. tems that are only now beginning to be deployed.
Because of the high costs and technical challenges OFDM is currently defined in two implementations,
associated with rolling out 3G systems, some cellular one supported by the Institute of Electrical and Elec-
communications providers are rolling out unofficial tronics Engineers (IEEE) and the other by the European
“2.5G” systems as a kind of intermediate step along the Telecommunications Standards Institute–Broadband
way to the high-speed data rates of 3G. For more infor- Radio Access Networks (ETSI-BRAN). These two
mation, see the article “2.5 G” elsewhere in this chapter. implementations are different in some respects, and
efforts are underway by the OFDM Forum to harmonize
For More Information these systems to reduce the incompatibilities that could
An alliance of regulators and vendors committed to result once 4G systems begin to materialize. Apart from
remaining neutral in the 3G standards war is the Third these difficulties, 4G wireless networking systems are
Generation Partnership Project, whose site can be found more of a dream than a reality.
at www.3gpp.org.
See Also: 3G
Details of the ITU’s IMT-2000 standard can be found at
www.itu.int/imt2000.
5-4-3 rule
See Also: 2.5G, cellular communications A specification describing limitations on constructing
certain kinds of Ethernet networks. The 5-4-3 rule
applies specifically to Ethernet networks based on
either the thinnet or thicknet cabling option.
4
6bone 6to4 #
Computers 6bone
A testbed for development of the next generation of the
Internet Protocol (IP) protocol, IPv6.
Terminator
Overview
The 6bone grew out of the IP Next Generation (IPng)
project of the Internet Engineering Task Force (IETF)
Repeater that led to the development of IPv6. It is an informal
collaborative project among a number of groups around
the world, operating under the oversight of the IETF’s
Next Generation Transition (NGtrans) Working Group.
The 6bone began operation as a virtual network in
which IPv6 packets were encapsulated in and tunneled
over IPv4, but migration to native IPv6 is underway and
should soon be completed.
The 6bone has been playing an important role in testing
IPv6 before widespread migration from the current
IPv4 (standard IP) networking protocol is recom-
mended for public use. Projects such as FreeNet6,
developed by Viagénie, and vendors such as Nortel
Networks and 3Com Corporation have provided IPv6
Terminator researchers with gateways for tunneling from their IPv6
GNSXX01 (was G0#ui02.bmp in 1E)
testbed deployments through the IPv4 Internet and over
5-4-3 rule. This rule restricts bus-style Ethernet networks the 6bone to test and become familiar with the new IPv6
to five total segments, four repeaters, and three populated protocol.
segments.
For More Information
Overview The official site for the 6bone can be found at
According to the Ethernet specifications, thinnet (or www.6bone.net. You can also find information there
thicknet) Ethernet network segments can be joined about how to join your network to the 6bone.
using repeaters to form larger networks, but there are
limitations on how you can do this. The maximum num- If you want to connect an individual workstation to the
ber of segments you can join is five. To join these seg- 6bone, you can use Freenet6, which can be found at
ments, you need to use four repeaters because Ethernet www.freenet6.net. This site enables IPv6 end stations to
typically uses a bus topology in which all segments are connect to the 6bone through IPv4 tunneling over the
joined linearly. However, in this configuration, no more Internet. You must have a dual IPv4/6 stack to connect.
than three of the segments can actually have computers You can download a preliminary IPv6 stack from
attached to them, leaving two segments that are used Microsoft Research at www.research.Microsoft.com/
only for extending distances rather than hosting com- msripv6.
puters. These two unpopulated segments are called See Also: IPv6
inter-repeater links. You should not violate this rule
when implementing Ethernet networks; otherwise,
unreliable network communications might result. 6to4
A mechanism for connecting networks running IPv6 by
See Also: Ethernet tunneling through the IPv4 Internet.
5
# 8mm 10Base2
Overview 10Base2
6to4 was developed as a transitional scheme to support An Institute of Electrical and Electronic Engineers
the operation of IPv6 within an IPv4 world until the (IEEE) standard for implementing 10 megabits per sec-
backbone of the Internet is completely migrated to ond (Mbps) Ethernet over thin coaxial cabling.
IPv6. 6to4 works by encapsulating IPv6 packets inside
IPv4 packets and transmitting them over the existing Overview
IPv4 Internet. In this way, different islands of IPv6 con- 10Base2 is based on the 802.3 specifications of Project
nectivity can be linked across the IPv4 ocean that 802 developed by the IEEE. It was ratified as an IEEE
constitutes the Internet. standard in 1985 and quickly found its way into corpo-
rate networks for small local area networks (LANs)
A special IPv6 prefix is used to identify an encapsulated connected to larger 10Base5 backbones.
6to4 packet. This header is represented in IPv6 address
notation as 2002::/16 and identifies the IPv6 address 10Base2 is sometimes referred to as thinnet or thin coax
space specially reserved by IANA for 6to4 tunneling. because it uses thin coaxial cabling for connecting sta-
tions to form a network (as compared to 10Base5,
For More Information which uses a thicker form of cabling and hence is called
In order to use 6to4, you must install a dual IPv4/6 thicknet). The designation 10Base2 is derived from the
protocol stack on your machine. Microsoft is integrating network’s speed (10 Mbps), the signal transmission
basic support for IPv6 into its Windows XP and Windows method (baseband transmission), and the maximum
.NET Server operating system platforms. You can also segment length (185 meters, rounded off to 200 with the
download a pre-liminary IPv6 stack from Microsoft zeros removed). Another popular nickname for this
Research at www.research.microsoft.com/msripv6. technology was Cheapernet because thinnet cabling
See Also: IPv6 was considerably less costly than thicknet cabling.
8mm Network
A format for tape backup developed by Exabyte interface
Corporation. card
Overview
BNC
8mm is the standard tape format for videotape, and
terminator
Exabyte developed this format into a tape backup solu-
tion to take advantage of this medium’s low cost. Typi- BNC BNC-T connector
cal 8mm tape drives can store up to 40 gigabytes (GB) terminator
of data on a tape, and data can be written to tape at
Thinnet bus
speeds in excess of 6 megabytes per second (MBps)
using compression or 3 MBps without compression. GNSXX02 (was G0#ui03.bmp in 1E)
Exabyte 8mm tape drives are inexpensive, have high 10Base2. A typical 10Base2 network.
performance, and make an attractive tape backup solu- Implementation
tion for companies developing a disaster recovery plan. 10Base2 networks are wired together using a bus topol-
For More Information ogy, in which individual stations (computers) are con-
See Exabyte online at www.exabyte.com. nected directly to one long cable. The maximum length
of any particular segment of a 10Base2 network is 607
See Also: tape format feet (185 meters). If distances longer than this are
required, two or more segments must be connected
using repeaters. Altogether, a total of five segments can
6
10Base5 10Base5 #
be connected using four repeaters, as long as only three corporate and campus networks. An earlier form of
of the segments have stations (devices) attached to 10Mbps Ethernet developed by the DIX Consortium
them. This is referred to as the 5-4-3 rule. was superseded by 10Base5 when the IEEE 802.3
standard was created in 1983.
A 10Base2 segment should have no more than 30 sta-
tions wired to it. The minimum distance between these 10Base5 is sometimes referred to as thicknet because it
stations is 1.6 feet (0.5 meters). Stations are attached to uses thick coaxial cabling for connecting stations to
the cable using BNC (British Naval Connector or Bay- form a network (compared to 10Base2, which uses a
onet-Neill-Concelman) connectors, and the ends of the thinner form of cable and is hence called thinnet).
cabling have BNC cable connectors soldered or Another name for 10Base5 is Standard Ethernet
crimped to them. because it was the first type of Ethernet to be imple-
mented (it is also sometimes referred to as Original
10Base2 supports a maximum theoretical bandwidth of
Ethernet, for obvious reasons). The designation
10 Mbps, but in actuality the presence of collisions
10Base5 is derived from the network’s speed (10
reduces this to more like 4 to 6 Mbps.
Mbps), the signal transmission method (baseband
Notes transmission), and the maximum segment length
10Base2 networks are not deployed much anymore for (500 meters).
two reasons. First, because their speed is limited to 10
Implementation
Mbps, the networks perform poorly in today’s band-
10Base5 networks are wired together in a bus topol-
width-hungry, Internet-connected world. Second,
ogy—that is, in a linear fashion using one long cable.
10Base2 networks have a single point of failure—the
The maximum length of any particular segment of a
long, linear bus cable used to connect the stations. A
10Base5 network is 1640 feet (500 meters). If distances
single break or loose connection brings down the entire
longer than this are required, two or more segments
network, thus every cable segment and station connec-
must be connected using repeaters. Altogether, there
tion must be checked to determine the problem. If you
can be a total of five segments connected using four
are wiring an office for a small LAN with low band-
repeaters, as long as only three of the segments have
width requirements, use 10BaseT instead, which is eas-
stations (computers) attached to them. This is referred
ier to manage and troubleshoot. For moderate to high
to as the 5-4-3 rule.
bandwidth requirements, try using Fast Ethernet
instead. A 10Base5 segment should have no more than 100 sta-
tions wired to it. These stations are not connected
The two ends of a 10Base2 bus must be properly termi-
directly to the cable as in 10Base2 networks. Instead, a
nated. If they are not, signals will bounce and network
transceiver is attached to the cable, usually using a
communication will come to a halt.
cable-piercing connector called a vampire tap. From the
See Also: 5-4-3 rule, 10Base5, 10BaseF, 10BaseT, transceiver, a drop cable is attached, which then con-
Ethernet nects to the network interface card (NIC) in the com-
puter. The minimum distance between transceivers
attached to the cable is 8 feet (2.5 meters), and the max-
10Base5
imum length for a drop cable is 164 feet (50 meters).
An Institute of Electrical and Electronic Engineers
Thicknet cable ends can have N-series connectors sol-
(IEEE) standard for implementing 10 megabits per
dered or crimped on them for connecting segments
second (Mbps) Ethernet over coaxial cabling.
together.
Overview
10Base5 was often used for backbones for large net-
10Base5 is based on the 802.3 specifications of Project
works. In a typical configuration, transceivers on the
802 developed by the IEEE. It was developed as a stan-
thicknet backbone would attach to repeaters, which
dard in the early 1980s and became hugely popular in
would join smaller thinnet segments to the thicknet
7
# 10BaseF 10BaseF
backbone. In this way a combination of 10Base5 and Using 10BaseFB segments, you can cascade or link
10Base2 standards could support sufficient numbers of synchronous fiber-optic hubs in configurations that
stations for the needs of a moderately large company. are longer than traditional 10BaseT Ethernet net-
works and contain up to 1024 stations. This stan-
10Base5 supports a maximum bandwidth of 10 Mbps,
dard is more expensive and is not as widely
but in actual networks, the presence of collisions
implemented as 10BaseFL.
reduces this to more like 4 to 6 Mbps.
● 10BaseFL: Defines the characteristics of the
Notes
fiber-optic link between the nodes and the hub or
10Base5 networks are legacy networks that are no
concentrator. 10BaseFL replaces the older standard
longer being deployed, although some companies
for fiber-optic link segments, Fiber-Optic
might choose to maintain existing ones for cost reasons.
Inter-Repeater Link (FOIRL) segments, which was
The complexity and bandwidth limitations of 10Base5
developed in the 1980s. 10BaseFL is the most com-
networks render them largely obsolete. If you are wir-
monly implemented version of 10BaseF.
ing an office for a small local area network (LAN) with
low bandwidth requirements, use 10BaseT instead. For ● 10BaseFP: Defines the implementation of a star
moderate to high bandwidth requirements, try using topology that does not use repeaters. 10BaseFP
Fast Ethernet. If you are implementing a backbone for stands for Fiber Passive, and its segments can be
today’s high-speed enterprise networks, Gigabit Ether- only 500 meters (1640 feet) in length with a maxi-
net (GbE) is now the preferred technology. mum of 33 stations connected. This standard is
rarely used today.
The two ends of a 10Base5 bus must be properly termi-
nated. If they are not, signals will bounce and network Implementation
communication will come to a halt. 10BaseF is similar to 10BaseT in that each station is
wired into a hub in a star topology to form the network.
See Also: 5-4-3 rule, 10Base2, 10BaseF, 10BaseT,
The maximum length of any segment of 10BaseF
802.3, Ethernet, Fast Ethernet
fiber-optic cabling is 6600 feet (2000 meters), com-
pared to the 328 feet (100 meters) supported by
10BaseF 10BaseT, making 10BaseF suitable for long-haul
An Institute of Electrical and Electronic Engineers interconnects.
(IEEE) standard for implementing 10 megabits per sec-
The recommended cabling type for 10BaseF networks
ond (Mbps) Ethernet over fiber-optic cabling.
is 62.5-micron diameter fiber-optic cabling. This cable
Overview can be terminated with either ST connectors or SMA
10BaseF is based on the 802.3 specifications of Project connectors, depending on the vendor and the hub con-
802 developed by the IEEE and differs from other figuration. Two-strand multimode fiber-optic cabling is
forms of 10-Mbps Ethernet by using fiber-optic cabling used, with one strand allotted for transmitting data and
instead of copper unshielded twisted-pair (UTP) the other for receiving data.
cabling. The designation 10BaseF is derived from the
network’s speed (10 Mbps), the signal transmission Marketplace
Nowadays, 10BaseF is only supported in legacy 10
method (baseband transmission), and the physical
Mbps Ethernet equipment and has been superseded by
media used (fiber-optic cabling).
100 Mbps Fast Ethernet in most circumstances for net-
The 10BaseF standard actually consists of three sepa- work backbones and interconnects.
rate standards describing different media specifications:
● 10BaseFB: Defines how the synchronous data
transmission occurs over the fiber-optic cabling.
8
10BaseT 10BaseT #
Notes Implementation
10BaseF is preferable to 10BaseT in environments that In10BaseT networks, end stations such as workstations
are electrically noisy, such as in industrial areas, near and servers are wired together in a star topology to a
elevator shafts, or around other motors or generators. central hub. The UTP cabling used for wiring should be
Category 3 (Cat3) cabling, Category 4 (Cat4) cabling,
Fiber-optic cabling is often used for running cables
or Category 5 (Cat5) cabling, terminated with RJ-45
between buildings. Differences in ground potential
connectors. Patch panels can be used to organize wiring
between the ends of copper cabling can induce voltages
and provide termination points for cables running to
that can damage networking equipment if the ends are
wall plates in work areas. Patch cables then connect
not grounded properly. Fiber-optic cabling also sup-
each port on the patch panel to the hub. Usually most of
ports faster speeds than copper UTP cabling and pro-
the wiring is hidden in a wiring cabinet and arranged on
vides a more suitable upgrade option to Fast Ethernet
a rack for easy access.
and beyond.
The maximum length of any particular segment of a
The maximum signal loss or attenuation on a given seg-
10BaseT network is 328 feet (100 meters). In practice
ment should be no more than 12.5 decibels. Using too
this is not a limitation because a survey by AT&T indi-
many connectors in a segment of fiber-optic cabling can
cated that about 99 percent of desktops in commercial
cause the attenuation to exceed this figure, which can
buildings are located within 328 feet (100 meters) of a
lead to signal loss.
wiring closet. If distances longer than that are required,
See Also: 10Base2, 10Base5, 10BaseT, 802.3, Ethernet two or more segments may be connected using repeat-
ers. The minimum length of any given segment is
restricted to 8 feet (2.5 meters).
10BaseT
An Institute of Electrical and Electronic Engineers By using stackable hubs or by cascading regular hubs
(IEEE) standard for implementing 10 megabits per into a cascaded star topology, you can network large
second (Mbps) Ethernet over twisted-pair cabling. numbers of computers using 10BaseT cable. Although
10BaseT can support up to 1024 nodes, networks with
Overview no more than 200 or 300 nodes will yield the best per-
10BaseT is based on the 802.3 specifications of Project formance by keeping collision domains small. Hubs can
802 developed by the IEEE and is the most popular be hierarchically arranged to a depth of up to three lev-
form of 10-Mbps Ethernet. 10BaseT is deployed over els in order to accommodate much larger networks, but
structured cabling systems consisting of unshielded performance declines significantly as the number of
twisted-pair (UTP) cabling used for connecting end sta- stations exceeds several hundred.
tions to centralized hubs to form a network. (Shielded
twisted-pair [STP] cabling can also be used, but it never Notes
is.) The designation 10BaseT comes from the network’s Although 10BaseT theoretically supports a maximum
speed (10 Mbps), the signal transmission method (base- bandwidth of 10 Mbps, in actual networks the presence
band transmission), and the physical medium used for of collisions reduces throughput to about 4 to 6 Mbps.
transmission (twisted-pair cabling). The maximum length of a 10BaseT cable segment is
10BaseT became widely popular because of the earlier not a result of the specifications for round-trip commu-
success of the Public Switched Telephone Network nications on an Ethernet network but rather a limitation
(PSTN), a hierarchical structured-wiring system to caused by the relatively low signal strength of 10BaseT
which 10BaseT bears many similarities. An advantage systems. With enhanced Category 5 (Cat5e) cabling,
of 10BaseT over earlier 10 Mbps Ethernet systems such you might be able to sustain network communications
as 10Base5 and 10Base2 is that it is easier to manage effectively with cable lengths up to about 490 feet (150
because of the centralization of network traffic in hubs. meters), although this is not normally recommended.
9
# 10GbE 10G Ethernet
Work area
Wall plates
Wiring closet
Patch panel
Patch
Hub cables
Rack
10
10G Ethernet 10G Ethernet #
stands for 10 Gigabit Ethernet, is the successor to Giga- only supports up to 8 Gbps aggregated links
bit Ethernet (GbE) and will be standardized under the between switches). The impending arrival of 64-bit
Institute of Electrical and Electronic Engineers (IEEE) PC architectures such as Intel’s Itanium also prom-
802.3ae working group. ises to increase the rate at which servers will be able
to process data, and new servers are appearing that
Overview
are able to just saturate a 1 Gbps 1000BaseT NIC.
10GbE is a switched-based technology that has similar-
The promise here is that 10GbE will enable network
ities to and differences from earlier versions of Ether-
architects to build Ethernet wide area networks
net. It abandons the Carrier-Sense Multiple-Access
(WANs) as easily as they build Ethernet LANs
with Collision Detection (CSMA/CD) Media Access
today, without having to learn more complex tech-
Control (MAC) method of earlier versions, using
nologies such as Asynchronous Transfer Mode
instead separate send and receive channels. In other
(ATM) or Synchronous Optical Network (SONET).
words, 10GbE operates only in full-duplex communica-
tions mode, similar to GbE and Full-Duplex Fast Ether- ● WAN service providers (carriers) see 10GbE as a
net. This does not eliminate contention, however, simpler, less costly replacement for SONET/Syn-
because 10GbE is designed to interoperate with slower chronous Digital Hierarchy (SDH), and envisage a
forms of Ethernet where collisions may occur. world of end-to-end Ethernet incorporating both
LAN and WAN technologies. Although Ethernet
10GbE uses the same 48- to 1518-byte frame format as
gear only costs about a fifth of what SONET gear
standard 10 megabits per second (Mbps) Ethernet and
costs, incumbent carriers have invested heavily in
100 Mbps Fast Ethernet, abandoning the jumbo frames
SONET technologies and ATM, which may affect
supported by GbE. And unlike earlier versions of Ether-
how quickly they adopt 10GbE. Startup carriers are
net, 10GbE operates exclusively over fiber-optic
therefore more likely to jump on the 10GbE band-
cabling, although efforts are being made to develop a
wagon than existing carriers.
form of 10GbE over copper cabling that can be used
over the short distances needed within wiring closets. As a result of this twofold need of the carriers (for
The maximum range for 10GbE will be 328 to 984 feet SONET-compatibility) and enterprise networks (for
(100 to 300 meters) over multimode fiber and 25 miles easy upgrading of core switches from GbE to 10GbE),
(40 kilometers) over single-mode fiber. Laser wave- two different versions of 10GbE are envisioned under
lengths of 1310 and 1550 nanometers are used for the emerging IEEE 802.3ae standard. These versions,
medium- and long-haul transmission respectively. listed below, operate differently at the physical layer
(PHY):
Types
The driving force behind the development of 10GbE is ● LAN version: This is essentially just speeded-up
twofold: GbE and will operate at exactly 10.0 Gbps and use
standard Ethernet frames. The primary difference
● Enterprise-level local area networks (LANs) that
with GbE is that only full-duplex communications
have deployed core switches with GbE intercon-
will be supported. This version is designed to be an
nects (and even multiplexed GbE interconnects) are
easy upgrade for backbone switches in enterprise
approaching saturation and require the higher back-
LANs.
bone speed promised by 10GbE. Many server farms
and clusters are being deployed today using ● WAN version: This provides a method of trans-
1000BaseT connections to network backbones. As porting Ethernet frames over SONET/SDH at a
a result, these backbones will soon face saturation speed of 9.58464 Gbps (identical to the current
unless a technology such as 10GbE can provide the OC-192). This version is designed to maximize
necessary bandwidth to support these GbE farms compatibility with carrier’s existing SONET
(the Link Aggregation Control Protocol of 802.3ad deployments in their long-haul lines.
11
# 10G Ethernet 10G Ethernet
Server farm
Fast Ethernet
switch
Fast Ethernet
GbE switch with switch
10 Gbps backbone
Workstations
10GbE switch
10GbE
switch
Head-
quarters Branch
LAN Dark fibre office
LAN
10GbE
switch
10GbE switch
Customer Metropolitan network of Customer
premises 10GbE carrier premises
12
10G Ethernet 10G Ethernet #
Implementation Frame technologies, which raises concerns for future
Some envisioned uses for 10GbE include prospects of interoperability between 10GbE equip-
ment from different vendors.
● High-speed interconnects between GbE backbone
switches in enterprise LANs Prospects
Many users are looking forward to the day when carri-
● Aggregation of multiple short-haul GbE links and
ers can provision their corporate networks with 10GbE.
high-speed campus-wide interconnects
Carriers will likely supply these services using a band-
● Switched connections to server farms and high- width-on-demand model, allowing customers to replace
performance clusters their costly T1 and T3 lines with blocks of purchased
bandwidth that can scale in real time to accommodate
Some telecom carriers plan to replace their SONET/
bursts of traffic. Application Service Providers (ASPs)
ATM rings with 10GbE in their Metropolitan Area Net-
are also waiting to take advantage of 10GbE to offer
works (MANs) to provide high-speed connections in
outsourced email and workflow applications that will
the local loop between Central Offices (COs) and cus-
perform as well as LAN-based implementations.
tomer premises. These carriers will then be able to pro-
vision corporate users with 10GbE Ethernet WAN links The IEEE published a draft standard (802.3ae) for
to provide end-to-end Ethernet services across the 10GbE in September 2000, and the final standard is
WAN. Because this eliminates the need for costly expected to be ratified in 2002. Until then, 10GbE
packet-conversion equipment such as frame relay equipment provided by vendors may involve propri-
assembler/disassemblers (FRADs) or ATM access etary technologies, and network architects should con-
routers at the customer premises, 10GbE WAN services sider interoperability issues before committing budgets
are likely to be much less costly than current T1 and to this emerging technology. Another cost issue to
frame relay services. Furthermore, 10GbE has almost consider is that existing copper and multimode fiber
no protocol overhead compared to ATM/SONET, infrastructures would have to be replaced with more
which can have as much as 56 percent protocol over- costly single-mode fiber if anything more than back-
head when implementing Automatic Protection Switch- bone switch interconnects is considered in a proposed
ing (APS) routines. The desire of carriers to implement 10GbE deployment.
10GbE to save cost is a major force driving vendors to
Some of the vendors developing 10GbE plug-in back-
quickly develop 10GbE switching technologies. Due to
plane modules for their carrier-class backbone switches
its distance limitations, however, 10GbE is not expected
include Nortel Networks, Extreme Networks, and
to replace SONET/SDH for long-haul telecommunica-
Foundry Networks. Because there is already demand in
tions links between cities or continents.
the corporate WAN market, service providers such as
Issues Yipes (www.yipes.com) are rapidly rolling out infrastruc-
Most servers are not yet capable of utilizing the full ture to provide 10GbE carrier services in a number of
potential of 10GbE because of limitations in processing cities across the United States and compete with local
power and bus speed, though advances in bus, memory, telco carriers selling T-carrier and frame relay services.
and storage technologies are closing the gap. With stan-
Notes
dard 1500-byte Ethernet frames being employed, serv-
10GbE will support Simple Network Management Pro-
ers would need to be able to process 833,000 frames per
tocol (SNMP) and (Remote Network Monitoring)
second, which is beyond their current limitations. One
RMON at the PHY layer. This will enable carriers to
solution would be to employ Jumbo Frames similar to
remotely manage provisioned 10GbE services and
those used in GbE, but the 802.3ae standard does not
should be a boon to enterprise network managers as
cover this feature. The result is that some vendors are
well.
starting to implement their own proprietary Jumbo
13
# 24 x 7 64-bit architecture
For More Information that requires 24 x 7 uptime, it is wise to make sure your
You can find the 10 Gigabit Ethernet Alliance (10GEA) network administrators and support staff are adequately
at www.10gea.org. compensated—they must work hard to maintain a 24 x
7 networking environment. Also, such people can be
Also find out about the IEEE 802.3ae working group at
difficult to replace, so it is advisable to do what you can
www.ieee.org.
to minimize turnover.
See Also: Ethernet, Fast Ethernet, Gigabit Ethernet
See Also: network management
(GbE)
24 x 7 64-bit architecture
Any computing hardware based on a processor capable
A term implying the uninterrupted running of network
of manipulating 64 bits of information at a time and
services. A 24 x 7 network is a network whose services
directly accessing up to 264 bytes (16 exabytes) of differ-
and resources are available 24 hours a day, seven days
ent physical memory addresses.
a week, with virtually no downtime. A similar term is
24 x 7 x 365, which implies virtually no downtime dur- Overview
ing the entire year. The PC revolution of the 1990s was based to a large
degree upon the x86 processor platform, a series of
Overview
32-bit processors developed by Intel Corporation. Com-
In today’s emerging e-business economy, availability of
pared to their 16-bit predecessors, these new processors
the network and its resources and applications can make
could manipulate twice as many bits simultaneously
the difference between business success and failure. A
and access up to 4 gigabytes (GB) of directly address-
variety of technologies can be used to approach the goal
able memory, which provided more than enough
of 24 x 7 availability. One of the most successful is
processing power and memory space for most PC-based
clustering, a technology in which an application runs
applications.
redundantly on multiple servers. When one of the nodes
in a cluster fails, the other nodes take on the workload As the PC platform began to push its way into the
of the failed node so that there’s no interruption in ser- high-end server platform previously dominated by
vice while the failed node is being repaired or replaced. Reduced Instruction Set Computing (RISC) processors,
Windows 2000 and .NET Server Advanced Server the demand for greater power and memory addressabil-
editions offer clustering services for high-availability ity grew. This need has been felt most in the area of
line-of-business applications. enterprise-level database applications, which are pro-
cessor and memory intensive in their requirements. To
Other technologies important to the 24 x 7 goal include
address these needs, two leading processor vendors,
fault-tolerant hardware technologies. Examples are
Intel and AMD, began development of 64-bit
hot-swappable components, such as power supplies and
processors in the late 1990s.
hard disks that can be removed and replaced without the
system having to power down or reboot. Fault-tolerant Comparison
storage technologies such as RAID 1 or RAID 5 guard AMD’s x86-64 architecture can run today’s 32-bit oper-
against data loss from disk failure. Cellular phones and ating systems and applications, but only when running
pagers also play a role in attaining the 24 x 7 goal, as in Legacy mode. Unfortunately, this mode limits
they allow businesses to keep in touch with administra- addressable memory to 4 GB and provides no process-
tors and technical support staff around the clock. ing gain over the present Pentium III platform. In order
to run true 64-bit operating systems and applications,
Notes
the x86-64 architecture must be running in Long mode,
If you are an MIS (Manager of Information Services) or
which does not support backward compatibility with
CIO (Chief Information Officer) running an e-business
existing 32-bit applications and operating systems.
14
64-bit Windows 64-bit Windows #
In order for Intel’s IA-64 architecture to run legacy Sledgehammer operates in two modes: long mode,
32-bit software, an x86 hardware emulation mode is which runs native 64-bit operating systems and applica-
provided. When 32-bit software is run using emulation tions, and legacy mode, which supports existing 16-bit
mode, however, performance is generally slower than and 32-bit operating systems and applications. Sledge-
that of a typical Pentium III processor. hammer uses a motherboard with a Plastic Pin Grid
Array (PPGA) processor slot and requires a 266 MHz
In order to properly run legacy software on Itanium (or
system bus.
on Sledgehammer running in Long mode) and enable
such software to address the full 64-bit address space, Prospects
the software needs to be recompiled to produce a binary Both architectures have their camps supporting them.
bit-image appropriate to the selected 64-bit platform. Intel’s IA-64 architecture is supported by Microsoft Cor-
Unfortunately, these binary images are different for the poration, Hewlett-Packard, IBM, Compaq Computer
two architectures, so either a single architecture will Corporation, and others, and is likely to be the platform
win out or vendors will need to compile two different of choice for users of Microsoft Windows once
versions for the two platforms. Until existing software Microsoft releases its 64-bit version of Windows cur-
is recompiled, or until 64-bit operating systems and rently under development. AMD’s x86-64 architecture is
applications are developed from scratch, the usefulness supported by Sun Microsystems, which has plans to port
of these two new architectures will be limited as far as Solaris (a version of UNIX) to x86-64, and by the Linux
the business enterprise is concerned. community, which is working on a similar port.
Architecture Notes
Intel’s new 64-bit Itanium chip uses a radically new Some software vendors have developed ways of going
architecture called IA-64 that differs in fundamental beyond the hardware limitations of 32-bit processors
ways from the x38 architecture used in all of its earlier that limit addressable physical memory to 4 GB. Exam-
32-bit processors, from the 386 through the Pentium III ples include Microsoft Windows 2000 Advanced Server
Xeon. Itanium uses a Very Long Instruction Word and Microsoft Windows 2000 Datacenter Server, both
(VLIW) algorithm that allows it to read strings contain- of which employ a technique called Physical Address
ing multiple instructions. Using a technique called Extension (PAE) to enable them to address 8 GB and 64
Explicitly Parallel Instruction Computing (EPIC), Ita- GB of memory respectively.
nium can then execute up to six instructions per clock
For More Information
cycle, which greatly enhances performance over 32-bit
More information on these two platforms can be
processors (not just Intel x86 processors, but also 32-bit
found at www.intel.com/ebusiness/products/ia64 and
RISC and complex instruction set computing [CISC]
www.amd.com/products/cpg/64bit.
processors) and eliminates the need for complicated
algorithms such as the Out-of-Order Processing See Also: 64-bit Windows
implemented in Pentium chips.
Itanium processors are capable of performing 6 billion 64-bit Windows
floating-point operations per second (6 gigaflops) and A version of Microsoft Windows 2000, Windows XP,
support up to 512-way symmetric multiprocessing and Windows .NET Server designed to operate on
(SMP) for the most transaction-intensive e-commerce computers using Intel’s new IA-64 (64-bit) processor
and database applications. Itanium uses a new mother- architecture.
board interface and requires a bus speed of 366 MHz.
Overview
AMD’s new 64-bit Sledgehammer chip uses an archi- 64-bit Windows is designed to support today’s most
tecture called x86-64 that is a natural evolution from the processor- and memory-intensive business applications.
x86 standard, and AMD’s 32-bit Athlon processor. These applications include e-commerce, data mining,
online transaction-processing, high-end graphics, and
15
# 80/20 rule 100BaseFX
high-performance multimedia applications. Based on with Vilfredo Pareto, an early 20th-century economist
Intel’s 64-bit processor architecture called IA-64, who stated that 80 percent of the volume of product pro-
which is first realized in the Itanium chip, 64-bit Win- duced comes from only 20 percent of the producers
dows is fully compatible with the Win32 API, allowing who make it. Another modern variant says that 80 per-
developers to develop and compile code for both the cent of your business comes from only 20 percent of
32-bit and 64-bit platforms with equal ease. The main your customers, so identify these customers and give
advantage of using a 64-bit processor architecture is them premier service.
that the amount of directly addressable physical mem-
See Also: local area network (LAN)
ory increases from 64 GB for 32-bit Windows 2000 and
Windows .NET Server Datacenter Server to a staggering
16 terabytes (TB) for the new platform. (A terabyte 100BaseFX
equals 1024 gigabytes.) This means that large databases An Institute of Electrical and Electronics Engineers
can be preloaded in-to memory to provide vastly (IEEE) standard for implementing 100 megabits per
improved data access times, improving the performance second (Mbps) Ethernet over fiber-optic cabling.
and efficiency of enterprise-level applications.
Overview
For More Information 100BaseFX is based on the 802.3u standard, which is an
For more information on the current state of the 64-bit extension of the 802.3 standard of Project 802 developed
Windows platform, see www.microsoft.com/hwdev/ by the IEEE. It’s a type of Fast Ethernet that is often used
64bitwindows/ and www.microsoft.com/windowsxp/ for wiring campus backbones using fiber-optic cabling.
pro/techinfo/howitworks/64bit/default.asp. The designation 100BaseFX is derived from the net-
work’s speed (100 Mbps), the signal transmission
See Also: 64-bit architecture, Microsoft Windows
method (baseband transmission), and the physical
medium used for transmission (fiber-optic cabling).
80/20 rule Implementation
A rule of thumb that says that 80 percent of network
100BaseFX networks are wired together in a star topol-
traffic is local and only 20 percent is destined for
ogy using fiber-optic cabling and 100-Mbps fiber-optic
remote networks.
hubs or Ethernet switches. 100BaseFX systems may be
Overview interconnected with 100BaseTX, 100BaseT4, and
The 80/20 rule was developed in the era of traditional 10BaseT systems using auto negotiating hubs and
routed Ethernet networks and is now considered a clas- switches with suitable ports. Two-strand fiber-optic
sical description of local area network (LAN) traffic cabling is required, and ST, SC, and MIC connectors
patterns that no longer applies. The main consideration are all supported. Signaling is at 125 megahertz (MHz),
here is the Internet, and corporate use of Internet access which when combined with the 80 percent efficiency of
means that ever-increasing amounts of remote traffic the 4B5B line coding mechanism used results in an
are being routed through LANs. The 80/20 rule was overall transmission speed of 100 Mbps.
used in the 1980s to help enterprise network architects
The maximum length of any segment of fiber-optic
plan and design large-scale routed networks.
cabling connecting a station (computer) to a hub in
Notes 100BaseFX is 1350 feet (412 meters), and not 1480 feet
Other types of 80/20 rules exist. For example, in pro- (450 meters) as some sources indicate. The grade of
gramming, the 80/20 rule says that 80 percent of the fiber-optic cabling used is usually two-strand multi-
benefit in coding an application comes from 20 percent mode fiber-optic cabling, with one strand carrying
of the work involved. In other words, prioritize your transmitted data and the other strand receiving data.
development tasks to achieve the most in the time avail- However, you can also use two-strand single-mode
able. The original 80/20 rule seems to have originated fiber-optic cabling. If multimode fiber-optic cabling is
16
100BaseT 100BaseT4 #
used, the variety used is typically a grade with a Stackable
62.5-micron core diameter. Fast Ethernet 10BaseT
switch hubs
Repeaters can be used to extend the length of cabling 10/100 Mbps
and for interfacing between 100BaseFX/TX and
Legacy LAN
100BaseT4 segments. The maximum allowable dis-
tances with repeaters are 2 kilometers using multimode
fiber-optic cabling and 10 kilometers using single-
mode fiber-optic cabling. Only one or two repeaters 100BaseT4 hub
can be used per collision domain, depending on
whether Class I or Class II repeaters are used.
Notes
100BaseFX and a related standard, 100BaseTX, are
sometimes collectively referred to as 100BaseX.
When using 100BaseFX with repeaters for backbone
cabling runs, Ethernet switches cannot be more than
1350 feet (412 meters) apart when running in half- High-speed
duplex mode and 6600 feet (2000 meters) apart when workstations
running in full-duplex mode. File server
See Also: 100BaseT4, 100BaseTX, Fast Ethernet GNSXX05 (was G0#ui05.bmp in 1E)
100BaseT Implementation
100BaseT4 networks are wired together in a star topol-
Another name for Fast Ethernet and thus for all 100 ogy using unshielded twisted-pair (UTP) cabling and
megabits per second (Mbps) Ethernet varieties. Also 100-Mbps hubs or Ethernet switches. The UTP cabling
sometimes used interchangeably with 100BaseT4. involved may be Category 3 (Cat3), Category 4 (Cat4),
See: Fast Ethernet or Category 5 (Cat5) cabling—with Cat5 cabling and
enhanced Category 5 (Cat5e) cabling being the most
commonly used solutions nowadays.
100BaseT4
An Institute of Electrical and Electronics Engineers 100BaseT4 uses all four pairs of wire in standard UTP
(IEEE) standard for implementing 100 megabits per cabling, for signaling with signaling rates of 25 mega-
second (Mbps) Ethernet over twisted-pair cabling. hertz (MHz) and an 8B6T line coding mechanism. One
pair is used exclusively for transmission and a second
Overview
pair for reception. The other two pairs are bidirectional
100BaseT4 is based on 802.3u, which is an extension of
and can be used either to transmit or to receive data as
the 802.3 specifications of Project 802 developed by the
required. In this way, three of the four wire pairs are used
IEEE. 100BaseT4 is the most commonly used imple-
at any given time to provide half-duplex transmission or
mentation of Fast Ethernet today. The designation
reception of signals. Sharing three pairs of wires for data
100BaseT4 is derived from the network’s speed (100
transfer allows 100BaseT4 to make use of lower-grade
Mbps), the signal transmission method (baseband trans-
Cat3 cabling already installed in many older buildings.
mission), and the physical medium used for transmis-
sion (all four pairs of wires in standard twisted-pair The maximum length of any segment of cabling connect-
cabling). 100BaseT4 is now considered legacy technol- ing a station (computer) to a hub is 328 feet (100 meters).
ogy and has been largely superseded by 100BaseTX. This ensures that round-trip signaling specifications are
17
# 100BaseTX 100BaseTX
met, because violating these specifications can produce connected together using hubs or switches. Unlike
late collisions that disrupt network communications. The 10BaseT hubs, which can be hierarchically connected
Electronic Industries Alliance/Telecommunications up to three levels deep, 100BaseTX hubs can only be
Industry Association (EIA/TIA)– recommended length connected two layers deep, which imposes additional
of cabling between the station and the wiring closet is distance limitations and may necessitate rewiring of
only 295 feet (90 meters), allowing up to 32 feet (10 existing cabling before upgrading from 10BaseT to
meters) more of cabling for patch cables used to con- 100BaseTX.
nect patch panels to hubs or switches. The pinning of
the RJ-45 connectors used for 100BaseT4 wiring is the Fast Ethernet 100BaseTX hub
same as for 10BaseT wiring. switch
Notes
Make sure all your cabling, connectors, and patch pan-
els are fully Cat5-compliant. For example, ensure that
when UTP cabling is connected to patch panels, wall File servers
plates, or connectors, the wires are not untwisted more 100BaseTX hub
than half an inch at the termination point.
100BaseT4 hubs and switches are typically available in
an autosensing 10/100-Mbps variety for interoperabil-
ity with older 10BaseT networks and to facilitate an
easy upgrade from 10BaseT to 100BaseT.
High-speed
100BaseTX workstations
An Institute of Electrical and Electronics Engineers
(IEEE) standard for implementing 100 megabits per
GNSXX06 (was G0#ui06.bmp in 1E)
second (Mbps) Ethernet over twisted-pair cabling. 100BaseTX. A typical 100BaseTX network.
Overview 100BaseTX uses the two pairs of wires in twisted-
100BaseTX is based on 802.3u, which is an extension pair cabling that are used by 10BaseT networks, with
of the 802.3 specifications of Project 802 developed by one pair of wires used for transmission and the other
the IEEE. The designation 100BaseTX is derived from used for reception. With the appropriate equipment,
the network’s speed (100 Mbps), the signal transmis- 100BaseTX is capable of supporting both the fa-
sion method (baseband transmission), and the physical miliar half-duplex Ethernet used by 10BaseT and
medium used for transmission (the same two pairs of newer full-duplex Ethernet signaling technologies.
wires in standard four-wire twisted-pair cabling that are 100BaseTX employs a signaling rate of 125 megahertz
used for 10BaseT Ethernet). (MHz) for each pair of wires, which, because the 4B5B
Implementation line coding algorithm used is only 80 percent efficient,
100BaseTX networks are wired together in a star topol- translates into a data transmission speed of 100 Mbps.
ogy using either unshielded twisted-pair (UTP) cabling The maximum length of any segment of cabling con-
or data-grade shielded twisted-pair (STP) cabling. If necting a station to a hub is 328 feet (100 meters). This
UTP cabling is used (which is the most common ensures that round-trip signaling specifications are met,
scenario), it must be Category 5 (Cat5) cabling or because violating these specifications can produce late
enhanced Category 5 (Cat5e) cabling. Stations are collisions that disrupt network communications. The
18
100BaseVG 100VG-AnyLAN #
pinning of the RJ-45 connectors used for 100BaseTX 100VG-AnyLAN
wiring is the same as for 10BaseT wiring with wires 1 Also called 100BaseVG, a 100 megabits per second
and 2 used for transmission and wires 3 and 6 used for (Mbps) networking technology that at one time was a
reception. This enables 100BaseTX autosensing hubs serious alternative to Fast Ethernet, but which now is
and switches to operate in mixed 10/100 Mbps Ethernet considered legacy technology.
networks.
Overview
Notes 100VG-AnyLAN is defined by the 802.12 standard of
The maximum distance between 100BaseTX hubs and the Institute of Electrical and Electronics Engineers
bridges or switches is 738 feet (225 meters), further (IEEE) Project 802. It is a local area network (LAN)
than the maximum hub-station distance of only 328 feet communications technology developed by Hewlett-
(100 meters). Packard and AT&T around 1994. 100VG-AnyLAN is
100BaseTX and a related standard, 100BaseFX, are similar to Fast Ethernet in its speed (100 Mbps) and
sometimes collectively referred to as 100BaseX. ability to be deployed in both shared-media (hub-based)
and switched implementations. It differs, however, in its
Although the maximum length of segments joining sta- media access method, because it uses demand priority
tions to hubs is 328 feet (100 meters), the Electronic instead of the Carrier-Sense Multiple-Access with Col-
Industries Alliance/Telecommunications Industry Alli- lision Detection (CSMA/CD) method used by Ethernet.
ance (EIA/TIA) recommends only 295 feet (90 meters)
of cabling between the station (computer) and the wir- Implementation
ing closet, allowing up to 32 feet (10 meters) more of 100VG-AnyLAN networks are wired together in a star
cabling for patch cables used to connect patch panels to topology using unshielded twisted-pair (UTP) cabling,
hubs or switches. shielded twisted-pair (STP) cabling, or fiber-optic
cabling. If UTP cabling is used, it can be Category 3
Make sure all your cabling, connectors, and patch pan- (Cat3), Category 4 (Cat4), or Category 5 (Cat5)
els are fully Cat5-compliant. Make sure that when UTP cabling—with Cat5 cabling or enhanced Category 5
cabling is connected to patch panels, wall plates, or (Cat5e) cabling preferred. When using UTP Cat3 or
connectors, the wires are not untwisted more than half Cat4 cabling, the maximum length of a segment is 100
an inch at the termination point. meters (328 feet). With UTP Cat5 cabling or STP
See Also: 100BaseFX, 100BaseTX, Fast Ethernet cabling, the maximum length of a segment is 656 feet
(200 meters). When using multimode fiber-optic
cabling, the maximum length is 6600 feet (2000
100BaseVG meters).
Another name for 100VG-AnyLAN.
100VG-AnyLAN uses all four pairs of wires in UTP
See: 100VG-AnyLAN cabling with 25 megahertz (MHz) signaling for each
pair. 100VG-AnyLAN uses a special coding scheme
100BaseX called quartet signaling, which makes it possible to
transmit data over all four pairs of wires in a UTP cable
An umbrella term that includes 100BaseFX and
simultaneously. This means that special 100VG-Any-
100BaseTX Fast Ethernet technologies.
Lan hubs are required to support demand priority media
See: 100BaseFX, 100BaseTX, Fast Ethernet access. Otherwise, the frame format, topology, and
other specifications of 100VG-AnyLAN are the same
as for Ethernet.
19
# 100VG-AnyLAN 100VG-AnyLAN
100BaseT4 hub
100VG-AnyLan
(level 2 hub)
100VG-AnyLan 100VG-AnyLan
(level 2 hub) (level 3 hub)
20
568-A 568-B #
single hub cannot support both at the same time (all 568-B
hubs on any given 100VG-AnyLAN network must be A wiring standard for twisted-pair cabling defined by
configured to support the same frame type, either 802.3 the Telecommunications Industry Association (TIA).
or 802.5).
Overview
Yet another advantage 100VG-AnyLAN has over The 568-B standard was designed for data transmission
Ethernet is that it has built-in support for traffic pri- over building wires used in computer network and tele-
oritization. Two levels of traffic are recognized by communications systems. It differs from the competing
100VG-AnyLAN hubs: normal priority and high prior- 568-A standard mainly in the pin layouts for the RJ45
ity. High-priority traffic requests are serviced immedi- jacks that are normally used to terminate unshielded
ately by the local hub without the need for that hub to twisted-pair (UTP) cabling. The pin layout for 568-B
first communicate with the network’s root hub. All net- wiring is technically referred to as T568B, and that for
work traffic is then suspended until the high-priority 568-A cabling systems is called T568A. The drawing
transmission is completed. illustrates these differences between the two wiring
Marketplace systems.
Although 100VG-AnyLAN is in some ways a superior
technology to Fast Ethernet due to its greater efficiency
and inherent support for traffic prioritization, it has not
been widely deployed. This is mainly due to limited
vendor support, which has kept prices high and made
Fast Ethernet more affordable. Furthermore, Fast Ether- 12345678 12345678
net is simpler and is completely compatible with widely
deployed 10BaseT Ethernet networks and forms the
natural upgrade path for these networks.
568-A 568-B
See Also: demand priority, Fast Ethernet
Key
568-A Pair number Color Symbol
A wiring standard for twisted-pair cabling defined by
1 Blue
the Telecommunications Industry Association (TIA).
2 Orange
Overview 3 Green
The 568-A standard was originally intended for analog 4 Brown
voice applications but is generally used in data net- GNSXX08 (new to 2E)
works as well. The main difference between 568-A and 568-B. Comparison of pin layouts in RJ45 connectors
the competing 568-B standard is in the pin layouts for between 568-A and 568-B.
RJ45 jacks, which generally terminate unshielded Notes
twisted-pair (UTP) cabling. The pin layout for 568-A For 10BaseT and 100BaseT Ethernet networks, only
wiring is technically referred to as T568A. For a two pairs of wires are used for data transmission, but
comparison of these two wiring schemes, see the next 1000BaseT Gigabit Ethernet (GbE) uses all four pairs.
article, “568-B.” As a result, running GbE over a cabling infrastructure
that contains a mixture of 568-A and 568-B termina-
Notes
tions will cause signaling problems that can be hard to
The T568A wiring scheme is preferred in Canada,
troubleshoot.
although this has been changing recently.
See Also: 568-A, UTP cabling
See Also: 568-B, UTP cabling
21
# 802.1 802.1p
22
802.1Q 802.3 #
802.1Q technology under the 802 committee that deals with
An Institute of Electrical and Electronics Engineers them (for example, 802.3 deals with Ethernet and 802.5
(IEEE) standard defining the architecture and operation with Token Ring). The IEEE 802.2 working group is no
of virtual local area networks (VLANs). longer active.
Overview See Also: logical link control (LLC) layer, Project 802
The 802.1Q VLAN standard ratified in 1999 allows a
tag of 4 bytes to be appended to packets by network hosts 802.3
and Layer 2/3 switches in Ethernet networks. This tag The Institute of Electrical and Electronics Engineers
identifies the VLAN to which the given packet belongs. (IEEE) working group concerned with Ethernet in its
For a more detailed explanation, see the article “virtual many forms. Although this set of standards is generi-
LAN (VLAN)” elsewhere in this book. The 4 bytes of tag cally referred to as Ethernet, this term is actually a
information are embedded into the standard Ethernet trademarked version of 802.3.
header by dividing them between the 2-byte tag protocol
identifier (TPID) field and the 2-byte tag control infor- Overview
mation (TCI) field. The TCI field consists of The 802.3 standards cover those relating to local area
networks (LANs) based on Carrier-Sense Multiple-
● User priority field: This three-bit field forms the Access with Collision Detection (CSMA/CD) as their
basis of 802.1p traffic prioritization schemes in Media Access Control (MAC) method, in other words
Level-2 switched networks. with
● Canonical format indicator: This is a one-bit field ● 10 Mbps Ethernet (original 802.3 standard)
that is used to toggle VLAN formats.
● 100 Mbps Fast Ethernet (802.3u)
● VLAN Identifier (VID): This is a 12-bit field that
identifies the VLAN to which the packet belongs. ● 1 Gigabit Ethernet (GbE) (802.3z and 802.3ab)
Up to 212 (4096) VLANs can be defined.
● 10 Gigabit Ethernet (under development)
Marketplace
Some recently ratified standards of the 802.3 working
Many vendors produce Ethernet switches compatible
group include
with the 802.1Q standard, although mostly at the high end
of their switching gear offerings. At the workgroup level, ● 802.3z: Gigabit Ethernet (1998)
fewer vendors support this standard in their switches. For
● 802.3ab: 1000Base-T (GbE over copper) (1999)
example, the low-end Catalyst 2900 switches from Cisco
Systems do not support 802.1Q, but Hewlett-Packard’s ● 802.3ac: Tag switching in virtual local area net-
new ProCurve 10/100 stackable switches with Gigabit works (VLANs) (1998)
Ethernet (GbE) backbone transceivers do.
● 802.3ad: Link aggregation (2000)
See Also: 802.1p, virtual LAN (VLAN)
Some of the projects the 802.3 working group is
currently involved with include
802.2
● 802.3ae: 10 Gigabit Ethernet (10GbE)
The Institute of Electrical and Electronics Engineers
(IEEE) standards for the Logical Link Control (LLC), ● 802.3af: Transmission of electrical power over
defining its operation for all network architectures that unshielded twisted pair (UTP) cabling to power
follow the Open Systems Interconnection (OSI) model. Ethernet devices
The physical layer (PHY) and media access control
(MAC) layer specifications are specified for a particular
23
# 802.3ab 802.3af
24
802.3u 802.6 #
promises to simplify the operation of these devices. 802.3z
Instead of separate cables for carrying data and power, The Institute of Electrical and Electronics Engineers
802.3af devices will require only data connections and (IEEE) standard for Gigabit Ethernet (GbE) over fiber,
will receive their power over these connections. The which was ratified in June 1998. This standard defines
advantage is that fewer cables need to be deployed and the physical layer (PHY) and media access control
used for compliant networking devices, which promises (MAC) layer specifications for this technology.
to make Voice over IP (VoIP) telephone equipment as
easy to deploy and use as traditional Plain Old Tele- See Also: Gigabit Ethernet (GbE)
phone Service (POTS) telephones, which communicate
through and are powered by the same RJ-11 outlet 802.4
found in private homes. The Institute of Electrical and Electronics Engineers
802.3af allows up to 10 watts of power to be carried (IEEE) standard for the Token Bus networking architec-
over Category 3 (Cat3) or Category 5 (Cat5) cabling ture. This legacy architecture is now found only in some
when running 10BaseT or 100BaseTX Ethernet on industrial settings. The IEEE 802.4 working group is no
the network. The standard provides for the transmis- longer active.
sion of both AC and DC power as required. To protect See Also: Project 802
non-802.3af devices from damaging power levels that
could fry their electronics, the 802.3af standard
includes a handshaking protocol to enable
802.5
The Institute of Electrical and Electronics Engineers
802.3af-compliant devices to be recognized before
(IEEE) standard for the Token Ring networking
transmitting power to them.
architecture.
Marketplace
PowerDsine, Siemens, and Lucent Technologies are Notes
802.5 is also used to refer to the frame format used in
vendors that have developed early versions of
Token Ring frames. See the article “frame type” else-
802.3af-compliant switches, hubs, and IP telephony
where in this book for more information.
equipment. Refer to these vendors’ Web sites for the
latest information on these products. For More Information
The Institute of Electrical and Electronics Engineers
Notes
(IEEE) 802.5 Web site is actually not found at the IEEE
Cisco Systems already has its own proprietary scheme
Web site (www.ieee.org). Instead, it can be found at
called Inline Power for power transmission over data
www.8025.org.
lines. The Cisco version supports DC power transmis-
sion over UTP cabling. See Also: frame type, Token Ring
See Also: Category 5 (Cat5) cabling, Ethernet, UTP
cabling 802.6
The Institute of Electrical and Electronics Engineers
(IEEE) standard for the Metropolitan Area Networks
802.3u
(MANs). The IEEE 802.6 working group is no longer
The Institute of Electrical and Electronics Engineers
active.
(IEEE) standard for Fast Ethernet that was ratified in
1995. This standard defines the physical layer (PHY) See Also: Project 802
and media access control (MAC) layer specifications
for this technology.
See Also: Fast Ethernet
25
# 802.7 802.11
26
802.11a 802.11a #
● 802.11b: A standard for wireless networking sup- For More Information
porting data rates of up to 11 Mbps and operating in You can find information about the Wireless LAN Alli-
the unlicensed 2.4 GHz Industrial, Scientific, and ance at www.alana.com and the Wireless Ethernet Com-
Medical (ISM) band. 802.11b transmission is patibility Alliance (WECA) at www.wirelessethernet.org.
standardized on DSSS.
See Also: 802.11a, 802.11b, wireless networking
● 802.11a: A standard supporting higher data rates of
up to 54 Mbps and operating in the 5 GHz UNII
802.11a
(Unlicensed National Information Infrastructure)
An Institute of Electrical and Electronics Engineers
band. 802.11a transmission is similarly standard-
(IEEE) wireless networking communications standard
ized on DSSS.
that supports data transmission rates of up to 54 mega-
Of these standards, 802.11b is currently the most bits per second (Mbps). 802.11a is widely seen as the
widely deployed, with support from over 20 vendors, successor to 802.11b.
and 802.11 is considered legacy and is being phased
Overview
out. Part of the success of 802.11b is due to the success-
The 802.11a standard uses the same Media Access
ful lobbying of the Wireless Ethernet Compatibility
Control (MAC) layer mechanism as the more com-
Alliance (WECA), which has helped ensure adherence
monly deployed 802.11b, namely Carrier Sense Multi-
to standards and interoperability between equipment
ple Access with Collision Avoidance (CSMA/CA),
from different vendors. The 802.11a standard is newer
which allows multiple users to share a single channel at
and is seen as the next generation for wireless network-
the same time. The encoding scheme used at the physi-
ing and the natural upgrade path for companies needing
cal layer differs, however, because 802.11b uses the
its higher data transmission rates.
same physical-layer (PHY) encoding scheme as Ether-
All these standards use the same Media Access Control net, but 802.11a uses a different scheme: Coded
(MAC) method, Carrier Sense Multiple Access with Orthogonal Frequency Division Multiplexing (COFDM
Collision Avoidance (CSMA/CA), to allow multiple or Coded OFDM).
users to share a single communications channel. Note
The frequency bands used by 802.11a also differ from
that this is not the MAC method used by Ethernet
802.11b, because 802.11b uses the 2.4 GHz Industrial,
(it uses CSMA/CD), so it is a misnomer to call 802.11
Scientific, and Medical (ISM) band for its operation,
technology wireless Ethernet.
and 802.11a employs portions of the 5 GHz Unlicensed
Notes National Information Infrastructure (UNII) band
If you upgrade your 802.11 base stations to 802.11b, recently allocated by the Federal Communications
they will still support legacy 802.11 clients—but only at Commission (FCC).
their maximum data rate of 2 Mbps, which in actual
A single 802.11a communications channel consists of a
practice is more like 1 Mbps.
20 megahertz (MHz)-wide block of frequencies divided
For secure wireless transmission, data needs to be up into 52 subchannels each 300 kilohertz (KHz) wide,
encrypted. The most popular solution is Wired Equiva- 48 of which are used for carrying data, with the remain-
lent Privacy (WEP), which now is included as a stan- ing 4 subchannels reserved for error correction. By
dard feature with most wireless network interface cards encoding data using 64-level quadrature amplitude
(NICs), PC cards, and access points. modulation (64QAM), a data rate of 1.125 Mbps per sub-
channel can be achieved, which translates into a maxi-
mum overall transmission speed of 48 x 1.125 = 54 Mbps.
Due to the limitations of the MAC layer mechanism,
27
# 802.11b 802.11b
however, actual data rates are only about 70 percent of deployed in many corporate enterprises; the logical
theoretical, so that sustained data rates for 802.11a are migration path to 802.11a is to deploy 802.11a in small
rarely above 35 Mbps. Nevertheless, these high attain- pockets where it is most required and gradually extend
able speeds are sufficient to enable 802.11a systems to this as needed.
support some types of broadband applications, includ-
Marketplace
ing Web browsing and multimedia.
Two vendors pioneering in 802.11a hardware include
The frequencies used by 802.11a cover three 200 MHz Radiata Communications (now owned by Cisco Sys-
blocks of the 5 gigahertz (GHz) band: tems) and Atheros Communications. Both vendors
offer devices supporting 6, 12, 24, 36, 48, and 54 Mbps
● 5.15 to 5.25 GHz: This band supports five indepen-
transmission speeds, with different rates being achieved
dent channels with a maximum power output of 50
by using different encoding mechanisms. Atheros also
megawatts (mW).
supports bonding two channels to achieve a theoretical
● 5.25 to 5.35 GHz: This band also supports five maximum transmission rate of 108 Mbps, and other
independent channels but with a maximum power vendors are developing proprietary extensions to
output of 250 mW for greater distance and penetra- 802.11a that may boost speeds up to 155 Mbps.
tion of building materials.
Issues
● 5.725 to 5.825 GHz: This upper band is designed Because of the higher frequencies used, 802.11a
for outdoor communications, supports five inde- devices are not susceptible to the kind of electromag-
pendent channels, and a maximum power output of netic interference, including interference from micro-
1 watt. wave ovens and cell phones, that plagues 802.11b
devices. However, because of different governmental
Advantages and Disadvantages
policies regarding allocation of frequencies in the 5
The main advantage of 802.11a over 802.11b is the
GHz band, interoperability issues exist for 802.11a
increased data rate. By way of analogy, 802.11a is to
technologies used in different parts of the world.
802.11b as Fast Ethernet is to standard 10 Mbps Ether-
net. In fact, both of these standards are sometimes For example, in Europe the upper 100 MHz portion
referred to as wireless Ethernet, but this is a misnomer (5.725 to 5.825) is already allocated for other uses, lim-
because they use CSMA/CA instead of Ethernet’s iting operation of 802.11a gear to only 10 clear chan-
Carrier-Sense Multiple-Access with Collision Detec- nels instead of 15. The 802.11a standard is also
tion (CSMA/CD) mechanism at the MAC layer. incompatible with the competing HiperLAN/2 standard
being developed in Europe, which also uses frequencies
Besides the higher data rates supported by 802.11a as
from the 5 GHz band. In Japan only the lower 100 MHz
compared to 802.11b, another advantage of 802.11a is
portion is unallocated, which allows only five channels
that the COFDM encoding mechanism includes greater
for 802.11a to work with. Other countries and regions
error correction, which means better recovery from
use portions of the 5 GHz spectrum for military or sat-
multipath reflection.
ellite communications purposes, limiting the capability
Implementation of 802.11a devices within their borders.
As a result of these differences in signal encoding
See Also: 802.11, 802.11b, wireless networking
mechanisms, 802.11b and 802.11a are incompatible
standards. Devices using one standard cannot commu-
nicate with devices supporting the other standard. Yet 802.11b
because these two technologies operate at different fre- An Institute of Electrical and Electronics Engineers
quency bands, they can be deployed together and over- (IEEE) wireless networking communications standard
lap without interference. 802.11b is already widely that supports data transmission rates of up to 1 megabit
28
802.11b 802.11b #
per second (Mbps). 802.11b is sometimes called wire- channel at the same time by using the CSMA/CA method
less Ethernet, but this is a misnomer because the two as its MAC layer protocol. The 802.11b standard sup-
technologies use different Media Access Control ports Request to Send/Clear to Send (RTS/CTS) as a
(MAC) methods. MAC enhancement for transmission in environments
where coverage is distorted by obstacles and interfer-
Overview
ence, but this mechanism adds significant overhead to the
The 802.11b standard was developed over a number of
protocol, especially during the transmission of small
years by Lucent Technologies, Intersil Corporation, and
packets.
other industry partners and ratified as an IEEE standard
in 1999. It is the most popular and widely deployed wire- The drawing shows a typical 802.11b packet. This con-
less networking standard currently in use, though it may sists of a 30-byte header containing information for
be superseded over the next few years by 802.11a, which addressing, sequencing, and frame control. This is fol-
supports higher data transmission rates. lowed by a data or payload section that may range from
zero to 2312 bytes in length, followed by a 4-byte check-
802.11b is capable of supporting data transmission rates
sum trailer.
of 1, 2, 5.5, and 11 Mbps. The actual transmission rate
used will depend on the distance between the client
adapter (PC card or network interface card [NIC]) and 2 bytes Frame control
access point (base transmitting station) and upon inter- 2 bytes Duration ID
ference due to obstacles in the transmission path. In gen-
6 bytes Address 1
eral, the further the distance from the base station, the
slower the data rate. For directional antennae operating
with clear line-of-sight in point-to-point transmission, 6 bytes Address 2
the top speed of 11 Mbps can be sustained for distances
up to about 10 miles (16 km). Within a building using
6 bytes Address 3
omnidirectional antennae, however, devices may need to
be within 100 feet (15 meters) in order to maintain their 2 bytes Sequence control
highest transmission rate. If a device exceeds this range,
the transmission rate drops to the progressively lower 6 bytes Address 4
levels until a sustained transmission rate can be success-
fully negotiated. Each data rate uses its own characteris-
tic modulation scheme, such as Binary Phase Shift
Keying (BPSK) for 1 Mbps transmission, Quadrature
Phase Shift Keying (QPSK) for 2 Mbps, and so on.
Data payload
Although the theoretical top transmission speed for (0 to 2312 bytes)
802.11b is 11 Mbps, in practice the media access control
(MAC) layer mechanism (Carrier Sense Multiple Access
with Collision Avoidance [CSMA/CA]) and protocol
overhead reduce efficiency to 60-70 percent. The result is
that data rates of more than 6 Mbps are rarely achieved 4 bytes CRC
and 4-5 Mbps is more common. Note that this is the total GNSXX09 (new to 2E)
shared bandwidth for all 802.11b clients within the same 802.11b. Typical structure of an 802.11b packet.
service area (serviced by the same set of access points or
As far as frequency and transmission method are con-
base stations), so actual throughput may be much less
cerned, 802.11b employs direct-sequence spread spectrum
when many clients are active. The 802.11b standard
(DSSS) transmission over an 83-MHz-wide chunk of the
allows multiple users to share a single communications
29
# 802.11b 802.11b
30
802.12 802.15 #
dissipation. This is generally considered too low to consti- 802.12
tute any health hazard to individuals using this equip- The Institute of Electrical and Electronics Engineers
ment—for comparison, a typical cell phone may generate (IEEE) standards outlining the architecture and opera-
an electromagnetic power output of half a watt or more. tion of the Demand Priority Media Access Control
Notes (MAC) method. This access method is employed by the
For an explanation of the different components needed in legacy 100VG-AnyLAN technology developed in 1994
the deployment of a wireless network and how they oper- by Hewlett-Packard and AT&T. The IEEE 802.12
ate, see the article “wireless networking” elsewhere in working group is presently in hibernation and is no
this book. longer active.
Do not operate 802.11b devices in an aircraft during See Also: 100VG-AnyLAN, demand priority, Project
flight—turn your device off when boarding. The signals 802
transmitted by your device could adversely affect the
aircraft’s electronic systems. 802.13
Look for the “WiFi” seal of approval on vendor packag- The Institute of Electrical and Electronics Engineers’
ing of 802.11b equipment. This designation indicates (IEEE’s) Project 802 includes a number of standards and
that the vendor’s equipment is approved by WECA as working groups relating to networking. These standards
being fully compliant with 802.11b standards. and working groups currently range from 802.1 through
802.17, but for some reason 802.13 was not used.
Wireless networks based on 802.11b can be susceptible to
electromagnetic interference produced by microwave See Also: Project 802
ovens, particularly if the clients are located far from the
base station. If this occurs, move the oven, move the client 802.14
adapter, or increase the transmission strength of the access The Institute of Electrical and Electronics Engineers
point until you can achieve reliable communications. (IEEE) working group on cable modems. This working
group is no longer active.
To conserve power, especially for 802.11b PC cards in
laptops, these client adapters should be set to run in Polled See Also: Project 802
Access Mode (PAM). Clients configured for PAM go to
sleep when not communicating with the base station and
wake up according to a predefined schedule to check for
802.15
A set of standards being developed by the Institute of
an inbound Traffic Information Map (TIM) packet from
Electrical and Electronics Engineers (IEEE) for Wire-
the base station indicating that it has data ready to send the
less Personal Area Networks (Wireless PANs or
client. PAM typically uses about 10 percent of the power
WPANs).
consumed when running in Constant Access Mode
(CAM), where the client is always listening. Overview
The 802.15 working group is currently divided into a
If your buildings have metal floors, wireless networking
number of Task Groups (TGs) that are actively working
using 802.11b systems may not operate beyond 100 feet
on different aspects of wireless PANs. These TGs include
(30 meters) due to signal absorption. In such buildings
you may also require an access point on each floor. ● TG1: This group is working to develop standards
for WPANs based on Bluetooth 1.x wireless
802.11b and Bluetooth devices operate on the same fre-
technologies.
quencies, so using both systems in the same service area
may cause dropouts and transmission errors to occur. ● TG2: This group is trying to get 802.15 WPANs to
coexist with 802.11 WLANs by overcoming issues
See Also: 802.11, 802.11b, Bluetooth, wireless
networking
31
# 802.16 1000BaseCX
related to electromagnetic interference between the ● TG4: This group is working on the Wireless
two technologies. High-Speed Unlicensed Metropolitan Area Net-
work (Wireless HUMAN) standard, which involves
● TG3: This group is trying to develop High Rate
transmission in license-exempt portions of the
(HR) WPANs with speeds in excess of 20 megabits
spectrum in the 5– 6GHz range.
per second (Mbps).
See Also: Project 802
● TG4: This group deals with developing Low Rate
(LR) WPANs with speeds in the range of 10–200
kilobits per second (Kbps). These LR WPANs will 802.17
be used for things such as home automation, remote The Institute of Electrical and Electronics Engineers
control, interactive toys, sensors, and similar (IEEE) working group on Resilient Packet Ring (RPR)
systems. technologies.
See Also: Personal Area Network (PAN), Project 802 See Also: Project 802
802.16 1000BaseCX
A set of emerging Institute of Electrical and Electronics An Institute of Electrical and Electronics Engineers
Engineers (IEEE) standards being developed for fixed (IEEE) standard for implementing 1000 megabits per
broadband wireless networking. second (Mbps) Ethernet (that is, Gigabit Ethernet, or
GbE) over shielded twisted-pair (STP) cabling.
Overview
Broadband wireless, also called Wireless MAN Overview
(WMAN), involves wireless high-speed data transmis- The CX in 1000BaseCX stands for short-haul copper
sion between fixed points at various frequency bands. and indicates that this version of GbE is intended for
In other words, 802.16 is to the metropolitan area net- short cable runs over copper cabling. 1000BaseCX
work (MAN) what 802.11 is to the local area network technologies are in the beginning stages of being widely
(LAN): similar technology but operating at higher implemented in enterprise-level networks and are pri-
speeds and over longer distances. WMAN is the wire- marily used for collapsed backbones and high-speed
less equivalent of broadband wired technologies such as interconnects within wiring closets and equipment
Digital Subscriber Line (DSL). rooms. 1000BaseCX and other GbE standards are
defined in the 802.3z series of standards of Project 802
The IEEE working group on 802.16 is subdivided into a
developed by the IEEE.
number of Task Groups (TGs) to work at these different
frequencies, specifically: Implementation
1000BaseCX is to some degree simply an extension
● TG1: This group is working on air interfaces in the
of standard Ethernet technologies to Gigabit-level
10– 66gigahertz (GHz) region of the electromag-
network speeds. 1000BaseCX is implemented using
netic spectrum.
STP cabling. This STP cabling must be standard
● TG2: This group is working on ensuring coexist- 150-ohm balanced cabling and should have a quality
ence between different wireless broadband access slightly better than IBM Type I cabling. Cable segments
systems. can have a maximum length of only 82 feet (25 meters).
32
1000BaseLX 1000BaseLX #
Servers with
1000-Mbps
network
interface
1000BaseCX cards
Gigabit connection
Ethernet switch
Fast
Ethernet hub
Fast
Ethernet hub Workstations
Fast
Ethernet hub
Workstations
Workstations
1000BaseLX Implementation
1000BaseLX can be implemented using either sin-
An Institute of Electrical and Electronics Engineers
gle-mode fiber-optic cabling or multimode fiber-optic
(IEEE) standard for implementing 1000 megabits per
cabling. Transmission requires two optical fibers due to
second (Mbps) Ethernet (that is, Gigabit Ethernet, or
the full-duplex operation of 1000BaseLX. Cable seg-
GbE) over fiber-optic cabling.
ment lengths depend on the cable grade used, as shown
in the table on the following page.
33
# 1000BaseLX 1000BaseLX
Gigabit Ethernet
100/1000 switch
1000BaseLX
connection Server farm
Gigabit Ethernet
100/1000 switch
Fast Ethernet
10/100 hub
Fast Ethernet
10/100 hub
Workstations
Fast Ethernet
10/100 hub
Workstations
Workstations
34
1000BaseSX 1000BaseT #
1000BaseSX transceivers condition the signal to distribute its power
An Institute of Electrical and Electronics Engineers equally among all the cable’s transmission modes.
(IEEE) standard for implementing 1000 megabits per See Also: 1000BaseCX, 1000BaseLX, 1000BaseT,
second (Mbps) Ethernet (that is, Gigabit Ethernet, or Gigabit Ethernet (GbE)
GbE) over fiber-optic cabling.
Overview 1000BaseT
The SX in 1000BaseSX stands for short and indicates An Institute of Electrical and Electronics Engineers
that this version of GbE is intended for use with (IEEE) standard for a form of Gigabit Ethernet (GbE)
short-wavelength (850-nanometer) laser transmissions involving transmission over copper cabling.
over short cable runs of fiber-optic cabling.
1000BaseSX technologies are in the beginning stages Overview
of being widely implemented in enterprise-level net- The T in 1000BaseT identifies it as operating over
works and are primarily used for shorter cable runs twisted-pair copper cabling and makes it an extension
between pieces of equipment within a building. of the traditional 10BaseT and 100BaseT Ethernet tech-
nologies for transmission over unshielded twisted-pair
1000BaseSX is an extension of standard Ethernet tech- (UTP) cabling. 1000BaseT is based on the IEEE
nologies to gigabit-level network speeds. 1000BaseSX 802.3ab standard and is intended to provide the sim-
and other GbE standards are defined in the 802.3z plest upgrade path for legacy 10BaseT and 100BaseT
standards of Project 802 developed by the IEEE. Ethernet networks.
Implementation 1000BaseT is implemented using the commonly
1000BaseSX is implemented using only multimode installed Category 5 (Cat5) cabling or enhanced Cate-
fiber-optic cabling. Cable segment lengths depend on gory 5 cabling version of UTP cabling. Cable segments
the cable grade used, as shown in the table. for 1000BaseT must have a maximum length of 328
Cable Segment Lengths feet (100 meters). Category 6 (Cat6) cabling is expected
to provide enhanced transmission characteristics for
Maximum Segment
1000BaseT networks when it becomes available.
Cable Grade Length
50-micron multimode fiber 500 meters (1640 feet) 1000BaseT uses all four pairs of wires in standard UTP
62.5-micron multimode fiber 220 meters (720 feet) cabling, as opposed to the two pairs of wires used in
10BaseT and 100BaseT networks. Using all four pairs
1000BaseSX is intended mainly for connecting of wires brings certain problems because of attenuation,
high-speed hubs, Ethernet switches, and routers crosstalk, and echoes arising from full-duplex transmis-
together in different wiring closets or buildings using sion over single wires. Full-duplex transmission is used
long cabling runs. 1000BaseSX is most commonly to enable each pair of wires to simultaneously transmit
implemented in a switch-switch configuration. and receive data at a rate of 250 megabits per second
(Mbps). The resulting four pairs of wires means that the
Notes
total data rate is 4 x 250 = 1000 Mbps or 1 Gbps.
When multimode fiber-optic cabling is used in
Although each pair of wires carries data at 250 Mbps,
1000BaseSX implementations, a condition called dif-
the signaling is only at 125 Mbps. This is accomplished
ferential mode delay (DMD) can sometimes occur. This
by using five-level pulse amplitude modulation (PAM)
condition occurs only in cabling of uneven quality, and
as the line coding mechanism, which encodes two bits
it leads to signal jitter that can disrupt network commu-
of information for each signal pulse. The reason for this
nications. To resolve this problem, newer 1000BaseSX
choice is that Cat5 cabling works well up to 125 mega-
hertz (MHz) in standard installations.
35
# 1000BaseT 1000BaseT
1000 BaseT has been standardized by the IEEE under Another growing use for 1000BaseT GbE switches is
the 802.3ab specification since June 1999. This specifi- for connecting high-performance multimedia worksta-
cation provides for the implementation of automatic tions and Web server clusters to the network backbone.
link negotiation so that problems such as crossed cables The main limitation for 1000BaseT workstations is that
can be detected and corrected for, that 100 Mbps inter- they must be located within 100 meters of the switch.
face can be detected and accommodated when con- For interbuilding GbE links you need to use fiber. Note,
nected to 1000BaseT ports, and that half-duplex however, that 1000BaseT only supports cable runs up to
network interface cards (NICs) and hub/switch ports 328 feet (100 meters) in length, which means that you
can be recognized and used when detected. The stan- may need to modify existing cabling infrastructures in
dard also specifies special filters for hybrid circuits some large buildings when migrating from Fast Ether-
used in full-duplex transmission over single wires, a net to 1000BaseT. Despite the potential application for
special five-level PAM encoding mechanism instead of supporting high-performance workstations, the most
binary signals, forward error correction techniques, and popular uses for 1000BaseT remain for backbone uses
pulse shaping technologies to make 1000BaseT a such as installing vertical risers between floors and hor-
functional and reliable networking technology. izontal cable runs between wiring closets, for intercon-
necting workgroup switches, and for connecting server
Implementation
farms and clusters to backbone switches.
One popular use for 1000BaseT (also referred to as
GbE over copper) is in wiring closets of enterprise Marketplace
networks. 1000BaseT GbE switches can be used to Adapting the Ethernet standard to transmission at rates
aggregate Fast Ethernet workgroup switches by first of 1 Gbps over existing Cat5 wiring means lower costs
connecting the workgroup switches to 100/1000 Mbps for companies planning to upgrade their switched back-
ports on the GbE switches using Cat5 cabling and then bones from 100 Mbps Fast Ethernet to GbE. A typical
uplinking the GbE switches to the network’s GbE back- 1000BaseSX fiber port costs about 50 percent more
bone switches using fiber. than a comparable 1000BaseT copper port, so consider-
able cost savings can be achieved by implementing GbE
over copper instead of fiber. However, copper is more
susceptible to noise than fiber for gigabit transmission,
and Cat5 cabling must be of the highest standard and
deployed according to standards to ensure maximum
Stackable
100/1000 switches
reliability.
1000BaseT
connections 1000BaseT solutions are beginning to be implemented
for short, high-speed interconnects within wiring clos-
High-speed ets in enterprise networks, for consolidating server
file servers farms in data centers, and for interconnects in carrier
colocation sites. Some also envision using it for con-
1000BaseT necting high-performance workstations as well. Ven-
connections dors of 1000BaseT equipment include Cisco Systems,
3Com Corporation, Hewlett-Packard, Asante Technolo-
High-speed
gies, Nortel Communications, Extreme Networks, Intel
multimedia
workstations Corporation, and Foundry Networks. Cisco’s Catalyst
6500 for its Catalyst 6506 switch chassis module pro-
vides 16 1000BaseT ports and is popular with Inter-
net service providers (ISPs) deployed at carrier coloca-
GNSXX12 (was G0#ui10.bmp in 1E)
1000BaseT. A typical 1000BaseT network. tion sites because of its fault-tolerant load balancing
and realtime code upgrade capabilities. Foundry’s
36
1000BaseTX 3270 #
eight-port 1000BaseT modules for its BigIron 8000 1000BaseX
switch chassis is another popular choice with excellent A generic designation used to describe all forms of
performance. Gigabit Ethernet (GbE), including 1000BaseCX,
A number of vendors are also providing 1000BaseT 1000BaseLX, 1000BaseSX, and 1000BaseT.
NICs for use in high-speed servers and high-perfor- 1000BaseX actually is the technical designation for the
mance networks connected to GbE backbones. These family of physical layer (PHY) technologies used in
vendors include 3Com, Intel, Sun Microsystems, and GbE and evolved directly from the Fiber Channel
SysKonnect. A popular choice in enterprise server ANSI94 standards.
farms is the SysKonnect 9822 64-bit 66 MHz PCI card, See Also: 1000BaseCX, 1000BaseLX, 1000BaseSX,
which comes in single-port and dual-port configura- 1000BaseT, Gigabit Ethernet (GbE)
tions. Alteon WebSystems also has a 10/100/
1000BaseT NIC with support for auto-negotiation and
jumbo frames. 1394
An Institute of Electrical and Electronics Engineers
Currently 1000BaseT is the fastest growing type of (IEEE) standard for a high-speed serial transmission
GbE being deployed in enterprise networks, because it technology also known as FireWire (a popular term
leverages the investment of existing Cat5 cabling instal- coined by Apple Computer) and iLink (a Sony Corpora-
lations. In the second quarter of 2000, GbE over copper tion trademark).
accounted for 25 percent of GbE port sales.
See Also: FireWire
Notes
1000BaseT is also sometimes referred to as
1000BaseTX.
1822
The original host-to-IMP (interface message processor)
Before installing 1000BaseT switches in a building wired interface for the Advanced Research Projects Agency
with older Cat5 cabling (as opposed to newer enhanced Network (ARPANET), the precursor of the Internet.
Category 5 [Cat5e] cabling), be sure to test the cabling
See Also: ARPANET
using a cable tester to make certain the installation fully
complies with IEEE TSB95 field specifications. Common
reasons for existing wiring failing to support GbE are 3270
crosstalk caused by improper cable termination in punch- An information display protocol for IBM mainframe
down block and wall plates. Hewlett-Packard and Fluke computers.
Corporation are two vendors that sell suitable cable test
Overview
equipment. Also, be sure also to use high-quality Cat5e
The 3270 protocol is a family of protocols that includes
patch cables for connecting patch panels to switches in
separate specifications for terminal display and printer
wiring closets and for connecting servers or workstations
output. The 3270 protocol enables text-based connec-
to wall plates in work areas.
tion-oriented conversations to take place between cen-
See Also: 1000BaseCX, 1000BaseLX, 1000BaseSX, tralized mainframe hosts and supported peripherals,
Gigabit Ethernet (GbE) including terminals, printers, and controllers. These
conversations originally took place over dedicated
serial transmission links between the terminal and the
1000BaseTX
mainframe controller. For long-distance computing,
Another name for 1000BaseT Gigabit Ethernet (GbE) transmission over private wide area networks (WANs)
over copper. such as the IBM Global Network enabled mainframe
See: 1000BaseT
37
# 5250 5250
38
A
A
A+ Certification
Find out about the Computer Technology Industry
A certification for computer service technicians from
Association at www.comptia.org.
the Computing Technology Industry Association
(CompTIA).
Overview
A record
A Domain Name System (DNS) record mapping a host
A+ Certification certifies service technicians for com-
name to an Internet Protocol (IP) address.
petency in troubleshooting, repairing, and installing
stand-alone and networked PCs. A+ is an internation- Overview
ally recognized certification that identifies minimum Also known as Address records, A records are the most
competency for entry-level computer technicians, typi- common type of DNS records in name server databases.
cally those who have a minimum of six months of prac- A records are used to resolve queries where host names
tical hands-on and interpersonal support experience. need to be translated into IP addresses in order to
The Association for Services Management Interna- establish network communications with the target host.
tional (AFSMI) and a number of prominent hardware
Examples
and software vendors back the A+ Certification.
A typical A record looks like this:
A+ Certification was created by CompTIA to benefit all
MARGE IN A 172.16.22.155
groups involved in the recruiting and hiring process.
Specifically, it has the following advantages: Here, MARGE is the friendly name of the host, IN indi-
cates the record is part of the Internet family (the
● A+ benefits managers and recruiters by helping
default), A indicates the type of resource record
them identify trained, competent individuals to fill
(address record), and the IP address for MARGE is last.
vacant positions.
See Also: DNS, resource record (RR)
● A+ benefits job seekers by identifying skills they
need to learn and develop and by providing a recog-
nizable career path for self-advancement and A6 record
employment. A Domain Name System (DNS) record for identifying
Internet Protocol version 6 (IPv6) hosts on a network.
● A+ benefits educational institutions by providing
goals and objectives for developing industry- Overview
relevant technical training programs. The A6 record is used to map a host’s name to its
128-bit IPv6 address. To use this record, a host on an
The A+ exam consists of two parts: a core section cov-
IPv6 network can query a name server by specifying the
ering general computer hardware and software that is
name of a target host, and the name server responds to
not vendor-specific and a module covering Microsoft
the query by returning the IPv6 address of the target
operating system technologies for MS-DOS and
host. The “A” in A6 stands for address.
Microsoft Windows platforms.
39
A AAA Abilene
40
absolute path Abstract Syntax Notation One (ASN.1) A
advanced applications relating to Internet2 prior to their On UNIX platforms, path names are specified using
intended real-world deployment. To this end, Abilene forward rather than backward slashes and absolute
provides a high-speed Synchronous Optical Network paths do not start with a drive letter. For example, the
(SONET) and Internet Protocol (IP)-over-SONET absolute path to the file script12, located in the /bin
backbone network that connects gigaPOPs (high-speed subdirectory of the /usr directory, would be
regional network aggregation points of presence) scat-
/usr/bin/script12
tered around the world. For an administrative fee, uni-
versities and other institutions conducting Internet2 See Also: relative path, Universal Naming Convention
research can connect to Internet2 through Abilene’s (UNC)
gigaPOPs for research and development purposes.
Abilene is wholly funded by university and corporate Abstract Syntax Notation One
agencies affiliated with the Internet2 research project, (ASN.1)
but Abilene also supports the U.S federal Next Genera- A standard from the International Standards Organiza-
tion Internet (NGI) initiative and connects with the very tion (ISO) that provides a mechanism for encoding
high performance Backbone Network Service (vBNS) human-readable symbols into condensed binary form.
and other federal research networks.
Overview
For More Information Abstract Syntax Notation One (ASN.1) is a standard
Find out more about Abilene at www.ucaid.org/abilene. with several real-world uses:
41
A acceptable use policy access
A more complex structured data type might be ● Acceptable and unacceptable usage must be simply
and clearly explained in the policy.
EmployeeRecord ::= SET
{ ● A graded series of consequences of unacceptable
name [0]ISO646STRING "Bob Smith" usage must be clearly stated in the policy.
title [1]ISO646STRING "Support Specialist"
idNumber [2]INTEGER "116427" ● The policy itself must be clearly visible in
} employees’ work areas.
ASN.1 data structures are encoded as octets in hexadec- ● Management should regularly call employees’
imal notation. These structures are then transmitted attention to the policy.
over the network as binary information.
In addition, users should be informed if management is
Notes utilizing monitoring practices such as logging all
Microsoft Exchange Server uses ASN.1 for its X.400 employee Internet access or archiving all employee
Connector to provide standards-based connectivity with e-mail. Management should consult its legal depart-
foreign X.400 messaging systems. ment in the drafting of an acceptable use policy, and this
policy should be reviewed frequently and kept
See Also: Simple Network Management Protocol
up-to-date as corporate network access evolves.
(SNMP), X.400
See Also: security
acceptable use policy
A policy created by management to specify acceptable access
usage for corporate network services as well as the con- Generally, the process of connecting to and using
sequences of violating these standards. resources on a network.
Overview Overview
Acceptable use policies have lately become an impor- To provide a user with access to network resources, per-
tant feature of corporate IT (information technology) missions must first be granted to the user. For example,
culture for a number of reasons, but mainly because of if a user is granted the read permission (and only this
the widespread implementation of Internet access for permission) for a file on the NTFS file system (NTFS),
desktop users. Management often becomes concerned the user is said to have read-only access to the file. An
about the possibilities of employees surfing the Internet important part of a network administrator’s job is to
for personal use on company time, using company configure appropriate levels of access control—that is,
e-mail to send personal messages, sending spam or mail to manage access to network resources such as shared
bombs, and so on. Another concern is management’s files, printers, and applications so that
possible legal liability if employees should access ille-
● Users who need access to these resources have the
gal or pornographic material on the Internet using their
appropriate level of access to them
corporate Internet accounts.
● Users who do not need access to the resources—as
Even if a company does not provide desktop Internet
well as distrusted users or hackers—are prevented
access for its employees, it should still have an accept-
from accessing them
able use policy governing access to shared network
resources such as file servers and color laser printers. Examples
To be effective, an acceptable use policy needs to have In Microsoft Windows 2000, when a user or process
the following characteristics: attempts to access an object such as a file on an NTFS
volume, a component of the Windows 2000 operating
42
access control access control A
system called the Security Reference Monitor compares object. The kind of permission that can be applied
the access token attached to the process with the access depends on the type of object. Some of the objects to
control list (ACL) attached to the object. Through this which permissions can be applied include
comparison, the Security Reference Monitor deter-
● NTFS file system (NTFS) objects such as files,
mines whether to grant access to the user or process.
folders, and volumes
See Also: access control, access control list (ACL),
● Local system objects such as processes and
access list, access token
programs
Local or Active Directory objects such as user,
access control ●
43
A access control entry (ACE) access control list (ACL)
the object. For example, you could allow all users to ● Discretionary access control for explicitly granting
have read access to the Phone Number attribute of users or denying access to a specific user or group
in Active Directory, while granting the clerical group (AccessAllowed and AccessDenied entries)
read/write access to that attribute so that they can mod-
● System security access control for generating secu-
ify users’ phone numbers if necessary.
rity audit logs (SystemAudit entry)
See Also: access control list (ACL), auditing, owner,
See Also: access control list (ACL), access mask
permissions
Access control entry (ACE). A simplified example. tors can configure and manage them at their discretion.
There’s also another type of ACL in Windows called a
An ACE generally specifies two kinds of information: system access control list (SACL), which is used to con-
● The security identifier (SID) of the security princi- trol the generation of audit messages when object audit-
pal (user, group, or computer) to which the ACE ing has been configured on a file system.
applies In traditional UNIX environments, access to file system
● The level of access to the object permitted for that objects is controlled using the Chmod (change mode)
security principal command, which allows read, write, and execute permis-
sions to be allowed or denied for three different entities:
An access mask specifying the possible permissions the user (owner), the other users that belong to the same
that can be assigned to the object is included with each group as the user (group), and every other user on the sys-
ACE. An ACE can provide one of the following: tem (other). This permission-based access control mecha-
nism is extremely limited, and as a result most UNIX
44
Accessibility Options Accessibility Options A
systems implement ACLs as an alternative method for ● ToggleKeys: Generates sounds when certain toggle
securing files and other operating system objects. keys, such as Caps Lock, are turned on
Sun’s UNIX-based Solaris operating system first imple- ● SoundSentry: Flashes a specified part of the screen
mented ACLs in version 2.5.1. These ACLs can be used when the system generates sounds
to control access to files on various different file sys-
● ShowSounds: Displays icons or text captions to
tems, including:
accompany the sounds that programs generate
● UNIX File System (UFS)
● HighContrast: Makes reading text easier
● Network File System (NFS) version 2 and higher
● MouseKeys: Controls the pointer using the
● Loopback File System (LOFS) numeric keypad
● Cache File System (CacheFS) ● SerialKey: Enables the use of alternative input
devices connected to the computer’s serial port
In Solaris, ACLs can be applied to files, directories, and
instead of the keyboard and mouse
symbolic links, and default permissions can be defined
for directories to give all newly created files in the direc-
tory the same ACLs. To set and display access control
lists on Solaris, use the setfacl and getfacl commands.
ACLs are also available as third-party software for other
UNIX platforms. Other UNIX packages and add-ons
may use different commands such as setacl and getacl.
See Also: access control entry (ACE), discretionary
access control list (DACL), system access control list
(SACL)
Accessibility Options
A utility in Control Panel for most versions of Microsoft
Windows that allows you to adjust the behavior of the
keyboard, mouse, and display to suit the needs of individ-
uals with impaired eyesight, hearing, or motor skills.
Overview
Accessibility Options are part of Microsoft Corpora- G0AXX02 (was G0Aui02.bmp in 1E)
tion’s initiative to provide access to computer technol- Accessibility Options. Accessibility Options in
ogy to all individuals, regardless of their physical Windows 2000.
impairments. Settings for Accessibility Options include Windows includes an additional wizard called the
the following: Accessibility Wizard that allows you to configure
● StickyKeys: Makes it possible to use a key combi- accessibility options on your computer. Additional
nation such as Ctrl+Alt+Delete without pressing accessibility utilities include Magnifier, Narrator, and
more than one key at a time On-Screen Keyboard.
45
A Accessibility Wizard access list
from Recording for the Blind and Dyslexic and the physical impairments by leading the user through a
Microsoft Accessibility and Disabilities Group. series of screens that the user can then respond to in real
time. Using the Accessibility Wizard is generally more
You can find out about the Microsoft Accessibility and
convenient than using the Accessibility Options prop-
Disabilities Group at www.microsoft.com/enable.
erty sheet to configure accessibility settings. The wiz-
Visit the site of Recording for the Blind and Dyslexic at ard’s final screen lists the accessibility options that have
www.rfbd.org. been enabled.
See Also: Accessibility Wizard See Also: Accessibility Options
46
access list access list A
finally dropped (in other words, there is an implicit A simple example of an IOS access list rule that allows
“deny all” at the end of every access list). traffic from source address 172.16.15.33 to pass across
a specified interface would be
You should consider several things when using access
lists to filter packets through a router: access-list 1 permit host 172.16.15.33
● For an access list to function, it must first be created Here the number “1” specifies that this rule is part of the
in the router’s memory and then explicitly assigned first access list created on the router, and all rules that
to a router interface. have this number belong to the same list. Access list
numbers identify what kind of access list is used (see
● When an access list is applied to an interface, the
the table).
access list’s direction must be specified. That is,
you must decide whether the access list will be Examples of Different Kinds of IOS Access Lists
applied to inbound traffic, outbound traffic, or both. Range of Access
● The order in which the rules are organized within an Type of Access List List Numbers
access list is important. Two access lists with iden- Standard Internet Protocol (IP) 1–99
tical rules but in different order can have signifi- Extended IP 100–199
cantly different effects. AppleTalk 600–699
Standard Internetwork Packet 800–899
● Each rule either permits a matching packet to be Exchange (IPX)
forwarded or denies a packet from being forwarded. Extended IPX 900-999
● By default, an access list implicitly denies every-
To take another example, if your network is class C and
thing. In other words, when a packet is being pro-
has addresses belonging to the 172.16.44.0 network, to
cessed by an access list, if a match occurs that
allow stations on your network to have unrestricted
allows the packet to be forwarded, the packet is
access to the Internet through your packet-filtering
allowed to pass across the interface. If no match is
router, you could use the rule
found (the contents of the packet do not explicitly
match any of the criteria specified in the rules access-list 1 permit 172.16.44.0 0.0.0.255
within the access list), the packet is blocked from
Note that 0.0.0.255 is the binary complement of the
passing over the interface and is thus dropped by
default subnet mask of your class C network
the router.
(255.255.255.0).
Examples As a final example, the following access list blocks
The Internetwork Operating System (IOS) by Cisco
incoming traffic from the malicious host 133.16.1.11
Systems, the operating system used by all Cisco routers,
but allows all other traffic to enter through the router:
has commands for creating access lists and applying
them to an interface. IOS supports two different types access-list 1 deny host 133.16.1.11 log
of access lists: access-list 1 permit any
● Standard: A standard access list filters packets The log keyword specifies that all packets dropped from
based only on their source address. the malicious host will be logged in the router log and
can be viewed using the IOS logging console.
● Extended: An extended access list filters packets
based both on their source address and on a number IOS access lists can be created using a simple ASCII
of other criteria including destination address, proto- text editor and transferred to the router using Trivial
col type, traffic priority, and application type. File Transfer Protocol (TFTP) or some other mecha-
nism. The Interface command is used to apply an access
47
A access mask access method
list to an interface once the list has been created, and the access mask
Access-group command is used to specify the direction A double-word value (32-bit entry) contained within
over the interface for which the list applies. each access control entry (ACE) that defines all possi-
Notes ble access rights for a particular type of object (file,
One limitation of IOS access lists is that if you want to folder, and so on).
modify a list by removing or changing a statement in Overview
the middle of the list, you cannot. Instead you must cre- Microsoft Windows 2000, Windows XP, and Windows
ate a new access list, remove the old one from the inter- .NET Server use access masks that support several
face, and apply the new list to the interface. You can, types of access rights. Three examples are:
however, add rules to the bottom of an existing list, if
this meets your needs. To get around having to create an ● Specific access rights: These access rights include
access list from scratch when you need to modify a rule, FILE_READ_DATA and FILE_APPEND_DATA,
use TFTP to copy the existing router configuration to a which provide permission to read and write data in
text file on a workstation, modify the file, delete the a file. Objects can have up to 16 different specific
original configuration on the router, and copy the mod- access rights, depending on the object type.
ified configuration onto the router. ● Standard access rights: These apply to all objects
IOS version 12 includes a new feature that allows for and include DELETE, which grants or denies delete
the creation and application of time-based access lists, access to an object, and WRITE_OWNER, which
which allows different access lists to be applied to rout- grants or denies access to the owner security identi-
ers at different times and days. fier (SID) of an object.
Access lists are sometimes called access control lists, ● Generic access rights: These map to specific
but this can be confusing because the term access con- access rights and standard access rights. Each type
trol list (ACL) also refers to a mechanism for securing of securable object maps generic access rights to its
file system objects and other operating system objects. own specific and standard access rights. Generic
access rights for file objects include FILE_
The table in this article shows that there can be only 100 GENERIC_READ, FILE_GENERIC_WRITE, and
possible access lists for each type of access list. In some FILE_GENERIC_EXECUTE. These three types are
circumstances (for example, with complex backbone listed in Windows Explorer in Windows 2000,
routers) this is not sufficient, and you can use named Windows XP, and Windows .NET Server and in
access lists instead. Named access lists are referenced Windows NT Explorer in Windows NT as the
using an alphanumeric name instead of a number, and special permissions read (R), write (W), and
you can create as many of them as you need. execute (X).
Placement is an important issue to consider when See Also: access control entry (ACE), access control
applying access lists to ports. Standard access lists list (ACL)
should be placed as close as possible to the destination,
but enhanced access lists should be placed as close as
possible to the source. access method
Any method that allows devices to transmit signals over
See Also: Internetwork Operating System (IOS), router
media in a way that ensures that communications can
occur between stations.
See: media access control method
48
access mode access point (AP) A
access mode with the /a switch. You can also right-click on the
A mode of running a console created with the Microsoft console file (*.msc file) in Windows Explorer and
Management Console (MMC). use the shortcut menu to start the console in author
mode. However, an administrator can also use Group
Overview Policy to prevent the user from opening a console in
Different access modes are provided for MMC consoles author mode.
in order to allow or restrict access to administrative
functionality. This enables senior administrators to cre- See Also: Microsoft Management Console (MMC)
ate custom consoles for junior administrators that have
only the functionality needed to perform specified access point (AP)
tasks, while preventing them from using functionality A device connected to a local area network (LAN) that
that could cause problems if not handled correctly. enables remote wireless stations to communicate with
Selecting Options from the Console menu configures the LAN.
access modes for MMC consoles. The two modes avail- Overview
able for running consoles are A wireless networking implementation consists of
● Author mode: This mode grants the user full two parts:
access to all the functionality of the MMC, includ- ● A wired network such as an Ethernet LAN with an
ing adding snap-ins, removing snap-ins, creating access point attached to it. The access point acts as
new console windows, and accessing the entire con- a bridge between the wired LAN and the remote
sole tree. Only senior administrators should have wireless stations.
this access mode.
● Remote wireless stations with wireless network
● User mode: This mode does not allow the user to adapters attached to them.
add snap-ins to or remove snap-ins from the console
and restricts access to some of the functionality of
the MMC, depending on the options selected. For
example, by selecting the Limited Access, Single
Window option, the MMC displays only a single
console window. User mode has three submodes: Ethernet
LAN
● Full Access: This submode allows the user to
view the whole console tree but restricts the user
from adding new snap-ins or changing the con-
sole’s properties.
Access point
● Limited Access, Multiple Window: This sub-
mode allows the user to view portions of the con- Station Laptop with
sole tree in different windows. adapter Ethernet card
● Limited Access, Single Window: This sub- G0AXX04 (was G0Aui04.bmp in 1E)
49
A access provider access token
access” to the wired network for the remote stations. tions that roam between cells covered by different APs.
The access points allow wireless stations to be quickly The more expensive APs also support connection to
and easily connected to a wired LAN. external antennas for better transmission coverage.
An example of a remote station might be a laptop com- Many APs include other advanced features including
puter. The laptop can communicate with the access Dynamic Host Configuration Protocol (DHCP), net-
point using a wireless Personal Computer Memory work address translation (NAT), and routing functions.
Card International Association (PCMCIA) card or These APs fall under the general category of network
wireless network interface card (NIC). An alternative is appliance because of their simplicity and ease of use.
the station adapter, a device that plugs in to the laptop’s
Notes
standard 10BaseT port.
When purchasing an 802.11b AP, you may want to con-
A single AP can generally support 15 to 25 wireless sta- sider if it can be easily upgraded to the newer 802.11a
tions while still maintaining optimal data transfer rates. standard, which uses 5 GHz transmission.
The area covered by a single AP is called a cell. The
For best coverage within an office environment, mount
transceiver within an access point uses spread spectrum
APs on ceilings. If this is difficult because of lack of
transmission, which may be either direct sequencing or
electrical outlets, look for APs that can be powered over
frequency hopping. For spread spectrum communica-
Category 5 (Cat5) cable.
tion in the 2.4 gigahertz (GHz) frequency band, APs
typically support data rates of 1 to 3 megabits per sec- If multiple APs are used to provide redundant coverage
ond (Mbps) over distances of up to about 2 miles (3 for an area, then they should be connected using a wired
kilometers). LAN. This will provide better performance for stations
within the coverage area than having the APs connected
Marketplace
as wireless repeaters.
Most commercial APs consist of a combination of an
Ethernet port and a transceiver, which allows the AP See Also: 802.11b, wireless networking
to be easily connected into an existing wired LAN for
bridging to remote wireless stations. Prices for wire-
access provider
less networking equipment based on the 802.11b
standard have fallen dramatically in the last few years. Also known as Internet service provider (ISP), a com-
A typical AP can cost as low as $300 or as high as pany that provides individual users and businesses with
$2,000, while wireless network adapters can be as connectivity to the Internet.
low as $100 each. Examples of APs for small-office See: Internet service provider (ISP), xSP
home-office (SOHO) use include the Apple Airport,
the D-Link DWL-1000AP, and the Lucent RG-1000,
and examples of enterprise-class access points include
access token
An object assigned to a user that successfully logs on to
3Com’s AirConnect Wireless AP, the Cisco AIR-
a network and that identifies the level of security privi-
AP341 series, Enterasys’s RoamAbout AP 2000, and
leges assigned to that user.
the Intel PRO/Wireless LAN AP.
The higher-priced APs provide faster speeds, support Overview
An access token is like a card key. Your card key will
more users, and include better management features.
provide you with access to doors that have been config-
For coverage of large areas, several APs may be
ured to grant you permission to open them. The list of
required to create a pattern of overlapping cells—in this
card keys that a door will accept is analogous to an
case it is best to purchase the more expensive ones
access control list (ACL).
because these include features to support remote sta-
50
account account domain A
track of each user’s account and grants or denies access
ACE
to the network based on the credentials entered by the
ACE
Jeff Smith SID 012345 user during the logon process. Accounts are used less
ACE
Group1 SID 098754 Compare frequently in peer-to-peer networks or workgroups
Group2 SID 345798 SID 098754 because the security requirements are usually much less
. 3 Read
stringent.
. 3 Execute
. A Windows 2000 or Windows .NET Server network
Access control contains various kinds of accounts, including
Access token
list (ACL)
● User account: Identifies users who belong to the
G0AXX05 (was G0Aui05 in 1E)
Access token. A simplified example of an access token domain by storing their names, passwords, the
at work. groups they belong to, the permissions they have for
accessing system resources, and other personal
When you log on to Microsoft Windows NT, Windows XP,
information
Windows 2000, or Windows .NET Server, you are
granted an access token that is attached to all your user ● Group account: Identifies a specific group of users
processes. Your access token contains the security and is used to assign them permissions to objects
identifier (SID) of your user account and every group to and resources
which you belong. When your application tries to
● Computer account: Identifies machines that
access an object such as a file on a volume formatted
belong to the domain
with the NTFS file system (NTFS), Windows NT,
Windows 2000, Windows XP, or Windows .NET Server See Also: logon, network security
compares the SIDs in your application’s access token to
those in the access control entries (ACEs) in the object’s account domain
ACL. If it finds a match, the system grants access to that A type of Microsoft Windows NT domain containing
object. accounts for global users and groups.
See Also: access control list (ACL) Overview
Account domains are usually master domains and are
account typically used in a single or multiple master domain
A set of credentials for gaining access to resources in a model implementation of Windows NT. The account
network or logging on to a system. domain contains user accounts for every user in the
enterprise and is usually located at corporate headquar-
Overview ters. Servers and workstations at company branch
In a typical network, each user needs an account to
offices belong to other domains called resource
access resources on the network, such as shared folders,
domains. Users at branch offices who want to log on to
printers, or applications. Accounts provide a way of
the network must log on to the account domain, even
identifying users on a network and are the foundation of
though their workstations are located within a resource
network security. An administrator or another user with
domain.
high security privileges typically creates accounts.
Accounts are generally used in server-based networks
where a central computer such as a Microsoft Windows
2000 or Windows .NET Server domain controller keeps
51
A account lockout account lockout
All enterprise
accounts
JohnS
JudyM
KarenL
Domain
controller
Account
domain
Authentication
Trust Trust
Domain Authentication Domain
controller controller
JudyM JohnS
52
account operator ACK A
lockout is used to prevent unauthorized access to the Overview
network by preventing distrusted users from attempting Members of the Account Operators group can create,
to guess a trusted user’s password. If you set up account delete, and modify the properties of users, global
lockout on your network, you will probably also want to groups, and local groups. The Account Operators group
configure auditing to record failed logon attempts. exists only on domain controllers and has an empty ini-
tial membership. The Account Operators group has the
Use account lockout only for high-security networks. In
following preassigned rights:
a low-security environment, users can become frus-
trated if they lock themselves out by mistyping their ● Log on locally
passwords, and administrators must cope with the addi-
● Shut down the system
tional overhead and bother of unlocking these accounts.
Additionally, members of the Account Operators group
See Also: auditing
have the ability to create, delete, and modify user and
group accounts using the Active Directory Users and
account operator Computers console.
A user who is assigned the responsibility of administer-
Members of the Account Operators group cannot mod-
ing user and group accounts for a network.
ify the membership or rights of the following built-in
Overview groups:
In Microsoft Windows 2000, Windows XP, or Windows
● Administrators
.NET Server, if you want to make an individual an
account operator, simply make that person a member of ● Account Operators
the Account Operators group. Account operators can
● Server Operators
administer accounts only on a domain controller, not on
a member server or workstation. ● Print Operators
Account operators have the preassigned rights to log on ● Backup Operators
locally to a domain controller and to shut down the sys-
See Also: built-in group
tem. In addition, account operators have the built-in
capacity to create and manage user accounts, global
group accounts, and local group accounts, as well as to ACE
keep local profiles. Stands for access control entry, a single entry in an
Account operators should be assigned in enterprise- access control list (ACL).
level networking environments only. In small to See: access control entry (ACE)
medium-sized networking environments, creating and
configuring user accounts is usually the administrator’s
responsibility. ACK
Stands for acknowledgment, a transmission from a
See Also: user account receiving station to a transmitting station telling it that
the transmitted data has been received without errors.
Account Operators group Overview
A built-in security group in Microsoft Windows 2000, ACKs play an important role in most network protocols.
Windows XP, and Windows .NET Server where users For example, Transmission Control Protocol (TCP) is a
are account operators. connection-oriented protocol that relies on acknowledg-
ments for successful transmission of data. When a stream
53
A ACL Active Desktop
of TCP packets is being sent over the network, each Active Desktop
packet contains an acknowledgment number indicating A feature of Microsoft Windows that enables active
the sequence number of the next packet that the receiving content from Web sites or channels to be displayed
station should expect to receive. TCP can use an ACK to directly on the desktop.
acknowledge a series of TCP packets (instead of just a
single packet) that have been received. A TCP packet Overview
sent as an acknowledgment has its ACK flag set to 1 to Active Desktop was first introduced with Microsoft
indicate that the acknowledgment numbers of the packets Internet Explorer version 4, and made possible the
received are valid. dynamic downloading and display of content such as
graphics, Hypertext Markup Language (HTML) pages,
During a transmission, if the receiving station deter- Microsoft ActiveX controls, Java applets, and channels.
mines that the data transmission is late or has not For example, you could have a stock ticker applet
arrived, a negative acknowledgment (NAK) is gener- placed directly on your desktop that updates its infor-
ated to indicate to the transmitting station that the data mation continually using a live Internet connection.
should be sent again.
Active Desktop integrates the Web and your desktop,
See Also: Transmission Control Protocol (TCP) allowing you to launch programs, switch between files,
and customize your desktop using active Web content.
ACL Active Desktop makes your desktop and its folders look
and work like the Web, allowing you to browse
Stands for access control list, any mechanism for imple-
resources on your computer or local network the same
menting access control on a file system object, direc-
way you browse for content on the World Wide Web.
tory object, or other operating system object.
Information about volumes, folders, and files can be
See: access control list (ACL) displayed as Web pages within folders, and you can
move up and down the folder hierarchy using a single
ACM click instead of a double click.
Stands for the Association for Computing Machinery, Active Desktop is included with Windows 98,
the oldest and largest educational and scientific com- Windows Millennium Edition (Me), Windows 2000,
puting society in the world. Windows XP, and Windows .NET Server and is avail-
able for Windows 95 and Windows NT 4 as an option
See: Association for Computing Machinery (ACM)
by installing Internet Explorer 4 and the Windows
Desktop Update.
ACPI The Active Desktop is implemented as an application
Stands for Advanced Configuration and Power Inter- programming interface (API) called the IActiveDesk-
face, a specification for power management of com- top interface, which is part of the Windows Shell API.
puter hardware. This interface is designed to allow client programs to
See: Advanced Configuration and Power Interface manage desktop items and wallpapers on local comput-
(ACPI) ers. It also provides methods for adding desktop items
(with or without a user interface, allowing the user to
decide whether to accept the addition), adding desktop
ACR items associated with a Uniform Resource Locator
Stands for attenuation to crosstalk ratio, the ratio of the (URL), applying changes by writing settings to the reg-
received strength of a signal on a pair of wires (attenua- istry, and so on.
tion) to the amount of crosstalk between the wires.
See: attenuation to crosstalk ratio (ACR)
54
Active Digital Profile (ADPr) Active Directory A
Active Digital Profile (ADPr)
An Extensible Markup Language (XML) specification
for automating the provisioning of IT (information
technology) resources.
Overview
XML is becoming the de facto standard for exchange of
electronic information, superseding previous standards
such as Electronic Data Interchange (EDI). To standardize
exchange in different business areas, XML schema are
used. Active Digital Profile (ADPr) is a proposed XML
schema that allows for the electronic allocation and
deployment of IT (information technology) resources such
as hardware and software. As an XML schema, ADPr pro-
G0AXX07 (was G0Aui08.bmp in 1E)
55
A Active Directory Active Directory
information about resources on the network, and it pro- organizational structure of your enterprise and act as a
vides both users and administrators with advanced security boundary in it. For example, privileges granted
search capabilities for locating resources on the in one domain are not automatically carried over to
network. another domain. Domains can be joined into larger
structures called trees using two-way transitive trusts,
Information in Active Directory is maintained for each
and these tree structures can be grouped into forests.
domain on the network. Active Directory database infor-
Typically one forest is created per enterprise when
mation is stored and maintained on machines called
Active Directory is deployed.
domain controllers. This information is replicated auto-
matically between domain controllers to ensure that The collection of objects, OUs, domains, trees, and for-
every portion of the distributed directory is up to date. ests represent Active Directory’s logical structure. Active
By default, the replication of updates to Active Directory Directory’s physical structure consists of various layers
occurs automatically every five minutes. Automatic rep- of programming elements on servers called domain con-
lication of Active Directory information occurs only trollers. These programming elements include
within the security boundary of a specific domain.
● Directory System Agent (DSA): The process that
Domain controllers in one domain do not automatically
provides access to the Active Directory store where
replicate with those in another domain.
directory information is stored on the domain
Architecture controller’s hard drive.
Active Directory’s basic element is the object. An
● Database Layer: This layer provides a uniform
object can represent a user, computer, printer, applica-
interface for the DSA for accessing the store.
tion, file, or another resource on the network. Active
Directory objects possess attributes, which are their ● Extensible Storage Engine (ESE): This is a version
properties. For example, some user attributes might of the database engine on Microsoft Exchange
include first name, last name, e-mail address, and phone Server 5.5 and is used to provide access to the Active
number. Some attributes must have mandatory values, Directory store, which is capable of storing informa-
and others can be left undefined. A printer’s attributes tion about many millions of directory objects.
might include its location, its asset number for account-
Above these layers are various interfaces and protocols
ing purposes, its type, and so on. Active Directory also
by which various clients can access Active Directory.
has a set of rules governing which objects can be stored
These include
in the directory and which attributes these objects can
possess. This set of rules is known as the schema. ● Lightweight Directory Access Protocol (LDAP):
Supports LDAP clients such as Microsoft Outlook
A special type of Active Directory object is the organiza-
and Active Directory Services Interface (ADSI).
tional unit (OU). An OU is a type of object that can con-
tain other objects. An OU can either contain a specific ● Replication transports (REPL): Supports replica-
object, such as a user or an application, or it can contain tion transports such as remote procedure call (RPC)
another OU. Using OUs, you can organize Active Direc- and Simple Mail Transfer Protocol/Internet Proto-
tory into a hierarchical directory of network information col (SMTP IP) for Active Directory replication.
based on the X.500 directory recommendations of the
● Security Accounts Manager (SAM): Supports
International Telecommunication Union (ITU). You can
Windows NT 4 networking application program-
assign users permissions on subtrees of OUs for manage-
ming interfaces (APIs) and replication with
ment and resource access purposes.
Windows NT backup domain controllers (BDCs).
Organizational units are contained within domains,
● Messaging Application Programming Interface
which are Active Directory’s basic security and organi-
(MAPI): Supports Outlook and other MAPI-
zational structure. Every object in Active Directory
compliant clients.
must belong to a domain. Domains usually mirror the
56
Active Directory Active Directory A
Other protocols whose implementation is of crucial domain tree is large, you should not place a global cat-
importance for Active Directory include Domain Name alog server at each site because this can create a lot of
System (DNS) and Transmission Control Protocol/ replication traffic. Place global catalog servers only at
Internet Protocol (TCP/IP). large regional sites. Remember that replication of mod-
ifications made to your Active Directory might take
Implementation
some time to propagate throughout your enterprise. For
Before implementing Active Directory in your enter-
example, if you create a new user account object, it
prise, you will need to gather information about your
might be a few minutes before the user can actually log
organization’s structure because Active Directory usu-
on to the network using the account.
ally mirrors this structure in some fashion. A good way
to proceed is to use a centralized planning approach Notes
with a team consisting of both technical and manage- The default naming convention for objects stored in
ment representatives. You must develop a naming strat- Active Directory is an Active Directory canonical name
egy, plan your domain structure, and consider how you of the object. This defines the object’s position in a
will delegate administrative duties concerning Active domain tree from left to right, starting with the object’s
Directory. When you delegate administrative control to name and delimited by slashes. For example, the User
Active Directory, do so at the OU level instead of at the Account JSmith in the Marketing OU of the north-
individual object level. This makes it easier to control wind.microsoft.com domain would have the Active
portions of the OU hierarchy within Active Directory. Directory canonical name
In particular, you probably want to delegate control to
Jsmith/users/marketing/northwind.microsoft.com
individuals responsible for creating users, groups, com-
puters, and similar objects. Active Directory supports non-DNS naming conven-
tions for interoperability with non-DNS environments.
Consider the speed of the various links between your
An example is the LDAP naming convention. An LDAP
different geographical locations and how any systems
Uniform Resource Locator (URL) is composed of the
that are not interoperable with Active Directory will be
name of the server with the distinguished name of the
integrated into your new system. You should also pro-
object appended to it. Other naming conventions
file your user community to determine what sort of
include the following:
domain hierarchy you will be implementing. Also con-
sider integrating your DNS zone information into ● User principal name: This convention consists of
Active Directory because this will store your DNS zone the user’s SAM account name with an object’s user
information in the distributed Active Directory. Plus, it principal name suffix appended to it. The user prin-
will facilitate and simplify updates of zone information cipal name suffix is the name of the domain tree or
through replication of domain controllers. the name of the domain above the object in the
domain tree.
An important planning issue is determining where to
locate domain controllers and global catalog servers for ● Request for Comments (RFC) number 822
your enterprise because after Active Directory is name: This naming convention is essentially the
installed and configured, the majority of Active user’s e-mail address.
Directory traffic is related to Active Directory clients
● Universal Naming Convention (UNC): This con-
querying Active Directory for information. Directory
vention can be used for shared resources.
replication traffic is usually a less important consider-
ation, unless the organization is in a constant state of Discretionary access control lists (DACLs) and system
flux. Placing a domain controller at each site will opti- access control lists (SACLs) protect Active Directory
mize queries but can increase replication traffic. Never- objects. DACLs and SACLs specify which user or
theless, placing a domain controller at a site that has application has permission to access attributes of direc-
users in that domain is usually the best solution. If the tory objects and work in a similar fashion to access
57
A Active Directory Client Active Directory Installation Wizard
Client software running on a machine and enabling it to Active Directory Domains and Trusts. The Active Directory
access information published in Active Directory direc- Domains and Trusts console.
tory service. Overview
Active Directory Domains and Trusts provide adminis-
Overview
trators with a graphical representation of all the domain
Microsoft Windows 2000, Windows XP, and Windows
trees in a domain forest. Using the Active Directory
.NET Server come with a built-in Active Directory client
Domains and Trusts, you can perform common admin-
so that they can participate immediately in an Active
istrative tasks such as
Directory–based network. Some other versions of
Windows may require an Active Directory client to be ● Creating an explicit domain trust and managing
installed prior to participating in such a network. existing trust relationships between domains
A version of Active Directory Client called the Direc- ● Changing the domain mode from mixed mode to
tory Services client is available for computers running native mode
Windows 95 and Windows 98. This client allows them
● Adding user principal name suffixes for a forest
to log on to a Windows 2000 or Windows .NET Server
domain and access information published in Active Notes
Directory. The Directory Services client can be found in You can also use the Active Directory Domains and
the \clients folder on the Windows 2000 Server compact Trusts to open Active Directory Users and Computers
disc. Microsoft Internet Explorer version 5.0 or later by right-clicking on a domain and then selecting
must be installed on the machine running Windows 95 Manage from the shortcut menu.
or Windows 98 prior to installing the Directory Services
See Also: administrative tools (Windows 2000,
client. A similar client is also available for Windows
Windows XP, and Windows .NET Server)
NT version 4 machines.
See Also: Active Directory
Active Directory Installation
Wizard
Active Directory Domains A wizard in Microsoft Windows 2000 Server and
and Trusts Windows .NET Server that installs the Active Directory
A management console in Microsoft Windows 2000 directory service on a machine.
and Windows .NET Server that can be used for admin-
istering domains and trust relationships.
Overview
Active Directory Installation Wizard promotes member
servers or stand-alone servers into domain controllers.
You can use Active Directory Installation Wizard to
58
Active Directory Installation Wizard Active Directory Installation Wizard A
Active Directory database, the location of the System
Volume (SYSVOL) share, and so on.
Running Active Directory Installation Wizard has the
following results:
● The machine on which the wizard is run becomes a
domain controller. If it is the first domain controller
in your domain, the wizard also creates a new site
for that controller. If it is the first domain in your
enterprise, it is also the root domain for any domain
tree that will be created. You can use the wizard to
create the first domain forest in your enterprise, too.
● The first domain controller is also your global cata-
G0AXX09 (was G0Auixx10.bmp in 1E)
log server.
Active Directory Installation Wizard. Using the Active
Directory Installation Wizard to install Active Directory. ● Active Directory files are located in %System-
Root%\Ntds with the associated log files.
● Create a new domain controller with a new
domain tree ● The shared system volume SYSVOL, which stores
scripts used for implementing group policies for
● Create a new domain controller with a new child your domain, is located in %SystemRoot%\Sysvol.
domain that islocated under a parent domain in an
existing domain tree ● A number of default organizational units (OUs) are
created, namely the Users, Builtin, Computers, and
● Create a replica domain controller for an exist- Domain Controllers.
ing domain
Notes
You must be an administrator to run Active Directory You must make sure that DNS is already installed and
Installation Wizard. Start the wizard by running the configured prior to running Active Directory Installa-
Dcpromo utility from the command prompt or choose tion Wizard in order to create the first domain controller
the Run command from the Start menu, enter dcpromo for your network. A DNS name will be needed for your
in the Run dialog box, and then click OK. This opens new domain controller, and a DNS server must be avail-
the wizard’s welcome screen, where you are required to able on the network during the installation process.
make a number of decisions concerning the following:
Active Directory files also require an NTFS file system
● Whether to create a new domain or add a replica (NTFS) volume, which must be configured as a basic
domain controller to an existing domain volume. Dynamic volumes cannot be used for Active
● If you choose to create a new domain, whether to Directory files. Running the wizard creates a log file in
create a new domain tree or add a child domain to the %SystemRoot%\Debug folder that shows the
an existing tree results of the installation procedure.
● If you choose to create a new domain tree, whether If you are creating a new child domain, an available
to create a new domain forest or add the new tree to domain controller must be in the existing parent
an existing forest domain. If you are creating a replica domain controller,
an available domain controller must be in the target
Names you specify for new or existing domains, domain.
domain trees, or domain forests are based on the
Domain Name System (DNS) naming system. Other See Also: Active Directory, domain controller
steps in the wizard allow you to specify the path to the
59
A Active Directory schema Active Directory Service Interfaces (ADSI)
computers, domains, organizational units (OUs), and See Also: Active Directory
security policies. Active Directory is extensible and can
be modified using Active Directory Schema. Specifi-
cally, you can modify the schema by Active Directory Service
Interfaces (ADSI)
● Defining new object types and their attributes
A set of object-oriented programming interfaces for pro-
● Defining new attributes for existing object classes viding programmatic access to Active Directory objects.
● Removing attributes from existing object classes Overview
Active Directory Service Interfaces (ADSI) consist of a
● Removing existing object classes
set of general interfaces built on the Component Object
Some applications such as Microsoft Exchange Server Model (COM) that lets applications work with various
2000 are also designed to extend the Active Directory types of directories using a single access method. ADSI
schema for application-specific purposes. works by abstracting the capabilities of directory services
60
Active Directory Sites and Services Active Directory Sites and Services A
from different network providers to present a single set of ● DS independence: ADSI is independent of the DS
interfaces for managing network resources in a distrib- being used, so developers using ADSI do not have
uted computing network. ADSI provides a simple, open, to learn the underlying machinery of the directory
functionally rich, and scriptable method for interfacing they are using ADSI to access.
with any directory service, independent of the vendor.
● Scriptable: Automation-compatible languages
Programmers and administrators can use ADSI to create such as VBScript and Perl can be used to automate
directory-enabled applications using tools such as directory tasks using ADSI.
Microsoft Visual Basic or Microsoft Visual C++. ADSI can
● OLE DB aware: ADSI can be used to access data
be used to create new users and groups, locate and manage
sources through OLE DB.
printers, and perform other administrative functions on a
Windows 2000 or Windows .NET Server network. Notes
Windows 2000, Windows XP, and Windows .NET
ADSI is only a part of a more general Microsoft family
Server contain ADSI providers for accessing the fol-
of APIs called the Windows Open Directory Services
lowing types of directories:
Interfaces (ODSI). Other OSDI interfaces include the
Network Provider Interface, Windows Sockets Regis- ● Active Directory directory service
tration and Resolution (RnR), and RPC OLE DB.
● Lightweight Directory Access Protocol (LDAP)
Architecture
● Novell Directory Services (NDS)
ADSI consists of two types of COM objects (directory
service leaf objects and directory service container ● Windows NT directory services
objects) that clients can manipulate with interfaces.
ADSI supports the LDAP C API defined in Request for
ADSI providers are used to implement these objects
Comments (RFC) number 1823, which specifies a
and their interfaces. Each object in a given namespace
low-level interface for C language programming and
is identified using a unique name. For example, file sys-
provides support for the Messaging Application Pro-
tem objects can be specified using their absolute path,
gramming Interface (MAPI) so that legacy MAPI
and directory objects are usually specified using their
applications will work with Active Directory.
X.500 address. However, ADSI is flexible enough to
handle any naming system used by third-party vendors’ ADSI was formerly known as OLE DS.
directory service implementations.
See Also: Active Directory, directory
Advantages and Disadvantages
Using ADSI for directory access has the following
Active Directory Sites and
benefits:
Services
● Open: ADSI is an open platform for which any A management console in Microsoft Windows 2000
directory vendor can develop an ADSI provider. and Windows .NET Server that can be used for admin-
istering sites, domain trees, domain controllers, sub-
● Simple: ADSI consists of a small collection of
nets, and intersite links.
easy-to-learn programming interfaces.
Overview
● Extensible: Independent software vendors (ISVs)
Using Active Directory Sites and Services, you can
and directory service (DS) vendors can enhance
perform common administrative tasks such as
ADSI by developing their own objects and functions.
● Creating a new site and configuring replication
● Language independence: ADSI is based on COM
within the site
and can be used by any programming language that
supports COM. ● Configuring directory service (DS) objects and
licensing site settings
61
A Active Directory Users and Computers active partition
63
A Active Setup Active Setup
ASP organizes collections of ASP pages into applica- See Also: Active Platform
tions, which are typically groups of files within a given
virtual directory and its subdirectories. ASP applica- Active Setup
tions (also known as Web applications) can have global A Microsoft ActiveX engine that can be used to down-
variables and can save state information so that a ses- load and install software over the Internet interactively
sion can exist across several requested pages in succes- using a Web browser.
64
active volume ActiveX component A
Overview several windows are open on a user’s desktop, only one
Active Setup makes use of the fact that source files of of these windows can be the active window. A unique
the application to be installed are partitioned into seg- color on the active window’s title bar distinguishes it
ments, the traditional cabinet installation files (*.cab from other windows. If the user enters commands or
files). Active Setup begins by downloading a small, text using the keyboard, these commands or text will be
self-extracting setup package to the browser client. This routed to the program displaying the active window. To
file also collects information about the client’s com- make a window the active window on the desktop, sim-
puter to help determine which components already exist ply click on it using the mouse, or cycle through the
on the system and whether the desired application is windows on the desktop using Alt+Tab.
compatible with the system’s configuration. The user
Notes
specifies a location from which to download the desired
You can capture a bitmap image of the active window to
application and the types of components to be installed.
the clipboard by pressing Alt+PrintScreen. Then open
The application’s *.cab files are then downloaded as
Paint, paste the contents of the clipboard into the pro-
needed, after which Active Setup is completed and
gram, and save it as a *.bmp image.
normal installation can continue.
See Also: Microsoft Windows
One advantage of Active Setup is that if the download is
interrupted, it can be resumed at the interruption point
rather than at the beginning. ActiveX
An umbrella term for Microsoft technology for building
See Also: ActiveX
lightweight reusable software components.
Overview
active volume The term ActiveX was first coined at the Internet Profes-
The volume in Microsoft Windows 2000, Windows XP,
sional Developers Conference (Internet PDC) in 1996
and Windows .NET Server from which a computer
and was based on the conference slogan “Activate the
boots.
Internet.”
Overview
Microsoft ActiveX is built on the Component Object
In Windows 2000, Windows XP, and Windows .NET
Model (COM) and Distributed Component Object
Server disk terminology, active volumes on dynamic
Model (DCOM) technologies, which enable software
disks are what active partitions are on basic disks. The
components to interact with each other across a net-
active volume for a system must be a simple volume; in
work. ActiveX does not replace object linking and
other words, it cannot be a striped set or mirrored volume.
embedding (OLE) but broadens and enlarges it to
You can upgrade the basic disk that contains the active include the Internet and intranet technologies.
partition to a dynamic disk, making it a simple volume
ActiveX is supported by most Microsoft development
that is active, but you cannot mark an existing dynamic
and productivity applications, including Visual Basic,
volume as the active volume.
Visual C++, and Office.
See Also: active partition, dynamic disk
For More Information
Visit the Microsoft COM site at www.microsoft.com/com.
active window
See Also: Component Object Model (COM), OLE
The particular open window that has the focus on a
Microsoft Windows desktop.
Overview
ActiveX component
A Component Object Model (COM)–based application
The active window is the window belonging to the
that allows other applications to use the classes it contains.
application in which the user is currently working. If
65
A ActiveX controls ActiveX Data Objects (ADO)
66
adapter adapter A
consumer (OLE DB is a generic data access technology model is a simple COM-based architecture, which con-
from Microsoft). Using ADO and OLE DB, a client sists of static and dynamic object models. ADO com-
application can connect to a variety of data sources municates with a database through type libraries.
using the same programming model. These data sources Choosing the right library can significantly improve
include relational databases, hierarchical databases, data access performance. For example, if Microsoft
indexed sequential access method (ISAM) databases, SQL Server is running on the same machine as
and virtually any other kind of data source for which an Microsoft Internet Information Services (IIS), using
open database connectivity (ODBC) driver exists. In named pipes can provide better performance than using
other words, ADO is intended to be a universal infor- the Transmission Control Protocol/Internet Protocol
mation interface. (TCP/IP) networking library.
In order to communicate with these unique data The ADO 2.5 object model includes the following
sources, ADO and OLE DB employ components called object types: Connection, Command, Errors, Fields,
OLE DB providers, which are designed for specific data Record, Recordset, Parameters, and Stream.
sources. If a native OLE DB provider is not available
Notes
for a data source, but an ODBC driver is available, it
Microsoft distributes ADO as part of the Microsoft Data
should be possible to access the data source using the
Access Components (MDAC), a package that includes
ODBC driver and an OLE DB provider designed to
drivers and providers for ADO, OLE DB, and ODBC.
communicate with ODBC drivers.
ADO 2.5 can also be used with ExOLEDB to provide
Uses
access to the Web Storage System on Exchange 2000.
ADO is supported in a variety of programming environ-
ments. For example, ADO can be used in Microsoft See Also: ADO+, ADO.NET
Visual C++ and Microsoft Visual Basic to access data in
an OLE DB data source such as Microsoft SQL Server.
adapter
ADO can also be used in conjunction with IIS to create
A device for connecting two different types of elec-
Microsoft Active Server Pages (ASP) applications that
tronic hardware without losing information.
access data sources.
Overview
In a Web-based environment, ADO is basically a
In local area network (LAN) networking, an adapter is a
server-based solution for data access. All data
small device with two different connectors that provide
operations, such as changes to database records and fil-
data transmission back and forth between two different
tering, must take place on the server. The client can then
types of media (cabling). Adapters come in many vari-
receive the data but cannot easily manipulate it. For
eties and are typically specified by stating the two con-
applications in which the client must be able to manip-
nector types used and whether these connectors are
ulate the data being accessed, use remote data binding
male or female. For example, a DB9(f)-DB25(m)
with Remote Data Service (RDS) instead. RDS is a
adapter means an adapter with a DB9 female and a
technology that enables the user to manipulate data on
DB25 male connector.
the client and have any changes automatically made on
the server. Allowing data to be manipulated on the cli- Adapters are a necessary part of the network adminis-
ent makes Web applications faster and more responsive. trator’s toolkit because of the large number of connec-
tivity options provided by networking equipment
ADO 2.5 is an integral part of the Microsoft Windows
vendors.
2000 platform.
Notes
Architecture The term adapter is also used in a number of different
ADO is based on a collection of Component Object
contexts in networking, including the following examples:
Model (COM) and COM+ interfaces, and its object
67
A adaptive acceleration ADC
● Network interface cards (NICs) are sometimes called portions of files) can benefit most by being cached.
network adapter cards because they provide connec- For example, an entire Word file might be cached,
tivity between computers and network cabling. or only the properties of the file. As another exam-
ple, a .gif image might be cached, or only its palette.
● Cigarette lighter adapters can be used to power cel-
lular phones or laptops from an automobile battery. ● Vertical data analysis: This technique uses an
algorithm that parses the different level protocol
● Digital phone adapters allow analog modems to be
headers in packets, compresses it, repackages it,
connected directly to Private Branch Exchange
and applies rules to handle it more efficiently. This
(PBX) phone outlets without damage.
makes data transfer more efficient and can enhance
● SC/ST adapters provide connectivity between and prioritize time-sensitive traffic such as voice or
fiber-optic connectors of differing types. video over IP.
See Also: connector (device) See Also: caching
68
address book view Address Resolution Protocol (ARP) A
address book view ing Internet Protocol (IP) addresses into Media Access
A virtual container in Microsoft Exchange that lets Control (MAC) addresses.
Microsoft Exchange Server administrators group Overview
recipients according to common attributes. When a TCP/IP-aware application tries to access another
Overview TCP/IP host using its IP address, the destination host’s IP
Address book views are created automatically when address must first be resolved into a MAC address so that
you establish the defining attributes for the address the frame can be addressed and placed on the wire and
book view. For example, using the Exchange Adminis- then be recognized by the destination host’s network
trator program, you could create an address book view interface card (NIC). This is because NICs operate at the
called By Department and use the Department attribute physical layer (Layer 1) and data-link layer (Layer 2) of
of the recipients in your Exchange organization to auto- the Open Systems Interconnection (OSI) reference
matically generate various address book view contain- model and must use physical addresses (such as MAC
ers called Sales, Marketing, Management, and so on. addresses) instead of logical addresses (such as IP
Each address book view container will contain only addresses) for network communication.
those recipients that belong to a specific department.
IP=172.16.8.101
For instance, when users access the global address list MAC=F0-0D-EE-00-A0-0B
using Microsoft Outlook, these containers will be
visible in their address books, along with their recipi-
ents. This allows users to more quickly address e-mail Host #1 Host #2
to recipients in a particular department instead of scroll-
ing down the entire global address list.
You can also create multilevel address book views. For
1 ARP Request 172.16.8.101
example, you could create a first level of virtual con-
tainers sorted by Country, followed by a second level
sorted by State.
ARP Reply F0-0D-EE-00-A0-0B 2
Notes
If you use the Exchange Administrator program to
move a recipient from one address book view to 3
another, the recipient takes on the defining attributes of
the new address book view. ARP cache of Host #1
172.16.8.101=
See Also: Exchange Server F0-0D-EE-00-A0-0B
69
A ADMD administrative share
70
administrative tools (Windows 2000, Windows XP, and Windows .NET Server) administrative tools (Windows A
network server and perform remote administration ● Data Sources (ODBC)
such as creating and deleting files and folders
● Distributed File System
● ADMIN$: The share name for the %System-
● Event Viewer
Root% folder, used by the system during remote
administration ● Internet Services Manager
● IPC$: A share used by interprocess communication ● Licensing
(IPC) resources for sharing the named pipe inter-
● Local Security Policy
face, which allows applications running on different
computers to communicate over the network ● Performance
● PRINT$: A share used to support shared printers ● Routing and Remote Access
● REPL$: A share used by the Directory Replicator ● Server Extensions Administrator
Service that allows directory trees to be exported
● Services
● NETLOGON: A share used by the NetLogon ser-
● Telnet Server Administration
vice that enables the processing of domain requests
Notes
See Also: hidden share
As an administrator, you can create your own adminis-
trative tools by opening a blank MMC console and
administrative tools installing the various snap-ins you need. When you save
(Windows 2000, Windows XP, this tool, it will automatically be saved in the Adminis-
and Windows .NET Server) trative Tools program group.
A program group in Microsoft Windows 2000, See Also: Windows 2000
Windows XP, and Windows .NET Server containing
tools for administering a network based on these
versions of Windows.
administrative tools
(Windows NT)
Overview A program group in Microsoft Windows NT containing
Most Windows 2000 administration tools are primarily tools for administering a Windows NT–based network.
implemented as preconfigured snap-ins for the
Overview
Microsoft Management Console (MMC). Such tools
The basic set of tools for Windows NT Server 4 consists
are commonly referred to as consoles. Each administra-
of the following:
tive tool corresponds to an MMC console with a partic-
ular snap-in installed. ● Administrative Wizards
The set of available tools for a particular machine run- ● Backup
ning Windows 2000, Windows XP, or Windows .NET
● Disk Administrator
Server depends on how that machine was installed and
configured. Commonly installed tools for Windows ● Event Viewer
2000 Server, Windows XP, and Windows .NET Server,
● License Manager
which can be used for both local and remote administra-
tion, include ● Migration Tool for NetWare
● Component Services ● Network Client Administrator
● Computer Management ● Performance Monitor
● Configure Your Server ● Routing and Remote Access Admin
71
A administrator Administrators group
72
ADO ADR A
ADO documents and relational data stores. Some of the dif-
ferences between ADO.NET and ADO are the
Stands for ActiveX Data Objects, a data access inter-
following:
face used to communicate with OLE DB–compliant
data sources. ● While ADO uses the RecordSet object, which looks
like a single table, ADO.NET uses the DataSet
See: ActiveX Data Objects (ADO)
object, which can contain one or more tables repre-
sented by DataTable objects.
ADO+
● While ADO uses Component Object Model (COM)
A version of Microsoft ActiveX Data Objects (ADO)
marshalling to transmit a disconnected record set,
for the Microsoft Windows Distributed interNet Appli-
ADO.NET transmits a DataSet with an XML file
cations Architecture (Windows DNA).
(the XML format places no restrictions on data
Overview types and requires no type conversion).
ADO+ is a more scalable, more interoperable, and more
● While ADO has trouble transmitting data through
strongly typed version of ADO. The programming and
firewalls because firewalls are typically configured
object model for ADO+ is radically different from
to prevent system-level requests such as COM
ADO because ADO is designed from the ground up to
marshalling, ADO.NET can easily transmit data
work with disconnected data sets (ADO included some
through firewalls because ADO.NET DataSet
support for disconnected record sets starting with ADO
objects use Hypertext Markup Language (HTML)–
2.0). An ADO+ data set is a disconnected in-memory
based XML, which can pass through firewalls.
view of a database. Data sets can be created dynami-
cally without any interaction with a database manage- See Also: ActiveX Data Objects (ADO), .NET platform
ment system (DBMS), so data sets are an evolution of
the previous concept of ADO record sets. Data sets can
contain any number of tables, and these do not need
ADPCM
to correspond to a particular database table or view. Stands for Adaptive Differential Pulse-Code Modula-
ADO+ thus models data, not databases or data provid- tion, a technique for converting analog sound, such as
ers the way ADO did. speech, into binary digital information by frequently
sampling the sound and expressing its modulation in
What particularly distinguishes ADO+ is that it utilizes binary form.
Extensible Markup Language (XML) as its universal
format for data transmission. This gives ADO+ its wide See: Adaptive Differential Pulse-Code Modulation
interoperability with any platform supporting XML, (ADPCM)
and receivers no longer need to be COM objects as they
were with ADO. ADPr
See Also: ActiveX Data Objects (ADO), Windows Stands for Active Digital Profile, an Extensible Markup
Distributed interNet Applications Architecture Language (XML) specification for automating the pro-
(Windows DNA) visioning of IT (information technology) resources.
See: Active Digital Profile (ADPr)
ADO.NET
The evolution of Microsoft Corporation’s Active X
Data Objects (ADO) for its new .NET platform.
ADR
Stands for Advanced Data Recording, a tape backup
Overview technology developed by Philips.
ADO.NET provides the classes necessary to ADO to
enable access to Extensible Markup Language (XML) See: Advanced Data Recording (ADR)
73
A ADSI Advanced Configuration and Power Interface (ACPI)
ADSI To separate the two data channels from the voice chan-
nel used for ordinary telephone communications,
Stands for Active Directory Service Interfaces, a set of
ADSL modems include a POTS splitter, a type of filter
object-oriented programming interfaces for providing
placed at the carrier side of the modem which splits off
programmatic access to Active Directory objects.
the first 4 kilohertz (kHz) of bandwidth and routes it to
See: Active Directory Service Interfaces (ADSI) the telephone. This way, if an ADSL provider goes
down and data communications cease, regular POTS
telephone service still works at the customer premises.
ADSL
Stands for Asymmetric Digital Subscriber Line, a form of See Also: Asymmetric Digital Subscriber Line (ADSL),
Digital Subscriber Line (DSL) technology that provides modem
subscribers with high-speed voice and data services
over twisted-pair copper phone lines. Advanced Configuration and
See: Asymmetric Digital Subscriber Line (ADSL) Power Interface (ACPI)
A specification for power management of computer
hardware.
ADSL modem
A modem used to terminate an Asymmetric Digital Overview
Subscriber Line (ADSL) connection between the cus- Advanced Configuration and Power Interface (ACPI) is
tomer premises and the ADSL provider. an open industry specification that was designed to
enable software designers to integrate power manage-
Overview ment features through all parts of a computer system,
ADSL modems are customer premises equipment including the hardware, the operating system, and
(CPE) for connecting subscribers to telcos offering application software. ACPI is the successor to the
ADSL services. ADSL modems are typically used to Advanced Power Management (APM) specification
provide high-speed Internet access for residential and and differs by allowing the operating system to control
business customers. hardware power consumption instead of the basic input/
ADSL modems operate by dividing the available band- output system (BIOS).
width in Plain Old Telephone Service (POTS) tele- Microsoft Windows 2000, Windows XP, and Windows
phone lines into separate upstream and downstream .NET Server support Advanced Configuration and
channels. This is typically done in one of two ways: Power Interface (ACPI), and it enables Windows to
● Frequency division multiplexing (FDM): This handle all the power-management resources for com-
technique separates upstream and downstream puter subsystems and peripherals. ACPI works with
communications into two separate channels with a subsystems and peripherals for a wide range of mobile,
band of unused frequency between them to prevent desktop, and server platforms. ACPI is also the founda-
crosstalk and reduce interference. If you need to, tion for the OnNow industry initiative that enables com-
you can then further divide each of these two chan- puters to start at the touch of the keyboard.
nels using time-division multiplexing (TDM). Notes
● Echo cancellation: This technique employs over- Your PC must be fully compatible with ACPI for you to
lapping upstream and downstream channels and use it, regardless of whether your operating system sup-
separates them using V.32/V.34 echo cancellation ports it. To find out if your PC supports ACPI, go into
methods used in modems. the BIOS, look for an ACPI option, and turn it on.
Of these two techniques, echo cancellation offers better You can also enable ACPI support for Windows 98 by
utilization of bandwidth but is more complex to running Setup using the command-line switch Setup /p
implement. j. Running Setup in this mode adds the ACPIOption
74
Advanced Data Recording (ADR) Advanced Encryption Standard (AES) A
string value with a value data of 1 to the Windows 98 fully cracked in 1997 using idle processing cycles on
registry and causes hardware devices to be queried for thousands of machines distributed across the Internet.
ACPI support during setup. Note that Windows 98 does Advances in computing in the last few years have made
not support all ACPI features—Passive Cooling Mode, DES even more vulnerable as an encryption mecha-
for example. nism, and as a result an initiative was put forward by the
U.S. government to develop a scheme that could not be
For More Information
cracked.
Find out about ACPI at www.teleport.com/~acpi.
The result of this initiative is the Advanced Encryption
Find out about the Microsoft OnNow initiative at
Standard (AES), which officially replaced DES in the
www.microsoft.com/hwdev/onnow.htm.
spring of 2001. AES supports key lengths of 128, 192,
See Also: Advanced Power Management (APM) and 256 bits, which offers a vast improvement in secu-
rity over 56-bit DES and even 168-bit Triple DES, in
which three DES keys are applied in succession. The
Advanced Data Recording
National Institute of Standards and Technology (NIST)
(ADR)
has calculated that it would take about 149 trillion years
A tape backup technology developed by Philips.
to crack an AES-coded message using an algorithm that
Overview could crack DES in one second (no such algorithm cur-
Advanced Data Recording (ADR) is a technology that rently exists), so AES is likely to remain secure for
writes eight tracks of data simultaneously to a single some time to come. Using the maximum level of
tape. This gives ADR tape drives a very high through- encryption (256-bit), a cracker would have to generate
put. Tapes move slowly in ADR tape drives, which and test 1.1 x 1077 unique keys in order to crack an AES
makes for minimal tape wear and quieter operation. message, which is currently beyond conception for
brute-force computing power.
ADR tape drives are available from OnStream and pop-
ular models include: Architecture
AES is a block cipher, which means that it encrypts data
● ADR30: Has a capacity of 15 gigabytes (GB) and a
in fixed-length blocks of 128 bits at a time. AES uses the
transfer rate of 60 megabytes (MB)/min.
Rijndael algorithm developed by Vincent Rijmen and
● ADR50: Has a capacity of 25 GB and a transfer rate Joan Daemen. This algorithm was chosen over four com-
of 120 MB per minute. peting algorithms because it is easy to implement and is
efficient with regard to calculation, making AES suitable
For More Information
for use even in devices such as cell phones and Personal
Visit OnStream at www.onstream.com.
Digital Assistants (PDAs) that have limited processing
See Also: tape format power. The Rijndael algorithm executes 10 rounds of
encryption when using a key length of 128 bits.
Advanced Encryption Standard Prospects
(AES) Although AES has become the official standard for
The new U.S. government encryption standard adopted U.S. government encryption, it will continue to coexist
to replace the aging Data Encryption Standard (DES) with DES and Triple DES for a number of years as
standard, which no longer offers sufficient security. hardware and software vendors update their encryption
Overview schemes. However, industry is expected to quickly
Until recently the U.S. government has used DES as the upgrade to AES because DES is no longer secure and
encryption scheme for security sensitive electronic Triple DES is inherently slow. AES will also be
transmissions. However, a 56-bit DES key was success- licensed for commercial use by industry.
75
A Advanced Infrared (AIr) Advanced Mobile Phone Service (AMPS)
76
Advanced Mobile Phone Service (AMPS) Advanced Mobile Phone Service (AMPS) A
1983. AMPS represents the first generation of cellular gradually decreases until a threshold limit is reached.
phone technology widely deployed throughout the Once this threshold is reached, the base station informs
United States and was the first fully standardized auto- the Mobile Telephone Switching Office (MTSO) that
matic mobile telephone service in the world. In addition the subscriber is leaving the service area of that base
to the United States, AMPS was also deployed in South station. The MTSO hands off the call to the base station
America, Australia, and China. that the subscriber is starting to enter (adjacent cells
overlap), which smoothly picks up the call so service is
AMPS uses frequencies in the 800 megahertz (MHz)
not interrupted. Adjacent cells employ different fre-
band (from 824.04 to 893.7 MHz) of the radio spec-
quencies to help prevent interference from occurring
trum. AMPS uses Frequency Division Multiple Access
between them.
(FDMA) to create individual communications chan-
nels. FDMA is used to modulate a 3 kilohertz (kHz) Handheld AMPS cellular phones have power levels
voice channel onto a 30 kHz carrier signal using fre- generally under 0.6 watts with a range of about 5 miles
quency modulation (FM). This creates a series of 30 (8 kilometers) from the base station, but power levels in
kHz wide channels for one-way transmission (by con- vehicle-mounted phones reach up to 3 watts with a
trast, an FM radio station uses a 150 kHz bandwidth range of 15 miles (24 kilometers). Base stations
channel). Separate channels are used for base station to themselves generally have power levels up to about
mobile transmission (forward channels) and mobile sta- 1 kilowatt.
tion to base transmission (backward channels). In fact,
Prospects
forward channels fall within the range 869.04 to 893.97
Because of the need for data transmission and security
MHz and backward channels are found from 824.04 to
(encryption), digital cellular phone services such as
848.97 MHz. The 45 MHz between these two bands
Time Division Multiple Access (TDMA) and Code
helps separate forward and reverse transmission and
Division Multiple Access (CDMA) systems are steadily
reduces interference and crosstalk.
increasing in popularity as AMPS continues to decline.
AMPS can assign only a single subscriber at a time to Nevertheless, market statistics indicate that as recently
each channel, so the resulting allocation of bandwidth as 1999 AMPS remained the cellular communications
results in a maximum of 832 simultaneous phone con- service with the greatest area of coverage across North
versations per operator. Because the population of most America. However, the success of AMPS has been its
cities would suggest that 800 simultaneous phone con- downfall—the limited number of channels per cell
versations is far from enough, the idea was developed to means that when too many people subscribe to the ser-
partition the coverage of cities into a number of small vice, blocking (the inability to make a call because no
areas called “cells” (this explains the origin of the terms channel is available) becomes a problem. Another prob-
“cellular communications” and “cell phone”). Each lem is that when a subscriber roams into a cell where no
base station uses a limited-power transmitter with a channels are available, the subscriber’s call is dropped
directional antenna to provide coverage for a small geo- (suddenly disconnected without warning).
graphical cell. A typical cell ranges from 1640 feet (500
Notes
meters) to 12.5 miles (20 kilometers) in size, depending
Other 1G analog cellular phone systems included Total
on whether the coverage is in a densely populated urban
Access Communication System (TACS) and Extended
area or a sparsely populated rural one.
TACS (E-TACS) used in the United Kingdom and
Because cell phones have limited transmission power, Nordic Mobile Telephone (NMT) used in the Scandina-
communication is limited to the base station servicing vian countries. AMPS, however, was by far the most
the immediate cell the user is currently in. As a user popular and widely deployed 1G service.
moves from one cell to another, the signal strength
77
A Advanced Peer-to-Peer Networking (APPN) Advanced Power Management (APM)
AMPS can also be used for data transmission, but it is was costly and difficult to manage, and IBM’s market-
capable of supporting data rates of only about 9.6 ing scheme of requiring third-party developers of
kilobits per second (Kbps). APPN hardware and software to contribute royalties
from earnings to IBM led to a famous clash between
For More Information
IBM and Cisco Systems in 1994 over this issue. APPN
Visit the site of the Universal Wireless Communication
is today considered a legacy technology that is being
Consortium at www.uwcc.org for information on all
phased out.
types of cellular communications systems.
See Also: Systems Network Architecture (SNA)
See Also: cellular communications, Code Division
Multiple Access (CDMA), Digital Advanced Mobile
Phone Service (D-AMPS), Global System for Mobile Advanced Power Management
Communications (GSM), Time Division Multiple (APM)
Access (TDMA) A legacy specification for power management of com-
puter hardware.
Advanced Peer-to-Peer Overview
Networking (APPN) Advanced Power Management (APM) was the precur-
A protocol developed by IBM as the second generation sor to Advanced Configuration and Power Management
of Systems Network Architecture (SNA). (ACPI) and was implemented in versions of Microsoft
Windows prior to Windows 2000. APM used the basic
Overview
input/output system (BIOS) to manage all computer
Advanced Peer-to-Peer Networking (APPN) is an
hardware and peripherals. This had several disadvan-
extension of SNA that was developed for several
tages that motivated the development of ACPI, namely
reasons:
● Different hardware platforms from different ven-
● To enable SNA traffic to flow concurrently with
dors often used different BIOS chips, which meant
other protocols.
that in a large enterprise power management capa-
● To provide for prioritization of SNA traffic through bilities varied from machine to machine, making
it is class-of-service (CoS) features. troubleshooting more difficult.
● To allow users to establish communication sessions ● Suspend mode is supported poorly because the
without mainframe involvement. BIOS cannot know whether the user or the system
initiated the suspend.
APPN provides a mechanism for peer-to-peer network-
ing and session establishment between any two logical ● Universal serial bus (USB) and Institute of Electri-
units (LUs) on an SNA network. APPN provides cal and Electronics Engineers (IEEE) 1394 periph-
greater distributed network control than legacy SNA by erals were not supported by APM.
isolating the effects of single-point failures. It supports
ACPI addresses these concerns by enabling the operat-
the dynamic exchange of information about network
ing system to control power to devices, not the BIOS.
topology to facilitate connection, reconfiguration, and
route selection. APPN also supports the dynamic defi- Notes
nition and automated registration of network resources. If your machine’s BIOS uses APM 1 or 1.1, try to flash
upgrade the BIOS to support APM 1.2 if possible to
Prospects
resolve certain issues relating to system instabilities
APPN was a promising technology that for various rea-
when in standby mode.
sons ended up failing to make much of an impact on
mainframe computing environments. APPN equipment
78
Advanced Program-to-Program Communications protocol Advanced Technology Demonstration Network A
Microsoft Windows 2000, Windows XP, and Windows Advanced Streaming Format
.NET Server support both APM and ACPI, with ACPI (ASF)
being the preferred option. The tool Ampstat.exe in the A method of streaming data supported by Windows
Support/Tools folder on the Media Player.
Windows 2000 CD can be used to troubleshoot issues
relating to APM. Overview
Advanced Streaming Format (ASF) supports video,
See Also: Advanced Configuration and Power audio, images, Uniform Resource Locators (URLs),
Interface (ACPI) and scripts. ASF streams can combine different types of
data, allowing you to stream presentations involving
Advanced Program-to-Program slides and audio narration. Using the Windows Media
Communications (APPC) Encoder, you can generate live ASF streams that con-
protocol tain audio and video.
A set of protocols developed by IBM that enables trans- You can also use tools provided with Windows Media
actional programs to communicate with each other. Encoder to create and store ASF files that you can later
Overview stream.
The Advanced Program-to-Program Communications Windows Media Services can deliver ASF streams
(APPC) protocol was originally designed for Systems using either multicasting or unicasting.
Network Architecture (SNA) networks and has been
implemented in Multiple Virtual Storage (MVS), Oper- Notes
ating System/2 (OS/2), Advanced Interactive Executive When multicasting an ASF stream, configure Windows
(AIX), and OS/400. APPC is also supported over Trans- Media Services to provide a supplemental unicast
mission Control Protocol/Internet Protocol (TCP/IP) source for the stream for any clients that cannot receive
using IBM’s Anynet architecture. APPC was first intro- multicasts.
duced into the AS/400 series as its native communica-
tions platform and was called LU 6.2. Advanced Technology
Applications that use APPC to communicate are called Demonstration Network
transaction programs (TPs) and utilize a package of (ATDnet)
APPC routines called Common Programming Inter- A high-speed test bed network that is part of SuperNet,
face–Communications (CPIC). APPC services are the cross-country network funded by the Next Genera-
available for applications written in C++, REXX, tion Internet (NGI) program.
COBOL, and other languages.
Overview
APPC is not a widely deployed platform and is most Advanced Technology Demonstration Network (ATD-
often employed for its file transfer services. net) is deployed in the Washington D.C. area and was
Notes developed as a prototype for the next generation of Met-
Microsoft Host Integration Server provides services ropolitan Area Networks (MANs). It is funded by
necessary for APPC connectivity with AS/400 systems the Defense Advanced Research Projects Agency
and mainframe hosts. (DARPA) and serves as an experimental test bed plat-
form for research and development. ATDnet network
See Also: Systems Network Architecture (SNA) transport consists of Synchronous Optical Network
(SONET) and Asynchronous Transfer Mode (ATM)
79
A AES AGLP
running over fiber and currently uses a double ring ● Get-next operations initiated by the management con-
topology that supports 20 gigabits per second (Gbps). sole to continue traversing the MIB database from the
point at which it was accessed by a get operation
For More Information
You can visit ATDnet at www.atd.net. ● Set operations initiated by the management console
to set a value for a managed object (if permissions
allow this)
AES
Stands for Advanced Encryption Standard, the new U.S. ● Trap operations initiated by the managed host itself
government encryption standard adopted in the spring of when an error condition occurs, such as when the
2001 to replace the aging Data Encryption Standard computer’s disk becomes full
(DES) standard, which no longer offers sufficient security. Notes
See: Advanced Encryption Standard (AES) Windows 98 also includes an SNMP agent conforming to
SNMP 1 specifications that lets you monitor remote con-
nections to machines running Windows 98 from an
AFTP SNMP management console. This agent is implemented
Stands for APPC File Transfer Protocol, a protocol that as a Win32 service using Windows Sockets over TCP/IP.
provides file transfer capabilities for the Advanced Pro- You can install the Microsoft SNMP agent on Windows
gram-to-Program Communications (APPC). 98 using the Network utility in Control Panel.
See: APPC File Transfer Protocol (AFTP) See Also: Simple Network Management Protocol
(SNMP)
agent
Simple Network Management Protocol (SNMP) client AGLP
software that runs on a hub, a router, or another net- A mnemonic for managing an enterprise-level
working component. Microsoft Windows NT network.
Overview Overview
Agents collect information about Transmission Control AGLP means that user Accounts are organized by plac-
Protocol/Internet Protocol (TCP/IP) statistics and con- ing them in Global groups, which are then placed into
ditions and can supply this information when requested Local groups that have appropriate Permissions and
to an SNMP management system. Agents can also alert rights assigned to them.
management systems to errors and other conditions
when a trap occurs. SNMP agents are identified by the In practice, the steps for administering a Windows NT
community to which they belong. By default, SNMP enterprise-level network are the following:
agents listen to TCP port number 161 for SNMP mes- 1 Create global user accounts for users in the account
sages and to port number 162 for SNMP traps. domains or master domains.
An agent must be installed on each networking compo- 2 Create global groups in these domains to organize
nent or host that will be managed in an SNMP-managed users according to function, location, or some other
network. The agent program can then perform opera- criteria (or use the Windows NT built-in groups if
tions such as these suffice).
● Get operations initiated by the SNMP management 3 Assign global users to their respective global groups.
console for obtaining information about a specific
managed object in the host Management Informa- 4 Determine who needs access to network resources
tion Base (MIB) in the resource domains.
80
AH Air Interface A
5 Create local groups on domain controllers and mem- AH
ber servers within the resource domains (or use the
Stands for Authentication Header, a protocol in the
Windows NT built-in groups if these suffice).
IPSec suite of protocols that handles authentication of
6 Assign rights and permissions to each local group Internet Protocol (IP) traffic.
as desired to provide access to network resources.
See: Authentication Header (AH)
7 Place global groups into local groups as desired to
provide users with permissions to access resources.
AIM
Stands for AOL Instant Messenger, a popular instant
messaging service from America Online (AOL).
AIr
Stands for Advanced Infrared, a wireless networking
technology for high-speed, low-cost infrared (IR)
G Global groups, which
are then placed into... networking.
See: Advanced Infrared (AIr)
Air Interface
L Local groups that
have...
Generally, the lower levels of the protocol stack in a
wireless communications system.
Overview
Different wireless communications systems use differ-
ent types of air interfaces, but these all generally map
Permissions and rights
P
well with the Open Systems Interconnection (OSI)
assigned to them model for networking. For example, Personal Commu-
nications Service (PCS) cellular service uses a
G0AXX13 (was G0ui16.eps in 1E) three-level air interface:
AGLP. Using AGLP to administering a Windows NT–based
network. ● Physical Layer: This bottom layer of the interface
is responsible for encoding and framing data, inter-
Notes
leaving and slotting it into available time slots, and
On Windows 2000– and Windows .NET Server–based
mapping these slots onto a channel for transmission
networks, the mnemonic is AGDLP because local (L)
as a burst.
groups are referred to as domain local (DL) groups.
However, because Windows 2000 and Windows .NET ● Data-link Layer: This middle layer is responsible
Server include an additional type of group (universal for packaging the data, transporting the message to
groups) and have a more flexible architecture for its destination, and performing error correction.
deployment, these mnemonics do not have as much
● Message Layer: This top layer handles messages
significance for these versions of Windows as they did
transmitted over the air and formats the messages as
for Windows NT.
data elements that are then packaged and trans-
See Also: account, group, permissions ported by the lower levels.
81
A AIT alias
82
Always On/Dynamic ISDN (AO/DI) American National Standards Institute (ANSI) A
Always On/Dynamic ISDN Alpha platform
(AO/DI) A computer hardware platform whose processor is
A modified form of Integrated Services Digital Net- based on the Alpha Reduced Instruction Set Computing
work (ISDN) that supports transmission of data over the (RISC) microprocessor architecture originally devel-
ISDN control channel (D channel). oped by Digital Equipment Corporation (DEC).
Overview Overview
The ISDN D-channel is always active and is normally Alpha-based systems, which are used primarily for
used to carry the control information for setting up, high-performance servers and workstations, can run
managing, and tearing down ISDN B channel connec- operating systems such as Microsoft Windows NT,
tions. Always On/Dynamic ISDN (AO/DI) takes advan- Digital UNIX, and OpenVMS. For example, the Alpha
tages of this by reserving a portion of the D channel’s 21164 processor was specifically designed for running
bandwidth for transmitting X.25 packets. This is done Windows NT desktop applications and includes a new
by encapsulating X.25 packets within Point-to-Point set of motion video instructions (MVI) for high-perfor-
Protocol (PPP) and allows an X.25 Packet Assembler/ mance multimedia applications. The superscalar design
Disassembler (PAD) at the subscriber’s premises to of this processor integrates a 16-kilobyte (KB) instruc-
transmit and receive information through ISDN to the tion cache, an 8-KB data cache, and a 96-KB second-
carrier’s X.25 network. level cache and can issue four instructions for each
clock cycle. It uses 0.35-micron complementary metal-
The ISDN D channel has a total bandwidth of 16 kilo-
oxide semiconductor (CMOS)–integrated circuit tech-
bits per second (Kbps). This is more than enough for
nology and a fully pipelined 64-bit RISC architecture to
carrying ISDN control signals, so in AO/DI 9.6 kbps of
provide the highest performance for Windows NT sys-
this bandwidth is used for X.25 signaling. When an
tems. The processor is housed in a 499-pin ceramic
X.25 packet is sent from the customer premises over an
package and generates 28 watts of heat and is designed
ISDN D channel to the telco’s central office (CO), a
to work with the AlphaPC 164LX motherboard. The
packet handler positioned in front of the carrier’s ISDN
latest Alpha chips run at speeds of 833 megahertz
switch strips off the X.25 packet and relays it to the
(MHz) and higher.
carrier’s X.25 network.
Notes
Uses
Windows 2000 does not support the Alpha platform.
Although 9.6 Kbps seems like a small amount of useful
bandwidth, one use for AO/DI is to provide always-on For More Information
Internet access to subscribers who can utilize this small Visit the Alpha Server home at www.compaq.com/
bandwidth for practical purposes, such as periodically alphaserver.
polling fire alarm sensors over the Internet from a central
See Also: x86 platform
monitoring station or remotely monitoring electricity and
gas meters. From the telco’s point of view, the main
advantage of AO/DI is to reduce the usage of ISDN B American National Standards
channels, freeing up more circuits and saving costs. Institute (ANSI)
A U.S. standards organization that facilitates and gov-
Despite its promised usefulness, real-world deploy-
erns the development of standards in many areas,
ments of AO/DI are few, primarily due to the communi-
including computing and communication.
cations industry’s current focus on developing high-
speed broadband access solutions for home and business. Overview
The American National Standards Institute (ANSI) was
See Also: Integrated Services Digital Network (ISDN)
founded as a private sector voluntary standards associa-
tion in 1918. It is a nonprofit private association with
almost 1,400 member organizations.
83
A American Registry for Internet Numbers (ARIN) AMP
ANSI does not create standards itself but oversees addresses that they can then assign to their custom-
groups and organizations in the development of stan- ers—ARIN does not supply individual IP addresses
dards. ANSI is a member organization of the Interna- directly to individuals (the smallest block available
tional Organization for Standardization (ISO) and from ARIN is 4096 hosts in scope).
provides the charter for the Institute of Electrical and
● It is responsible for registration and management of
Electronics Engineers (IEEE).
autonomous system numbers (ASNs) to public and
Standards that are approved by ANSI are called ANSI enterprise networks.
Standards. Examples include the ANSI C/C++
● It maintains a central routing registry to which net-
programming language standards, ANSI-89 SQL stan-
work operators can submit and obtain information
dards, and ANSI character set. ANSI has approved
relating to routing across the Internet.
more than 13,000 standards to date.
● It maintains the IN-ADDR-ARPA and IP6.INT
Notes
inverse mappings for Domain Name System
ANSI is also used to refer to the ANSI character set.
(DNS).
For More Information
ARIN is actually only one of three Regional Internet
Visit the American National Standards Institute at
Registries (RIRs) that handle the above functions for
www.ansi.org.
different parts of the global Internet. ARIN’s areas of
responsibility are the regions of North and South Amer-
American Registry for Internet ica, the Caribbean, and sub-Saharan Africa. The other
Numbers (ARIN) two RIRs are
A nonprofit organization that administers the registra- ● Reseaux IP Europeans (RIPE): Responsible for
tion and allocation of numbers relating to the operation Europe, the Middle East, and other parts of Africa.
of the Internet in North and South America.
● Asia Pacific Network Information Center
Overview (APNIC): Responsible for the Asia/Pacific region.
The American Registry for Internet Numbers (ARIN)
was formed in 1997 through the joint efforts of the Notes
Internet Assigned Numbers Authority (IANA), the ARIN does not handle the registration of domain names
Internet Engineering Task Force (IETF), the National but instead manages the underlying IP addresses for
Science Foundation (NFS), and other organizations. which domain names are friendly handles. There are
ARIN exists primarily to provide a number of critical also two delegated name registries within ARIN: the
functions related to the operation of the Internet: Brazilian Registry (RNP) and the Mexican Registry
(NIC-Mexico).
● It oversees the registration and administration of
Internet Protocol (IP) addresses. This is probably For More Information
ARIN’s most important function, which it took over You can find ARIN at www.arin.net.
from IANA when it was formed in 1997. ARIN See Also: autonomous system number (ASN), Internet,
works diligently to conserve the pool of available IP IP address
addresses and determines the size and scope of
blocks of IP addresses granted in response to
requests. The careful maintenance of the IP address AMP
system is critical to the Internet’s health, and ARIN Stands for asymmetric multiprocessing, a processing
works hard to ensure that the routing tables main- architecture in which processes are specifically
tained on the core routers of the Internet remain assigned to different processors.
manageable in size. Internet service providers
See: asymmetric multiprocessing (AMP)
(ISPs) can contact ARIN to purchase blocks of IP
84
AMPS analog-to-digital converter (ADC) A
AMPS about 1,200 bits per second (bps). To achieve the much
higher speeds of today’s modems, advanced technolo-
Stands for Advanced Mobile Phone Service, the origi-
gies must be applied, including echo canceling, train-
nal first-generation (1G) analog cellular phone service.
ing, data compression, and special modulation
Still used in some parts of North and South America.
algorithms such as quadrature amplitude modulation
See: Advanced Mobile Phone Service (AMPS) (QAM). Using these technologies, modem speeds of 56
kilobits per second (Kbps) are now common.
analog Bell Laboratories in the 1960s and 1970s originally for-
Transmission of electrical signals that vary smoothly mulated modem standards, but after the breakup of Bell
with time. Telephone, the task of developing modem standards
was taken over by the International Telegraph and Tele-
See: analog transmission phone Consultative Committee (CCITT), which is now
called the International Telecommunication Union
analog modem (ITU). According to ITU specifications, modem stan-
A type of modem used for asynchronous transmission dards are classified by a series of specifications known
of information over Plain Old Telephone Service as the V series.
(POTS) telephone lines.
See Also: modem, modulation, V-series
Overview
The word modem stands for modulator/demodulator, analog-to-digital converter
which refers to the fact that modems convert digital (ADC)
transmission signals to analog signals and vice versa. Any device used for changing analog signals into
An analog modem performs this modulation, but a dig- digital transmission.
ital modem does not perform modulation and simply
transports digital signals as they are. In effect the phrase Overview
“digital modem” is a misnomer because no modulation An example of analog-to-digital conversion is record-
occurs, and “analog modem” can simply be termed ing someone singing onto a CD. The pressure waves in
“modem” instead. the air produced by the vibration of the person’s vocal
cords are analog in form and continually vary in
To transmit computer data over a telephone channel, a strength within a certain range of values. The record-
modem modulates the incoming digital signal received ing equipment samples this continually varying infor-
from the computer into an analog signal whose fre- mation at discrete time intervals and converts it to
quency lies within the carrying range of analog phone digital form.
lines (between 300 hertz [Hz] and 3.3 kilohertz [kHz]).
To accomplish this, modulation of the digital signal Analog-to-digital converters (ADCs) are used in indus-
from the computer with an analog carrier signal is per- try to convert environmental variables (temperature,
formed. The resulting modulated signal is then trans- pressure, density, speed, and so on) that vary continu-
mitted into the local loop and carried over the Public ously over time to digital information, which can then
Switched Telephone Network (PSTN) until it arrives at be analyzed using computer programs. ADCs are used
its destination station, where a similar modem demodu- in analog modems to convert digital signals into audio
lates the modulated analog signal into a stream of and vice versa.
digital data that the remote computer can understand. See Also: analog, digital
However, this basic modulation/demodulation process
over POTS lines can transmit data only at speeds of
85
A analog transmission announcement
announcement
A feature that enables Windows Media Player to
G0AXX14 (was G0ui17.eps in 1E)
receive streaming multimedia information.
Analog transmission. Example of an analog transmission.
Overview
Analog signals are usually specified as a continuously
An announcement’s function depends on whether the
varying voltage over time and can be displayed on a
transmission method is multicasting or unicasting. If
device known as an oscilloscope. The maximum volt-
the transmission method is multicasting, announce-
age displacement of a periodic (repeating) analog signal
ments enable Windows Media Player to retrieve the
is called its amplitude, and the shortest distance
channel file containing channel information. If the
between crests of a periodic analog wave is called its
transmission method is unicasting, announcements sup-
wavelength.
ply the client with information on how to connect to the
See Also: digital transmission Windows Media Server.
Announcements, which are used only with Advanced
anchor Streaming Format (ASF) transmissions, are text files that
In Hypertext Markup Language (HTML), a source or have the extension .asx. Once created, an announcement
target of a hypertext link. can be distributed to clients by several means: over the
Web, through e-mail, or on a network share.
86
Announcement Manager ANSI C/C++ A
Announcement Manager them access to resources on the machine. The
A service in Microsoft Windows 98 that automatically IUSR_machinename account requires the Log On
runs in the background when you have WebTV for Locally system right in order to grant anonymous
Windows installed on your computer. access to machine resources.
87
A ANSI character set antenna
88
Anycast AOL Instant Messenger (AIM) A
Overview phones require omnidirectional antennas to function
A full treatment of antenna theory is beyond the scope properly, particularly when roaming.
of this book, and antenna considerations have only
See Also: wireless networking
become an issue for local area network (LAN) adminis-
trators with the recent proliferation of wireless LANs
(WLANs), wireless bridges, and wireless cellular data Anycast
transmission technologies. Just a few issues and devel- A network service for delivering datagrams to any one
opments are considered here. server belonging to a group of servers on a network.
89
A AP Apache
including Microsoft Windows and Windows CE, Mac of advanced security features through various security
OS, Linux, and PalmOS. AIM operates using AOL’s modules:
proprietary AIM Protocol, and AIM competes with
● Access control: The default security setting for
other popular Instant Messaging (IM) systems includ-
Apache is “deny all,” after which selective access
ing Microsoft Corporation’s MSN Messenger.
can be provided to specific users through the
For More Information Access.conf file.
You can download the current version of AIM from
● Authentication: Apache supports basic authentication
www.aol.com/aim.
using a number of password file formats, starting with
MSN Messenger can be found at messenger.msn.com. /bin/htpasswd. Modules are also available for host-
based authentication where access is granted based on
See Also: instant messaging (IM)
Internet Protocol (IP) address and anonymous access
using a user’s e-mail address as a password.
AP
● Encryption: Support for Secure Sockets Layer
Stands for access point, a device connected to a local (SSL) encryption in Apache is provided by free-
area network (LAN) that enables remote wireless sta- ware packages such as Apache-SSL and mod_ssl,
tions to communicate with the LAN. and by commercial packages such as Stronghold
See: access point (AP) from C2Net Software.
● Logging: Apache includes support for comprehen-
Apache sive logging of server events. Logs are kept in two
Short for Apache Web server, an open-source Hypertext files, access_log and error_log.
Transfer Protocol (HTTP) server whose code was
Apache is one of the most popular Web servers in use,
developed and is maintained by the Apache Software
with an estimated more than 6 million Web sites
Foundation.
deployed on it. Some market watchers estimate that
Overview about 60 percent of all Web servers are running Apache.
Apache started out as a patch for the original National Apache is widely deployed wherever UNIX is found,
Center for Supercomputing Applications (NCSA) httpd including universities and large enterprise networks,
server—hence the new server was “a patchy” server. and is available for more than a dozen different operat-
The NCSA httpd server was stuck at version 1.3 and ing system platforms, including Microsoft Windows.
had some security issues, and so a group of people took
Notes
the 1.3 code, which was in the public domain, and
The most common vulnerability of Apache servers is
patched it. The group later rewrote most of the base
running the core process using root privileges. This
code from scratch in order to support external modules
makes the server vulnerable to what is called a “root
written in C language.
exploit,” which can allow a malicious remote user to
One of the Apache platform’s strengths is its modular run Common Gateway Interface (CGI) scripts using
design, which consists of a central Apache kernel inter- root privileges. The way to avoid this is to include the
acting with various code modules that provide addi- following lines in the Httpd.conf configuration file:
tional functionality. This architecture speeds the user nobody
development cycle and makes it easy for third-party
developers to build custom modules to meet their needs group nobody
and compile them into the Apache source.
For More Information
Security is a top priority for administrators who run The Apache Software Foundation can be found at
Web servers, and Apache includes support for a number www.apache.org.
90
Apache Software Foundation APIPA A
A good source for timely new and information ● Provide helpful feedback to the World Wide Web
on the Apache platform is Apache Week Consortium (W3C) and other bodies involved in the
(www.apacheweek.com). development of XML standards.
For information on the Apache conference, see ● Provide XML resources for other initiatives of the
www.apachecon.org. Apache Software Foundation.
See Also: open source, UNIX, Web server Several commercial companies have contributed technol-
ogy to this initiative, including Sun Microsystems, IBM,
and Lotus Software (formerly Lotus Development Cor-
Apache Software Foundation
poration, now part of IBM), and other contributes have
An open-source community guiding the development
come from the Open Source community at large.
of the Apache Web server and other open-source tools
and programs. Some of the subprojects within this initiative include
Overview ● Cocoon: XML-based Web publishing using Java.
The Apache Software Foundation, formerly the Apache
● FOP: Extensible Stylesheet Language (XSL)–
Group, is a nonprofit organization that provides legal,
formatting objects using Java.
organizational, and financial backing toward the devel-
opment of open-source software projects that use ● Xalan: XSL Transformation (XSLT) stylesheet
Apache Web server software. Some of the projects the processing using Java and C++.
foundation is working on include
● Xang: Dynamic server pages using Java.
● Apache Server
● Xerces: XML parsing using Java, C++, and Perl.
● Apache XML Project-Apache
For More Information
● Jakarta Visit the site of the Apache Software Foundation
(www.apache.org).
● Java-Apache
See Also: Apache Software Foundation, open source
● mod_perl
● PHP
API
● Apache Tcl Stands for application programming interface, any col-
See Also: Apache, Apache XML Project, open source lection of programming routines and functions that
an application can use to access low-level machine
services.
Apache XML Project
An initiative of the Apache Software Foundation to See: application programming interface (API)
create open-source tools for developing Extensible
Markup Language (XML) business solutions. APIPA
Overview Stands for Automatic Private IP Addressing, a feature
The Apache XML Project is an initiative with three of Microsoft Windows 2000, Windows XP, and
goals: Windows .NET Server that enables machines to be
automatically assigned Internet Protocol (IP) addresses
● Developing tools for creating commercial-class
without the use of Dynamic Host Configuration
XML-based business solutions that are standards-
Protocol (DHCP).
compliant and follow the open source model.
See: Automatic Private IP Addressing (APIPA)
91
A APM (Advanced Power Management) Apple Open Transport
92
AppleShare applet A
The Open Transport/AppleTalk protocol stack supports Overview
both the dynamic self-addressing of traditional Apple- AppleShare IP provides Web, file, print, and e-mail ser-
Talk clients and newer manually assigned static vices for departmental and workgroup- level environ-
addressing. The Open Transport/TCP/IP protocol stack ments. The latest version, AppleShare IP v6.1, features
supports DHCP, bootstrap protocol (BOOTP), both a single integrated administration console for local
local hosts files and DNS, Internet Protocol (IP) multi- server management, remote administration using a
casting, both Ethernet Version 2 and Institute of Electri- standard Web browser, IP address filtering, Sherlock
cal and Electronics Engineers (IEEE) 802.3 framing, searching support, multihosting, Simple Mail Transfer
TCP wildcard source port assignments, Point-to-Point Protocol (SMTP) and point of presence (POP) protocol
Protocol (PPP) connectivity, IP multihoming, and support, shared Internet Mail Access Protocol (IMAP)
almost unlimited simultaneous TCP connections (lim- folders, Domain Name System (DNS) services, and full
ited only by installed memory and processor power). compatibility with MacOS 8.5 and higher.
Notes AppleShare IP client software must be installed on
An Apple Macintosh running Open Transport/TCP/IP Macintosh client machines to enable them to access
can function as a DHCP client to a Microsoft Windows AppleShare IP services on a server over the network.
NT server running as a DHCP server, but not as a AppleShare IP supports both Server Message Block
Windows Internet Naming Service (WINS) client. (SMB) and File Transfer Protocol (FTP) protocols in
addition to AppleShare file sharing, and is compatible
See Also: AppleTalk
with both Macintosh and Microsoft Windows clients.
See Also: AppleTalk
AppleShare
The file sharing protocol for AppleTalk networks.
Overview
applet
A program written using the Java programming lan-
AppleShare provides the following functions:
guage that can be accessed through a Web page and
● Enables sharing of volumes, folders, and printers downloaded to the client machine, where it is run within
the Web browser window.
● Provides auditing information on which resources
have been accessed Overview
Java applets can be used to add dynamic functionality to
● Supports password-based control of access to
static Web pages provided users view these pages with a
shared resources
Java-enabled Web browser.
Notes
When an applet is created, its Java statements are com-
By installing Services for Macintosh on a Microsoft
piled into an intermediate pseudo- machine-code lan-
Windows 2000 server, the Windows 2000 server can
guage called a bytecode. The bytecode file is stored as
emulate an AppleShare server so that Macintosh clients
a class file on a Web server such as Microsoft Internet
can access shared resources on the Windows 2000
Information Services (IIS), and a Web page can reference
server.
the class file using an <APPLET> tag. When a
See Also: AppleTalk Web browser requests the page and encounters the
<APPLET> tag, the bytecode in the class file is
executed in a Java virtual machine on the browser.
AppleShare IP
An Apple networking technology that supports native See Also: Java
Transmission Control Protocol/Internet Protocol (TCP/
IP) on the Apple Macintosh platform.
93
A AppleTalk AppleTalk
Application AppleShare
AppleTalk
Presentation Filing Protocol
(AFP)
94
appliance application layer A
appliance Application Center provides simplified application man-
A general term referring to any network-capable or agement by allowing administrators to create logical
Internet-capable computing device that can be deployed groupings of application components and configuration
with plug-and-play ease. information. These groupings can be easily managed,
regardless of how they are deployed across the cluster,
Overview and changes made to one server in a cluster can be auto-
The market for appliances ranges from home users to matically applied to other servers. Migration and upgrad-
the largest enterprise. At the small end of the scale are ing of applications can be automated, which simplifies
Internet access appliances that allow users to connect the development cycle as applications are moved from
home networks to the Internet using dial-up, digital test bed to production phase. Application Center is thus
subscriber line (DSL), or cable modem technologies. ideal for simplifying the staging and deployment of com-
Many of these Internet access appliances include plex Web-based e-business applications.
advanced features such as built-in firewalls, Web-based
management consoles, built-in hubs, and so on. Application Center provides built-in support for software
scaling to increase the capacity of applications as the
At the larger end are appliances built for large compa- business need arises. This is possible through the under-
nies and for service providers, for example: lying reliance on clustering technologies in which a
● Server appliances: These include Web server group of servers is managed as a single resource, and
appliances running Apache/Linux or IIS/Windows Application Center simplifies and accelerates the deploy-
2000 and file server appliances such as Cobalt’s ment of clusters over traditional clustered server plat-
Qube and Compaq NeoServer. Server appliances forms. Application Center also supports load-balancing
are typically 1U or 2U rack-mountable devices and technologies such as Network Load Balancing (NLB),
can often be set up in minutes or even seconds. Component Load Balancing (CLB), and third-party load
These appliance servers fill specific needs for busi- balancing solutions. With Application Center, your Web
ness, and their market is growing rapidly. applications have no single point-of-failure and conse-
quently high availability and reliability.
● Storage appliances: An example here is Novell’s
Network Attached Storage (NAS), a rack-mount- Application Center provides the enterprise with mis-
able appliance that provides up to 1 terabyte of stor- sion-critical availability and allows any server in a clus-
age, supports all major server platforms, and has ter to be brought down without affecting the integrity or
integrated Novell Directory Services (NDS) operation of the applications running on the cluster.
eDirectory and ZENworks management applications. Application Center includes tools for monitoring clus-
ter health and supports browser-based remote adminis-
tration. Automated event response allows corrective
Application Center action to be taken automatically when a component or
One of Microsoft Corporation’s new .NET Enterprise server fails, without the need for human intervention.
Servers, Microsoft Application Center is used for
deploying and managing Web applications and Web For More Information
services. You can find out more about Application Center at
www.microsoft.com/applicationcenter.
Overview
Application Center is a platform for deploying and See Also: .NET Enterprise Servers, Web server
managing high-availability Web applications and Web
services. Application Center 2000 is built on the application layer
Microsoft Windows 2000 operating system platform The top layer (Layer 7) of the Open Systems Intercon-
and makes managing of clusters of application servers nection (OSI) reference model for networking.
as easy as managing a single server.
95
A application layer proxy application level gateway
Overview Overview
The application layer is the layer in which network- Application layer proxies provide security by hiding
aware, user-controlled software is implemented— internal network addresses from the outside world. An
for example, e-mail, file transfer utilities, and terminal example of an application layer proxy is illustrated in
access applications. The application layer represents Microsoft Proxy Server. Here the Web Proxy Service is
the window between the user and the network and trans- an application layer proxy for the Hypertext Transfer
lates between the user running the application and the Protocol (HTTP), Secure Hypertext Transfer Protocol
presentation layer (Layer 6). In the OSI model the (S-HTTP), and File Transfer Protocol (FTP). Microsoft
application layer is also responsible for integrating the Proxy Server can grant users access to selected applica-
functionality of different applications together and tion layer protocols and can restrict access to remote
determining the availability of resources. Web sites by domain name, Internet Protocol (IP)
address, and subnet mask.
Examples of protocols that operate at the application
layer include File Transfer Protocol (FTP), Hypertext Application layer proxies provide more support for the
Transfer Protocol (HTTP), telnet, and similar protocols additional capabilities of each protocol than circuit
that can be implemented as utilities the user can inter- layer proxies do. For example, application layer proxies
face with. can support virus scanning. Application layer proxies
are also client-neutral and require no special software
Notes
components or operating system on the client computer
Originally the OSI model consisted of two kinds of
to enable the client to communicate with servers on the
application layer services with their related protocols:
Internet using the proxy server.
● Common Application Service Elements (CASE):
See Also: proxy server
These enable users to initiate or terminate peer (Layer
7 to Layer 7) connections between different machines
on the network, enable reliable transfer of informa- application level gateway
tion between them, initiate remote operations, and A type of firewall that provides application-level con-
support recovery from failure and rollback steps. trol over network traffic.
96
application log Application Performance Management (APM) A
filtering a direct network connection still exists between ● Warning event: Indicated by a yellow warning
the remote user and the internal network resource, an sign and signals a potentially serious condition,
application level gateway prevents the remote user from such as low disk space
directly accessing the internal network resource. This
● Information event: Indicated by a blue informa-
layer of additional security comes at some cost—
tion sign and signals a noteworthy event, such as a
namely, that application gateways are generally slower
service successfully starting up
and require a separate proxy application for each inter-
nal network service you want to make available through Microsoft BackOffice applications typically log events
the firewall. These proxy applications are sometimes to the application log. Administrators should review the
known as translation agents because they enable an application log regularly to ensure that applications are
application on one side of the firewall to connect with a running properly. The screen capture shows the applica-
similar or complementary application on the other side. tion log as viewed by the Event Viewer management
console for Windows 2000.
Application gateways are typically used to deny access
to the resources of private networks to distrusted users See Also: security log, system log
over the Internet. Application level gateways can oper-
ate across firewalls or routers using Network Address
Application Performance
Translation (NAT), but they must be configured to do so
on an application-by-application basis.
Management (APM)
A set of technologies, business processes, and services
See Also: firewall, network address translation (NAT) for guaranteeing what subscribers experience from
service providers.
application log Overview
A Microsoft Windows 2000, Windows XP, and Application Performance Management (APM) carries
Windows .NET Server log that records events generated Service Level Agreements (SLAs) to the next level,
by applications running on the system. providing a model for guaranteeing the end-user experi-
ence for customers of application service providers
(ASPs). To accomplish this, APM integrates a number
of business models and services:
● Traditional help desk services for problem resolution.
● Monitoring of SLAs.
● Network and system management tools working at
the application level.
● Professional services to handle serious IT (informa-
tion technology)–related crises.
G0AXX16 (was G0ui19.bmp in 1E) ● Services for processing management data.
Application log. Displaying the application log in the Event
Viewer console. ● Support and training services.
Overview A service provider that specializes in APM is sometimes
You can view and manage the application log using referred to as a management service provider (MSP).
Event Viewer, and it can contain three types of events:
See Also: application service provider (ASP)
● Error event: Indicated by a red stop sign and sig-
nals a serious condition, such as a failed service
97
A application programming interface (API) application service provider (ASP)
98
application service provider (ASP) application service provider (ASP) A
customization options. This approach is taken to market began to mature, other issues became important
reduce costs for the ASP and make servicing this for customers to consider when shopping for an ASP:
market level profitable.
● Security: In the beginning, many ASPs failed to
● Horizontal-market ASPs: These target enter- address security concerns adequately. This has
prise-level customers and offer similar applications changed considerably, and the current generation of
but with more customization to fit these customers’ ASPs offers a full range of authentication and pub-
needs. lic-key infrastructure (PKI) services, virtual private
networks (VPNs), firewall services, virus protec-
When the ASP craze took off in 1999, most ASPs were
tion services, and intrusion detection services.
dot-com startups targeting the small to mid-sized busi-
Make sure the ASP you select can provide the level
ness market, which was itself growing rapidly due to
of security your company needs for its data.
the dot-com revolution then underway. The ASP revolu-
tion was driven largely by the increasing shortage of IT ● Availability: Make sure you negotiate a suitable
professionals in the marketplace which left hundreds of service-level agreement (SLA) with your ASP to
thousands of IT positions unfilled, the rapid prolifera- ensure that should their services be interrupted or
tion of new IT technologies based on the Internet, and terminated unexpectedly your business will still be
by the proliferation of dot-com startups that needed to able to function. If some of your staff will need to
deploy business applications and to deploy them fast in access ASP applications remotely using mobile cli-
the highly competitive Internet economy of the late ents through a VPN, make sure your SLA has a con-
20th century. But with the dot-com crash of 2001 many nectivity clause as well.
of the ASPs failed as their market space dried up, and
● Performance: Web-based applications mean
some survivors instead began targeting large enterprises
high-bandwidth requirements for proper perfor-
by offering the application customization these busi-
mance, both at the client end (usually T-1 or higher
nesses required. The attraction of these enterprise-level
connections) and at the ASP’s data center. Look for
customers for ASPs is their long-term stability and
ASPs that colocate their servers at major Internet
broad capital base, but such clients tend to be more con-
service providers (ISPs) for best performance and
servative in their outlook and more cautious about
that have multiple redundant connections to the
embracing new service models. Meanwhile, large soft-
Internet with sufficient bandwidth to support the
ware companies such as Microsoft Corporation and
number of customers they service.
Oracle Corporation began to reposition themselves as
service providers instead of software vendors. With ● Track record: With many of the first generation
their proven track record and large resources, many ASP startups having failed, companies are develop-
analysts expect these large companies to dominate the ing a “once-bitten, twice-shy” attitude towards out-
ASP business in a few years, with smaller companies sourcing mission-critical business applications to
focusing on niche areas where their services can be ASPs. Talk to some of the ASPs larger clients and
most effectively marketed. Furthermore, companies ask to see their financials to ensure their long-term
such as Microsoft and Oracle are developing a next gen- viability before committing to using their services.
eration of Web-enabled software that can be easily When they start up, ASPs typically invest huge
deployed by new ASP startups without the extensive amounts of money in data centers, and they need to
customization required by the earlier generation of ASP recover this investment quickly in order to survive.
applications. A good example is Microsoft Exchange Some tier-1 Internet infrastructure providers offer
2000, which is an ASP-ready platform for providing ASP-level services, and these do not have as much
Web-based messaging and collaborative applications. of a capital risk associated with data center buildout
as does a startup ASP.
When the ASP market was just emerging, the major
attraction for customers was saving money. As the
99
A application service provider (ASP) application service provider (ASP)
100
APPN archiving A
grow to as much as $25 billion by 2004. Much of the archive attribute
success or failure of this growth depends on broadband An attribute of files and folders that isused for manag-
Internet access becoming cheap and ubiquitous at all ing backups.
business levels.
Overview
Nevertheless, because things change so fast in the new When an archive bit is marked or set for a file by a
Internet economy, it is hard to know whether to trust backup program, it indicates that the file or folder has
long-term predictions such as these. After all, the ASP been backed up. Then, when the backup program is run
market went from infancy to maturity in about a year, so again, if the archive bit is still set, the file is not backed
five years seems like a long time to predict its future up because it has not been modified. If the file is modi-
growth and evolution! fied in the interim, the archive attribute is cleared,
Notes indicating that the file needs to be backed up again.
Other terms used by different vendors to describe the In Microsoft Windows you can also manually set or
ASP model include hosted applications, e-services, and clear the archive attribute for a file by opening the file’s
“software as a service.” property sheet.
For More Information See Also: backup
You can find an ASP to meet your company’s needs using
the ASP portals WebHarbor (www.webharbor.com) and
ASPScope (www.aspscope.com). archiving
The process of long-term storage of important data for
For the latest news on the ASP industry, see security and recovery reasons.
ASPNews (www.aspnews.com) and ASPPlanet
(www.aspplanet.com). Overview
Archived data is usually stored in a compressed format
An established source of independent information for because it is not required frequently. Some of the files
the ASP community is ASPI, the ASP Industry Consor- that a Microsoft Windows 2000 administrator might
tium (www.aspindustry.org). This consortium has taken consider archiving regularly include
on the role of policing the rapidly growing ASP market,
whose companies range from responsible to vendors of ● Event log files for the system, security, and applica-
snake oil. ASPI has defined a series of best practices tion logs
that new ASPs should follow as guidelines for responsi- ● Performance monitor files for monitoring trends in
ble success. memory, disk, processor, and network usage over time
A notable company that provides a meta-infrastructure ● Log files for applications such as Microsoft Internet
that enables new ASPs to grow and flourish is Loud- Information Services (IIS)
cloud (www.loudcloud.com), a brainchild of Marc
Andreesen of Netscape fame. Notes
When you archive event log files, you can save these
See Also: xSP files in log file format, text file format, or comma-
delimited text file format. An event’s actual binary data
is saved only if you archive it in event log format, but
APPN saving the information in a comma-delimited text file
Stands for Advanced Peer-to-Peer Networking, a proto- format allows you to import these logs into a spread-
col developed by IBM as the second generation of Sys- sheet program to analyze trends.
tems Network Architecture (SNA).
See Also: backup, security
See: Advanced Peer-to-Peer Networking (APPN)
101
A ARCNET ARIN
102
ARP AS/400 A
ARP Address Resolution Protocol (ARP) cache, which con-
tains recently resolved MAC addresses of Internet Pro-
Stands for Address Resolution Protocol, the Transmis-
tocol (IP) hosts on the network.
sion Control Protocol/Internet Protocol (TCP/IP) net-
work layer protocol responsible for resolving IP Overview
addresses into MAC addresses. When one host on a TCP/IP network wants to commu-
nicate with a second host, the first host begins by using
See: Address Resolution Protocol (ARP)
the ARP to resolve the IP address of the second host
into its associated MAC address. The MAC address
ARPANET is needed for communication to take place over the
Stands for Advanced Research Projects Agency Net- network.
work, a U.S. Department of Defense project begun in
Typing arp -a displays the MAC addresses of recently
1969 that was designed to provide high-speed network
resolved IP addresses. A sample display could be
communication links between supercomputers located
at different sites around the country. Interface: 172.16.8.50
Internet Address Physical Address Type
Overview 172.16.8.25 00-20-af-b4-a1-4e dynamic
ARPANET was a test bed for the development of the 172.16.8.200 00-40-95-d1-29-6c static
Transmission Control Protocol/Internet Protocol (TCP/
IP) protocol suite. The first node on the ARPANET was One of these entries is static, meaning the Internet Pro-
established in 1969 at UCLA. Soon afterward, more tocol–to-MAC address mapping has been manually
nodes were created at other institutions, including Stan- added to the ARP cache using arp –s.
ford University and BBN Technologies. The first See Also: Transmission Control Protocol/Internet
Request for Comments (RFC) was proposed in the same Protocol (TCP/IP)
year by Steve Croker and was entitled “Host Software.”
By 1971, ARPANET had grown to over 20 hosts, includ- AS
ing MIT, NASA, and the RAND Corporation. The first
Stands for autonomous system, a group of Internet
international nodes were established two years later in
Protocol (IP) networks administered under a single
Norway and England. In 1983, Military Network (MIL-
administrative (routing) policy.
NET) was split off from ARPANET, and TCP/IP offi-
cially became the standard protocol for ARPANET, at See: autonomous system (AS)
which time ARPANET started to become widely known
as the Internet. ARPANET continued to evolve until
NSFNET was established in 1986.
AS/400
Stands for Application System/400, a midrange IBM
ARPANET was finally shut down in 1989. server computing platform for business computing.
103
A ASCII ASCII
Solution Environment (PASE). Systems Network National Standards Institute (ANSI) character set. The
Architecture (SNA) support is also available for provid- following table shows the various characters in the
ing connectivity with IBM mainframe computing ASCII character set. The first 32 characters are non-
environments. printing control characters that can be executed from
the keyboard by using the Control key combined with
Some of the popular configurations in which AS/400 is
other keys.
offered include
The ASCII Character Set
● AS/400e Model 250: An entry-level single-
Control Key
processor machine with no support for logical
Char Dec Oct Hex Combination Description
partitioning. Suitable for running packaged
NUL 0 0 0 ^@ Null character
Web applications for small businesses.
SOH 1 1 1 ^A Start of heading
● AS/400e Model 820: A mid-tier four-way symmet- STX 2 2 2 ^B Start of text
ric multiprocessing (SMP) server supporting up to ETX 3 3 3 ^C End of text
16 gigabytes (GB) of RAM and 4 terabytes of EOT 4 4 4 ^D End of trans-
storage. mission
ENQ 5 5 5 ^E Enquiry
● AS/400e Model 840: Top-of-the-line enter- ACK 6 6 6 ^F Acknowledge
prise-level server for high-transaction, high-volume BEL 7 7 7 ^G Bell
e-business, supply chain and Enterprise Resource BS 8 10 8 ^H Backspace
Planning (ERP) applications, supporting up to HT 9 11 9 ^I Horizontal tab
24-way SMP, 96 GB of RAM, and up to 18.9 LF 10 12 a ^J Line feed
terabytes of storage. VT 11 13 b ^K Vertical tab
FF 12 14 c ^L Form feed
Notes
CR 13 15 d ^M Carriage return
The newest offerings in IBM’s AS/400 line incorporate
SO 14 16 e ^N Shift out
IBM’s new high-performance copper-wired chips. SI 15 17 f ^O Shift in
For More Information DLE 16 20 10 ^P Data link
You can find IBM’s AS/400 home page at escape
www-1.ibm.com/servers/eserver/iseries. DC1 17 21 11 ^Q Device control
1 (XON)
DC2 18 22 12 ^R Device control
ASCII 2
Stands for American Standard Code for Information DC3 19 23 13 ^S Device control
Interchange, a widely accepted system for coding U.S. 3 (XOFF)
English text using numeric values. DC4 20 24 14 ^T Device control
4
Overview
NAK 21 25 15 ^U Negative
The purpose of ASCII is to allow human-readable doc-
acknowledge
uments to be stored and processed as binary informa-
SYN 22 26 16 ^V Synchronous
tion by computers. ASCII assigns a unique numeric idle
value to each lowercase and uppercase alphabet letter, ETB 23 27 17 ^W End transmis-
number, punctuation mark, and to certain other charac- sion block
ters. For example, the capital letter “A” has the ASCII CAN 24 30 17 ^X Cancel line
code 65 and a blank space has the code 32. EM 25 31 19 ^Y End of medium
ASCII is a 7-bit character set that isthe same as the first SUB 26 32 1a ^Z Substitute
128 characters (numbers 0 to 127) of the American ESC 27 33 1b ^[ Escape
(continued)
104
ASCII ASCII A
The ASCII Character Set continued The ASCII Character Set continued
Control Key Control Key
Char Dec Oct Hex Combination Description Char Dec Oct Hex Combination Description
FS 28 34 1c ^\ File separator A 65 101 41 Uppercase A
GS 29 35 1d ^] Group B 66 102 42 Uppercase B
separator C 67 103 43 Uppercase C
RS 30 36 1e ^^ Record D 68 104 44 Uppercase D
separator E 69 105 45 Uppercase E
US 31 37 1f ^_ Unit separator F 70 106 46 Uppercase F
SP 32 40 20 Space G 71 107 47 Uppercase G
! 33 41 21 Exclamation H 72 110 48 Uppercase H
mark I 73 111 49 Uppercase I
" 34 42 22 Quotation mark J 74 112 4a Uppercase J
# 35 43 23 Cross hatch K 75 113 4b Uppercase K
$ 36 44 24 Dollar sign L 76 114 4c Uppercase L
% 37 45 25 Percent sign M 77 115 4d Uppercase M
& 38 46 26 Ampersand N 78 116 4e Uppercase N
‘ 39 47 27 Apostrophe O 79 117 4f Uppercase O
( 40 50 28 Opening P 80 120 50 Uppercase P
parenthesis Q 81 121 51 Uppercase Q
) 41 51 29 Closing R 82 122 52 Uppercase R
parenthesis S 83 123 53 Uppercase S
* 42 52 2a Asterisk T 84 124 54 Uppercase T
+ 43 53 2b Plus U 85 125 55 Uppercase U
, 44 54 2c Comma V 86 126 56 Uppercase V
- 45 55 2d Hyphen W 87 127 57 Uppercase W
. 46 56 2e Period X 88 130 58 Uppercase X
/ 47 57 2f Forward slash Y 89 131 59 Uppercase Y
0 48 60 30 Zero Z 90 132 5a Uppercase Z
1 49 61 31 One [ 91 133 5b Opening square
2 50 62 32 Two bracket
3 51 63 33 Three \ 92 134 5c Backslash
4 52 64 34 Four ] 93 135 5d Closing square
5 53 65 35 Five bracket
6 54 66 36 Six ^ 94 136 5e Caret
7 55 67 37 Seven _ 95 137 5f Underscore
8 56 70 38 Eight ‘ 96 140 60 Opening single
9 57 71 39 Nine quote
: 58 72 3a Colon a 97 141 61 Lowercase a
; 59 73 3b Semicolon b 98 142 62 Lowercase b
< 60 74 3c Less than sign c 99 143 63 Lowercase c
= 61 75 3d Equals sign d 100 144 64 Lowercase d
> 62 76 3e Greater than e 101 145 65 Lowercase e
sign f 102 146 66 Lowercase f
? 63 77 3f Question mark g 103 147 67 Lowercase g
@ 64 100 40 At sign h 104 150 68 Lowercase h
(continued) (continued)
105
A ASCII file ASF
106
Asia Pacific Network Information Center (APNIC) ASP.NET A
Asia Pacific Network ASP (Active Server Pages)
Information Center (APNIC) Stands for Active Server Pages, an open, compile-free
A counterpart of the American Registry for Internet application environment for developing Web applica-
Numbers (ARIN), this is the agency responsible for tions using Microsoft Internet Information Server (IIS)
administering the registration and allocation of Internet version 3 and later.
numbers for the Asia/Pacific region.
See Also: Active Server Pages (ASP)
Overview
The Asia Pacific Network Information Center (APNIC)
ASP (application service
is one of the three Regional Internet Registries (RIRs)
that provide Internet numbers allocation and registra-
provider)
tion services to support the operation of the global Stands for application service provider, a company that
Internet. These Internet numbers include IPv4 and IPv6 offers software services to business customers across
addresses, autonomous system (AS) numbers, and the Internet, particularly services involving outsourcing
reverse Domain Name System (DNS) delegations. of Web and e-business applications.
APNIC is responsible for allocation of these numbers See Also: application service provider (ASP)
for the Asia Pacific region, which comprises 62 differ-
ent economies.
ASP.NET
APNIC is a nonprofit, membership-based organization The evolution of Microsoft Corporation’s Active Server
whose members include National Internet Registries, Pages (ASP) technology for the new .NET platform.
Internet Service Providers (ISPs), and similar bodies.
Membership in APNIC is fee-based. Overview
ASP.NET is an advanced platform for developing Web
For More Information applications, Web Services, and Web Forms under the
Visit APNIC at www.apnic.org. Microsoft .NET platform. ASP.NET solutions can be
See Also: American Registry for Internet Numbers developed using Microsoft Visual Studio .NET and
(ARIN) other tools, and ASP.NET supports application author-
ing in C#, Visual Basic .NET, and other programming
languages.
ASN
ASP.NET is Microsoft’s successor to ASP and ASP+
Stands for autonomous system number, a unique num-
(Active Server Pages Plus) and is to a large degree
ber used to identify an autonomous system (AS), that
backward-compatible with the syntax of these earlier
is, a network that can exchange exterior routing infor-
platforms. Unlike ASP and ASP+, however, ASP.NET
mation with neighboring networks.
is a compiled platform rather than an interpreted one,
See: autonomous system number (ASN) which offers better run-time performance. ASP.NET is
also easily factorable so that developers can remove
modules that are not required for a particular applica-
ASN.1 tion, making applications more code-efficient and giv-
Stands for Abstract Syntax Notation One, a standard ing them a smaller footprint.
from the International Standards Organization (ISO)
that provides a mechanism for encoding human- ASP.NET provides two levels of programming models:
readable symbols into condensed binary form. ● Low-level: ASP.NET provides a programming
See: Abstract Syntax Notation One (ASN.1) model similar to Internet Server Application
107
A ASR Asymmetric Digital Subscriber Line (ADSL)
Programming Interface (ISAPI) but easier to use for (SIGCOMM), which provides a forum for data com-
rapid development. munication professionals. SIGCOMM focuses on
standards for network protocols and architectures. SIG-
● High-level: ASP.NET enables the easy building of
COMM publishes the ACM/IEEE Transactions on Net-
Web Forms, a high-level programming model for
working Journal, sponsors conferences, and publishes a
building Web applications.
quarterly newsletter called the Computer Communica-
ASP.NET also supports a number of different authenti- tion Review (CCR) in conjunction with the Institute of
cation schemes including Basic, authentication, Digest Electrical and Electronics Engineers (IEEE).
authentication, NT Lan Manager (NTLM) authentica-
For More Information
tion, custom cookie-based authentication, and
Find out about the ACM at www.acm.org and the SIG-
Microsoft Passport authentication.
COMM at www.acm.org/sigcomm.
For More Information
Find out more about ASP.NET at msdn.microsoft.com/
Asymmetric Digital Subscriber
net/aspnet.
Line (ADSL)
See Also: Active Server Pages (ASP), .NET platform A form of Digital Subscriber Line (DSL) technology
that provides subscribers with high-speed voice and
data services over twisted-pair copper phone lines.
ASR
Stands for Automatic System Recovery, a feature of Overview
Microsoft Windows 2000, Windows XP, and Windows Asymmetric Digital Subscriber Line (ADSL) was devel-
.NET Server that allows you to restore your system in oped by Bellcore in 1989 as a means of transmitting dig-
the event of hard disk failure or corruption of system ital information over ordinary twisted-pair Plain Old
files. Telephone Service (POTS) telephone lines to subscribers
at speeds faster than 1 megabit per second (Mbps). The
See: Automatic System Recovery (ASR) original vision of ADSL was to provide residential sub-
scribers with high-quality digital multimedia content,
Association for Computing particularly Moving Pictures Experts Group (MPEG)
Machinery (ACM) movies through Video On Demand (VOD) services. This
The oldest and largest educational and scientific was intended to allow phone companies to compete with
computing society in the world. the emerging cable television market for delivering video
to residential areas. This goal has since faded, and now
Overview the main push for deploying ADSL is residential broad-
The Association for Computing Machinery (ACM) pro- band Internet access.
vides a forum for the exchange of information, ideas,
and discoveries relating to many aspects of computing. ADSL specifies how to implement high-speed, full-
The ACM has a worldwide membership of 80,000 com- duplex transmission over the existing twisted-pair
puter professionals representing a wide variety of inter- copper cabling of POTS. ADSL can be used to simulta-
ests. The ACM sponsors a number of special interest neously transmit voice and data over a single telephone
groups (SIGs) that bring together ACM members with line and can be used to provide high-speed Internet
shared interests. These SIGs publish technical newslet- access for both homes and businesses. Even should the
ters, host conferences, and help develop standards. data link to the Internet go down, POTS voice service
would still be available using ADSL.
One SIG of interest to networking professionals is the
ACM Special Interest Group on Data Communication
108
Asymmetric Digital Subscriber Line (ADSL) Asymmetric Digital Subscriber Line (ADSL) A
The asymmetric in ADSL refers to the fact that the 10:1 ratio. This asymmetry makes ADSL ideal for
upstream and downstream transmission rates in ADSL providing high-speed Internet access to homes and
are not equal. Over best-quality copper phone lines, businesses where fast download speeds are more
ADSL can achieve upstream speeds of up to 1.5 Mbps important than upload speeds.
and downstream speeds of up to 9 Mbps, usually in a
Telephone
Splitter
PSTN switch
Workstation
POTS
Local Loop DSLAM
Voice
Network
ADSL Router
modem
Internet
A = POTS
Percentage of
100
B = Upstream channel
50 A B C
C = Downstream channel
O
4 300 700 1000 5000 10000
KHz
109
A Asymmetric Digital Subscriber Line (ADSL) Asymmetric Digital Subscriber Line (ADSL)
110
asymmetric multiprocessing (AMP) Asynchronous Transfer Mode (ATM) A
At the other end of the subscriber’s local loop is another processors but instead are assigned to available proces-
ADSL modem (properly called an ADSL Transmission sors by the operating system.
Unit-Central Office or ATU-C) at the telco’s CO. The
Notes
telco’s modem separates the voice signal from the data
Microsoft Windows 2000 supports SMP but not AMP.
stream using a splitter and routes voice calls through the
POTS system of telco switches, while the data is routed
to a Digital Subscriber Line Access Multiplexer async
(DSLAM) unit. The DSLAM unit combines multiple Short for asynchronous transmission, a form of data
ADSL lines into a single pipe for transmission over the transmission in which the transmitting and receiving
carrier’s fiber-optic Asynchronous Transfer Mode stations do not explicitly coordinate their transmissions
(ATM) backbone network to the Internet or to other with each other.
DSL provider networks. This process is known as ATM
See: asynchronous transmission
over ADSL.
ADSL can employ several different modulation sys-
tems for encoding the data channels:
Asynchronous Transfer Mode
(ATM)
● Carrierless amplitude/phase (CAP) A high-speed, broadband transmission data communi-
● Discrete multitone (DMT) cation technology based on packet switching and multi-
plexing technologies, and used by telcos, long distance
● Discrete wavelet multitone (DWMT) carriers, and campus-wide backbone networks to carry
For More Information integrated data, voice, and video information.
Find out more about ADSL at the site of the ADSL Overview
Forum, www.adsl.com. Asynchronous Transfer Mode (ATM) technology origi-
See Also: Digital Subscriber Line (DSL), G.Lite nated in the late 1970s and early 1980s through research
into broadband Integrated Services Digital Network
(ISDN) (B-ISDN). Like Internet Protocol (IP), ATM is
asymmetric multiprocessing basically a packet-switching technology, but unlike IP
(AMP) with its variable-length packets, ATM uses fixed-size
A processing architecture in which processes are spe- packets called “cells.” The fixed size of an ATM cell
cifically assigned to different processors. makes ATM traffic simple and predictable, and makes it
possible for ATM to operate at high speeds.
Overview
When asymmetric multiprocessing (AMP) is used on a ATM works primarily at Layer 2 of the Open Systems
multiprocessor computer (a computer with more than Interconnection (OSI) reference model and so its oper-
one CPU), each processor is assigned specific tasks to ation is independent of the Physical Layer (PHY) trans-
perform. For example, one processor might be dedi- port used. The speeds at which ATM operate depend on
cated to managing input/output (I/O) requests, another the transmission medias being used. The various speeds
to executing network requests, another to running a user available include:
application, and so on.
● 1.544 megabits per second (Mbps) to 25 Mbps over
AMP contrasts with symmetric multiprocessing (SMP), unshielded twisted-pair (UTP) Category 5 (Cat5)
in which the operating system evenly distributes the cabling, also known as “ATM to the desktop.” This
application load across multiple processors. In SMP, early ATM initiative was derailed by the rapid
individual processes are not mapped to specific
111
A Asynchronous Transfer Mode (ATM) Asynchronous Transfer Mode (ATM)
advances in Fast Ethernet, which won out over ● Real-time Variable Bit Rate (rt-VBR or
ATM because of its simplicity and lower cost. VBR-RT): This level is suitable for real-time appli-
cations such as video and voice that are sensitive to
● 155 Mbps (OC-3) over either UTP or fiber-optic
delay and use large amounts of bandwidth.
cabling, used primarily for connecting wiring
closets to backbone networks. ● Non-real-time Variable Bit Rate (nrt-VBR or
VBR-NRT): This level is suitable for bursty traffic
● 622 Mbps (OC-12), 2.4 Gbps (OC-48), and 4.8 Gbps
that is not real-time in nature. An example might be
(OC-96) over fiber-optic cabling only, used exclu-
data acquisition in experiments or playback of
sively for ATM core (backbone) networks and Syn-
canned video presentations.
chronous Optical Network/Synchronous Digital
Hierarchy (SONET/SDH) as PHY layer transport. ● Unspecified Bit Rate (UBR): This level is suitable
for traffic that is not delay sensitive and non-real-
The asynchronous in ATM means ATM devices do
time. Examples might include e-mail and file
not send and receive information at fixed speeds or using
transfers.
a timer but instead negotiate transmission speeds based
on hardware and information flow reliability. The trans- ● Available Bit Rate (ABR): This level includes a
fer mode in ATM refers to the fixed-size cell structure flow-control mechanism and is therefore suitable
used for packaging information. This cell-based trans- for non-real-time traffic where the transmission
mission is in contrast to typical local area network (LAN) characteristics are subject to change over the life of
variable-length packet mechanisms, which means that the connection. An example might be file transfers
ATM connections are predictable and can be managed so over a noisy link.
that no single data type or connection can monopolize the
● Guaranteed Frame Rate (GFR): This level
transmission path. As a result, ATM is suitable for trans-
allows additional bandwidth to be allocated
mitting all types of traffic from “bursty” data transmissions
dynamically when needed.
to real-time and packaged voice and video playback.
ATM also includes a mechanism for allocating band-
Different “classes of service” are used to accommodate
width dynamically; that is, bandwidth is allocated only
transmission of different traffic types in optimal ways,
in required amounts and the required direction. As a
and ATM optimizes traffic flow performance through
result, when an ATM link is idle, it utilizes no band-
these various classes of service, which can be allocated
width, which can result in considerable cost savings
on a per-connection basis by using ATM’s Quality of
depending on the needs of your network. ATM net-
Service (QoS) settings. In this fashion, ATM is different
works use bandwidth at maximum efficiency, while
from frame relay, which is essentially a classless ser-
maintaining guaranteed QoS for users and applications
vice. Note that not all carriers or ATM switching gear
that require it.
support all of these service categories.
The evolution of ATM has been guided since 1991 in
The six service categories currently defined for ATM
large measure by the efforts of the ATM Forum. ATM is
defined by the ATM Forum are
also based on a group of international signaling and inter-
● Constant Bit Rate (CBR): This level is suitable for face standards defined by the International Telecommu-
applications that require a relatively static amount nication Union (ITU). These standards include the user
of bandwidth over the duration of a connection. An network interface (UNI) standards that specify how users
example might be network control traffic. connect to ATM networks, and the broadband intercar-
rier interface (B-ICI) and public network-to-network
interface (P-NNI) standards for establishing connectivity
between different ATM networks.
112
Asynchronous Transfer Mode (ATM) Asynchronous Transfer Mode (ATM) A
Uses compromise between the optimal cell sizes for carrying
ATM was originally envisioned as an end-to-end net- voice information (32 bytes) and data information (64
working architecture that would supersede Ethernet and bytes).
Token Ring in enterprise LANs because of its built-in
ATM uses a layered architecture for its protocol stack,
support for QoS. Initial deployments included back-
similar in some respects to the lower portions of the OSI
bones for enterprise LANs with the vision to carry ATM
model. There are three main layers in the ATM
directly to the desktop, but the rapid evolution, simplic-
architecture:
ity, and lower cost of Fast Ethernet and, later, Gigabit
Ethernet (GbE) have prevented ATM from fulfilling its ● ATM Adaptation Layer (AAL): This is the top
original vision. Few enterprises deploy new ATM back- layer in ATM and is responsible for guaranteeing
bones today, and the emergence of 10 Gigabit Ethernet service characteristics of transmission and for
(10 GbE) makes this even more unlikely in the future. building different types of data into the 48-byte cell
payload. It is called the Adaptation Layer because it
If ATM in the backbone is declining in the enterprise,
adapts the ATM Layer beneath it to the particular
ATM for WAN access remains relatively strong. GbE
services that will be using it. The ATM Adaptation
backbone switches with core ATM ports can be used to
Layer consists of two sublayers, the Convergence
connect enterprise networks to carrier’s ATM networks
Sublayer (CS) and the Segmentation and Reassem-
for remote access to branch offices and subsidiaries.
bly (SAR) sublayer. The ATM Adaptation Layer
Alternatively, an Integrated Access Device (IAD)
supports five different AAL protocols from AAL 1
aggregates network traffic at the customer premises into
through AAL 5, with the last one being the most
a single ATM WAN pipe for connection to the carrier.
widely used. The ATM Adaptation Layer is equiva-
ATM has been widely adopted in the communications lent to the OSI model’s Data Link Layer.
networks of telecommunication carriers (telcos). ATM
● ATM Layer: This middle layer takes the payload
metropolitan area networks (MANs) are widespread,
formed by the ATM Adaptation Layer and adds the
and ATM is viewed as the de facto technology for long
5-byte header information and routes the packet to
distance fiber-optic communication lines stretching
its destination.
thousands of kilometers across continents.
● Physical Layer: This bottom layer defines the elec-
ATM hardware spans the whole range of networking
trical characteristics of the network interface and
infrastructure, including ATM backbone switches and
media over which the ATM cell is transmitted and
edge switches, ATM multiplexers, ATM remote access
converts the ATM cell into electrical signals. In other
devices, and ATM network interface cards.
words the Physical Layer “puts the bits onto the
Architecture wire.” ATM supports a variety of different PHY level
ATM uses fixed-size 53-byte cells. Each cell contains transports, including SONET, SDH, DS3/E3, Fiber
48 bytes of payload (data) and 5 bytes of control and Distributed Data Interface (FDDI), and Fibre Chan-
routing information in the header. The 5-byte header nel. The ATM Layer and Physical Layer are together
provides addressing information for switching the equivalent to the OSI model’s Physical layer.
packet to its destination and can be implemented in one
ATM supports a variety of address formats. Public ATM
of two formats: User to Network Interface (UNI) or
networks implemented by telecommunications carriers
Network Node Interface (NNI).
use the same 19-byte E.164 addresses used by Narrow-
The 48-byte payload section carries the actual informa- band ISDN. Private ATM networks can use three differ-
tion, which can be data, voice, or video. The payload is ent address formats: Network Service Access Point
properly called the user information field. The rea- (NSAP) encapsulated E.164, Data Country Code (DCC),
son for choosing 48 bytes as the payload size is to and International Code Designator (ICD).
113
A Asynchronous Transfer Mode (ATM) Asynchronous Transfer Mode (ATM)
ATM is generally deployed in a star topology with the telecommunication carrier’s ATM network, but frame
ATM switch at the center acting as a concentrator. The relay or SONET can also be used to connect a site to an
advantages of this topology are that troubleshooting is ATM network. The kind of CPE needed varies with the
simplified and the network can easily be reconfigured if access method employed—for example, Channel Ser-
required. ATM switches can provide bandwidth on vice Unit (CSU) for T1 line, frame relay access device
demand, and additional connections can be formed with (FRAD) or router for frame relay, and so on. Large cor-
the switch when more bandwidth needs to be added. porate networks using an ATM backbone might use a
switch-to-switch connection to the carrier’s network
ATM is a connection-oriented technology that supports
instead of CPE.
both point-to-point and point-to-multipoint connec-
tions, but multipoint connections require multicasting Advantages and Disadvantages
(ATM does not support broadcasts). ATM requires the ATM’s two main benefits are its high transmission
establishment of a specific network path between two speeds and its flexible bandwidth-on-demand capabil-
points before data can be transported between them. ity. ATM has the following advantages over competing
This path is negotiated by the transmitting station, high-speed networking technologies:
which specifies the type of connection (service classes
● High-speed, fast-switched integrated data, voice,
discussed above), speed (bandwidth) required, and
and video communication that is not bound by the
other attributes.
physical or architectural design constraints of tradi-
The paths with which ATM connects end stations are tional LAN networking technologies.
called virtual channels (VCs). Virtual channels consist
● A standards-based solution formalized by the ITU
of one or more physical ATM links connected in a
that allows ATM to easily replace existing tele-
series for transmitting data between remote stations. A
phony network infrastructures. ATM provides a
VC exists only while data is being transmitted on it, and
global telephony standard, and more than 70 per-
all cells in a given ATM transmission follow the same
cent of U.S. telcos have migrated their internal net-
VC to ensure reliable data transmission. A virtual path
works to ATM.
(VP) is a collection of VCs having the same source and
destination points that can be used to pool traffic being ● A fixed-length cell-based transmission that is suit-
transmitted to a given destination. The header of an able for transport of real-time traffic such as voice
ATM cell contains routing information that defines the and video and which allows high-speed bulk
VC being used for the connection. This routing infor- encryption mechanisms to be implemented easily
mation is called the Virtual Path Identifier/Virtual and in an affordable way.
Channel Identifier (VPI/VCI).
● Interoperability with standard LAN/WAN technol-
VCs and VPs are the basic building blocks of ATM ogies. ATM networks can be interconnected with
networks and provide end-to-end connections with Ethernet and token ring LANs using LAN emula-
well-defined end points and traffic routes. VCs may be tion (LANE) services to provide Transmission Con-
of two types: permanent virtual circuits (PVCs) and trol Protocol/Internet Protocol (TCP/IP) over ATM.
switched virtual circuits (SVCs). ATM can work with
● Built-in support for QoS that enables a single ATM
either PVCs or SVCs, depending on your wide area net-
network connection to reliably carry voice, data,
work (WAN) traffic needs. PVCs are more commonly
and video simultaneously and manage bandwidth
used by ATM service provider networks but are less
on a per connection basis depending on the priority
efficient with respect to bandwidth costs.
of the service required. By assigning a bandwidth
Typically a subscriber needing an ATM WAN link profile to an ATM connection, the performance of
for their company leases a T1 or T3 line to connect the connection can be guaranteed.
their customer premises equipment (CPE) to the
114
Asynchronous Transfer Mode (ATM) Asynchronous Transfer Mode (ATM) A
● A connection-oriented architecture that makes it Cisco Systems came second with a 25 percent share and
resistant to the kind of denial of service (DoS) has lately been focusing its research and development
attacks for which Internet Protocol (IP) networks on packet-over-ATM, the next generation of ATM tech-
are famous. ATM is a more secure solution than IP nologies. Other switch vendors offering ATM modules
for the trust boundary where WAN links are found include Nortel Communications and Enterasys.
in enterprise networks.
The region of the world that currently has the highest
On the other hand, ATM has some significant disadvan- investment in ATM technologies is the Asia/Pacific
tages that have hindered its widespread adoption in region, where leased lines are expensive and ATM is
enterprise networks: seen as an affordable solution for the needs of the cor-
porate WAN. By contrast, in North America the cost of
● ATM switching equipment is more expensive than
leased lines is lower, making carrier-based ATM ser-
gear for competing technologies such as GbE.
vices unattractive and tending to drive large companies
● ATM is more complex in its architecture and opera- to running ATM over their own private circuits.
tion than competing technologies. By contrast, GbE
Prospects
is an easy step upwards from Fast Ethernet.
ATM was once hailed as a revolutionary technology
● The ATM vision of integrated voice/video/data superior to Ethernet and essential for enterprises
throughout the enterprise (a.k.a. “convergence”) is seeking “convergence,” that is, the transmission of voice,
not driven by market pressure, so in some ways video, and data over network backbones. However, its
ATM remains “a solution in search of a problem.” growth in deployment has been hindered by the high cost
of ATM equipment and the complexity of implementing
● Support for ATM in the WAN market has also been
and managing it. Meanwhile, bandwidth supported by
hindered by the fact that most carriers have not yet
Ethernet has continued to grow, with the result that few
deployed switched virtual circuits (SVCs) and
enterprises are contemplating the deployment of new
instead continue to rely upon static permanent virtual
ATM backbones, with most favoring GbE instead. The
circuits (PVCs), which are less flexible and provide a
early dream of corporate ATM networks stretching from
fixed amount of bandwidth at a relatively high cost.
the server room to the desktop has all but vanished.
Moving to SVCs would reduce costs for customers
by enabling bandwidth-on-demand, but most carriers ATM’s largest installed base remains in telcos, and
are reluctant to make the capital outlay for upgrading ATM or SONET/ATM remains the standard high-speed
their switching equipment if the end result is to networking solution for these companies. Most MANs
reduce immediate revenue by lowering costs. deployed by carriers are still ATM, and attempts by
GbE to encroach on this territory have been hindered by
Marketplace
the still nascent QoS features currently available for
Some of the larger carriers offering ATM services for
Ethernet. With the advent of 10 GbE, however, the
the WAN/MAN environment include AT&T, Bell
picture may change as new carriers such as Yipes
Atlantic/GTE, MCI WorldCom/UUNET, Qwest/US
(www.yipes.com) move into the MAN space offering
WEST, and Sprint. These carriers all offer high-
enterprises end-to-end Ethernet across the WAN. The
performance services with minimal transit delays, and
long-distance carrier market, however, is destined to
some of them offer ATM-to–frame relay services as
remain purely ATM for the foreseeable future, and most
an option as well, allowing multiple remote sites con-
Incumbent Local Exchange Carriers (ILECs) have
nected by frame relay to have their links aggregated into
invested too heavily in ATM technologies for them to
a single fat ATM pipe.
easily make the switch to 10 GbE.
Marconi is the leading vendor of ATM switching equip-
ATM has received a boost in the last couple of years
ment, with a 30 percent share of the market in 1999.
through increasing deployment of business and residential
115
A asynchronous transmission asynchronous transmission
Digital Subscriber Line (DSL) for providing Internet Microsoft Windows 2000, Windows XP, and Windows
access to the customer premises. Many local telcos .NET Server support direct connectivity to ATM
aggregate DSL traffic from subscribers into ATM pipes networks with up to four ATM adapters in a single
for transport to their backbone ATM carriers. However, computer.
DSL is itself facing stiff competition from cable modem
For More Information
providers, and which technology will win out is unclear.
A good source of information on current developments in
The greatest threat to ATM’s survival in the industry is the ATM technology is the ATM Forum (www.atmforum.com).
development of QoS mechanisms for IP traffic. Standards
See Also: ATM Forum, Gigabit Ethernet (GbE), LAN
such as Multiprotocol Label Switching (MPLS) and Dif-
Emulation (LANE), Multiprotocol Label Switching
ferentiated Services (DiffServ) have shown some initial
(MPLS), Multiprotocol over ATM (MPOA), quality of
promise but cannot compete at this point with ATM, which
service (QoS)
is still king of the QoS hill. Solutions such as 10 GbE may
succeed by simply throwing bandwidth at the problem, but
ultimately incorporating QoS into IP is essential if the asynchronous transmission
vision of enterprise convergence is to be attained. A form of data transmission in which the transmitting
and receiving stations do not explicitly coordinate their
Notes transmissions with each other.
A number of different approaches are available for build-
ing IP internetworks with ATM backbones. These include Overview
Asynchronous transmission (async) is used in serial
● Classical IP (CIP): Based on RFC 1577, this sup-
transmission for modems and other telecommunication
ports only the IP protocol and requires a special
devices. Data is transmitted as streams of bytes termi-
Address Resolution Protocol (ARP) Server to han-
nated by start and stop bits, and the transmitting station
dle the broadcasts required to support IP (ATM
can wait an arbitrary period of time between transmis-
does not support broadcasts because it is connec-
sions. This contrasts with synchronous transmission
tion-oriented in nature). When CIP is deployed over
(sync), in which a timing or clocking mechanism is used
ATM WAN connections using permanent virtual
to ensure a steady flow of data between the devices.
circuits, it is called CIP over PVC.
In asynchronous communication, only about 80 percent
● LANE (LAN Emulation): Lets you build bridged
of the transmitted bits actually contain data, while the
virtual LAN segments for enabling an ATM net-
other 20 percent contain signaling information in the form
work to emulate an Ethernet or Token Ring net-
of start and stop bits. Each data frame starts with a start bit
work. LANE is an early solution developed by the
and ends with a stop bit, with data bits in between. When
ATM Forum.
the receiving station receives a start bit, it knows that pure
● MPOA (Multiprotocol Over ATM): Provides a vir- data will follow. When it receives a stop bit, it knows the
tual router for creating virtual IP subnets over ATM. data frame has ended and waits for the next one.
MPOA is a more recent initiative of the ATM Forum.
Asynchronous transmission is essentially charac-
● MPLA (Multiprotocol Label Switching): A tech- ter-based with additional bits between characters to
nology developed by the Internet Engineering Task enable synchronization and error correction. An
Force (IETF) for a label-based routing system for optional parity bit for error checking can be located
carrying IP and other traffic over ATM. immediately before the stop bit in each frame. With par-
ity correction, an 8-bit character requires 3 bits of con-
For more information on each of these technologies, see
trol information (start, stop, and parity bits), which
their respective articles elsewhere in this book.
means an actual overhead of 3/8, or 38 percent.
ATM can also be used as the underlying technology for
FDDI.
116
ATDnet ATM Forum A
Asynchronous communication is not synchronized by a ATM Adaptation Layer (AAL)
timer mechanism or clock, and asynchronous devices An Asynchronous Transfer Mode (ATM) protocol that
are not bound to send or receive information at an exact performs the functions of the Open Systems Intercon-
transmission rate. Instead, the sender and receiver nego- nection (OSI) model’s Data Link layer.
tiate transmission speeds based on hardware limitations
and the need to maintain a reliable flow of information. Overview
Asynchronous transmission is mainly suitable for The function of the ATM Adaptation Layer (AAL) is to
low-speed transmission, but speeds can also be adapt the ATM Layer protocol to high-level networking
increased by using data compression. protocols above it. The AAL consists of two sublayers:
● 68-pin Small Computer System Interface (SCSI) II The ATM Adaptation Layer supports five different
connector for providing eight serial ports (acts as a AAL protocols from AAL 1 through AAL 5, with the
serial port concentrator) and typically found on last one being the most widely used.
access servers. See Also: Asynchronous Transfer Mode (ATM)
See Also: synchronous transmission
ATM Forum
ATDnet An international not-for-profit organization dedicated
to promoting the deployment of Asynchronous Transfer
Stands for Advanced Technology Demonstration Net-
Mode (ATM) products and services.
work, a high-speed test bed network that ispart of
SuperNet, the cross-country network funded by the Overview
Next Generation Internet (NGI) program. The ATM Forum was founded in 1991 by a consortium
of four companies (Cisco Systems, Northern Telecom
See: Advanced Technology Demonstration Network
[now Nortel Communications], Sprint Corporation, and
(ATDnet)
Net/Adaptive). The ATM Forum’s goal is to help steer
the course of the development of ATM standards and
ATM technologies with the cooperation of over 600 industry
Stands for Asynchronous Transfer Mode, a high-speed, partners (the Forum is itself not a standards body but
broadband transmission data communication technol- instead develops specifications and submits them to the
ogy based on packet switching and multiplexing tech- International Telecommunication Union [ITU]).
nologies, and used by telcos, long distance carriers, and The ATM Forum works by committees, some of which
campus-wide backbone networks to carry integrated include
data, voice, and video information.
● The Technical Committee: Works with other stan-
See: Asynchronous Transfer Mode (ATM) dards bodies such as the ITU to develop and evolve
ATM standards and ensure interoperability between
117
A ATM over SONET attenuation
● The User Committee: This consists of ATM users See Also: ATM over SONET
and allows them to provide input to the other com-
mittees based on their real-world experience of attenuation
using ATM. The loss of signal strength over long distances when
The ATM Forum also has an Ambassador Program for signals travel along cabling.
providing speakers knowledgeable about ATM for con- Overview
ferences and other events. The ATM Forum also has a Attenuation values for actual cables are measured in units
newsletter called “53 Bytes,” which helps keep people of decibels (dB)—a standard measurement value used in
informed of developments in the ATM field. communication for expressing the ratio of two values of
For More Information voltage, power, or some other signal-related quantity. For
The ATM Forum can be found at www.atmforum.com. example, a drop of 3 dB corresponds to a decrease in sig-
nal strength of 50 percent or 2:1, while a drop of 6 dB cor-
See Also: Asynchronous Transfer Mode (ATM) responds to a decrease of 75 percent or 4:1. Attenuation
values for cabling media are expressed in units of decibels
ATM over SONET per 1000 feet, which express the amount of attenuation in
Also called ATM/SONET, a data transmission technol- decibels for a standard 1000-foot (305-meter) length of
ogy in which Asynchronous Transfer Mode (ATM) cabling composed of that medium.
cells are transmitted over Synchronous Optical Net-
work (SONET) circuits.
Overview
ATM over SONET is a technology used by telecommu- Analog signal
nications carriers when individual circuits have to carry
multiple different kinds of traffic such as voice, video,
Internet Protocol (IP), and so on. Implementing ATM
over SONET adds an additional 5 bytes of overhead to
53-byte ATM cells, so this is done only when necessary.
If a SONET circuit carries only one type of traffic—such
as IP packets or circuit-switched voice—the ATM layer
Digital signal
is not required, thus saving the additional overhead.
ATM over SONET can be implemented either with or
without Automatic Protection Switching (APS), the
traditional SONET ring-based redundancy technology. G0AXX18 (was G0ui21.eps in 1E)
118
attenuation to crosstalk ratio (ACR) attribute (file system) A
copper Category 5 (Cat5) cabling vary with frequency attrib command
and are shown in the following table. Attenuation for A Microsoft Windows command that can be used to dis-
lower-grade cable is slightly higher. play and modify the attributes of files and directories.
Attenuation Values for Copper Cat5 Cabling Overview
Signal Frequency Attenuation You can use the attrib command to display and modify
4 megahertz (MHz) 13 dB/1000 feet the archive, system, hidden, and read-only attributes
10 MHz 20 dB/1000 feet that can be assigned to files and directories. For exam-
20 MHz 28 dB/1000 feet ple, if you need to manually modify the boot.ini file on
100 MHz 67 dB/1000 feet a machine running Windows 2000, you can use the
attrib command to remove its read-only, hidden, and
Notes system attributes.
Attenuation is caused by signal absorption, connector
loss, and coupling loss. To minimize attenuation, use Examples
high-grade cabling such as enhanced category 5 (Cat5e) attrib -r -h -s boot.ini
cabling. Also try to minimize the number of connector
devices or couplers, ensuring that these are high-grade This removes the read-only, hidden, and system
components as well. When a signal attenuates a large attributes from the boot.ini file, allowing you to edit the
amount, the receiving device might not be able to detect file manually.
it or might misinterpret it, therefore causing errors. See Also: attribute (file system)
119
A attribute (Active Directory) ATU-R
Notes
Allowable Syntax Types for Object Attributes
The term attribute can also refer to other more granular
file system information, such as time stamps, file size, Object
or link counts. Syntax Identifier Description
Undefined 2.5.5.0 Not a legal syntax
See Also: attrib command Distinguished 2.5.5.1 The fully qualified
name name of an object in the
attribute (Active Directory) directory
A property of an object in Active Directory directory Object identifier 2.5.5.2 Identifies an object
service. Case-sensitive 2.5.5.3 Differentiates upper-
string case and lowercase
Overview Case-insensitive 2.5.5.4 Does not differentiate
Attributes are information relating to objects stored in string uppercase and
Active Directory. For example, a user class object is lowercase
composed of attributes, such as a First Name attribute Print case string 2.5.5.5 Printable string
for a user account object. Numeric string 2.5.5.6 A sequence of digits
OR name 2.5.5.7 An x400 e-mail address
Attributes define the actual characteristics of objects Boolean 2.5.5.8 TRUE or FALSE
in Active Directory. Every class of objects has its Integer 2.5.5.9 A 32-bit number
own defining set of attributes. Different objects within Octet string 2.5.5.10 A string of bytes
this class are distinguished by the values of their Time 2.5.5.11 The number of seconds
attributes. Some attributes, such as the First Name elapsed since 1/1/1970
attribute for a user account object, must have a value Unicode 2.5.5.12 Wide string
assigned to them when they are created. Other Address 2.5.5.13 Internal
attributes, such as Phone Number, can optionally be Distname- 2.5.5.14 Internal
left unvalued. address
NT security 2.5.5.15 66 Microsoft Windows NT
Each attribute in Active Directory is defined only once
descriptor Security Descriptor
and can be used for many different object classes. All
Large integer 2.5.5.16 A 64-bit number
objects of the same type have the same set of attributes. Security 2.5.5.17 4 SID
Different objects of the same type are distinguished by identifier
different attribute values. It is therefore the values of the (SID)
attributes of a particular object that make that object
unique in Active Directory. See Also: Active Directory, Active Directory schema
Attributes are defined in a special portion of Active
Directory. An attribute definition includes ATU-C
Stands for Asymmetric Digital Subscriber Line
● The syntax (type of information) of the attribute,
(ADSL) Transceiver Unit, Central Office end, an ADSL
such as integer, date, or string
modem that terminates a subscriber’s ADSL connection
● Whether the attribute is single-valued or multivalued at the ADSL provider’s Central Office (CO).
Each syntax type is specified by an object identifier, See Also: Asymmetric Digital Subscriber Line (ADSL)
which is a globally unique identifier (GUID) issued by
the International Organization for Standardization (ISO).
ATU-R
The allowable syntax types for attributes of objects in
Stands for Asymmetric Digital Subscriber Line
Active Directory are shown in the following table.
(ADSL) Transceiver Unit, remote terminal end, an
120
auditing AUI connector A
ADSL modem that terminates a subscriber’s ADSL Overview
connection at the customer premises. The following table indicates the kinds of events that
can be audited in Windows 2000, Windows XP, and
See Also: Asymmetric Digital Subscriber Line (ADSL)
Windows .NET Server.
Events That Can Be Audited
auditing
The process of tracking and monitoring actions per- Type of Event Description
formed on servers or networks for security purposes. Logon and logoff Users logging on and off and
forming network connections
Overview File and object Users accessing a file, folder, or
Auditing is an important component of a general security access printer on a network
policy for a corporate network. Auditing can be used to Use of user rights A right has been exercised—for
detect attempts at unauthorized access to network example, backing up files and
resources and to track the usage of shared resources. directories
Auditing creates a record of which files have been User and group An account has been modified,
accessed, who has logged on to the network, who has management created, or deleted
attempted to use a shared resource, and so on. Specifically, Security policy A change has been made to an
auditing records information in the security log about changes Audit policy, a trust relationship,
or user rights
● What action was performed
Restart, shutdown, The system has been shut down
● Who performed the action and system or restarted, or system security
has changed
● When the action occurred Process tracking A process has been started or
● Whether the action succeeded or failed stopped, or some related activity
has occurred
Notes
Microsoft Windows 2000, Windows XP, and Windows Notes
.NET Server record two kinds of auditing information Be careful when enabling auditing for File And Object
in the security log: Access or Process Tracking because logging these events
can generate a large amount of overhead on your system,
● Success audits: Symbolized by keys and usually
especially when auditing for successes. To audit access to
used to track resource usage for capacity and
a file, folder, or printer, first enable File And Object
resource planning
Access auditing in your Audit policy, and then access the
● Failure audits: Symbolized by padlocks and usu- Security tab on the object’s property sheet.
ally used to monitor network resources for unautho-
See Also: auditing, event, security log
rized access attempts
See Also: Audit policy, event, security log
AUI connector
Stands for Attachment Unit Interface connector, a stan-
Audit policy dard 15-pin connector device for thicknet.
A policy established on a Microsoft Windows 2000 or
Overview
Windows .NET Server domain that specifies the kinds
The AUI connector on the free end of a 10Base5 drop
of security-related events that will be recorded in the
cable attaches to the DB15 connector on the network
security log.
interface card (NIC). The NIC has an AUI port connec-
tor for connecting the drop cable. The other end of the
121
A Authenticated Users group authentication protocol
drop cable typically connects to a transceiver. The ● Reserved Area (2 bytes): Not currently used.
transceiver is then joined to the thicknet cabling using a
● Security Parameters Index or SPI (4 bytes):
vampire tap that pierces the cable jacket and insulation
Specifies which security protocols are being used
to make a connection.
for the transmission of the packet.
See Also: connector (device), Ethernet
● Sequence Number (4 bytes): Indicates the posi-
tion of the packet in the sequence of packets having
Authenticated Users group the same SPI.
A built-in group in Microsoft Windows 2000, Windows
● Authentication Data (variable): Contains the dig-
XP, and Windows .NET Server for controlling access to
ital signature for the packet.
resources.
Overview Notes
AH usually uses MD5 as its encryption algorithm, but
The Authenticated Users group is similar to the built-in
other more secure encryption algorithms can also be used.
Everyone group, except that anonymous logon users are
never members of the Authenticated Users group. The See Also: IPsec
built-in security identifier (SID) for this group is
S-1-5-11.
authentication protocol
The Authenticated Users group can be used to provide Any protocol used for validating the identity of a user to
additional security when running Microsoft Internet determine whether to grant the user access to resources
Information Services (IIS) because the anonymous user on a network.
account has the ability to enumerate share names and list
Overview
domain usernames. Using the Authenticated Users group
Authentication protocols can be classified according to
provides an additional layer of security and is one way to
how the credentials are passed over the network. Some
restrict access to objects in the file system.
common kinds of authentication protocols include
You should generally use the Authenticated Users group
● Anonymous access: This method is supported by
instead of the Everyone group if you want to carefully
Microsoft Internet Information Services (IIS) and
control anonymous access to your network resources.
allows anonymous users on the Internet access to
See Also: built-in group Web content on your server.
● Basic authentication: This method transmits pass-
Authentication Header (AH) words as clear text and is often used in Unix net-
A protocol in the IPSec suite of protocols that handles works and for File Transfer Protocol (FTP)
authentication of Internet Protocol (IP) traffic. services. It is also supported by IIS.
Overview ● Digest authentication: This method hashes (digests)
The Authentication Header (AH) header immediately the user’s password before transmitting it, making it
follows the IP header of an IP packet and includes the more secure than Basic authentication. Digest authen-
following fields: tication is part of the Hypertext Transfer Protocol
(HTTP) 1.1 protocol and is also supported by IIS.
● Next Header (1 byte): This field indicates which
protocol (Transmission Control Protocol [TCP] or ● Windows NT Challenge/Response: This is
User Datagram Protocol [UDP]) is used in the pay- the standard secure authentication method for
load immediately following the AH header. Windows NT domains. In IIS this protocol is
referred to as Integrated Windows authentication.
● Payload Length (1 byte): This field indicates the
Also called Windows NT Lan Manager or NTLM.
length of the payload following the AH header.
122
authentication provider Authorized Academic Training Provider (AATP) A
● Kerberos v5: This is the standard authentication ● A Microsoft Commercial Internet System (MCIS)
security protocol for Windows 2000 and Windows membership database
.NET Server domains.
See Also: AAA
● X.509 Client Certificate authentication: This is
used in conjunction with Secure Sockets Layer (SSL)
Authenticode
and digital certificates and is also supported by IIS.
A Microsoft security technology that certifies the iden-
Notes tity of the publisher of software to ensure the software
On a Microsoft Windows NT, Windows 2000, or has not been tampered with.
Windows .NET Server network, authentication can be
Overview
handled in one of two ways:
To use Authenticode, an Internet software publisher
● When logging on to a member server or stand-alone first obtains a digital certificate from a certificate
workstation, authentication is performed by the authority (CA). They then use Authenticode signing
member server or workstation itself using its local tools to digitally sign the application.
Security Accounts Manager (SAM) database.
When a user tries to download the application from the
● When logging on to a domain, authentication is per- Internet, client-side Authenticode software in Microsoft
formed by a domain controller on the network. Windows displays the publisher’s certificate informa-
tion to help the user make a more informed decision
See Also: anonymous access, Basic authentication,
about whether to install the software on his or her
Kerberos, Windows NT Challenge/Response Authen-
machine.
tication
Authenticode can be used to sign Microsoft ActiveX
controls, .cab files, Java applets, or any other executable
authentication provider files.
In Internet Connection Services for Microsoft Remote
Access Service (RAS), a database for providing AAA See Also: security
(authentication, access, and accounting) information
for the users in a given realm.
Authorized Academic Training
Overview Provider (AATP)
An authentication provider is a server that isused by A Microsoft training program offered to accredited
Internet Authentication Service (IAS) to map a Remote academic institutions.
Authentication Dial-In User Service (RADIUS) authen-
Overview
tication request to a database containing user credentials.
An Authorized Academic Training Provider (AATP) is
The authentication provider can verify or deny whether
an educational institution approved for delivery of train-
the individual exists in the database and return this
ing on Microsoft platforms and applications. AATPs can
information to the IAS server.
include secondary schools, vocational schools, commu-
Choices for authentication providers are nity colleges, and universities. Microsoft Corporation
provides participating institutions with tools to facilitate
● A Microsoft Windows NT, Windows 2000, or
courseware delivery that prepares students for Microsoft
Windows .NET Server domain controller
Certified Professional (MCP) certifications. This enables
● A Local Users file on the IAS server schools to serve their communities by educating future
employees to fill demands for technically certified
● An open database connectivity (ODBC)–compliant
computer professionals.
database
123
A auto-application autodial
124
automatic logon Automatic Private IP Addressing (APIPA) A
Notes Automatic Private IP
Certain actions will not trigger autodial. These include Addressing (APIPA)
● Pinging an Internet Protocol (IP) address. (Pinging A feature of Microsoft Windows 2000, Windows XP,
a fully qualified domain name, however, will cause and Windows .NET Server that enables machines to be
autodial to engage.) automatically assigned Internet Protocol (IP) addresses
without the use of Dynamic Host Configuration Proto-
● Using both a dial-up and a local area network col (DHCP).
(LAN) connection. (AutoDial engages only after an
attempt to connect over the LAN has failed.) Overview
Automatic Private IP Addressing (APIPA) is designed
See Also: remote access for use on small networks where fewer than 25 machines
are deployed. Such networks are too big to easily manage
automatic logon using static (manual) IP addressing and too small to war-
A logon process whereby the user gains access to the rant the use of a dedicated DHCP server for automatic IP
network through user credentials previously stored in addressing. APIPA was developed as an alternative to
the registry. these two addressing methods.
125
A Automatic System Recovery (ASR) Automation client
126
Automation controller autonomous system (AS) A
Automation controller Overview
A client that accesses the functionality of an Using auto naming, you could, for example, automati-
Automation server. cally generate any of the following e-mail aliases for
Jeff Smith’s mailbox:
Overview
Automation is a way for one application to manipulate ● JSmith
the exposed objects (properties and methods) of another ● JeffS
application. Automation controllers are client applica-
tions that can manipulate the exposed objects of another ● JS
application called an Automation server. Examples of You could also devise some other custom naming
Automation controllers include Microsoft Word, scheme. These e-mail aliases then would be combined
Microsoft Excel, and Microsoft Visual Basic. with the Domain Name System (DNS) domain name
There are two kinds of Automation clients: of the Exchange organization to form the user’s standard
e-mail address. For example, if the domain name of
● Clients that have static information about the prop- the company is northwind.microsoft.com, JSmith
erties and methods of the Automation server bound would be combined with it to form the e-mail address
to them at compile time. JSmith@northwind.microsoft.com.
● Clients that dynamically obtain information about See Also: Exchange Server
the properties and methods of the Automation
server at run time. These clients do this by querying
the Automation server’s IDispatch interface. autonomous system (AS)
A group of Internet Protocol (IP) networks adminis-
See Also: Automation, Automation server tered under a single administrative (routing) policy.
Overview
Automation server An autonomous system (AS) is part of the routing infra-
A Component Object Model (COM) component that structure of a large IP internetwork. An AS is essen-
exposes its functionality to other applications. tially a portion of a large internetwork whose routing is
Overview administered by a single authority. Typically, this
An example of an Automation server might be a word means one AS per enterprise network. An autonomous
processing program that can expose its spell-checking system can be under the authority of a particular corpo-
functions so that Automation controllers can access ration or institution, or it can be defined by the uniform
them. This allows the functionality of one program (the use of a particular routing protocol such as Open Short-
Automation server) to be used by other programs (the est Path First (OSPF).
Automation clients or controllers). The Internet is the de facto example of a large IP inter-
An Automation server typically implements the network divided into different autonomous systems
IDispatch interface. such as AT&T Enhanced Network Services (formerly
AT&T CERFnet), SprintLink, AlterNet, and so on.
See Also: Automation, Automation controller These autonomous systems are connected by the Inter-
net’s core routers, which use an exterior routing proto-
auto naming col called Border Gateway Protocol (BGP) for
A feature of Microsoft Exchange Server that enables communication among themselves.
administrators to configure how e-mail aliases and Each autonomous system must be identified using a
other information are automatically generated when globally unique number called an autonomous system
mailboxes are created.
127
A autonomous system number (ASN) availability
number (ASN). A BGP uses ASNs to avoid routing ASNs are 16-bit numbers that are assigned to networks
loops and implement policy-based routing on the Inter- by the American Registry for Internet Numbers (ARIN).
net backbone. ASNs are required for autonomous sys- As of 2000 there were more than 12,000 ASNs assigned
tems connected to the Internet, and are obtained from to public and enterprise networks, and the number is ris-
Internet numbers registries such as the American Regis- ing rapidly as more and more enterprises implement mul-
try for Internet Numbers (ARIN) and the Asian-Pacific tihoming, the use of multiple ISPs for providing Internet
Network Information Center (APNIC). Autonomous access for their networks. To obtain an ASN, contact
systems exchange exterior routing information with one ARIN and pay the one-time registration fee and the
another by using these ASNs to identify themselves to annual maintenance fee. Note that ISPs are not charged
other autonomous systems. Autonomous systems can the annual maintenance fee for their ASNs.
be further subdivided into routing domains (areas) for
See Also: autonomous system (AS), multihoming
more granular routing.
There are three basic types of autonomous systems:
autosensing
● Stub AS: This AS is connected to only one other Technology by which a local area network (LAN)
AS. A corporate network that isconnected to an AS device can determine the characteristics of an attached
is considered to have the same AS number as the device and configure itself accordingly.
AS it is connected to.
Overview
● Transit AS: This AS is connected to more than one As an example, a port on an autosensing 10/100-Mbps
other AS and can be used for transit traffic between Ethernet switch can automatically detect whether the
autonomous systems. A Transit AS is usually admin- attached station has a 10-megabits per second (Mbps)
istered by a large Internet service provider (ISP). or 100-Mbps network interface card (NIC). This is a
useful feature that allows a combination of 10BaseT
● Multihomed AS: This AS is connected to more
and Fast Ethernet connections in a single LAN.
than one other AS but does not let transit traffic
from another AS pass through itself. An example Often during migration and system upgrades you will
might be a corporate network with several Internet find a combination of slower, legacy networking equip-
connections to different ISPs. ment and faster, more modern devices. These devices
might need to coexist for months or years, depending on
See Also: autonomous system number (ASN), Border
the budget available for upgrades. Using autosensing
Gateway Protocol (BGP), routing
hubs and switches makes this coexistence cheap and
simple and allows a full upgrade to the faster configura-
autonomous system number tion later—without purchasing additional equipment.
(ASN) See Also: hub, Ethernet switch
A unique number used to identify an autonomous sys-
tem (AS), that is, a network that can exchange exterior
routing information with neighboring networks. availability
The degree to which network resources operate without
Overview interruptions resulting from scheduled maintenance or
Every autonomous system (AS) connected to the global
unexpected failure.
Internet must have a uniquely assigned autonomous sys-
tem number (ASN). This ASN is required so that your Overview
AS can identify itself to other ASs on the Internet and Availability has become an important issue in the mod-
exchange exterior routing information with their routers. ern Internet economy in which online electronic busi-
nesses are made or broken on the basis of reliable,
fault-tolerant technologies.
128
AVS AXFR request A
Clustering is one tool for ensuring continuous uninter-
AWG Gauges for Various Diameters of Wires
rupted 24 x 7 x 365 availability of network resources.
Windows 2000, Windows XP, and Windows .NET Diameter Diameter
Server include support for clustering that provides the AWG Gauge (Inches) (Millimeters)
basic platform for building high-availability e-business 12 0.080 2.050
and electronic commerce applications that can compete 14 0.064 1.630
in today’s world. Cluster services can automatically 16 0.051 1.290
detect when an application or server fails and quickly 18 0.040 1.020
restart it on the surviving cluster node. Users connected 20 0.032 0.813
to the server will experience only a brief pause in 22 0.025 0.643
service. 24 0.020 0.511
30 0.010 0.254
See Also: 24 x 7, clustering
AXFR request
AVS A type of Domain Name System (DNS) request in
which a secondary DNS server requests the update of
Stands for Automatic Version Synchronization, a fea-
information from a master DNS server.
ture of the Microsoft Internet Explorer Administration
Kit (IEAK). Overview
An AXFR request always results in a full zone transfer.
See: Automatic Version Synchronization (AVS)
This can take time and use considerable network
bandwidth if the zone files are large.
AWG An alternative to AXFR is the incremental zone transfer
Stands for American Wire Gauge, a specification for
protocol described in RFC 1995. Incremental zone
the diameter of conducting wires.
transfers use an IXFR request and transfer only those
Overview portions of the zone file that have been changed.
The higher the AWG number, the thinner the wire.
Incremental zone transfers are supported by the DNS
Category 5 (Cat5) cabling is usually AWG 24 wire
service running on Microsoft Windows 2000 and
(0.020 inch or 0.511 millimeter in diameter), while
Windows .NET Server.
thicknet generally uses AWG 12 wire (0.080 inch or
2.050 millimeters in diameter). Twisted-pair telephone See Also: Domain Name System (DNS)
wire at the customer premises is typically 24 or 26
gauge, with 24 giving better performance for high-
speed services such as Asymmetric Digital Subscriber
Line (ADSL).
The table below shows some of the various AWG
gauges for different diameters of wires. Note that the
thinner the wire, the higher its electrical resistance and
hence the shorter the transmission distance (because
resistance varies inversely with thickness).
129
B B
B2B
xDSL, dial-up modem connections, and wireless satel-
Stands for business-to-business and refers to e-com-
lite links. Just as the existing public switched telephone
merce between different companies that have some sort
network (PSTN) catalyzed the explosive growth of fax
of partnering arrangement, in contrast to B2C, or busi-
technology after it was introduced, the Internet is revo-
ness-to-consumer, relationships in which individuals or
lutionizing the way business partners communicate to
companies purchase the products or services of another
buy and sell goods and services.
company.
VPNs are a popular technology that is widely used to
Overview
secure communications over the Internet. Without the
Companies traditionally negotiate special business rela-
Internet itself, business partners would have to purchase
tionships with other companies that can provide them
costly leased lines for secure, reliable electronic com-
with the raw materials, tools, and services that they
munications between them, and many companies still
need for the success of their businesses. Such relation-
use leased lines to support their Electronic Data Inter-
ships are known as a value chain, which typically
change (EDI) platforms. Using VPNs, however, compa-
includes activities such as obtaining raw materials, pro-
nies can send these communications securely over the
cessing these materials into finished products, shipping
public Internet, allowing them to reduce costs by elimi-
products to distributors, servicing customers, and mar-
nating leased lines in favor of better-positioned technol-
keting. To support a value chain, several business activ-
ogies such as xDSL.
ities are essential, including procurement, research and
development, manufacturing, and managing of human XML is a third component of most emerging B2B solu-
resources, operations, finances, and customer needs. tions platforms, as it provides a standardized way of
encoding business communications for transmission
B2B is basically the use of the Internet to streamline
over the Internet.
and automate these business processes to enhance the
value chain. This can result in streamlined business- In addition to these technologies, other elements of suc-
cycle processes that are faster-to-market and in substan- cessful B2B relationships include establishing credit
tial cost savings by eliminating traditional paper-based relationships between companies and building B2B
invoicing and communications used in procurement technology into legacy systems.
channels. B2B can benefit companies in many different
An emerging standard that may help promote B2B
scenarios, including corporate purchasing, supply chain
overall is an initiative from Ariba, Microsoft, and IBM
trading, and direct marketing.
called Universal Description, Discovery, and Integra-
Architecture tion (UDDI). UDDI is a proposed directory service that
The technologies at the heart of B2B are the Internet, will make it easier for companies to find business part-
virtual private networks (VPNs) and Extensible Markup ners that offer specific types of goods and services.
Language (XML). The Internet now provides a ubiqui-
tous communications infrastructure that allows compa- Implementation
You can implement B2B in three basic ways: build a
nies anywhere to connect with each other for exchange
custom solution, buy a packaged solution, or lease ser-
of business information. This can be accomplished
vices from an online marketplace.
131
B2B B2B
B Building a custom B2B solution in conjunction with small-sized or mid-sized companies is generally
business partners is an approach that is often taken by referred to as a “pure player.” These providers are com-
large companies that require custom solutions that are peting in a horizontal market—that is, trying to gain as
integrated deeply into their existing legacy business many customers as they can—and most first-generation
systems and that have pockets deep enough to imple- B2B marketplaces took this approach to growing their
ment this type of solution. The disadvantage is the ventures. Many of them provide B2B services on a
longer time-to-market period required for realizing ben- transaction-fee basis, though there’s movement away
efits from this solution, and with the rapidly changing from this model toward flat-rate pricing that makes
Internet economy this is a concern that needs to be seri- B2B costs more predictable for clients.
ously addressed by enterprise e-implementers. B2B
B2B exchanges come in all flavors, from online shop-
solution providers pursuing this market segment are
ping portals such as the healthcare industry portal
basically pursuing a vertical market in which they will
PointStore, to industry-partnered ventures in which sev-
handle a small number of large clients with extensive
eral companies form a cooperative exchange such as
integration needs.
Hyatt International Corporation and Marriott Interna-
Buying an off-the-shelf B2B solution is another tional’s Avendra marketplace for the hospitality indus-
approach that can take several forms, from purchasing try, to pure-play independent B2B exchanges such as
and deploying a software platform for developing B2B Chemdex for the chemical industry built on B2B soft-
solutions such as Microsoft BizTalk Server to hiring a ware from Commerce One and Ariba. Of these different
B2B consulting company to implement its own off-the- approaches, the most successful ventures are generally
shelf solution. This approach is often taken by mid- the cooperatives in which the narrow industry focus and
sized companies with reduced capital availability and high alignment with partner needs generate the best
limited IT (information technology) resources, and results.
especially so by dot-com startups seeking rapid time-to-
Marketplace
market. A startup company might outsource all of their
Commerce One and Ariba are two major players in the
procurement needs to a B2B consulting service that will
B2B marketplace arena, and between them they have
implement a packaged Web-based system for procure-
more than 500 corporate customers. Ariba has part-
ment and supply-chain management for them.
nered with IBM and i2 Technologies to provide soft-
Leasing services from an existing B2B exchange is a ware and services, and Commerce One has done the
third solution. Numerous online marketplaces supply same with SAP AG.
B2B services for narrowly targeted market segments
Some of the bigger players in the ISM market include
such as the food industry and the plastics industry.
These B2B exchanges (or online marketplaces) provide ● e2Open: An online marketplace for high technol-
packaged B2B solutions that include online catalog ogy supported by IBM, Nortel Networks, and
publishing services, secure transactions, direct market- others.
ing, and related services. An example is the food indus-
● Altrade: A B2B exchange developed by Altra
try, where a B2B exchange can help grocery store
Energy Technologies for the energy industry that
chains manage procurement and speedy delivery of per-
includes high-profile partners such as Dow Chemi-
ishable goods.
cal Company and ExxonMobil Corporation and
A B2B exchange with a specific industry focus such as which did over $4 billion in trades in 1999.
this is often called an Industry-Sponsored Marketplace
● Covisint: An online supply-chain procurement
(ISM), and a B2B solution provider with a more general
marketplace being developed by the Big Three
focus of providing packaged B2B solutions for
132
B2B B2B
automakers Ford Motors, General Motors, and should obtain financials and customer testimonials to B
DaimlerChrysler. avoid getting caught in the web of fly-by-night operations
that are here today and gone tomorrow.
Companies that provide full-featured packaged B2B
platforms include Ironside Technologies, Yantra Corpo- With the failure of numerous public B2B marketplaces,
ration, and many others. companies that were early adopters are taking a more
cautious view of further involvement, so that while rec-
Prospects
ognizing the need to pursue B2B solutions in order to
The future of the emerging B2B market overall is prob-
compete in the future economy, they are now more
ably bright despite the shakeout of many startups that
effectively taking care in investigating the financial via-
occurred in 2001. Many early proponents followed the
bility of exchanges before jumping on board again.
horizontal market strategy of building one-size-fits-all
Nevertheless, while getting your company involved
B2B exchanges and then trying to attract customers
with a specific B2B provider is a tactical solution that
along the “build it and they will come” paradigm.
requires good thought and due diligence, getting your
Unfortunately, most larger companies have legacy busi-
company involved generally in B2B solutions is a stra-
ness systems that require a great deal of customization
tegic requirement for any company that hopes to sur-
to participate effectively in B2B, and, as a result, most
vive in the Internet economy that is here and yet to
public B2B exchanges attracted only small and
come.
mid-sized companies whose resources were limited.
Notes
The main issues that tend to make many companies slow
Microsoft Corporation has its own internal B2B solu-
to jump on the bandwagon of public B2B exchanges are
tion called the Microsoft Market, which allows employ-
the unpredictable costs of transaction-based fees for
ees to quickly and easily procure goods and services
involvement in these marketplaces, the complexity of
from a wide variety of partner businesses. Microsoft
integrating B2B solutions into existing supply chain
Market has enabled Microsoft to lower average pro-
systems (especially for companies that have progressed
curement costs by more than 90 percent.
little in developing Web-based intranet and extranet
solutions for their businesses), and issues relating to Many B2B marketplaces provide procurement services
branding and customer loyalty that make suppliers based on either forward (sell-side) auctions which ben-
reluctant to offer their wares at cut-rate prices in the new efit suppliers or reverse (buy-side) auctions in which
online marketplaces. As a result, successful B2B buyers submit a Request for Quotation (RFQ) and wait
exchanges tend to be those that can build community— for the lowest bid to come in from suppliers. These ser-
that is, a group of buyers and sellers loyal to one another. vices have not been as successful as anticipated, how-
Private exchanges (those built upon preexisting business ever, mainly because companies generally negotiate
relationships) thus tend to fare well but offer few ave- trusted long-term contractual business relationships
nues for market growth for suppliers involved, and pub- with partners rather than just bid for the best-priced
lic exchanges offer a way of helping suppliers find new solution.
markets and new customers.
See Also: BizTalk Server 2000, Commerce Server
Another issue that has restrained many from the whole- 2000, Digital Subscriber Line (DSL), electronic data
sale plunge into B2B is the snake-oil syndrome: new tech- interchange (EDI), Microsoft Market, Universal
nologies breed startups that offer end-to-end solutions Description, Discovery, and Integration (UDDI),
that are ready to implement “yesterday.” Due diligence is virtual private network (VPN)
required of companies contemplating aligning themselves
with a B2B solution or platform, and decision-makers
133
B2C backbone
Third floor
management LAN
Wiring
Second floor closet
support LAN
Wiring
First floor closet
marketing LAN
Wiring
closet
Backbone
Collapsed
hub/switch/router backbone
(switch/router)
134
backboning backboning
Distributed backbones generally have a greater degree You should put considerable thought and planning into B
of fault tolerance than collapsed ones, because the col- the design and implementation of your network’s back-
lapsed backbone unit forms a single point of failure. bone, because the overall performance of networking
However, collapsed backbones usually have better traf- services is largely dependent on the backbone’s band-
fic flow than distributed backbones because of the width and reliability. Design your backbone with net-
underlying star topology. Collapsed backbones gener- work expansion in mind. Planning for growth is
ally offer better performance because of the reduced especially important if the cost of cable reinstallation is
number of hops that traffic must make when passing high. Fiber-optic cabling is preferred for most network
between departmental LANs. Collapsed backbones are backbones because of its high bandwidth, security, and
also easier to manage because they bring all the back- resistance to electromagnetic interference.
bone switching and routing equipment into a single
See Also: collapsed backbone
room or building. Collapsed backbones are used fre-
quently for connecting departmental LANs within a
single building, but less often for connecting building backboning
LANs across a campus network because of the Sending messages between similar messaging systems
increased distances and cabling costs. by using an intermediate messaging system of a differ-
ent type.
Backbone cabling should have the highest bandwidth of
any cabling in your network, since backbones are used Overview
to join together hubs, switches, and routers, linking A simple backboning example is the connecting of two
departmental LANs or subnetworks into building-wide or more Lotus cc:Mail postoffices using a Microsoft
or campus-wide internetworks. In buildings, backbone Exchange Server organization as the messaging back-
cabling often refers to the vertical cabling running bone. By installing the cc:Mail Connector on Exchange
through the risers or elevator shafts that connects the Server, messaging connectivity can be established with
hubs and switches in each floor’s wiring closet. connected cc:Mail postoffices. Messages can then be
Depending on performance requirements, anticipated routed from one postoffice through the Exchange orga-
growth, and cost, any of the following might be suitable nization to other postoffices on the network.
for backbone cabling:
Another example of backboning is connecting different
● Category 5 (Cat5) unshielded twisted pair (UTP) sites in an Exchange Server organization using a public
cable or private messaging network. Here are two possible
scenarios:
● Type 1A shielded twisted pair (STP) cable
● Using Simple Mail Transfer Protocol (SMTP) hosts
● Thinnet coaxial cabling
on the Internet to connect Exchange sites.
● Multimode fiber-optic cabling
● Using a public or private X.400 messaging system
● Single-mode fiber-optic cabling for connecting Exchange sites using the X.400
Connector.
Notes
The term backbone is also used to refer to the collection
of networking components (cabling, hubs, switches,
and routers) that form the supporting network into
which workgroup and departmental LANs are con-
nected. A mesh topology is often used for network
backbones to provide fault tolerance for critical
high-speed data paths.
135
background background
Internet
Exchange
background
site
A context for running applications or services on a
computer.
Exchange Overview
site A program that runs in the background is unnoticed
GoBXX02 (was G0Bui03.bmp in 1E) while the user performs another task on a different pro-
Backboning. Connecting similar messaging systems by gram in the foreground. For example, a spreadsheet that
backboning over a different messaging system. calculates data could be hidden and running in the back-
When using a public messaging backbone (or a private ground while the user types a letter using a word pro-
one owned by a different company) for connecting your cessor program running in the foreground. If the user
Exchange sites, you should consider the following: switches from the letter to the spreadsheet, the roles of
the two programs become reversed.
● Installing and configuring appropriate messaging
connectors on suitable messaging bridgehead servers Operating systems usually assign fewer CPU resources
to background programs than to foreground ones. In
Microsoft Windows 2000, Windows XP, and Windows
.NET Server, the System utility in Control Panel offers
you several Performance options on the Advanced tab
136
BackOffice Back Orifice
for optimizing performance between background and consoles, various wizards, reporting tools, and B
foreground tasks: Microsoft FrontPage and Microsoft Outlook client soft-
ware. For additional information on each of the server
● Applications: Provides more CPU resources to the
applications listed above, see their respective articles
foreground program and allocates short, variable
elsewhere in this book.
quanta to running applications
For More Information
● Background Services: Divides CPU resources
Visit the BackOffice site at www.microsoft.com/backoffice.
equally among the foreground program and any
running background programs and allocates long, See Also: Small Business Server
fixed-length quanta to applications
In addition, you can tune or enhance performance by BackOffice Server
modifying the total paging file size on all drives. A suite of integrated server products from Microsoft
Corporation.
BackOffice See: BackOffice
A suite of integrated server products from Microsoft
Corporation.
Back Orifice
Overview A remote administration tool for Microsoft Windows
The Microsoft BackOffice suite of server products is developed by the hacker group Cult of the Dead Cow.
built upon the foundation of the Microsoft Windows
2000 Server and Advanced Server platform and pro- Overview
vides a scalable, reliable solution for the needs of Back Orifice was first released for the Microsoft
departments, branch offices, and medium-sized busi- Windows NT platform in 1997 by Cult of the Dead Cow
nesses. BackOffice is provided in an integrated package (CDC), a professed hacker group. Although the tool is
called BackOffice Server 2000, which provides tools basically a form of Trojan horse that can be used to gain
for building directory, networking, messaging, Web ser- control of a target machine, it is also a full-featured
vices, database, proxy and firewall services, and Sys- remote administration system for computers that run
tems Network Architecture (SNA) host integration Windows NT and Windows 2000.
infrastructures. Back Orifice consists of two parts:
BackOffice Server 2000 includes the following ● Server component: This is a small-footprint appli-
Microsoft server products: cation that can be installed in a stealthy fashion on
● Windows 2000 Server or Advanced Server with target systems and can also attach itself to any Win-
Service Pack 1 dows executable on the target machine or run as a
separate service using any name designed. The
● Exchange Server 2000 server runs invisibly in the background and is not vis-
● SQL Server 2000 ible to users logged on to the target machine even in
the task list or close-program dialog box.
● Systems Management Server 2
● Client component: This application is used by the
● Internet Security and Acceleration Server 2000 administrator (or hacker) to control the remote Win-
● Host Integration Server 2000 dows 2000 computer. The client component can be
used either in graphical user interface (GUI) or com-
In addition, BackOffice Server 2000 offers a host of mand-line mode and can be used to send commands
additional tools for deploying and managing BackOffice to the server component to perform directory listings,
components such as BackOffice Server management copy or delete files, display or kill running processes,
137
backup backup
2 LAN-free backup
backup Tape
The process of making reliable copies of important data library
so that the data can be recovered in the event of a disaster.
Overview Fibre
Performing regular backups is perhaps the system or Channel Fibre Channel
links router
network administrator’s least glamorous but most
important task. Data loss on a corporate network can
occur for various reasons, including Tape
library
● Disk failures caused by hardware failure, power
Fibre Channel
outages, or improper use links
● Network problems leading to lost packets that are
not acknowledged because of router congestion or
other situations Servers
● Virus infection, resulting in corrupted files LAN
● Sabotage by hackers or disgruntled employees,
resulting in erased data
● Theft of hardware from the premises
In each of these scenarios, having reliable backups of G0Bxx03 (new to 2E)
138
backup backup
At the enterprise level, backups can be performed using ● Server-based backups: In this scenario each server B
a variety of technologies, each of which have their own that holds valuable data has a tape drive directly
advantages. These technologies are a blend of backup attached to it, usually through a Small Computer
device hardware and how these devices are imple- System Interface (SCSI) connection. The disadvan-
mented. The next section of this article looks at a few tage of this scenario is that it scales poorly for large
common scenarios. First, backup solutions can be char- companies—administrators would need to run
acterized by the devices used to store the backed-up around each morning to collect tapes from drives
data. These devices can include scattered all over the network.
● Tape drives: A tape drive is a device that stores ● Network backups: This is the most common scenario
data on magnetic tape. Many kinds of tape drives in most large companies. In a typical network backup
and tape formats are supported by different ven- scenario, a group of servers on a local area network
dors, and these are discussed more fully in the arti- (LAN) are connected using a second network inter-
cles “tape drive” and “tape format” elsewhere in face card (NIC) in each server to a separate LAN ded-
this book. Generally speaking, however, tape drives icated for backup purposes. This dedicated backup
have capacities in the tens of gigabytes range and LAN is concentrated using a Fast or Gigabit Ethernet
are suitable for backing up data from individual Switch, which is also connected to a dedicated server
servers or small groups of servers. called the backup server. The backup server has spe-
cial software running on it that initiates and manages
● Tape libraries: A tape library consists of a set of
the job of backing up data on the production servers.
tape drives, a large collection of tapes, and a robotic
The backup server itself is then connected by SCSI or
mechanism for loading and unloading tapes into
FiberChannel to a tape library (see illustration).
drives. Tape libraries are common in large compa-
nies and can typically store several terabytes (one ● LAN-free backup: This is a simplified form of net-
terabyte equals 1000 gigabytes) of data from groups work backup in which there’s no second backup
of servers. For more information, see the article LAN. Instead, fiber channel cards are added to
“tape library” elsewhere in this book. servers needing to be backed up and these are con-
nected using fiber-optic cabling to a fiber-channel
● Optical drives: Another medium for backing up
router, which then forwards the information directly
data is optical drives, which range from simple
over Fibre Channel links to tape libraries (see illus-
CD-R/W drives to DVD-W drives and libraries con-
tration). LAN-free backup is an emerging approach
taining many such drives. Optical drives are not as
that is gaining in popularity due to its simplicity and
common as tape drives and libraries.
high performance.
● Storage appliances: These are generally
● Serverless backups: This is a further refinement of
rack-mountable black-box solutions in which the
LAN-free backups that takes the actual task of pro-
underlying operation is not important. Storage appli-
cessing the backup from the servers and moves it to
ances are generally used for live data storage but can
a Fibre Channel switch or router used to connect the
also be used for small-scale backup purposes.
servers to the tape libraries. This can provide signif-
● Storage Area Networks (SANs): While SANs are icant relief to the servers since generating backups
primarily used for live storage of data, they can also is a processor-intensive and memory-intensive job
be used for archiving backup data. See the article that limits other functions they can perform while
“storage area network (SAN)” elsewhere in this the backup is occurring. Serverless backup solu-
book for more information. tions are just emerging in the marketplace.
Besides these different backup devices, there are also ● Storage over IP: This technology backs up data
various ways of implementing them for backing up data from network servers directly to backup devices such
from network servers: as tape libraries and SANs using only an Ethernet
139
backup backup
B network. No backup server is required to convert the Other backup options include optical storage librar-
data from Ethernet frames for transmission over ies and removable disks such as Iomega’s Zip drive
SCSI or Fibre Channel connections to the backup disks or Imation SuperDisk disks.
device. Storage over IP is an emerging technology
● Decide whether to back up servers with dedicated,
that promises to have a large impact on the backup
locally connected storage devices or over the net-
market, and it is discussed further in the article
work to centralized backup libraries. Network
“storage over IP” elsewhere in this book.
backup systems suffer from a single point of failure
● Internet backups: Backups can also be outsourced (the network itself) but are simpler to administer
over the Internet to a Storage Service Provider than a multitude of individual backup units.
(SSP) that is responsible for managing actual
● Decide whether individual users’ workstations should
backup hardware and securely storing your data.
also be backed up. A more cost-effective option is to
For more information on this, see the article
educate users to always save their work on a network
“televaulting” elsewhere in this book.
share located on a server that is regularly backed up.
Finally, a third component of a backup system is the
● Decide how to secure the storage of backup tapes
backup software itself. Some of the more popular
and other media. Will duplicate copies be stored
backup software products used in the enterprise include
both on-site (for easy access if a restore is needed)
● ArcServeIT from Computer Associates and off-site (in case the company’s building burns
down)? Make sure the storage facilities are
● Backup Exec and NetBackup from VERITAS
climate-controlled and secure.
Software Corporation
● Decide what kind of backup strategy to employ. A
● Legato NetWorker from Legato Systems
backup strategy is a combination of a backup sched-
● Storage Manager from Tivoli Systems ule and various backup types, including normal, copy,
incremental, differential, and daily copy backup
● Backup Express from Syncsort
types. Also consider whether you will verify all tapes
● Hiback and Hibars from Hicomp Software Systems immediately after each backup is performed. For fur-
ther information, see the articles “backup strategy”
Implementation
and “backup type” elsewhere in this chapter.
Instituting a regular backup plan is one of the main compo-
nents of a company’s disaster recovery policy (see the arti- ● Assign various aspects of the backup procedure to the
cle “disaster recovery” elsewhere in this book for more responsible party. One option some companies now
information), and the importance of doing so cannot be use is to back up data over the Internet to a third-party
stressed enough. To guard against these unexpected losses backup service provider that stores and maintains the
of data—or rather, to prepare for them, since they are, to a backed-up data. This method involves issues of trust
certain extent, inevitable—establish a disaster recovery and of the Internet connection as a point of failure.
policy that includes a reliable backup plan. In today’s busi-
● Test backups periodically to ensure that they are
ness world, where data is the lifeblood of the enterprise, a
actually readable. Nothing is worse than thinking
comprehensive plan is essential. The following steps are
you have a backup when in fact it is unreadable.
recommended when creating such a plan:
Notes
● Decide what kind of backup storage devices to use.
To enable administrators to perform regular backups,
Options range from small digital audio tape (DAT)
Microsoft Corporation includes backup utilities with all
drive units capable of backing up several gigabytes
of data to large automated tape libraries capable of
handling terabytes of centralized data storage.
140
backup agent backup catalog
versions of Microsoft Windows, such as the Backup tool in the master browser, it starts a browser election to force a B
Windows XP. new master browser to be selected.
See Also: backup strategy, backup type, storage over Once the backup browser has obtained the browse list,
IP, storage service provider (SSP), tape drive, tape it caches the list and distributes it to any client that
format, tape library requests it. To request the browse list from a backup
browser, a client calls the NetServerEnum application
programming interface (API) on the backup browser.
backup agent
A service that can be installed on a computer to allow
files and folders stored on the computer to be backed up NetServerEnum API call
remotely over the network.
Overview
Backup agents enable backups to be performed across an
entire network from a centralized location. In networks
that utilize this type of storage retention architecture, Client Backup
browser
where a backup agent is installed on each server, files are
backed up over the network to a central storage location,
Browse
which in enterprise environments is usually a tape library list
or some type of Network Attached Storage (NAS). This G0BXX04 (was G0Bui04.bmp in 1E)
approach to backups makes it easier to manage enterprise Backup browser. How a client obtains the browse list from
storage requirements even for large scale corporate net- a backup browser.
works and Internet service providers (ISPs). Notes
Backup agents are specific to the type of backup soft- There will be one backup browser for every 32 systems
ware being used and are usually supplied with that soft- in a given domain or workgroup on the network. The
ware when you purchase it from a vendor. Once an Computer Browser service determines the number of
agent is installed on a computer, you can back it up over backup browsers necessary to ensure that clients can
the network as easily as if a tape drive were connected have efficient access to network resources.
directly to the computer. See Also: Computer Browser service, domain master
See Also: backup browser, master browser
141
backup domain controller (BDC) backup domain controller (BDC)
B Windows 2000, Windows XP, and Windows .NET Server backup domain controller
Backup creates two different types of backup catalogs: (BDC)
● Tape catalog: Lists the details of all backup sets A Microsoft Windows NT domain controller containing
that have been stored on the tape. If a backup oper- a read-only copy of the Security Accounts Manager
ation spans several tapes, the tape catalog is located (SAM) database.
on the last tape of the series, because it is created at Overview
the end of the backup operation. On the Windows NT platform, the only writable copy of
● Backup set catalog: Lists the details of files and the SAM database is located on the primary domain
folders included in a specific backup set. A backup controller (PDC). In addition to this PDC, a Windows
set catalog is saved at the end of each backup set on NT domain can have zero or more backup domain con-
the tape. This catalog is used by the Windows 2000, trollers (BDCs) as well. These BDCs are used to pro-
Windows XP, and Windows .NET Server Backup vide load balancing and redundancy for network
program to store a summary of the file and directory authentication. These BDCs periodically undergo
information for the backup set, the number of tapes directory synchronization with the PDC by retrieving a
in the backup set, and the date on which the backup copy of the directory database from the PDC.
was performed.
See Also: backup set
Two choices for locating BDCs for user logons in WAN situations:
PDC BDC
Client
HQ Branch office
PDC BDC
Client
Directory replication traffic
adds to WAN link congestion
Efficient
Slow WAN link logons
HQ Branch office
Backup domain controller (BDC). Different ways to deploy a BDC over a WAN link.
142
Backup Operator Backup Operators built-in group
Every Windows NT network should have at least one at command to configure different replication rates B
BDC for fault tolerance. If the PDC fails, the BDC can at different times of the day.
be promoted to take its place. One BDC can support
See Also: domain controller, primary domain control-
approximately 2000 users on a network, but many fac-
ler (PDC)
tors can affect this figure.
Note that a BDC can perform logon validation and
Backup Operator
authentication as a PDC can, but it cannot manage
In Microsoft Windows 2000, Windows XP, and
accounts—for example, it cannot change user
Windows .NET Server, a user who is assigned the
passwords.
responsibility of backing up and restoring servers on a
Implementation network.
The placement of BDCs in wide area networks (WANs)
Overview
that are based on Windows NT is an important issue. In
To make an individual a Backup Operator, simply make
a master domain model scenario, user accounts are cen-
him a member of the Backup Operators group. Backup
tralized in a master domain located at company head-
Operators can exist on Windows NT domain control-
quarters, but users and shared network resources are
lers, on member servers, and on workstations. In
distributed in resource domains located at branch
Windows 2000, Windows XP, and Windows .NET
offices in different locations. The users in this scenario
Server, Backup Operators are members who have a sim-
must log on to the master domain in order to access
ilar function and belong to the built-in group called the
resources in the enterprise. There are two ways of facil-
Backup Operators built-in group.
itating this:
Backup Operators have the preassigned right to log on
● Locate all BDCs belonging to the master domain at
locally to a computer and to back up and restore files
headquarters. Unfortunately, when users at the
and directories on the system. Backup Operators also
branch offices want to log on, they will have to use
have the right to shut down the system. Backup Opera-
the relatively slow WAN link to do so. The addi-
tors do not need permissions assigned to them in order
tional logon traffic can cause congestion on the
to back up a particular file or directory—they have a
WAN link, particularly at certain times of the day.
broad system right to do so.
● Locate one or more BDCs belonging to the master
Notes
domain at each branch office (resource domain).
Backup Operators should be assigned only in enter-
This will facilitate logons by users located at branch
prise-level networking environments. In small to
offices, since they can log on to one of these BDCs
medium-sized networking environments, backing up
locally instead of being validated over the relatively
and restoring servers is usually the responsibility of the
slow WAN link by a domain controller at headquar-
administrator.
ters. However, directory replication traffic between
the BDCs located at the branch offices and the PDC See Also: Backup Operators built-in group, built-in
at headquarters can cause congestion over the WAN group
links. To make directory synchronization more effi-
cient over the WAN link, registry parameters such Backup Operators built-in
as ReplicationGovernor and ChangeLogSize can be group
adjusted and batch files can be scheduled using the In Microsoft Windows 2000, Windows XP, and Win-
dows .NET Server, a built-in group for containing users
who need privileges to back up servers on the network.
143
backup set backup strategy
● Tapes can be overwritten so that a new backup set ● The need to archive tapes for long-term data security
replaces the old one. ● The time needed to perform backups and restores
144
backup type backup type
145
Backup Wizard balanced line
146
balun bandwidth
opposite each other. This condition is also described by ● Twisted-pair cabling to coaxial cabling: Typi- B
saying that the currents in the wires are 180 degrees out cally used for connecting 10BaseT networks
of phase with each other at any given moment. with 3270 equipment running on coax or twinax
networks
Both wires have voltages that are above ground potential,
but the potentials of the wires are different with respect to ● Twisted-pair cabling to Token Ring cabling:
ground, resulting in a flow of current. The wire pair is Used for matching Token Ring Type 1 cabling to
twisted in order to ensure that the electromagnetic standard unshielded twisted-pair (UTP) cabling to
radiation produced by both wires is effectively canceled connect 10BaseT or faster hubs or adapters with
out, reducing the overall electromagnetic interference RJ-45 ports into a Token Ring network
(EMI) produced by the wires and reducing their sensi-
● Asynchronous Transfer Mode (ATM) cabling to
tivity to induced currents from external sources of EMI.
Token Ring cabling: Used for connecting Token
The most common example in computer networking Ring networks to high-speed ATM hubs in campus
is the twisted-pair cabling used in 10BaseT Ethernet backbone networks
networks.
See Also: balanced line, unbalanced line
Notes
A balun can be used to connect a balanced line to an
bandwidth
unbalanced line.
The information-carrying capacity of a signal or
See Also: balun, unbalanced line technology.
Overview
balun By definition, bandwidth equals the difference between
Stands for balanced unbalanced, a device used to con- the highest and lowest frequencies in a given range of
nect balanced lines and unbalanced lines. frequencies. For example, if the lowest and highest fre-
quencies a telephone line can carry are 300 hertz (Hz)
Overview
and 3300 Hz, the bandwidth of the telephone line is
Balanced and unbalanced lines have different electrical
3300 – 300 = 3000 Hz, or 3 kilohertz (kHz).
characteristics that prevent them from simply being
connected to each other. A balun matches these differ- The above definition of bandwidth applies to any sig-
ent characteristics by providing impedance transforma- naling system, analog or digital. With digital systems
tion between the two different lines. such as computer data networks, the term bandwidth is
often used to describe the capacity of a communication
channel for carrying signals. The greater the bandwidth,
the more data can be transferred in a given time. Since
bandwidth is here synonymous with information, and
digital information is conveyed in bits (1=on and
0=off), bandwidth for such systems is usually expressed
in bits per second (bps) or some multiple thereof
(including Kbps, Mbps, Gbps, and Tbps). This rate of
G0BXX07 (was G0BUI07.bmp in 1E)
147
Bandwidth Allocation Control Protocol (BACP) Bandwidth Allocation Protocol (BAP)
B Shannon’s Law can be used to determine the informa- QoS features. And with the rapidly dropping prices of
tion-carrying capacity of a transmission channel as GbE switching gear and the appearance of 10 GbE on
follows: the horizon, simply adding more bandwidth when it is
needed is still the most common solution for most large
(Throughput in bps) = (Bandwidth in Hz) x log2 [1 + R]
companies.
where
See Also: quality of service (QoS), signaling
R = (Signal power in Watts) / (Noise power in Watts)
This formula is only approximate since it does not take Bandwidth Allocation Control
into account the medium’s transmission properties and Protocol (BACP)
other considerations. The significant thing to notice, An enhanced version of Bandwidth Allocation Protocol
however, is that as noise (due to crosstalk, interference, (BAP), a protocol that manages bandwidth for Multi-
or some other source) increases, the channel’s capacity link Point-to-Point Protocol (MPPP) connections.
to carry information decreases.
Overview
For fiber-optic cabling, the bandwidth is usually Although BAP dynamically controls how bandwidth
expressed in units of MHz-km. For example, a cable can be allocated for Multilink Point-to-Point Protocol
rated at 500 MHz-km could carry 500 Mbps of data a (MPPP) connections, a condition can sometimes occur
distance of 1 kilometer (km), 250 Mbps of data a dis- in which both hosts at the two ends of a MPPP connec-
tance of 2 kilometers, 100 Mbps of data a distance of 5 tion try to add or remove an additional link at the same
kilometers, and so on. A similar explanation holds for time. The Bandwidth Allocation Control Protocol
measurements in units of MHz-miles. (BACP) is an enhanced version of BAP that is designed
to handle such a scenario. It does this by establishing
Notes ahead of time which MPPP host is the favored peer, that
Adequate bandwidth is a prerequisite for reliable com-
is, the one whose BAP request will be honored in case
munications, and ensuring sufficient bandwidth in
of a collision of two requests.
today’s Internet economy often drives upgrades for
enterprise networks. When a new bandwidth need See Also: Bandwidth Allocation Protocol (BAP),
arises, such as deployment of streaming media across a Multilink Point-to-Point Protocol (MPPP)
network, the obvious solution may seem to be to “throw
bandwidth at the problem,” that is, to spend money on Bandwidth Allocation Protocol
upgrading the network infrastructure from Ethernet to (BAP)
Fast Ethernet to Gigabit Ethernet (GbE) and beyond. An offshoot of Multilink Point-to-Point Protocol
This is really only one solution—another, sometimes (MPPP) that allows new links to be added or removed
better, approach is to implement Quality of Service dynamically when needed.
(QoS) mechanisms to prioritize traffic so that certain
forms of traffic receive preferential transport over less Overview
important forms. QoS is an elegant solution that side- The Bandwidth Allocation Protocol (BAP) dynamically
steps the brute-force approach of simply adding more controls how bandwidth can be allocated for multilink
bandwidth, but QoS can be difficult to configure and connections using the Point-to-Point Protocol (PPP).
manage. Although Asynchronous Transport Mode BAP makes multilink remote access (RAS) connections
(ATM) networks have the advantage of having QoS more efficient by allocating lines only as required, thus
built into their operational fabric, the far more com- eliminating wasted bandwidth. This can be especially
mon Ethernet networks require new protocols such as useful if the telecommunications carrier provisioning
DiffServ and Resource Reservation Setup Protocol the PPP connection charges by the amount of band-
(RSVP) to be implemented to support even rudimentary width being utilized by the customer.
148
bandwidth on demand bandwidth throttling
BAP allows the administrator to configure the PPP mix of leased-line services and circuit-switched tele- B
server to specify which particular MPPP lines can be communications services, and they can save users
added or dropped. The administrator also specifies money by opening additional circuits only on an
which bandwidth thresholds must be crossed before as-needed basis. Networks that make use of bandwidth
additional lines are added or existing ones are dropped. on demand can be designed to supply additional band-
BAP is especially useful over Integrated Services Digi- width under conditions such as
tal Network (ISDN) connections, because these dial-up
● Exceeding a specified threshold of network traffic
services can almost instantly add or drop lines.
● Scheduling for expected peak periods of the day
Notes
BAP is included in Microsoft Windows 2000 and ● Failover in case the permanent link goes down
Windows .NET Server as an enhancement to the
See Also: Asynchronous Transfer Mode (ATM), band-
Routing and Remote Access Service (RRAS) of
width, Integrated Services Digital Network (ISDN)
Windows NT 4. BAP is outlined in detail in RFC 2125.
See Also: Bandwidth Allocation Protocol (BAP),
bandwidth throttling
Multilink Point-to-Point Protocol (MPPP)
Generally, any networking technology that controls the
amount of network bandwidth used by servers, applica-
bandwidth on demand tions, or network communication paths.
Any networking or telecommunications technology that
Overview
provides both a permanent, dedicated connection and
In the context of Microsoft Internet Information Ser-
the capability of quickly increasing bandwidth when
vices (IIS), for example, bandwidth throttling is a tech-
needed by users.
nique for controlling the amount of network bandwidth
Overview used by individual Web sites hosted on the server. You
Many telecommunications devices incorporate band- can use bandwidth throttling to prevent hits on a popu-
width-on-demand features of various types. For example, lar site from overwhelming the server and preventing
some Integrated Services Digital Network (ISDN) other sites hosted on the server from being accessed by
devices used for Basic Rate Interface ISDN (BRI-ISDN) clients.
can be configured to use the second ISDN B channel
For example, if five Web sites are being hosted on a sin-
only when the utilization of the first channel exceeds a
gle machine running IIS but one of them is extremely
certain threshold. If this threshold is exceeded for a
popular, the other sites might get starved for bandwidth
specified period of time, the second B channel automat-
and users might have difficulty connecting to them. In
ically opens up to facilitate and speed data transfer.
order to rectify this situation, a specific maximum
Once the data rate has dropped below the threshold, the
bandwidth level can be allocated to the popular site with
second B channel shuts down until it is needed again.
the Internet Services Manager snap-in used for admin-
The ISDN technology for accomplishing this combin-
istering IIS using the Microsoft Management Console
ing of channels is called bonding. Many Asynchronous
(MMC). If this maximum bandwidth is exceeded, no
Transfer Mode (ATM) products also support various
further connections to that site are allowed until the
bandwidth-on-demand features.
bandwidth utilization level drops below the threshold.
Bandwidth-on-demand technologies are typically used This allows the unallocated bandwidth to be shared
in bursty networking situations in which high transmis- among the remaining less popular sites so that users can
sion speeds and capacities are required for transporting connect to them.
video, voice, and data on common networking circuits.
See Also: bandwidth, Internet Information Services
Bandwidth-on-demand configurations often involve a
(IIS)
149
Banyan VINES BAP
● Physical and data-link layers: VINES can operate For More Information
over Ethernet, Token Ring, X.25, and other types of Visit the Banyan home page at www.banyan.com.
networking architectures.
● Network layer: The main protocol here is the BAP
VINES Internetwork Protocol (VIP), which is sim- Stands for Bandwidth Allocation Protocol, an offshoot
ilar in function to the IP of the TCP/IP protocol of Multilink Point to Point Protocol (MPPP) that allows
suite. VIP encapsulates data and addresses it using a new links to be added or removed dynamically when
48-bit address that contains a 32-bit network num- needed.
ber and a 16-bit host number. Dynamic address
See: Bandwidth Allocation Protocol (BAP)
assignment and address resolution are performed
150
baseband transmission Basic authentication
151
basic disk Basic Rate Interface ISDN (BRI-ISDN)
B user’s credentials using a well-known public encoding If you employ Basic authentication with IIS, make sure
algorithm known as Uuencoding or Base64. Because you also use the NTFS file system (NTFS) to secure
the algorithm for this encoding method is so well access to files on your system.
known, however, it is easy to decode encoded text and
See Also: authentication protocol
extract a user’s credentials from a Basic authentication
session.
basic disk
Implementation In Microsoft Windows 2000, Windows XP, and
Basic authentication is one of several authentication
Windows .NET Server, a physical disk that can contain
schemes available on Microsoft Internet Information
primary partitions, extended partitions, and logical
Services (IIS) for the Microsoft Windows 2000,
drives.
Windows XP, and Windows .NET Server platforms.
When a user tries to access content on a Web site hosted Overview
on IIS and the site implements Basic authentication, a Basic disks can be accessed by MS-DOS and legacy
dialog box appears on the user’s browser asking for the Windows platforms and are backward-compatible with
user’s credentials (username and password). The creden- these platforms for multiboot systems. Basic disks can
tials are passed to IIS in the headers of the HTTP GET also contain volumes created using Windows NT version
request, and are compared either to credentials in Active 4 or earlier, such as spanned volumes (volume sets),
Directory directory service (if implemented) or to the striped volumes (stripe sets), mirrored volumes (mirror
Security Accounts Manager (SAM) database (on a work- sets), and RAID 5 volumes (stripe sets with parity).
group server). If Active Directory is used, the user’s User
Basic disks are the default type of disk in Windows
Principal Name (UPN) can be utilized for authentication
2000 and Windows XP. All disks are basic disks unless
purposes. Users who need to be able to access IIS using
you convert them to dynamic disks. Basic disks can
Basic authentication require the Log On Locally system
have two kinds of partitions:
right (although this can be changed using Active Direc-
tory Services Interface, abbreviated ADSI). ● Primary partitions: Basic disks support up to four
primary partitions, only one of which can be
The problem with employing Basic authentication is
marked as active.
that it is inherently insecure because of the cleartext
transmission of the user’s password. However, IIS does ● Extended partitions: Basic disks support only one
allow Basic authentication to be implemented with extended partition, which can be further subdivided
Secure Sockets Layer (SSL) encryption, in which case into logical drives or logical volumes.
an encrypted session is first established for the user
Notes
after which the user’s credentials are passed to IIS in
You can create only basic volumes on basic disks. You
encrypted form.
cannot create new simple, spanned, striped, mirrored, or
The plus side of Basic authentication is that it can be RAID 5 volumes on basic disks.
performed through a firewall or proxy server (Inte-
See Also: basic volume, dynamic disk
grated Windows authentication or Windows NTLM
cannot work in this case).
Basic Rate Interface ISDN
Notes (BRI-ISDN)
Basic authentication is often used in a UNIX environ- The slower version of Integrated Services Digital Net-
ment for authenticating remote HTTP users. work (ISDN) communications (the faster being Primary
Rate Interface ISDN, abbreviated as PRI-ISDN).
152
basic volume bastion host
Overview Overview B
Basic Rate Interface ISDN (BRI-ISDN, or simply BRI) A basic volume can be created only on a basic disk and
communications links consist of two B channels and can be
one D channel. The B channels carry the voice or data
● A primary partition, extended partition, or logical
between the customer premises and the telco central
drive that was created using the Disk Management
office (CO), and the D channel (control channel) is used
portion of the Computer Management tool
for establishing connections and signaling various con-
ditions. BRI is often referred to as 2B+D because of the ● A volume set, mirror set, stripe set, or stripe set with
channels that it employs. parity that was created using Windows NT version
4 or earlier
Since the bandwidth of each B channel is 64 kilobits per
second (Kbps), the total bandwidth of BRI is twice that, See Also: basic disk, dynamic volume
or 128 Kbps. This bandwidth can be used as two sepa-
rate communication links of 64 Kbps each (for example
bastion host
one for voice and the other for data), or it can be com-
A network server that is hardened against attack from
bined into a single 128-Kbps communication link using
the outside world.
a technique called bonding. The bandwidth of the D
channel is 16 Kbps. Overview
Bastion hosts are servers exposed to the outside world
Implementation and fortified to protect them from attack by hackers.
BRI connections at customer premises can be con-
Bastion hosts usually reside on the edge of your corpo-
nected directly to a switch at the CO, an ISDN call
rate network where it connects to the Internet, and often
controller that is linked to the CO, an ISDN Private
within a specific area called the perimeter network, also
Branch Exchange (PBX), or some other signaling and
known as the DMZ (demilitarized zone), which forms a
communication equipment.
kind of transition network between your corporate net-
If you plan to order a router or access server that work and the public Internet.
supports BRI, make sure you find out from your telco
There are many different kinds of bastion hosts:
of what kind of ISDN interface is used at your customer
premises. The two most common interfaces are the ● Sacrificial hosts: These are hosts whose security
U interface and the S/T interface, and they physically being compromised is not an issue of great impor-
appear the same. Many ISDN access devices support tance. Examples might be a public Web server
both kinds of interfaces, but check to make sure first. exposed only to the Internet and not to the corporate
side of the perimeter network, or a test server run-
See Also: bonding, Integrated Services Digital
ning new applications whose security configuration
Network (ISDN), Primary Rate Interface ISDN
is still under development, or a dummy host to dis-
(PRI-ISDN)
tract attackers away from the real prize.
● External service hosts: These are servers that are
basic volume primarily exposed to the Internet and may include
A type of volume in Microsoft Windows 2000,
mail servers, Web servers, and news servers. These
Windows XP, and Windows .NET Server that is
hosts are sometimes called primary bastion hosts.
compatible with earlier Windows operating systems.
● Internal service hosts: These are servers that are
primarily exposed to the corporate network and
153
batch commands batch commands
B may include name servers and logon servers. These ● Use older, slower machines for bastion hosts if pos-
hosts are sometimes called secondary bastion hosts. sible because they are less attractive targets for
attack by hackers, and, if compromised, are less
● Nonrouting multihomed hosts: These are servers
useful for executing code that can be used to attack
connected to both the internal and external net-
the internal network.
works but are configured to prevent routing
between the two networks. It is essential to verify ● Use the operating system platform you are most
with this type of host that routing is in fact disabled. familiar with for your bastion hosts, as you need an
intimate knowledge of the platform’s services to be
Managing a bastion host involves several activities:
able to harden them against attack.
● The initial configuration of the host is important
● Place bastion hosts on a separate network from the
and usually involves removing unnecessary appli-
internal corporate one, usually the DMZ or some
cations, disabling unnecessary services, and remov-
other perimeter network.
ing unnecessary user accounts from the host. In this
sense, a bastion host can be thought of as a ● Make sure you physically secure the bastion hosts
stripped-down server with limited but highly spe- as well—hardening a host and then leaving it an
cific functionality. The motto “keep it simple” is a unlocked basement room does not make sense.
good rule of thumb when configuring a bastion
● Remove all user accounts from bastion hosts except
host—the simpler the server’s configuration, the
a dedicated administrator account that is protected
easier it is to monitor and troubleshoot.
by a strong password. Use a machine-specific
● The implementation of a firewall is an essential step administrator account rather than a domain admin-
in securing a bastion host. The firewall may reside istrator account if possible.
on the host itself or on some other server within the
● Keep abreast of all releases of service packs and
perimeter network, or it may be a multistage fire-
patches for the operating system deployed on your
wall residing on several hosts.
bastion host and apply these when required.
● Monitoring the bastion host once it is configured is
See Also: firewall, network security
essential to determine whether it has been attacked
and whether any damage has occurred that might
compromise the network. Network security is not a batch commands
one-time affair but an ongoing commitment that A special set of commands generally found only in
involves auditing, performance monitoring, traffic batch files.
capture and analysis, logging, and reporting.
Overview
Finally, it is essential to accept the fact that bastion Although batch files can essentially contain any com-
hosts are likely to be compromised as new operating mands that can be executed at the command line, a spe-
system and application bugs are reported and fixes cial set of batch commands enable special actions to be
issued by vendors. As a result, never put anything on a performed such as jumps, terminal echoing, and condi-
bastion host that you would mind losing or which is not tional processing.
available somewhere else. Accept the worst—your host
The table on the following page lists special batch com-
will be compromised someday.
mands that are found only in batch files. These com-
Notes mands are all supported by Microsoft Windows 2000,
Some additional tips on deploying bastion hosts: Windows XP, and Windows .NET Server, but earlier
versions of Windows might support only a subset of
them.
154
batch file bCentral
Batch File Commands many administrators for logon scripts, the advent of the B
Windows Script Host (WSH) in Microsoft Windows 98,
Command Description
Windows NT Option Pack, Windows 2000, Windows
Call Calls one batch program from another XP, and Windows .NET Server allows more powerful
while allowing the calling program to administrative scripts to now be written using higher-
continue running level scripting languages such as Microsoft Visual
Echo Toggles command-echoing on or off Basic Scripting Edition (VBScript) and JavaScript. As
Endlocal Restores environment variables set by a a consequence of the WSH, the old paradigm of batch
Setlocal command files may finally be about to disappear.
For Used to run a specified command for
each file in a set of files Examples
Batch files are used primarily to simplify the execution
Goto Jumps to a specific line that is labeled
of routine or repetitive administrative tasks such as
in a batch file
mapping drives, synchronizing system clocks, or per-
If Used to perform conditional process- forming backups. For example, on a Windows NT–
ing of commands
based network, to control the rate at which directory
Pause Suspends processing of the batch file information is replicated between a backup domain
and waits for the user to respond controller (BDC) and a primary domain controller
Rem Used to insert remarks (comments) in a (PDC), you can create a batch file that will change the
batch file for documentation purposes value of the ReplicationGovernor parameter on the
Setlocal Initiates localization of environment BDC. To do this, first create a script that has the full
variables in a batch file path to this parameter in the registry along with the
Shift Used to change the position of replace- value you want to assign to it and then create the follow-
able parameters in a batch file ing simple batch file:
regini <Script_Name>
See Also: batch file, Windows commands
net stop netlogon
net start netlogon
batch file Two different scripts and batch files can be created for
Also called a batch program, an ASCII file containing a
different times of the day, and the At command can be
series of commands.
used to schedule the execution of each batch file at the
Overview appropriate time. This illustration is especially useful if
The commands within a batch file are executed sequen- directory replication must occur over a slow wide area
tially when the file is invoked. Generally, any command network (WAN) link, and you can use it to ensure that
that can be entered at the command line can be used most replication traffic occurs during off hours.
within a batch file as well. You can execute batch files
See Also: batch commands, scripting, Windows Script
either at the command prompt, by associating a shortcut
Host (WSH)
with them and double-clicking on the shortcut, or by
invoking them in a logon script or through some other
script or program. bCentral
An initiative from Microsoft Corporation to help small
Batch files are traditionally identified using the exten-
businesses get online by providing them with subscrip-
sion .bat or .cmd. Batch files trace their origins back to
tion-based services, tips and advice, technology con-
MS-DOS, with the Autoexec.bat file being the best-
sultants, and other aids.
known example. While batch files are still used by
155
B channel beaconing
B Overview Overview
Microsoft bCentral is designed to help small businesses Such channels are called Bearer channels because they
get online so they can increase sales, improve their mar- “bear,” or carry, the actual information being communi-
ket share, and provide better services to customers. The cated between the customer premises and the telco’s
bCentral initiative is an integral part of Microsoft’s central office (CO). B channels are standard, bidirec-
.NET strategy of providing software as a service to tional, digital telephone channels that can carry digital
consumers and businesses. information at a rate of 64 kilobits per second (Kbps).
Users with greater bandwidth needs can combine sev-
Services available from bCentral include
eral B channels into larger data-carrying pipes. The two
● Web site hosting packages that range from basic most common configurations are
sites to full e-mail services, online advertising,
● 2B+D: Combines two B channels to form a single
e-commerce, and e-mail newsletters.
data pipe with a total bandwidth of 128 Kbps
● Tools and services for advertising your online busi-
● 23B+D: Combines 23 B channels to form a
ness, including search engine submission tools,
high-speed data pipe equivalent to a T1 line with a
opportunities to advertise on larger well-known
total bandwidth of 1.438 megabits per second
sites, and e-mail newsletters for building customer
(Mbps)
communities.
Notes
● Back-end business support, from online services for
B channels carry voice or data only, not signaling infor-
managing your customers and tracking sales leads
mation. D channels carry information for establishment
to secure accounting services for managing your
and control of ISDN connections.
business’s finances.
See Also: 802.10, Integrated Services Digital Network
In addition, bCentral services are available to any com-
(ISDN)
puter having a Web browser and an Internet connection,
so you can manage your online business from anywhere
using a laptop computer. Partnerships with companies BDC
such as Office Depot provide value-added services such Stands for backup domain controller, a Microsoft
as purchasing office equipment and supplies over the Windows NT domain controller containing a read-
Internet from any location. Many bCentral services only copy of the Security Accounts Manager (SAM)
have free 30-day trial periods that allow businesses to database.
test these services. Finally, bCentral helps you sell your
company’s products and services at MSN eShop and See: backup domain controller (BDC)
through an online auction site developed by Microsoft
Corporation and FairMarket. beaconing
A technique used on token-passing networks for moni-
For More Information
toring the status of the token-passing process.
You can find bCentral at www.bcentral.com.
Overview
B channel Beaconing is used in Token Ring and Fiber Distributed
Stands for Bearer channel, a circuit-switched channel Data Interface (FDDI) networks to ensure that token
for carrying voice or data in Integrated Services Digital passing is functioning properly. On a token-passing net-
Network (ISDN) services. work such as FDDI, every station is responsible for
monitoring the status of the token-passing process. If a
station detects that a fault has occurred, it starts placing
beacons onto the ring. When the next station on the ring
156
BEEP benchmarking
detects a beacon, it in turn starts placing beacons on the industry, namely Standard Performance Evaluation B
ring and the first station stops transmitting them. This Corporation (SPEC) and the Transaction Processing
process will continue until the station immediately Performance Council (TPC).
upstream of the fault location is the only station sending
SPEC’s goal is to establish a suite of standardized
beacons.
benchmarks for comparing the performance of com-
Beaconing enables administrators to quickly locate the puter systems. SPEC licenses its tools for use by ven-
fault and repair it. Once the fault is fixed, the station dors, who can publish and report the results on SPEC’s
emitting the beacon detects its own beacon returning to Web site. An example is the SPEC CPU2000 bench-
it after traveling around the ring, and the station stops mark for comparing performance of CPU subsystems,
beaconing. which replaces the popular, but now retired, SPEC
CPU95 benchmark.
See Also: Fiber Distributed Data Interface (FDDI),
Token Ring TPC’s goal is to develop standard benchmarking tools
and procedures for comparing transactional processing
between different database products. A transaction is a
BEEP
form of business action performed by a computer sys-
Stands for Blocks Extensible Exchange Protocol, an tem—for example, an online purchase or sale. Database
emerging framework to replace Hypertext Transfer Pro- transactions include inventory control, books, account
tocol (HTTP) for transport of Extensible Markup Lan- updates, and similar procedures. TPC benchmarks such
guage (XML)–based information over the Internet. as TPC-C for Online Transactional Processing (OLTP)
See: Blocks Extensible Exchange Protocol (BEEP) and TCP-W for Web-based e-commerce transactions
attempt to mirror real-world transaction processing to
compare the performance of database systems from dif-
benchmarking ferent vendors.
Any systematic method for performing comparative
measurements of computer hardware, operating sys- Another popular set of benchmarks are those of media
tems, and their components and subsystems. company ZDNet, which has developed its set of
Winbench and Winstone benchmarks for compar-
Overview ison of business and consumer computer systems
Benchmarking began as system attempts to compare
and peripherals.
the speed and power of hardware, operating systems,
and applications that had similar functions. For exam- The main difficulty with most benchmarking systems is
ple, an early comparison between Microsoft Word and interpreting them. While trying to mirror real-world
Corel WordPerfect might have been to compare how effects, benchmarks nevertheless operate under ideal-
quickly both applications could spell-check the same ized conditions in which certain variables are controlled
100-page document. In the early days, vendors them- and others are changed to study the results. The chal-
selves often performed benchmarking to highlight lenge continues to be to develop reliable independent
the superior performance of their products in the benchmarks that will test significant components of
marketplace. complex real-world systems while maintaining fairness
and vendor-neutrality.
To elevate benchmarking to something more consistent
and reliable, independent nonprofit organizations have For More Information
been formed to benchmark certain aspects of system You can find SPEC at www.spec.org. TPC can be found
and application behavior. Two of these organizations at www.tpc.org. ZDNet can be found at www.zdnet.com.
have achieved a high degree of credibility in the
157
BeOS BERT
158
best effort Binary Tulloch Transport Protocol (BTTP)
159
BIND bindings
B for satellite links), this is clearly sufficient time for con- bindings
nections to be established with Internet hosts whose A mechanism for linking the various components of an
networks are rapidly switching on and off. operating system that make network communications
For More Information possible.
You can find out more about BTTP and its creator, Overview
Mitch Tulloch, at www.mtit.com. Bindings link together network interface card (NIC)
drivers, network protocols (such as Transmission Con-
BIND trol Protocol/Internet Protocol [TCP/IP]), and network-
ing services (such as Workstation service). Microsoft
Stands for Berkeley Internet Name Domain, a popular
Windows 2000, Windows XP, and Windows .NET
software tool for administering and maintaining the
Server let you optimize network communication by
Domain Name System (DNS) on UNIX platforms.
selectively enabling, disabling, and modifying the order
See: Berkeley Internet Name Domain (BIND) of the bindings between these different networking
components. Windows 2000, Windows XP, and
bindery Windows .NET Server support Network Driver
In Novell’s NetWare version 3.x and earlier networking Interface Specification (NDIS) version 5, which allows
operating systems, the database containing network multiple protocols to be independently bound to multi-
security information (such as users, groups, and rights) ple NICs.
for a particular server.
Overview
Each NetWare 3.x server has its own bindery for con-
trolling access to that server’s file and print resources.
In version 4.x and later, the bindery is replaced by the
Novell Directory Services (NDS), although 4.x servers
are also capable of running in bindery emulation mode.
Microsoft’s optional Microsoft Windows 2000 Server
service Gateway Services for NetWare (GSNW) can be
used to implement gateways to resources located on
NetWare file and print servers that are using bindery
security. This allows Windows users to access volumes,
directories, and print queues on NetWare servers with-
out requiring NetWare client software to be installed on
them. Client Services for NetWare (CSNW) can also be
installed on client machines running Windows 2000
Professional and Windows XP to enable them to
directly access bindery-based NetWare 2.x, 3.x, or 4.x
G0BXX08 (replace old G0Bui08.bmp with new G0BXX08.bmp screenshot)
servers that are running in bindery emulation mode. Binding. Configuring bindings in Windows 2000.
See Also: Client Services for NetWare (CSNW), Gate- To configure bindings for Windows 2000, choose
way Service for NetWare (GSNW), Novell Directory Advanced Settings from the Advanced menu of the
Services (NDS) Network And Dial-Up Connections window, which is
accessed from Control Panel. In this way bindings can
160
biometric authentication Bit/Block Error Rate Tester (BERT)
be easily enabled, disabled, or reordered. To optimize the microphone, which renders such tape recordings B
network performance, disable any unnecessary bind- useless.
ings on your workstations.
Biometrics will probably soon make their way into the
See Also: network driver interface specification wireless arena as well. Cellular communications vendor
(NDIS) Nokia has prototyped a biometric-enabled cell phone,
which would make stealing such a phone useless. The
main barrier against this development is cost—cell
biometric authentication
phones are mass-produced cheaply and even a biomet-
Any authentication scheme that uses an aspect of a per-
ric component costing $10 per phone could break the
son’s physical body or behavior to verify that person’s
cost model.
identity.
Another general barrier to all forms of biometric
Overview
authentication systems are privacy issues regarding
Biometric authentication (or biometric identification)
having digital information about your physical makeup
has been employed for years for entry-access control of
stored on a device that could be stolen or misused.
high-security environments such as military com-
Despite these concerns, the biometrics market in 1999
pounds and virology laboratories, but only recently
was $166 million and is rising rapidly.
have commercial products become available for secur-
ing computer networks. Biometric authentication Notes
mechanisms take many forms, including When implementing biometric authentication systems,
be sure to consider fallback authentication options
● Fingerprint or thumbprint identification devices
should the biometric device fail. Costs of purchasing
● Face-recognition systems (measure dimensions of and deploying such systems across an enterprise may
prominent facial features) also be considerable, and help desk departments might
find it more time-consuming to troubleshoot a faulty
● Iris-scanning devices (retina scanners are much
sound card of a voice-print authentication system
more rare and expensive)
than simply resetting a user’s traditional text-based
● Voice-print identification systems (usually a sound password.
card, microphone, and software)
See Also: network security
● Biometric trackballs and mice (measures vein pat-
terns, creases on the palm, or density of fatty tissue
using infrared lasers)
B-ISDN
Stands for broadband ISDN, the broadband transmis-
Some biometric authentication systems measure behav- sion counterpart of Integrated Services Digital Network
ior patterns instead of physical features. An example is (ISDN).
BioPassword from Net Nanny Software International,
which requires a user to enter a password on a keyboard See: broadband ISDN (B-ISDN)
and then compares the way the user typed the password
with information stored in a database. Bit/Block Error Rate Tester
Biometric authentication systems must be designed (BERT)
carefully in order for them to be truly secure. For exam- A device used to troubleshoot serial lines.
ple, a simple voice-print authentication system could be
Overview
fooled by using a tape recording of the user’s voice. To
A Bit/Block Error Rate Tester (BERT) is a kind of cable
guard against this, these systems commonly ask the
tester specially designed for testing serial lines. BERTs
user to speak a randomly generated series of words into
can be connected to serial ports on PCs, routers, and
161
Bit Error Rate (BER) BizTalk
B other devices to provide a visual indication of the con- bits per second (bps)
dition of the serial interface. A unit used for measuring the speed of transmission of
A typical BERT is a small box with a 25-pin serial con- data on a network of computers.
nector and 25 light-emitting diodes (LEDs), one for Overview
each lead of the interface. A quick visual inspection can Bits per second, or bps, represents the rate at which
provide information about whether data is being reli- information is being sent or received. A bit is a single
ably transmitted across the interface. You can also use unit of digital information, represented by either a 1 or a
jumpers to make or break specific leads to see the 0. The total number of bits per second that can be trans-
effect—this simulates the effect of crossed wires and mitted over a network link describes the bandwidth or
can be used to detect such wires in miswired serial throughput of that link.
cables or connectors.
Because most network communication takes place at
See Also: test equipment thousands or millions of bits per second, the following
related units are commonly used:
Bit Error Rate (BER) ● Kbps = kilobits per second (103 bps)
A measurement of the reliability of a networking archi-
tecture or device. ● Mbps = megabits per second (106 bps)
162
BizTalk Framework BizTalk Framework
rules and a collection of base XML tags for building B2B e-commerce and is based on the standard Extensi- B
new schema for B2B e-commerce. These tags pro- ble Markup Language (XML) specification.
vide the “envelope” that ensures electronic docu-
Architecture
ments reach their intended recipient. See the article
When two businesses in a B2B relationship need to
“BizTalk Framework” later in this chapter for more
exchange information electronically, the first step is to
information.
decide on a common XML schema to use that both can
● BizTalk server: Any software that can read and understand. A schema defines the type of content being
process documents formatted according to the Biz- transmitted and the structure of the document contain-
Talk Framework is called a BizTalk server. BizTalk ing it. Microsoft has established the site www.biz-
servers can be third-party applications developed talk.org as a resource site for businesses to develop and
using any programming language and running on publish BizTalk schemas for their industry sectors.
any operating system platform and can be designed
for either front-end or back-end exchanges of B2B BizTalk Message
documents.
● BizTalk Server 2000: Microsoft’s own version of a Transport Envelope
BizTalk server, which runs on the Windows 2000
platform and provides orchestration of business BizTalk Document
processes and XML document exchange. BizTalk BizTalk header
Server 2000 can transmit XML and Simple Object
Delivery
Delivery
infoinfo
Access Protocol (SOAP)–based messages over a
variety of transports including Hypertext Transfer Doc manifest
Protocol (HTTP), Simple Mail Transfer Protocol
(SMTP), and others.
Document Body
● BizTalk.org: A site devoted to the support and pro-
Business Documents
liferation of BizTalk.
For More Information
Visit the BizTalk resource site at www.biztalk.org.
See Also: B2B, BizTalk Framework, BizTalk Server GB0XX09 (new to 2E)
163
BizTalk Server 2000 Blackcomb
164
black hole Blocks Extensible Exchange Protocol (BEEP)
165
blue screen Bluetooth
166
Bluetooth Bluetooth
Needless to say, not everyone expects (or even wants) due to reflecting obstacles and overcoming noise due to B
this brave new world to happen! electromagnetic interference (EMI) generated by
microwave ovens and other devices. Bluetooth also uses
Original work on the Bluetooth specification dates back
short packets and fast acknowledgments to increase
to 1994 when cellular phone manufacturer Ericsson
reliability and employs forward error correction to
first outlined the technology. The original intention was
reduce the effects of random noise.
to provide a way to connect wireless headsets with cel-
lular phones, but the Bluetooth specification has Bluetooth’s data transmission rate is 1 megabit per sec-
evolved far past this initial goal. In 1998 a consortium ond (Mbps), but with protocol overhead the resultant
called the Bluetooth Special Interest Group (SIG) was practical maximum transmission rate is more like 780
created, and it published its first specification in 1999. kilobits per second (Kbps) or lower. Bluetooth uses a
The original members included Ericsson, its rival shared-media transmission scheme similar to Ethernet
Nokia, and other industry leaders such as IBM, Intel in which only one device in a group of connected
Corporation, and Toshiba Corporation. This consortium devices can transmit at any one time, and duplex trans-
has grown to include over 2000 different vendors, and mission is simulated through time-division multiplex-
the current Bluetooth specification is version 1.1. ing of simplex transmissions. The result is that a PAN
with many Bluetooth devices will perform more poorly
The success of the Bluetooth SIG is based largely on the
than one with only a few devices, but this is not consid-
fact that companies that join must grant a royalty-free
ered a serious disadvantage since the specification was
license to all other members of the alliance for any
designed to be a lightweight one from the beginning.
Bluetooth-related technology they develop. The SIG’s
main purpose is to develop specifications for real-world Given its aim of supporting devices in PANs, Bluetooth
interoperable Bluetooth products—it is not a standards is a low-power technology with a maximum range of
body, and the intention is that any specifications devel- transmission of 33 feet (10 meters). Bluetooth’s auto-
oped by the SIG will be passed on to the Institute of matic power adaptation adjusts transmission power to the
Electrical and Electronics Engineers (IEEE) for final minimum needed for reliable transmission in any given
standardization. situation to enhance battery life in portable devices.
Because of the original vision of Bluetooth for small The Bluetooth protocol suite is centralized around the
handheld devices, a consistent goal of the Bluetooth Logical Link Control and Adaptation Protocol
SIG has been to develop Bluetooth technology that can (L2CAP). This protocol supports two data transmission
be implemented on a single chip. Much success has modes:
been achieved in that respect, with chip prices in large
● Asynchronous packet-switched communications
lots coming down to the $4 range.
with simplex speeds of 721 Kbps in the forward
Architecture direction and 57.6 Kbps in the reverse.
Bluetooth is based on baseband FM transmission using
● Synchronous circuit-switched communications for
frequencies between 2.4 and 2.4835 gigahertz (GHz)
duplex communications over three 128 Kbps chan-
within the unlicensed 2.4-GHz Industrial, Scientific,
nels for a total bandwidth of 432.6 Kbps in each
and Medical (ISM) band. Bluetooth divides this band of
direction.
frequencies into 79 separate channels, and transmission
uses a frequency-hopping scheme to hop between chan- The Application Layer of the Bluetooth protocol suite
nels randomly at a rate of 1,600 hops per second. The is implemented as a series of “profiles” representing
result is that a different frequency is used to transmit operating parameters for different kinds of uses of
each packet of a Bluetooth transmission. The advantage Bluetooth. Currently, 13 different application layer pro-
of such aggressive frequency-hopping is to provide files have been developed under the specification, and
smooth operation by minimizing the effects of fading Bluetooth systems are required only to implement a
167
Bluetooth Bluetooth
B core subset of these together with other profiles needed point-to-point or point-to-multipoint, and groups of
for their operation. piconets can be joined together into larger associations
called scatternets, with each piconet within a scatternet
Other Bluetooth protocols include the Link Manager
having a uniquely different hopping sequence.
Protocol (LMP), which manages device authentication
for forming new connections, and the Service Discov- Marketplace
ery Protocol (SDP), which maintains the browse list of The Bluetooth marketplace is still in its infancy, but
accessible devices. some of the highlights are as follows:
Security is built into Bluetooth at the data-link level and ● Bluecore, the first working Bluetooth chip, was
provides the following services: developed by British startup Cambridge Silicon
Radio. This was incorporated into the first com-
● Authentication: Bluetooth has built-in device
mercial Bluetooth product, a Bluetooth-capable
authentication, while user authentication needs to
CompactFlash expansion card named Bluecore
be implemented at the application level. Once a
CF+, which was developed by California-based
device has been authenticated, it is then considered
Socket Communications for the Microsoft
“trusted” by all other devices in the ad hoc PAN.
Windows CE platform of portable devices. Since
● Authorization: This is used to control which ser- then other Bluetooth chips have been developed by
vices are accessible from which devices. For exam- major players such as Ericsson, Intel Corporation,
ple, a Bluetooth-enabled PDA is authorized to print and Motorola.
to a similarly enabled printer but not to a Bluetooth
● RocketChips (www.rocketchips.com) has developed
cell phone.
a vision for integrating Bluetooth onto CPU chips
● Encryption: Bluetooth includes support for 128-bit within PCs; in other words, a no-chip solution
encryption. In addition, the frequency-hopping instead of the usual single-chip solution. If this
transmission scheme employed by Bluetooth helps vision is implemented, Bluetooth could become as
guard against eavesdropping by unauthorized users. ubiquitous as the PC.
Implementation ● Red-M (www.red-m.com) has developed a complete
Bluetooth supports concurrent connections among up to Bluetooth solution including access server, access
eight devices, forming what is called a piconet. Each point, and PC cards for clients.
device in a piconet is temporarily assigned a unique 3-bit
● Ensure Technologies has developed a Bluetooth
MAC address for the duration of the connection. A
security card that users wear and that can automati-
master/slave relationship exists between one device
cally unlock their PCs when they come near them.
and all other devices in the piconet for the duration of
the connection. The purpose of this is for establishing ● Major vendors developing Bluetooth PC cards
clocking to synchronize devices for using the hopping include Toshiba, Compaq, Hewlett-Packard, and
sequence. In all other respects, the devices operate as others. Motorola is producing a PC combo card
peers during a connection. with a V.90 modem and a Bluetooth chip combined.
Unconnected Bluetooth devices are always on in a ● IBM is currently licensing Bluetooth device driver
standby mode where they listen for connection attempts software for the Linux platform and plans similar
every 1.28 seconds on each of 32 preassigned hopping software for Microsoft Windows platforms. IBM
frequencies. Once a compatible device is found, link has also prototyped a Bluetooth-enabled PDA
setup and authentication is then performed using the called WatchPad that a user wears on the wrist like
Link Manager Protocol (LMP), which uses the link an ordinary watch.
controller services built into the Bluetooth chip. Con-
nections between Bluetooth devices can be either
168
Bluetooth Bluetooth
● 3Com Corporation and Extended Systems are plan- 802.11b and HomeRF, but it is also used for non- B
ning on delivering a set of management tools, pro- networking applications such as garage door openers,
tocol stacks, and software development kits (SDKs) microwave ovens, cordless telephones, telco local loop
for developing Bluetooth-based solutions for the systems, baby monitors, medical scanners, and various
Microsoft Windows platform. other business and consumer devices. By using an
aggressive frequency-hopping scheme, Bluetooth is
● Palm plans on integrating support for Bluetooth in
fairly resistant to interference from these different sys-
its next version of the PalmOS.
tems, but that very fact means that Bluetooth easily
● Intesil Corporation is working on dual 802.11b/ interferes with the operation of these other systems.
Bluetooth chipsets for overcoming issues relating to Tests have shown, in fact, that communications over
interference between the two wireless networking 802.11b wireless networks can be degraded and even
technologies. disrupted by nearby Bluetooth devices. The result has
been that large companies that rely heavily on 802.11b
● Ericsson, the initial force behind Bluetooth’s devel-
wireless networks have instituted policies to ban Blue-
opment, has released Bluetooth adapters for some
tooth devices from the premises.
of its cellular phone models that enable wireless
connectivity between phone and headset. Besides the threat to 802.11b local area networks
(LANs), Bluetooth poses dilemmas for other industries
The Bluetooth SIG holds a yearly conference called
as well. The airline industry has voiced particular con-
Unplugfest where old and new vendors of Bluetooth
cern that Bluetooth devices carried by different passen-
products meet to test interoperability between their dif-
gers might detect each other during a flight, turn
ferent implementations of the specifications. Because
themselves on, and generate transmissions that could
of the specification’s evolving nature, early-to-market
disrupt an aircraft’s sensitive navigation equipment.
products based on the 1.0 specification may have com-
The Bluetooth SIG is attempting to allay these concerns
patibility issues with products based upon the newer 1.1
through further refinement of the specifications.
standard.
Prospects
Issues
Despite issues relating to interference with 802.11b
Using the ISM band for Bluetooth communications has
wireless local area networks (WLANs) and whether ad
been problematic. The ISM band is supposedly
hoc always-on wireless networking is desirable or even
reserved worldwide for unlicensed communications,
safe, Bluetooth has a great deal of momentum from
but governments in some countries and regions have
industry and products are likely to be widely available
licensed portions of this band for specific uses. The
soon. In addition to consumer-oriented applications for
problem is of special concern in Spain and France,
PANs and wireless public access kiosks, Bluetooth may
which have only a narrow portion of the band available,
also find some place in the enterprise as a cable-
and the Bluetooth specifications have been massaged to
replacement technology.
produce a special version of the specification techni-
cally able to function under these restrictions, but legal Only time will tell, however, whether a Bluetooth-
restrictions prohibit its use in these two countries to pre- enabled can of beer will someday communicate with a
vent the jamming of other services. The reason this is similarly enabled refrigerator to ask it to lower the
such an issue is that, due to the multiplication of differ- temperature for just the right taste.
ent specifications, Bluetooth cellular phones will not be
Notes
able to easily function throughout Europe as originally
The goals of Bluetooth and 802.11b are different:
envisioned by Ericsson.
although 802.11b was specifically developed mainly
Another issue is that not only is the ISM band also used for laptop computers as a wireless replacement for
by other wireless networking technologies such as wired Ethernet LANs, Bluetooth is optimized for
169
BNC connector B-node
B forming short-range ad hoc networks for connecting ● BNC cable connector: Soldered or crimped to the
smaller portable devices such as cell phones and PDAs. ends of a thinnet cable
The implementations of these technologies, although
● BNC T-connector: Used to connect a network
confined to the same ISM frequency band, are also dif-
interface card (NIC) to a thinnet cable segment
ferent: Bluetooth uses frequency-hopping, but 802.11b
uses spread-spectrum transmission. ● BNC barrel connector: Used to connect two
pieces of thinnet cable
The interesting name “Bluetooth” comes from Harald
Bluetooth, the Viking who in the 10th century unified ● BNC terminator: Provides a 50-ohm termination
Norway and Denmark. for the free end of a thinnet cable
Bluetooth also supports voice transmission that use up Notes
to three concurrent synchronous 64-Kbps voice-only Several possibilities are usually suggested as to the ori-
channels or one channel that simultaneously supports gin of the term BNC:
both asynchronous data and synchronous voice trans-
● British Naval Connector
mission. The voice channels use the continuous vari-
able-slope delta modulation-coding scheme. ● Bayonet Nut Connector
A competing technology for PANs besides Bluetooth is ● Bayonet-Neill-Concelman (probably the correct
the Infrared Data Association (IrDA) protocol, but explanation since the connector was named after
while IrDA devices require line-of-site communication, Neill and Concelman, its two creators)
Bluetooth devices overcome this restriction. IrDA does
For situations where large mechanical loads may affect
have certain advantages however, including much
cabling, a threaded form of the connector is available
greater data transmission rates.
called TNC.
For More Information
See Also: connector (device), terminator
You can find the Bluetooth SIG at www.bluetooth.com.
See Also: 802.11b, 802.15, Infrared Data Association
B-node
(IrDA), Personal Area Network (PAN), piconet, wire-
A NetBIOS name resolution method used by Microsoft
less networking
Windows NT in which broadcast messages are used for
name registration and resolution.
BNC connector Overview
A group of connectors used for joining thinnet cable
Name resolution is the process of converting the name
segments together and for connecting thinnet cabling to
of a host on the network into a network address (such as
10Base2 network cards.
an Internet Protocol [IP] address). Name resolution
Overview must be performed in order to establish communication
BNC connectors are used on 10Base2 (thinnet) Ether- over a Windows NT network. B-node is one of four
net networks and use a twist-and-lock mechanism that basic methods supported by Windows NT for resolving
provides a secure connection between network cabling NetBIOS host names—that is, computer names—into
and components. The male connector has a center pin IP addresses.
with a rotating ring with projections that mate with the
If a computer running Windows NT is configured as a
female connector.
B-node machine, it always uses broadcasts to resolve
The various types of BNC connectors include the names of other hosts on the network. For example, if a
following: B-node machine wants to communicate with another
machine with the NetBIOS name SERVER7 (for exam-
170
bonding bonding
171
boot boot files
B offers bonding of up to four Internet Digital Subscriber ized. For example, if you change the configuration
Line (IDSL) lines. parameters of an internal modem, you sometimes need
to cold boot your system for these changes to take
DSL bonding has several advantages:
effect.
● Customers requiring greater bandwidth than can be
See Also: boot files, boot process
afforded by a single DSL link can use bonding to
deploy better than T1 services for much less the
cost of a T1 line. boot files
Files needed to boot an operating system on a computer.
● Customers who are too far from their telco CO can
use bonding to boost DSL carrying capacity to typ- Overview
ical DSL speeds at twice the normal distance from Every operating system has its own set of boot files
customer premises to CO. For example, Netopia’s needed to locate, load, and initialize the operating sys-
IDSL bonding can provide up to 576 Kbps at dis- tem during the boot sequence. For example, MS-DOS
tances up to 35,900 feet (10,940 meters) from the and Windows 3.x use the hidden files Io.sys and
CO, which is almost double the normal DSL limit- Msdos.sys and the file Command.com. Configuration
ing distance of 18,000 feet (5500 meters). information stored in the text files Config.sys and
Autoexec.bat is also used during the process.
See Also: Digital Subscriber Line (DSL), Integrated
Services Digital Network (ISDN), Multilink On Windows 95, Windows 98, and Windows Millen-
Point-to-Point Protocol (MPPP) nium Edition (Me), the files used for booting are Io.sys,
Msdos.sys, and Win.com, with the files Config.sys
and Autoexec.bat used optionally to support legacy
boot hardware.
A term used to refer to the process of starting a com-
puter, as in the phrase, “Please boot the computer.” The files needed to boot Windows NT vary depending
on whether the x86 or Alpha processor platform is used.
Overview
The term boot also refers specifically to the series of The files needed to boot Windows 2000, Windows XP,
steps by which a computer locates and loads the operat- and Windows .NET Server (and Windows NT on x86)
ing system once the power is turned on. This series of include the following:
steps is usually referred to as the boot sequence or boot
● Boot.ini
process, and it depends on both the type of operating
system installed on the machine and the type of hard- ● Bootsect.dos
ware platform (for example, x86 platform or Alpha
● Hal.dll
platform).
● Ntdetect.com
The term warm boot refers to resetting the system or
rebooting using Ctrl+Alt+Delete. The power to the sys- ● Ntbootdd.sys
tem is not interrupted during a warm boot, but the boot
● Ntldr
process starts again from the beginning using the sys-
tem basic input/output system (BIOS). ● Ntoskrnl.exe
The term cold boot refers to shutting down a computer The Windows 2000, Windows XP, and Windows .NET
and actually turning off the power source and then turn- Server boot process also makes use of other files,
ing it back on. Cold boots are sometimes necessary including device drivers and the system hive.
after installing or configuring some legacy hardware
See Also: boot, boot process
devices to ensure that the devices are properly initial-
172
Boot.ini boot loader menu
Boot.ini The last line of the file is the same for booting to any B
A file used to create the boot loader menu in Windows MS-DOS–based operating system, including Windows 95,
2000, Windows XP, and Windows .NET Server. Windows 98, and Windows Millennium Edition (Me).
Overview See Also: boot, boot files, boot loader menu, boot
Boot.ini is a hidden, read-only text file on the root of process
the system partition of a Microsoft Windows 2000,
Windows XP, or Windows .NET Server machine. The boot loader menu
boot loader menu is used on dual-boot and multiboot A menu that appears when you boot a Microsoft
systems to select which operating system (Windows Windows 2000, Windows XP, or Windows .NET
2000 or some other operating system) to boot. The Server computer configured for dual-boot or multiboot
Boot.ini file creates this menu, which normally is only operation with other operating systems.
displayed if more than one operating system is installed
on the machine. Overview
The boot loader menu appears during the boot loader
Examples phase of Windows NT startup, and it is displayed by the
A typical Boot.ini file for a default Windows 2000 Windows 2000, Windows XP, and Windows .NET
installation might look like this: Server loader program called Ntldr. The boot loader
[boot loader]
menu allows you to select the particular operating sys-
timeout=30 tem you want to run on a dual-boot or multiboot system
default=multi(0)disk(0)rdisk(0)partition(1)\ and to use optional boot-time switches for booting
WINNT Windows 2000, Windows XP, and Windows .NET
[operating systems] Server in various enhanced ways or for troubleshooting
multi(0)disk(0)rdisk(0)partition(1)\ purposes. The table summarizes some of the more
WINNT="Microsoft Windows 2000 Professional" commonly used boot-time switches used in Boot.ini.
/fastdetect
Some Common Boot-Time Switches
You can see a close correspondence between the Used in Boot.ini
appearance of the Boot.ini file and the boot loader
Switch Description
menu, which the Ntldr program creates during the
Windows NT boot sequence. /3GB Used only with Windows 2000
Advanced Server to increase user
A Boot.ini file for a dual-boot system configured to address space from 2 gigabytes (GB)
boot to either Windows 2000 or Windows 98 usually to 3 GB
looks like this: /basevideo Starts Windows 2000 using generic
Video Graphics Adapter (VGA)
[boot loader]
video
timeout=30
/bootlog Creates a log, called Ntbtlog.txt, of
default=multi(0)disk(0)rdisk(0)partition(1)\
steps in the boot process
WINNT
[operating systems]
/fastdetect Skips enumeration of serial and par-
multi(0)disk(0)rdisk(0)partition(1)\
allel devices during the boot process
WINNT="Microsoft Windows 2000 Professional"
(included by default)
/fastdetect /numproc= Specifies the number of CPUs to use
C:\="Microsoft Windows" on a symmetric multiprocessing
(SMP) system
/sos Lists the device drivers marked to
load at boot time and displays other
information
173
BOOTP boot process
B Notes Notes
The boot loader menu is created by the Boot.ini file. The boot partition can be the same as or different from
This file can be edited using a text editor such as Note- the system partition.
pad, but this should be done with care as mistakes could
See Also: boot process, system partition
render your system unbootable.
See Also: boot, boot files, Boot.ini, boot process
boot process
The series of steps that occurs when an operating
BOOTP system boots on a machine.
Stands for bootstrap protocol, a Transmission Control Overview
Protocol/Internet Protocol (TCP/IP) protocol and ser- Each operating system has its own particular boot
vice that allows diskless workstations to obtain their IP sequence and uses its own specific set of boot files.
address, other TCP/IP configuration information, and Knowledge of the boot sequence for a particular operat-
their boot image file from a bootstrap protocol ing system can aid in troubleshooting problems booting
(BOOTP) server. a machine on which that operating system is installed.
See: bootstrap protocol (BOOTP) For example, from messages displayed during the boot
process, a technician can often determine whether a
particular boot file is missing or corrupt.
boot partition
The partition of a disk on which Microsoft Windows The following is a brief summary of the boot sequence
2000, Windows XP, or Windows .NET Server installs for the Microsoft Windows 2000 operating system
its core operating system files. (the Windows XP and Windows .NET Server boot
sequences are similar). Note that the actual boot process
Overview involves more than 100 different steps and that this
The core operating system files for Windows 2000, description gives only an overview of the process.
Windows XP, and Windows .NET Server are typically
stored in \Winnt and its subdirectories. The \Winnt ● Preboot: The boot process can take place only
directory and its system files are located on what is because during installation Windows 2000 Setup
referred to as the boot partition (by a strange choice of writes boot code (a short series of executable
terminology, the boot files in Windows 2000, Windows instructions) on the master boot record (MBR)
XP, and Windows .NET Server are stored on the system located on the first sector of the first hard disk. The
partition). MBR also contains the partition table identifying
which partition is the active (bootable) partition that
The choice of which partition is to be the boot partition contains the operating system boot files. Setup also
is made during installation of Windows 2000, Windows creates a file called Boot.ini that is used to display a
XP, and Windows .NET Server and cannot be changed boot loader menu on systems configured for dual-
afterward. An important consideration when installing booting or multibooting to Windows 2000 and other
Windows 2000, Windows XP, and Windows .NET operating systems.
Server is designating a boot partition that has sufficient
free space to contain the various operating system files ● Ntldr: When a Windows 2000 system is powered
together with all the optional and future components on, the basic input/output system (BIOS) reads the
such as device drivers. MBR into memory and transfers control to the
MBR, which then finds, loads, and executes Ntldr, a
key Windows 2000 executable boot file. When
174
Bootsect.dos bootstrap protocol (BOOTP)
175
boot volume Border Gateway Protocol (BGP)
B BOOTP server, which replies to the client with the fol- Overview
lowing information that the client needs: The boot volume can be the same as or different from
the system volume, and it can be formatted in either
● The client’s IP address, subnet mask, and default
NTFS file system (NTFS) or file allocation table (FAT).
gateway address
The term volume indicates that we are referring here to
● The IP address and host name of the BOOTP server dynamic storage, which enables volumes to be created
and managed. By contrast, basic storage enables the
● The IP address of the server that has the boot image,
creation and management of partitions instead.
which the client needs to load its operating system
See Also: boot partition
When the client receives this information from the
BOOTP server, it configures and initializes its TCP/IP
protocol stack, and then connects to the server on which Border Gateway Protocol (BGP)
the boot image is shared. The client loads the boot An exterior gateway protocol (EGP) used on the Inter-
image and uses this information to load and start its net to provide loop-free routing between different
operating system. autonomous systems (ASs).
176
border router border router
BGP was developed in 1982 as the successor to EGP grow to the point that IGRP performs poorly, BGP can B
and was formalized in RFCs 827 and 904. Since then it be used to partition the internetwork into two autono-
has gone through several versions, with the current ver- mous systems for better routing performance.
sion being BGP 4, specified by RFC 1771. BGP 4
Another situation where you might implement BGP is
includes a number of enhancements over earlier
if your corporate internetwork is multihomed, that is,
versions, including support for
has several dedicated connections to the Internet using
● Route and path aggregation different Internet service providers (ISPs). In this case,
you can use BGP to balance the load between the Inter-
● Route, path, and community filtering
net connections and provide redundancy.
● Routing policies
Finally, if your corporate internetwork is being used as
● Advertising Internet Protocol (IP) prefixes a transit network to connect other networks to the Inter-
net, you need to employ BGP.
● Classless Interdomain Routing (CIDR)
If you plan to implement BGP, make sure your router is
Architecture
powerful enough to handle it, especially if your inter-
BGP is a connection-oriented protocol that runs on top
network will be directly connected to a regional ISP’s
of Transmission Control Protocol (TCP) to provide reli-
network.
able transport of routing updates. TCP port 179 is used
for forming connections between BGP-enabled routers, Notes
and incremental updates to routing tables only are There are actually two flavors of BGP, though this dis-
transmitted, which makes BGP efficient in terms of tinction is not widely used in the literature:
bandwidth utilization (other distance-vector routing
● EBGP (Exterior BGP): The form used for com-
protocols exchange entire routing tables at regular inter-
munication between different ASs for BGP-enabled
vals, which makes them scale poorly to internetworks
routers. This is also simply known as BGP and is
the size of the Internet).
the version described in this article.
To use BGP, your internetwork must first be assigned an
● IBGP (Interior BGP): The form used for commu-
Autonomous System Number (ASN). You can get one
nication within an AS for BGP-enabled routers.
by contacting your regional Internet registry, such as the
American Registry for Internet Numbers (ARIN) for See Also: autonomous system (AS), exterior gateway
North and South America, Reseaux IP Européens protocol (EGP), routing protocol
(RIPE) for Europe, or the Asian-Pacific Network Infor-
mation Center (APNIC) for Asia. ASNs for public
border router
internetworks are assigned from the range 1 through
A router that connects two different autonomous
64511.
systems (ASs).
BGP-speaking routers within an AS establish peering
Overview
relationships with each other to form a loop-free rout-
The Internet consists of a collection of thousands of dif-
ing mesh. The first update between two peers includes
ferent independently administered large internetworks
all known routes on the network, while succeeding
called ASs. Border routers are high-speed backbone
updates are incremental.
routers that connect these different internetworks.
Implementation
BGP needs to be implemented only in very large inter-
networks. When smaller internetworks using IGRP
177
bottleneck bottleneck
LAN bottleneck
A situation that occurs when computer and network
R R systems and components are unable to meet the demand
placed upon them by real-world situations.
LAN LAN Overview
A bottleneck is essentially the particular network com-
ponent or server subsystem that is causing the problem.
For example, if users on a Microsoft Windows 2000–
based network are complaining that it takes too long to
log on when they arrive at the office in the morning, the
bottleneck and its potential resolution might be
Border router. Using a border router to connect two computer system can be limited by the amount of phys-
autonomous systems. ical memory, read/write speed of the disk subsystem,
throughput of the network interface card, speed of the
Border routers use the Border Gateway Protocol (BGP)
CPU, and other parameters—any of these components
as the routing protocol for exchanging route informa-
(or several of them) could be a bottleneck that prevents
tion between them. Since the routing tables for border
the application from performing as desired. Or more
routers are large and rapidly growing as the Internet
178
bounce bps
generally, the performance of a browser accessing Web ● Network bottleneck: With today’s Gigabit Ether- B
content on a corporate Intranet could be affected by net (GbE) networks, older servers simply cannot
overworked name servers for Domain Name System pipe data fast enough from their system bus into
(DNS) name resolution, an insufficient number of their GbE network cards to get it onto the network.
domain controllers to handle authentication requests, What seems to be a network bottleneck here is
slow or faulty routers joining subnets within an inter- really caused by the inadequate speed of the system
network, misconfigured firewalls, and a host of other bus, and upgrading the motherboard is the only real
issues that could represent bottlenecks. option. True network bottlenecks are more difficult
to find and may result from misconfigured routers,
Notes
network cards running in promiscuous mode,
Troubleshooting bottlenecks is the science (sometimes
excessive broadcast overhead from using too many
the art) of identifying, isolating, and correcting issues
protocols on the network, poor planning of network
that limit application performance. Valuable tools for
topologies, and many other issues.
ferreting out bottlenecks in Windows 2000–, Windows
XP–, and Windows .NET Server–based networks are
the Performance console, one of the administrative bounce
tools in Windows 2000, Windows XP, and Windows An effect that happens to signals on a bus topology net-
.NET Server, and Task Manager. For system perfor- work when the ends of the bus are improperly termi-
mance, there are four main types of bottlenecks: nated or unterminated.
● Memory bottlenecks: These bottlenecks arise The effect of signal bounce on baseband networks such
when the system has insufficient RAM, which gen- as Ethernet is serious, since the transceivers on the net-
erally results in excessive paging and overall poor work interface cards (NICs) attached to the bus inter-
performance. Adding more RAM is often the sim- pret the problem as a collision and stop transmitting.
plest and cheapest solution to improve performance This collision occurs because the signal is colliding
of most computer systems. with its own reflection. Once the proper termination is
applied to the bus, network communication can resume.
● Disk bottlenecks: Sometimes the hard disk sub-
system cannot keep up with read/write requests See Also: terminator
generated by an application. In such a case the
application is said to be disk-bound, and upgrading bps
to a faster disk subsystem, implementing disk strip-
Stands for bits per second, a unit used for measuring
ing, or using a storage area network (SAN) can
the speed of transmission of data on a network of
improve performance. Often, however, when disk
computers.
activity is consistently too high, this simply indi-
cates excessive paging caused by insufficient RAM. See: bits per second (bps)
In this situation, what appears at first to be a disk
bottleneck is actually one of memory instead.
179
breakout box bridge
● Join dissimilar media such as unshielded ● Wireless bridges: Can be used to join LANs or
twisted-pair (UTP) cabling and fiber-optic cabling connect remote stations to LANs without wiring
between them
● Join together different network architectures such
as Token Ring and Ethernet (called a translation
bridge)
180
bridgehead server broadband
181
broadband Internet access broadband Internet access
B broadband Internet access Speed is the main benefit of various broadband Internet
Generally refers to various technologies such as digital access technologies, and a comparison is useful:
subscriber line (DSL) and cable modems that provide ● Copper DSL: Running various flavors of DSL
high-speed Internet access for residential and business such as Asymmetric Digital Subscriber Line
customers. (ADSL) and Symmetric Digital Subscriber Line
Overview (SDSL) over the copper local loop to subscribers
The growth and evolution of the Internet and World can offer speeds of up to 8 Mbps, but download
Wide Web over the last 10 years has seen simple speeds of 1 or 2 Mbps are more common (upload
text-based Web pages become replaced with media-rich speeds may be less).
content that includes graphic files, sound clips, Shock- ● Fiber DSL: By running fiber to the curb, signifi-
wave animations, and streaming media. In addition cantly higher DSL speeds of up to 60 Mbps or
text-based Simple Mail Transfer Protocol (SMTP) higher can be achieved, but the cost is high due to
e-mail has become heavy with large attachments the need to deploy a new fiber infrastructure. This
including Microsoft Word files, spreadsheets, images, is an attractive solution for businesses, however,
and other content. These changes in content forms especially where telcos are rolling out such
require high-bandwidth Internet connections, and tradi- infrastructures.
tional dial-up modem connections (even 56K) feel inad-
equate to many users. ● Cable modem: Typical cable modem speeds are
between 2 and 6 Mbps, but effective speeds may be
As a result, the broadband Internet access market has much less for users due to the shared-bandwidth
taken off in the last couple of years, with widespread nature of this solution.
deployment of cable modem and DSL connections now
in the millions. In addition, for remote locations, com- Uses
panies such as StarBand Communications and Digistar In addition to providing the ability to surf the Web at
provide satellite-based broadband Internet access with high speeds or send Christmas card images through
download speeds in the 2-megabit-per-second (Mbps) e-mail, broadband Internet access is seen by increasing
range (for more on satellite-based broadband, see numbers of companies as an idea solution for support-
the article “broadband wireless communications” ing the remote workforce of home-based telecommut-
elsewhere in this chapter). ers. By using a cable modem or DSL connection and
setting up a Virtual Private Network (VPN) connection
The two most commonly deployed broadband Internet using Microsoft Windows 2000, Windows XP, and
access solutions are cable modems and variants of DSL. Windows .NET Server, or some other platform,
Cable modems are a low-cost solution that is easier to employees can work from home across secure connec-
deploy than DSL, but they are generally only available tions to their company intranet.
in residential markets where the cabling infrastructure
has already been widely deployed. DSL is a more com- Large companies that choose DSL or other broadband
plex solution offered by telcos but has the advantage solutions as replacements for or backups to existing
that connections are dedicated rather than shared: a leased-line wide area network (WAN) links need to
DSL connection offers guaranteed bandwidth, while the consider things such as service level agreements
effective bandwidth for a cable modem connection (SLAs), Quality of Service (QoS) guarantees (usually
depends on the number of users to which it is deployed nonexistent for DSL), the number of Internet Protocol
in a given area (cable modem users are essentially con- (IP) addresses that can be provided with the connection
nected in a LAN and so share the available bandwidth (usually under 150 for DSL), deployment times (usu-
of the LAN). ally weeks, but sometimes months), and business
pricing (which is significantly more than residential
pricing).
182
broadband ISDN (B-ISDN) broadband transmission
183
broadband wireless communications broadband wireless communications
B Broadband signals are unidirectional—traveling in only businesses to the enterprise. In a typical fixed wireless
one direction at a time—so a broadband system can scenario, a business requiring high-speed Internet access
generally either transmit or receive but cannot do both or a WAN connection deploys a broadband radio trans-
simultaneously. Broadband signals can be regenerated mitter/receiver with a fixed unidirectional dish or horn
using amplifiers in order to travel longer distances antenna pointed toward the service provider’s antenna. A
before becoming attenuated. clear line of sight is required between the customer pre-
mises antenna and the provider’s antenna, which gener-
Uses
ally means customers deploy their antenna on their
Broadband transmission is typically used for environ-
rooftop and providers deploy antennas on high towers,
ments in which video, audio, and data need to be trans-
skyscrapers, or nearby mountains. Fixed wireless broad-
mitted simultaneously. Cable television systems are
band can be based on various different technologies
based on broadband transmission technologies, as are
including Local Multipoint Distribution System
satellite-based television services. Examples of broad-
(LMDS), Multichannel Multipoint Distribution System
band services in the computer networking arena include
(MMDS), and others. Fixed broadband wireless commu-
T-carrier services, Asynchronous Transfer Mode (ATM),
nications systems are based on spread-spectrum commu-
and the various flavors of Digital Subscriber Line (DSL).
nications technologies and may use frequencies from the
See Also: Asynchronous Transfer Mode (ATM), base- Industrial, Scientific, and Medical (ISM) band’s 2.5 GHz
band transmission, broadband Internet access, broad- range up to millimeter wavelengths in the 66 gigahertz
band wireless communications, Digital Subscriber Line (GHz) range. Dedicated point-to-point microwave links
(DSL), T-carrier can offer data transmission speeds of 10 Mbps or higher,
but speeds of 1 or 2 Mbps are more common.
broadband wireless Mobile broadband wireless solutions are still in plan-
communications ning stages in most countries and regions, with Europe
Generally refers to high-speed wireless communica- and Asia in the lead with planned rollouts of 3G cellular
tions systems where data rates are approximately 1 technologies such as Wideband Code Division Multiple
megabit per second (Mbps) or higher. Access (WCDMA) and Universal Mobile Telecommu-
nication System (UMTS). Nevertheless, widespread
Overview
deployment of these technologies probably will not
Broadband wireless (or wireless broadband) is an emerg-
happen until 2005 or later.
ing high-speed communications technology that is being
largely driven by the Internet access market. Broadband Mobile broadband services are also expected to provide
wireless systems achieve data rates comparable to Digital significantly slower speeds than fixed solutions. For
Subscriber Line (DSL) or cable modems and can be used example a WCDMA system that provides 2 Mbps for
in environments where these technologies are unavailable fixed transmission can only support 384 Kbps for mobile
or difficult to deploy, such as isolated rural areas. And like (walking) transmission when handoffs are required, and
DSL and similar technologies, broadband wireless is an may go as low as 144 Kbps for highway travel.
always-on solution that provides fast access to the Internet
Satellite-based broadband wireless solutions generally
and can be used in other corporate wide area network
offer speeds of around 2 Mbps, are easy to deploy, and
(WAN) scenarios as well.
are rapidly becoming more widely available. An in-
Broadband wireless basically comes in three forms: depth discussion of how this technology works can be
fixed wireless, mobile wireless, and satellite-based. found in the article “satellite networking” elsewhere in
this book.
Fixed broadband wireless is a technology that is gaining
significant market share at all levels, from small
184
broadband wireless communications broadband wireless communications
185
broadcast domain broadcasting
Examples of broadcast domains include See Also: broadcasting, broadcast packet, broadcast
storm, directed frame, frame
● All stations connected to a given group of hubs or
switches
broadcasting
● All stations on an internetwork whose routers are A network communications method in which a packet
configured to forward broadcasts (not a desirable or frame is sent simultaneously to all stations on the
configuration) network.
● All stations in a given virtual local area network Overview
(VLAN) configured on a group of Ethernet Broadcasts take place when broadcast frames (or pack-
switches. ets) are sent out over the network. These frames contain
Notes a special address that instructs every station on the net-
Bridges used to segment Ethernet networks divide col- work to accept and process the frame’s contents.
lision domains but do not divide broadcast domains. Broadcasts have various functions on a network,
See Also: collision domain including
● Announcing the availability of network services
broadcast frame ● Resolving host names into addresses
In Ethernet networks, a frame broadcast to every station
on the network. ● Troubleshooting and testing network connectivity
186
broadcast packet broadcast storm
Broadcasts are usually not an efficient use of network duces excessive 255.255.255.255 packets is said to be B
bandwidth, since only one or a few network stations “flooding” the internetwork with broadcasts, and this
might actually be interested in the information being can lead to a condition called a “broadcast storm.”
broadcast. For this reason, directed frames (or packets)
The common denominator in these examples is 255,
are used for most network communication, which
which is the decimal representation of the binary
involves targeting a packet directly for the intended sta-
octet 11111111. Thus, the LAN broadcast address
tion. (All other stations ignore the directed packet.)
255.255.255.255 in binary notation is a series of 32
Another alternative is multicasting, which involves a
binary “ones.”
form of limited broadcast to a select group of hosts.
See Also: broadcasting, broadcast frame, broadcast
Notes
storm, directed packet, packet
Certain network conditions, such as certain types of
device failure, can generate large numbers of unwanted
broadcasts. These broadcast storms can sometimes broadcast storm
bring down a network if the condition is not resolved. A network condition in which so many broadcasts are
occurring that normal communication between hosts is
Applications that are poorly designed may sometimes
disrupted.
employ unnecessary amounts of broadcasting, with
resulting degradation of overall network services. Overview
Broadcast storms commonly occur on Ethernet net-
See Also: broadcast frame, broadcast packet, multi-
works where baseband transmission technologies allow
casting, unicasting
only one station to transmit at a time. The presence of
broadcast storms often indicates that a networking com-
broadcast packet ponent is malfunctioning and is continually sending out
In Internet Protocol (IP) networks, an IP packet broad- broadcast messages. A typical situation might be a
cast to every host on the network. failed transceiver on a network interface card (NIC) that
is continually sending out a stream of binary “ones.”
Overview
Broadcasts can be used in any type of IP network, During a broadcast storm, the wire is continually busy
including class A, B, C, D, and E networks. The actual and no other station is able to transmit information over
broadcast address depends on the class of network the network. As a result, a broadcast storm essentially
under consideration. For example: brings down the network. Since routers often are not
configured to forward broadcast frames between sub-
● For a class A network 27.0.0.0 the address for a
nets, broadcast storms usually are confined to a single
broadcast packet would be 27.255.255.255.
subnet (configuring routers to forward broadcasts is
● For a class B network 139.65.0.0 the broadcast thus a bad idea as a broadcast storm in one subnet could
address is 139.65.255.255. bring down the entire internetwork).
● For a class C network 207.17.125.0 the broadcast Broadcast storms might also indicate that your net-
address is 207.17.125.255. work’s bandwidth is nearly saturated and needs to be
upgraded.
The general broadcast address 255.255.255.255 is
called a local area network (LAN) broadcast and can be See Also: broadcasting
routed to every host on an internetwork if routers are
allowed to forward broadcasts. A faulty device that pro-
187
brouter browsing
Overview Overview
The browse list is maintained and distributed by the You can browse for shared resources on a Microsoft Win-
Computer Browser service. The browse list contains a dows network using Windows Explorer, My Network
list of all available domains, workgroups, and servers Places, and other tools. Browsing a Windows network is
on the network. This list is then distributed to clients made possible by the Computer Browser service, which
who desire to connect to shared resources on the net- keeps track of all shared resources on a Windows NT net-
work so that they can locate and connect to these work and communicates this information to clients when
resources. they need to access a resource. The Computer Browser
service is at the core of the ability to locate shared file
Essentially, when you are browsing Network Neigh- and printer resources on a network and maintains the
borhood in Windows NT or My Network Places in browse list, the list of available shared resources.
Windows 2000, Windows XP, or Windows .NET
Server, you are looking at a representation of the Regarding the Internet, the term browsing refers to
browse list for your locally accessible network. the process of using a Web browser such as Microsoft
Internet Explorer, Netscape Navigator, or Opera Soft-
Notes ware’s Opera to view and download Web pages from
The browse list is maintained by the master browser the Internet. The origin of the term probably stems from
computer, but clients that need it obtain it from backup the idea of reading magazines, in which you pick up one
browsers on the network.
188
BSD building-block services
189
Building-centric Local Exchange Carrier (BLEC) Building-centric Local Exchange Carrier (BLEC)
B While Microsoft is developing the core set of .NET ser- into the MTU market by deploying high-speed met-
vices, third-party partners will develop additional ser- ropolitan area networks (MANs) to service such
vices to build in enhanced functionality to .NET customers and are in effect competitors to BLECs.
applications and services.
Implementation
See Also: .NET platform Typically a single business client within an MTU can-
not justify the cost of having a leased line such as T1
deployed to service its needs. That is where BLECs
Building-centric Local
come in, however—they provision such services for all
Exchange Carrier (BLEC)
clients within a given MTU.
A telecommunications carrier focused on the Multi-
tenant Unit (MTU) market.
Overview
With the increasing deregulation of the U.S. telecom-
munications industry over the last decades, several dif-
ferent types of local exchange carriers (LECs) have
emerged in the marketplace, including Incumbent Local
Exchange Carriers (ILECs) and Competitive Local
Exchange Carriers (CLECs). The latest of these is the
Building-centric Local Exchange Carrier (BLEC),
which represents a carrier focused on providing broad-
band telco services within multitenant units (MTUs).
An MTU is essentially a building or group of buildings
that primarily host small and medium-sized businesses
with between 10 and 200 employees. Examples of busi-
ness environments serviced by BLECs include office
skyscrapers, industrial parks, and hotels. Some BLECs
also target residential apartment blocks and malls as
well. By targeting MTUs, BLECs are essentially focus-
ing on a market that ILECs have generally neglected
(ILECs have historically focused on the large-enterprise
and individual consumer markets instead). The require-
ments of BLEC clients are usually diverse, and typi-
cally include Internet Protocol (IP) data, Web hosting,
e-mail, and Internet access, which BLECs offer as
value-added data services to traditional voice telephone
connectivity.
BLECs can typically be grouped into two categories:
● Those focused on retail services to end-user busi-
ness clients. GB0XX012 (new to 2E)
190
built-in account built-in account
brokered from larger LECs and IXCs. This first step is feeding chain. Customers owning multiple MTUs B
necessary because the majority of large office buildings desire simultaneous rollout regardless of the up-front
in the United States do not currently have fiber-optic costs to BLECs for servicing smaller premises. Some
cabling deployed to them. Once fiber has been laid by building owners (usually real estate companies) are also
the BLEC from the building to the central office (CO) consider deploying their own broadband switching gear
of the LEC or IXC from which the BLEC obtains instead of partnering with BLECs to do so and thus
wholesale broadband provisioning, the BLEC then pur- bypass BLECs entirely by going to LECs and IXCs
chases T1 or T3 services from the LEC or IXC to run directly. Future rulings of the Federal Communications
over the fiber. Switching gear (usually a DSLAM, an Commission (FCC) might also affect how this all works
Asynchronous Transfer Mode [ATM] access switch, or out in the marketplace.
some form of high-speed Ethernet switch) is then
Notes
deployed by the BLEC in the basement of the MTU to
Another common name for BLECs is Multitenant
provide broadband services to clients throughout the
Broadband Service Providers (MBSPs).
building. This arrangement is preferable to co-locating
such equipment at LECs and IXCs and often give See Also: broadband Internet access, broadband wire-
BLECs a competitive edge in the speed at which new less communications, carrier, inter-exchange carrier
services can be deployed and problems troubleshot. (IXC), local exchange carrier (LEC), multitenant unit
(MTU)
Another technology option for BLECs is fixed broad-
band wireless, which bypasses the initial step of laying
fiber to the building. This is often a method for cost- built-in account
effective provisioning of broadband services for MTUs In Microsoft Windows 2000, Windows XP, and
that is easy to implement rapidly and is often the only Windows .NET Server, a type of user account that is
solution when the MTU is too far from a central office created during installation.
(CO) for DSL or T-carrier services to be effective.
Overview
To provision either of these scenarios, BLECs first have All computers running Windows 2000, Windows XP,
to negotiate right-of-way through revenue-sharing and Windows .NET Server, have two built-in user
agreements with building owners to gain access to base- accounts:
ment wiring closets or deploy rooftop antennas, and this
● Administrator account: Used to provide adminis-
is usually factored into the price for services offered by
trative access to all features of the operating system
BLECs to tenants.
● Guest account: Intended to provide occasional
Marketplace users with access to network resources
Some of the major players among BLECs include
Broadband Office, which has right-of-way to a large Depending on whether the computer is a domain con-
portion of U.S. commercial office space; Comactive, troller, a member server, or a workstation, built-in
which is an offshoot of Intermedia Communications; accounts will be either local user accounts or global
and many others. user accounts. A built-in account on a domain control-
ler is a global user account that exists everywhere
Prospects within the domain. Users can log on to any machine in
With increasing deregulation of the telecommunica-
the domain using such an account, which provides
tions industries, BLECs find themselves squeezed by
administrators with the capability of administering a
rising customer expectations on the one hand, high
Windows 2000–based network from anywhere on the
levees from building owners for fiber and rooftop
network. On a member server or workstation, the
right-of-way on another hand, and direct competition
Administrator and Guest accounts are local user
from CLECs, ILECs, and IXCs higher up on the carrier
accounts and exist only on those machines.
191
built-in domain local group built-in group
192
built-in identities bus
193
bus bus
B cards such as network adapters and sound cards. Exam- together in linear fashion. Examples include 10Base2
ples of different types of system buses include and 10Base5 Ethernet and Token Bus networks, all
three of which are obsolete. Most networks today are
● Processor bus: This transports data between the
based on a star topology, which is easier to manage than
CPU (central processing unit) and the chipset.
bus topology because of its centralized nature.
● Memory bus: This transport data between the
Prospects
memory subsystem, CPU, and chipset.
The state of system bus technology is currently in flux.
● I/O bus: This transports data between the CPU, Whereas previously networks could not keep up with
chipset, memory subsystem, and internally attached their servers, now the server has become the bottleneck:
peripherals such as network adapters, video adapt- a Peripheral Component Interface (PCI) local bus has a
ers, and disk controllers. difficult time performing I/O fast enough to fully utilize
a Gigabit Ethernet (GbE) network connection. The
● Cache bus: This transports data between the CPU
result has been various industry initiatives to speed up
and the L2 cache (present only in sixth-generation
the I/O bus to match rapidly growing network capacity
processors such as the Pentium III).
(10 GbE is now on the horizon). Another source of
When the term bus is used in conjunction with com- pressure has been the increasing need for modern serv-
puter systems, it is commonly interpreted as meaning ers to be able to rapidly access large amounts of data-
input/output (I/O) bus. The I/O bus has gone through base storage, sometimes in the terabyte range.
many changes over the years, including the following:
Some of the newer industry initiatives for evolving sys-
● Industry Standard Architecture (ISA) bus: The tem buses include
8-bit ISA bus was developed by IBM in 1981 for the
● PCI-X (or PCIx) bus: This proposed next-genera-
original IBM PC. A 16-bit version was then devel-
tion PCI bus will have a theoretical data transfer
oped in 1984 for the newer IBM AT. Some desktop
rate of 1 gigabit per second (Gbps), based on
systems still include an ISA bus and slots for back-
a clock speed of 133 megahertz (MHz), and is
ward compatibility of legacy peripheral devices, but
backward-compatible with existing PCI peripherals.
the presence of an ISA bus is problematic because it
A draft standard for PCIx was produced in 1999.
does not support plug and play (PnP).
● Infiniband: Unlike legacy bus systems (including
● VESA Local Bus (VLB): This was used by some
PCI), which are shared-bus systems in which con-
486 systems but had the disadvantage that the bus
nected devices must contend with each other for the
was essentially an extension of the CPU’s leads,
right to transmit data, Infiniband is a switched-bus
which resulted in poor performance.
fabric that is capable of data transfer rates of 6 Gbps
● Peripheral Component Interconnect (PCI) bus: or higher and is supported by industry heavy-
This is the most common form of I/O bus in use weights such as IBM and Intel Corporation.
today, and it comes in both 32-bit (PCI 2.0) and
● Ethernet: Since high-speed switched Ethernet per-
64-bit (PCI 2.1) versions.
forms so well in the network, why not use it for I/O
Peripheral buses are buses whose primary use is for within computer systems? This is the thinking of
connecting peripherals to computer systems or network Performance Technologies, which has joined with
switches. Examples of this type include Small other manufacturers in proposing a new form of
Computer System Interface (SCSI) and Fibre Channel. PCI bus called cPCI based on switched Ethernet
technologies that provides 2 Gbps of dedicated
Network buses (or bus topology networks) represent
bandwidth per slot.
any form of network in which devices are connected
194
business logic bus topology
business-to-business
Also known as B2B, e-commerce between different
companies that have a partnering arrangement.
See: B2B
G0BXX13 (was G0Bui10.bmp in 1E)
195
bus topology bus topology
196
C C
C++ ●
197
C2 C2
by Sun Microsystems in that memory resources and used as a primarily development platform. And because
garbage collection (object lifetime management) are C# executes on the .NET runtime, it shares the interop-
C automatically handled by the language itself, freeing erability features of this runtime, which allows modules
developers to work on creating applications instead of written in C# to communicate with code written using
being bothered by handling these intricate details. C# other programming languages.
also simplifies access to external objects and simplifies
Microsoft plans to submit the C# language to the stan-
the object creation process compared with C++. And
dards board of the European Computer Manufacturers
although C++ applications require frequent use of
Association (ECMA). The ECMA will then manage the
include files to allow access to system services, in C#
language as a standard, which means that third parties
these services are transparently wrapped in objects.
wanting to use C# to develop applications will not be
Like Java, C# thus relieves programmers of much of the
required to pay licensing fees to Microsoft. This will
chore of object and memory management, speeding up
keep the cost of development tools and applications
the development cycle in the process.
development low.
On the other hand, C# is unlike Java in that it maintains
Notes
powerful features such as pointers, passing arguments
The Object Management Group (OMG), the creators
through reference, overloading operators, and manually
of Common Object Request Broker Architecture
allocating memory. These features, basic to C++, are
(CORBA), is developing a language mapping for C# to
included in C# to provide programmers with the func-
enable it to communicate through CORBA with appli-
tionality should they need it, but they are deemphasized
cations written in other languages such as C, C++,
in C# compared to their common use in C++. For exam-
Cobol, Java, Python, and Ada.
ple, when pointers are used in C#, they need to be
tagged in a section of code marked as “unsafe,” making See Also: C++, .NET platform
it easier to troubleshoot difficulties that may arise from
their misapplication. Furthermore, C# has the advan-
C2
tage over Java of providing direct access to native
A security standard for computer systems established
Microsoft Windows services, and C# is easier to learn
by the National Computer Security Center (NCSC).
than Java for C++ programmers because its syntax is
derived from and is similar to C++, whereas the syntax Overview
for Java has many differences from C++ that make it The NCSC is a U.S. government agency responsible for
difficult for C++ programmers to use easily. evaluating the security of software products. The C2
security standard is defined in the Trusted Computer
It is relatively simple to port existing C++ programs to
Systems Evaluation Criteria (TCSEC) manual (or
C# (by contrast, it is much more difficult to port such
Orange Book) published by the NCSC.
applications to Java). The main disadvantage of C# as a
development environment is a weakness shared with The NCSC rated Microsoft’s Windows NT 3.5 (with
Java: unlike C++, which compiles programs into native Service Pack 3) C2-compliant. The C2 designation
machine code, C# compiles programs into an interme- assures that the base operating system satisfies a num-
diate bytecode called intermediate language (IL) that is ber of important security criteria. This designation also
then interpreted by the .NET runtime. This means C# represents an independent, unbiased evaluation of the
shares a performance hit similar to Java, which is also system architecture’s security with regard to the gov-
an interpreted platform. C++ will still be used for writ- ernment’s operating and implementation standards.
ing code modules where the best performance possible Windows 2000 also supports C2, but is still undergoing
is required (such as device drivers), but C# performs the NCSC evaluation process.
sufficiently well on today’s hardware platforms to be
198
CA cabinet
CA
Stands for certificate authority, any entity (individual,
department, company, or organization) that issues digi- GC0XX01 (was G0Cui01.bmp in 1E)
tal certificates to verify the identity of users, applica- Cabinet. A typical cabinet for mounting networking and
tions, or organizations. telecommunications equipment.
199
cabinet file cable modem
with filter fans installed can protect equipment in envi- You can also use the System File Checker tool to extract
ronments where dust is a problem. Use filler panels to files without knowing which specific cabinet file they
C enclose areas of the cabinet that are not occupied by are located in.
equipment.
See Also: Authenticode
See Also: premise cabling, rack
cable modem
cabinet file A device that allows your computer to access the Inter-
A file with the extension .cab that stores compressed net through dedicated broadband transmission network-
files, usually for distributing software on Microsoft ing services by means of your home cable TV (CATV)
platforms. connection.
Overview Overview
Cabinet files can contain multiple files in a compressed Cable modems modulate and demodulate analog sig-
state, or a single compressed file can be spread over nals like regular modems, but for transmission over
several cabinet files. During installation of software, the broadband video services instead of telephone voice
setup program decompresses the cabinet files and cop- services. A cable modem can be internal or external and
ies the resulting files to the user’s system. can interface with the coaxial cable connection at the
user’s end and the Cable Modem Termination System
Cabinet files can be digitally signed using a Microsoft
(CMTS) at the cable provider’s head office.
technology called Authenticode. This allows setup files
to be downloaded safely over distrusted networks such Cable modem and Asymmetric Digital Subscriber Line
as the Internet. Cabinet files are compressed using a (ADSL) are competing technologies for bringing high-
compression algorithm called MSZIP, which is based speed broadband Internet services to homes and busi-
on the Lempel-Ziv algorithm. nesses. Cable modems offer downstream speeds of 10
megabits per second (Mbps) and higher, but competing
Notes
technologies, lack of standards, and implementation
Cabinet files in Microsoft Windows 95 were located in
costs have slowed widespread deployment and use of
the Win95 directory on the source CD, and most were
this technology.
represented as a series of large files with names such as
Win95_1.cab and Win95_2.cab. Windows 98 uses a dif- There are two basic types of cable modem services:
ferent naming convention and names many of its
● One-way cable modems: These are used by unidi-
smaller cabinet files by function rather than by the order
rectional cable service providers. Most cable TV
in which they are used during setup. Naming by func-
services are designed to carry information in one
tion makes the extraction of files easier, which in turn
direction only—from the broadcaster to the cus-
makes the setup process smoother.
tomer premises. With one-way cable modems, the
In Windows 95, if you want to extract specific operating customer uses a regular telephone modem to send
system files from a cabinet file (for example, to replace a information to the cable company but uses the cable
missing or corrupt file), you have to use the command- TV system with cable mode to receive signals from
line utility called extract. Using Windows 98 and later the company. The telephone modem handles all
versions, you can simply double-click on a cabinet file upstream communication, and the cable modem
using Windows Explorer to view its contents in a new handles all downstream communication. One-way
window, double-click on the specific file you want to cable modems are typically cards installed inside a
extract, and specify the destination folder to send it to. subscriber’s computer.
200
cable modem cable modem
Keying (QPSK) and typically ranges from 320 kilobits Cable modem. A one-way cable modem service.
per second (Kbps) to several Mbps. Cable modem Internet access costs around $40 a month
in most locations but, because their operation depends
Marketplace
on the wiring infrastructure of cable TV systems, cable
Excite@Home was an early player in the cable modem
modems are almost exclusively offered for residential
marketplace, and many local cable companies followed
customers and home-based businesses. Some cable
offering high-speed Internet access to their cable TV
modem providers such as Cox Communications also
subscribers. Consolidation in the industry has led to the
compete with telcos by offering voice as well as data
emergence of several major players, including AT&T
services.
Broadband and AOL/Time Warner.
201
cable run cable run
The cable modem market is growing more rapidly than using 56-bit Data Encryption Standard (DES), although
the Digital Subscriber Line (DSL) market, its main DES is no longer secure.
C competitor. This is happening despite the security and
Furthermore, although in theory a cable modem might
bandwidth issues associated with cable modems (see
support downstream transmission speeds of 10 Mbps or
below), and is driven largely by the complexity of DSL
higher, in practice downstreams may be significantly
compared to the simplicity of cable modems and by the
less than 1 Mbps. This is because all cable modems ser-
fact that cable modems are not limited by the 3-mile
viced by a given neighborhood Cable Modem Termina-
(4.8-kilometer) distance restriction that governs how far
tion System (CMTS) are essentially on a LAN and
a DSL customer can be from the DSL provider’s central
share the available bandwidth. Thus, the more modems
office (CO). A Federal Communications Commission
deployed in a given neighborhood, the slower the sys-
(FCC) survey found that cable modem subscribers in
tem performs for Internet access, especially when some
the United States grew from just over 100,000 in 1998
users are downloading large files or streaming media (a
to almost 1 million in 1999. In 2000 worldwide cable
common occurrence among cable modem users). In this
modem usage was estimated at over 6 million subscrib-
respect DSL has an advantage because it is a secure,
ers, almost twice that of DSL.
private connection directly to the Internet.
Issues
Notes
Most cable television companies have jumped on the
If you have a one-way cable modem installed on a
cable modem bandwagon to offer Internet access for
computer running Microsoft Windows 2000, Windows
their customers, but this has not been without problems.
XP, or Windows .NET Server and it is not working prop-
Existing tree-and-branch coaxial systems were built for
erly, you might have IP Auto-Configuration Addressing
one-way transmission and often require expensive
enabled, causing an addressing problem that prevents
upgrades to make them suitable for two-way data trans-
packets from being routed successfully to your machine.
mission. Some of the steps typically involved in the
Also, try checking with your cable service provider to
upgrade are upgrading core distribution networks to
determine whether you have correctly configured the
fiber (creating a hybrid fiber-coax network) and trou-
line-in frequency, line-out phone number, and proxy
bleshooting ingress noise due to poor shielding and
server address.
loose connectors.
For More Information
Many cable operators, although they support multi-
Visit Cablemodems.com at www.cablemodems.com.
megabit upstream data speeds, have instead restricted
upstream speeds to 128 Kbps or lower to help prevent See Also: Asymmetric Digital Subscriber Line (ADSL),
customers from running rogue Web servers on their net- broadband Internet access, Data Over Cable Interface
work in violation of their customer agreements. Also, Specification (DOCSIS), modem
all subscribers in a one-way cable modem local service
area are essentially on a local area network (LAN) and,
cable run
if they have a packet sniffer, they can see one another. If
A length of installed cable connecting two network
you are using a one-way cable modem with Microsoft
components that are not in immediate proximity to one
Windows on your computer, you should disable file and
another.
print sharing so that other users in your local service
area cannot see your system or access resources on it. Overview
The cable modem industry itself has proposed a solu- Laying cable runs is the main work of installing
tion to the security issue through an initiative called premise cabling in a customer premises. Types of cable
Data Over Cable Service Interface Specification (DOC- runs include
SIS) that specifies encryption of all cable modem traffic
● Horizontal cable: Runs through building plenums
(the space between the floor and the ceiling) and
202
cable tester cable tester
false ceilings, connecting wiring closets together oped by bodies such as the Telecommunications Indus-
and connecting patch panels to wall plates try Association (TIA), the International Organization
● Vertical cable: Runs through vertical building
for Standardization (ISO), and the International Elec- C
trotechnical Commission (IEC). Cable testers are useful
rises, connecting wiring closets on each floor with
to local area network (LAN) administrators, cable
the building’s main equipment room
installers, and field service providers for testing and
Different grades of cabling must be used for different certifying cabling installations as compliant with these
runs to ensure compliance with building codes and standards.
safety standards. Examples include polyvinyl chloride
(PVC) cabling and plenum cabling. The Electronic
Industries Association/Telecommunications Industry
Association (EIA/TIA) wiring standards specify guide-
lines for using cable types and grades.
Notes
Cables connecting computers to patch panels (drop
cables) and connecting patch panels with hubs and F1
Escape
F2 F3 F4
?
wiring closet to other parts of the building.
When installing horizontal or vertical cable runs, use GC0XX03 (was G0Cui03.bmp in 1E)
203
cabling cabling
● Near-end crosstalk (NEXT), which is a decibel Cable testers can also store measurements taken so that
measurement of crosstalk taken at the end where a they can be analyzed separately afterward.
C signal is injected
The most accurate types of cable testers for UTP
● Attenuation to crosstalk ratio (ACR), which is the cabling are those that can test and certify Category 5
decibel difference between NEXT and attenuation (Cat5) cabling to Level II TSB-67 compliance and sup-
values port the Institute of Electrical and Electronics Engi-
neers (IEEE) TSB95 field testing specifications. An
● PowerSum NEXT, which measures the crosstalk
all-in-one cable tester is an invaluable tool and a good
between a single pair of wires and all other pairs in
investment for the network administrator. It can make
the cable
up for its cost in higher network availability.
● The distance to a short or unterminated cable end,
Notes
used for link-testing the continuity of circuits
Use a fiber-optic tester and an optoelectronic light
Uses source to test both ends of a new spool of fiber-optic
Cable testers are particularly important for testing Cat- cabling before beginning an installation with this cable.
egory 5 (Cat5) and enhanced Category 5 (Cat5e) struc- A good fiber-optic cable test should give you not only a
tured wiring deployments to see if they will properly pass/fail analysis of an installed cabling setup, but also
support Gigabit Ethernet (GbE) networking. GbE quantitative values of the optical link capabilities of
pushes unshielded twisted-pair (UTP) cabling to its your wiring configuration.
limits and requires top-quality properly installed
See Also: cabling, network troubleshooting, test
cabling to operate as expected. Particularly in older
equipment
buildings with existing Cat5 wiring, use a cable tester to
measure such parameters as cross-talk and NEXT to
determine if packet loss will occur over portions of the cabling
network. Particularly vulnerable portions include cable Any wires used for connecting computers and network-
termination at RJ-45 wall jacks and at patch panels ing devices together to enable them to communicate.
inside wiring closets. Poor quality patch cables between
Overview
workstations and wall jacks are a common problem, as
Cabling constitutes the passive portion of any computer
are patch panel connections that have been untwisted
network—the active portion consists of the servers,
beyond the specified limits.
workstations, switches, routers, and other components.
Marketplace Good cabling provides the foundation for creating reli-
A number of vendors produce different kinds of test able local area networks (LANs). Cabling is also used
equipment for cable testing. Two of the top vendors of for connecting LANs into wide area networks (WANs).
such equipment include Fluke Corporation, which Network administrators are usually involved in the
offers a wide range of cable testers, and Hewlett- deployment of LAN cabling, but WAN cabling is usu-
Packard. ally the responsibility of the telecommunications carri-
ers whose services are being leased.
Today’s cable testers can perform comprehensive and
programmable sets of autotests for a variety of cable Two basic types of cabling are used in LAN networking
types. A good cable tester can tell you at the push of a environments:
button whether installed wiring can support different
● Copper cabling: This type consists of insulated
kinds of networking architectures—such as coax,
copper conductors that transmit signals using elec-
10BaseT, 100BaseT, 100BaseVG, and Token Ring.
trical voltages and currents. Copper cabling can be
204
cabling cabling
either coaxial cabling (such as thinnet or thicknet) ● Establishing wiring closets on each floor of the
that is used mainly in industrial environments, or building to contain rack-mounted equipment such
the more commonly employed twisted-pair cabling. as hubs, switches, and patch panels C
Twisted-pair cabling comes as either unshielded
● Running vertical backbone plenum cabling through
twisted-pair (UTP) cabling (commonly used in
building risers and building plenums, for connect-
Ethernet or Fast Ethernet environments) or the less
ing wiring closets to the main equipment room
common shielded twisted-pair (STP) cabling
(employed for token ring networks and sometimes ● Running horizontal polyvinyl chloride (PVC)
for Gigabit Ethernet [GbE] installations). Copper cabling for each floor through false ceilings
cabling is mainly used for shorter cable runs such as
● Connecting the patch panels in the wiring closet to
horizontal cable runs between wiring closets and
wall plates in computer work areas
wall plates in work areas, for patch cables, and for
equipment interconnects. Cabling installed in a building must also meet all legal
requirements, including federal and local building regu-
● Fiber-optic cabling: This type is made of glass
lations for fire safety. Do not attempt to wire a building
strands that transmit signals as light waves or
unless you are fully familiar with the regulations.
pulses. Fiber-optic cabling can be either single-
mode, which is used for the longest cable runs, or Choosing the right kind of cabling at the beginning of
multimode, which has a much higher carrying an installation can save considerable expense when you
capacity. Fiber-optic cabling is generally used for later upgrade networking equipment for higher trans-
backbone cable runs such as vertical rises in build- mission speeds. Some tips for successfully outsourcing
ings and building-to-building interconnects on a cabling installations for computer networks in buildings
campus, for high-speed interconnects between net- include
working devices in a wiring closet, and for connec-
● Hiring a qualified cabling consultant to review the
tions to high-speed servers and workstations.
scope and details of your plans and procedures.
Implementation Hire cabling consultants who either have vendor
The process of installing cabling in a building for pur- certification (if you are using “channel cabling,”
poses of computer networking is called establishing that is, all the cabling components are being pur-
premise wiring. Unfortunately, cabling is only as good chased from a single vendor) or an independent
as the way it is deployed and only as good as the con- consultant affiliated with BICSI.
nectors and other elements that help make a computer
● Ensure that if you outsource your cabling installa-
network. Poor quality cabling, improperly installed
tion that the company you hire is properly licensed
cabling, or cheap wall plates and patch panels can make
and insured for such work.
a cabling system perform more poorly than expected,
particularly at GbE speeds. If you plan to lay cable yourself for your building, here
are a few more guidelines:
The Telecommunications Industry Association (TIA) and
the Electronic Industries Alliance (EIA) have defined a ● Use no more than 30 to 40 pounds of pull when
series of standards on the required electrical characteris- pulling cabling through a conduit or a plenum.
tics of commercial cabling for computer networking and
● Do not excessively bend wiring (especially fiber-
also standards for the proper layout and organization of
optic cabling), and be sure not to untwist UTP wires
premise cabling. These standards are called the EIA/TIA
more than specifications allow.
wiring standards. The EIA/TIA-568A Commercial Build-
ing Telecommunication Cabling Standard specifies stan-
dards for each of the following:
205
CA certificate caching
● Make sure data wiring and power cables are at least server (perhaps Microsoft Internet Information Services)
6 inches (15 centimeters) apart, and, if they need to requests a digital certificate from a CA, the CA certificate
C cross each other, they do this at a 90 degree angle. identifies the CA that issues the certificate.
Notes This CA certificate is downloaded from a shared stor-
Specialized cables—such as serial, parallel, or Small age location at the certificate authority and installed
Computer System Interface (SCSI) cables—are used to onto the Web server or browser. Later, when the Web
connect peripherals and therefore do not serve the same browser tries to access the Web server using the SSL
purpose as the cables just discussed. Serial cables and protocol, the Web browser uses the CA certificate to
other special purpose cables are generally very short validate the Web server’s certificate. Similarly, the
and are not permanently installed. server can use the CA certificate to validate the browser
client’s certificate, if it has one.
Note that not all networks use physical cabling. Wire-
less networks can use infrared, microwave, radio, or Notes
some other form of electromagnetic radiation to allow The digital CA certificate for a CA must be kept in a
networking components to communicate with each location that is readily available for all servers and clients
other. A cabled network is sometimes referred to as a that will access it and install it on their Web browser or
wireline network, as opposed to a wireless network. Web server. From this location, Web servers and Web cli-
ents that need to use the SSL protocol must obtain and
For More Information
install the CA certificate in their certificate stores. On
Look at www.cablingstandards.com. You can also visit
Microsoft Certificate Server, this location is the default
the BICSI Web site at www.bicsi.org.
Web location http://Server_Name/certsrv, where Server
See Also: copper cabling, fiber-optic cabling, premise Name is the name of the Microsoft Windows NT server
cabling on which Microsoft Certificate Server is installed.
Internet Explorer comes with the CA certificates of a
CA certificate number of certificate authorities preinstalled. These root
Also called a root certification, a digital certificate that certificates enable Internet Explorer to be used for func-
can be used to verify the identity of the certificate tions such as SSL authentication and sending secure
authority (CA) itself. e-mail. If you want to use the services of a CA that does
not have its CA root certificate installed in Internet
Overview
Explorer, you can visit that CA’s Web site to find instruc-
The CA certificate contains the identification informa-
tions on how to obtain its root certificate. Administrators
tion and public key for the certificate authority it identi-
can also use the Internet Explorer Administration Kit
fies. A certificate authority that is part of a hierarchical
(IEAK) for importing and installing root certificates on
public key infrastructure (PKI) receives its CA certifi-
Web browsers prior to installation on client machines.
cate from the CA directly above it in the hierarchy. A
root CA at the top of a PKI hierarchy must self-sign its See Also: certificate authority (CA), client certificate,
own certificate, in effect certifying itself. digital certificate
The CA certificate plays an important part in the work-
ings of the Secure Sockets Layer (SSL) protocol. The caching
CA’s public key, contained in the CA certificate, is used Generally, any mechanism for storing frequently
to validate all other digital certificates that have been needed information in accessible memory so that it can
issued by that CA for entities (individuals, systems, com- be quickly retrieved. This article focuses on caching as
panies, and organizations). When an entity such as a Web the temporary storage of Web content to enable faster
browser (perhaps Microsoft Internet Explorer) or a Web access by users.
206
caching caching
such content. If a user requests a page that has recently Caching. How a simple cache server can improve access
been cached, the page will be retrieved from the cache time for clients.
server instead of from the Internet. Pages are held in the Caching servers are also useful in situations where a
cache until they expire. sudden increase in Web traffic is anticipated, as when a
The cache server locates the content closer to the users major sports or fashion event will be covered on the
who need it than the Web servers that contain the origi- Web. In this case, simply throwing bandwidth at the
nal version of this content. In general, the closer the problem of Internet traffic congestions is not a viable
cache to the user, the faster the response time the user solution because increased bandwidth simply leads to
will experience when trying to access this content in a increased demand from users. Instead, by preloading
browser. In the enterprise, cache servers are typically content from Web servers to caching servers, users will
deployed at the edge of the corporate network, thus not overwhelm the Web servers on the day of the event
reducing overall WAN link traffic and congestion and and be disappointed. This use for caching servers is
saving money. Many firewalls and proxy servers sometimes called “dealing with flash crowd control”
include some form of content caching. Although fire- or the “instant popularity problem.” By using a
walls and proxy servers are mainly concerned with network of cache servers in such situations and
207
caching caching
configuring replication appropriately between them, the edge of the WAN, typically by connecting it to a
supply can be scaled for demand at virtually any level. Layer 4 switch or WAN access router so that every
C Dedicated cache servers are also used in high-traffic sit-
request sent by a client is examined by the cache
server first before routing it over the Internet to its
uations within the Internet backbone itself to reduce
intended destination.
congestion on the backbone. Caching servers are often
located at Internet service providers (ISPs) and Net- ● Proxy caching: Here the administrator configures
work Access Points (NAPs) for improving the overall the client browsers to send their requests for Web
performance and responsiveness of the Internet. This content directly to the cache servers., If these can-
can be used to reduce the effect of bottlenecks on ISP not respond to the request (for example, if the page
networks and to reduce the cost of local ISPs buying has not been cached or has expired from the cache),
bandwidth from regional ISPs. the cache server refers the client to the actual Web
server hosting the content. This option requires
Cache servers can even be deployed at the customer
more configuration but gives administrators greater
premises and configured with preloaded content to
control over what content users can access and pro-
speed access to corporate intranets. Such a scenario is
vides an extra layer of security.
similar to the built-in content caching capability of Web
browsers, but in this case the content is cached locally ● Reverse proxy caching: Here a group of cache
on a machine separate from the client machine to servers typically serves as a front-end to the Web
improve performance even more. server on the Internet, which hides behind them.
User requests go directly to the cache servers,
Types
which appear as Web servers to the client. Reverse
As far as administrators are concerned, caching servers
proxy caching is typically used to deal with flash
come in two basic types:
crowd control discussed earlier.
● Caching appliances: These are preconfigured
Cache servers also determine whether to flush content
servers with preloaded caching software that can
from their cache in different ways:
easily be dropped into the network by simply con-
necting them to a backbone switch and turning ● Active caching: Here the cache server uses intelli-
them on. gent heuristics to determine how long to keep a
page in the cache before marking it expired. Many
● Caching software: This includes software from
factors can be taken into account, including the
different vendors that can be loaded onto servers
requesting IP address, the hit statistics for the page,
and deployed as needed within the network by the
and how long the page has been cached.
administrator. Caching software is especially tar-
geted toward the needs of the corporate enterprise ● Passive caching: When a client requests a page from
for improving remote access to corporate intranets. the cache, the cache server issues an HTTP GET IF
MODIFIED command to the originating Web server
In addition, from the user’s perspective, cache servers
to determine if the cache contains the latest version
can be implemented in different ways:
of the page. If not, the cache requests the current ver-
● Transparent caching: Here cache servers filter sion and then forwards this to the client. If the cache
Internet Protocol (IP) traffic to find out which Web does hold the current version, this is returned imme-
pages are most requested in order to determine diately to the client. The main disadvantage of pas-
which pages should be cached and for how long. sive caching is that it introduces the extra step of
Transparent cache servers require no special modi- having the cache server contact the Web server each
fication or configuration of the client in order to time a client requests a page, which, unless the cache
operate, but the cache server itself must be placed at server is close (in a network sense) to the Web server,
208
caching caching
will have the opposite effect from what caching was Packeteer has a product called AppCelera Internet Con-
intended to do—it will slow down the response time tent Accelerator (ICX) that boosts performance by
instead of speeding it up. adapting requested content to the type of browser C
requesting it and by compressing content to make better
● Forced caching: In this case the cache server is
utilization of available bandwidth.
preloaded with content that users are expected to
frequently access. Forced caching is typically used Issues
for improving access to corporate intranets for Caching of dynamic Web content presents an
remote users. ever-greater challenge as more and more Web sites
move away from static informational content to deploy-
Marketplace
ing database-driven e-commerce Web applications.
The caching industry has exploded over the last few
Dynamic Web pages are generated from databases in
years, driven by the tremendous growth of the Internet
response to user queries and often include some form of
and the demand of users for fast performance in access-
personalization as well. Dynamic content cannot be
ing Web sites. In the arena of general caching software,
cached the way static content can, but a number of ven-
the top players include Microsoft Corporation’s Internet
dors have come up with various methods for improving
Acceleration and Security Server (IAS Server), the suc-
the performance of dynamic Web applications by using
cessor to Microsoft Proxy Server; Novell’s Internet
caching. For example, the components of a Web appli-
Caching System; and several UNIX-based solutions.
cation can be cached for reuse across multiple user ses-
In the arena of prepackaged caching appliances, offer- sions. Another approach is to dynamically monitor the
ings are available from Dell Computer Corporation’s configuration of Web applications to better manage
(PowerApp.cache), Compaq (TaskSmart), Cobalt Net- stale cache content. Vendors of dynamic caching sys-
works (Qube), Network Appliance (NetCache), and tems include Xcache Technologies, Chutney Technolo-
many others. Caching appliances range from those tar- gies, and SpiderSoftware. NetScaler offers a caching
geted for corporate intranets to powerful caching solu- device that routes requests for static content to tradi-
tions for ISPs and telecoms. tional cache servers while multiplexing requests for
dynamic content over persistent connections with Web
A number of pure-play caching vendors have had a
servers to improve performance.
large impact on the caching market. Some of the big
players here include Inktomi Corporation, CacheFlow, Notes
and Network Appliance. Inktomi offers routers and Caching in a general sense is used in various ways by
load balancers from Alteon WebSystems and Foundry operating systems, applications, and network devices to
Networks bundled together with Inktomi’s Traffic improve performance by providing temporary storage
Server caching software. Cisco Systems and Lucent of information that needs to be quickly accessed. Some
Technologies also offer high-end caching appliances common examples include
with proprietary operating system kernels tuned for top
● The file system cache for the Microsoft Windows
performance in this application.
2000 operating system, which speeds up file access
A relatively new approach is called predictive client- from hard disk drives
side caching and involves configuring a plug-in for
● Offline Files in Windows 2000, which allows users
client browsers that determines what kinds of content
to browse network file system content when discon-
the client accesses and then attempts to preload such
nected from the network
content during idle times so that when the client
requests it the content is already in the browser cache. ● Domain Name System (DNS) cache for caching
Blueflame, a product from Fireclick, is one example of recently resolved host names on a name server,
predictive client-side caching technology. Fireclick also which speeds up the resolution of host names for
has a hosted version of this application called Netflame. the DNS on the Internet
209
Caching Array Routing Protocol (CARP) caching-only name server
● Address Resolution Protocol (ARP) cache on a host downstream proxy server to know exactly where a
connected to an IP internetwork, which is used requested URL is locally stored or where it will be
C for caching IP addresses that have recently been located after it has been cached. The hash functions
resolved into MAC addresses, thus speeding up result in cached information being statistically distrib-
network communications between hosts uted (load balanced) across the array. Using hashing
means that massive location tables for cached informa-
● Microsoft Internet Security and Acceleration (ISA)
tion need not be maintained—the Web browser simply
Server, which allows Web content obtained from
runs the same hashing function on the object to locate
the Internet to be cached locally for faster access
where it is cached.
and reduction of WAN link congestion
Advantages and Disadvantages
● Caching of open database connectivity (ODBC)
CARP provides two main benefits:
connections for improved access to Microsoft SQL
Server databases for Active Server Pages (ASP) ● It saves network bandwidth by avoiding the query
applications written for Microsoft Internet Informa- messaging between proxy servers that occurs with
tion Services (IIS) conventional Internet Cache Protocol (ICP)
networks.
For More Information
Find out more about caching technologies at these sites: ● It eliminates the duplication of content that occurs
www.caching.com and www.web-caching.com. when proxy servers are grouped in arrays, resulting
in faster response times and more efficient use of
See Also: Content Delivery Provider (CDP), Web
server resources.
server
See Also: caching, proxy server
Caching Array Routing Protocol
(CARP) caching-only name server
A protocol developed by Microsoft Corporation that A name server in the Domain Name System (DNS) that
allows multiple proxy servers to be arrayed as a single can resolve name lookup requests but does not maintain
logical cache for distributed content caching. its own local DNS database or zone file of resource
records.
Overview
Caching Array Routing Protocol (CARP) is imple- Overview
mented as a series of algorithms that are applied on top Caching-only name servers do not have their own DNS
of Hypertext Transfer Protocol (HTTP). CARP allows a databases. Instead, they resolve name lookup requests
Web browser or downstream proxy server to determine from resolvers by making iterative queries to other
exactly where in the proxy array the information for a name servers. When the responses to these queries are
requested Uniform Resource Locator (URL) is stored. received, the caching-only name server caches them, in
case another resolver issues the same request within a
CARP enables proxy servers to be tracked through an
short period of time.
array membership list that is automatically updated
using a Time to Live (TTL) countdown function. This A caching-only name server is not authoritative for any
function regularly checks for active proxy servers in the particular DNS domain. It can look up names that are
array. CARP uses hash functions and combines the hash inside or outside its own zone.
value of each requested URL with each proxy server.
Notes
The URL/proxy server hash with the highest value
Caching-only name servers are not the only kind of
becomes the owner of the information cached. This
name server that performs caching of resolved queries.
results in a deterministic location for all cached infor-
For example, primary name servers also cache name
mation in the array, which enables a Web browser or
210
caching service provider (CSP) callback
lookups that they perform. This caching generally copies of your Web site at various points in the Internet’s
improves the primary name server’s response to name infrastructure and provides tools for managing and load
lookup requests from resolvers. Caching-only name balancing the content to handle traffic spikes that occur at C
servers are distinguished by the fact that they perform certain times of the day or year.
only one function: issuing iterative queries to other
CSPs maintain data centers around the world with cach-
name servers and then caching the results.
ing server farms that have high-speed connections to the
Caching-only name servers provide support for primary Internet’s backbone. These caching servers are usually
and secondary name servers in environments where designed to cache Web content and often support fea-
name lookup traffic is heavy. Using caching-only name tures such as content management and proxying. Cach-
servers where possible also reduces the overhead of ing servers can also be used within the corporate
zone transfers between name servers on a network. network to speed access to large, distributed corporate
intranets.
See Also: Domain Name System (DNS), name server
See Also: caching
caching service provider (CSP)
A company that maintains caching servers that speed CAL
the transfer of information across the Internet’s infra- Stands for client access license, a license that grants a
structure and offers managed access to these servers for client machine access to a Microsoft BackOffice prod-
a fee. uct running on a network of computers.
Overview See: client access license (CAL)
Many companies think that if they host their Web site at
an Internet service provider (ISP) or at a major Web
hosting company, the site will always be accessible callback
from anywhere on the Internet, but this is not necessar- A security feature for remote access servers.
ily true. Traffic congestion can cause access to a Web Overview
server to be slow and unreliable from various parts of Callback provides an extra layer of security for users
the Internet at various times of the day, and equipment dialing in to a remote access server. When callback is
failures (such as routes going down at Internet peering configured, the client software dials in to a remote
points) can make a server completely inaccessible to access server and has the user’s credentials authenti-
certain portions of the Internet until the problem is cated. The remote access server then disconnects the
fixed. (“Peering” means two ISPs or other providers client and calls the client back at a previously specified
passing traffic between each other’s customers.) phone number. Callback might be configured in the fol-
One solution is to mirror (replicate) your Web server at lowing ways:
various points around the globe so that a copy of your site ● To ensure that the user matches his or her creden-
is relatively close to any location on the Internet. For tials by verifying the telephone location
companies with a global presence, this is a fairly simple
solution to implement, but most companies do not have ● For accounting reasons—for example, to charge the
the presence or the resources to implement global mirror- phone bill to the remote access server instead of to
ing. A better solution might be to use the services of a the client
caching service provider (CSP), which maintains cached
211
Callback Control Protocol (CBCP) CAN
C Call
1
LAN
Callback 2
3 Session established 4 Resources accessed
212
CAP Carnivore
initiated by hackers and disgruntled employees and to Capture window. The capture window in Network Monitor,
profile network traffic for planning purposes. which is included with Microsoft Systems Management
Server.
See Also: capture window, sniffing
You can toggle these various windowpanes on and off
during a capture to focus on statistics of interest.
capture window
In Microsoft Network Monitor, the window that dis- See Also: capture, sniffing
plays the statistics about the frames being captured on a
network. Carnivore
Overview An Internet surveillance system developed by the FBI
The capture window displays four kinds of real-time (Federal Bureau of Investigation).
statistics concerning the traffic that an administrator
captures using Network Monitor:
213
CARP carrier
Overview Implementation
A carrier provisions telecommunication services to the Almost all carriers rely on ATM as their underlying
customer premises. These services include voice trans- backbone transport and use this backbone to provision
mission, data transmission over analog modems, Inte- local and long-distance voice services, Internet access
grated Services Digital Network (ISDN), digital over DSL, leased-line WAN links, and other services. A
subscriber line (DSL), frame relay, and anything else large portion of the backbone of most long-haul carriers
the carrier’s equipment supports. There are two basic is currently at or near OC-48, providing maximum
kinds of carriers: LECs and IXCs. throughput of 2.488 gigabits per second (Gbps), but
214
carrierless amplitude and phase modulation (CAP) carrierless amplitude and phase modulation (CAP)
these backbone fiber connections are constantly being flux of the global telecommunications carrier market, the
upgraded to support higher speeds such as OC-192 and enterprise architect’s dream of simple, seamless, global
OC-768. WAN connectivity remains a complicated reality of tar- C
iffs, interoperability issues, and politics.
Carriers usually house their high-speed switching
equipment in large buildings called colocation centers. See Also: Competitive Local Exchange Carrier
These centers have this name because under the Tele- (CLEC), Incumbent Local Exchange Carrier (ILEC),
communications Act of 1996, competitive local inter-exchange carrier (IXC), local exchange carrier
exchange carriers (CLECs) are allowed to lease space (LEC), telecommunications services
within carrier facilities for locating their own switching
equipment. Another name for these centers is “data cen-
carrierless amplitude and
ters,” and they are usually huge nondescript buildings
that typically occupy hundreds of thousands of square
phase modulation (CAP)
feet. Sometimes several floors of existing buildings are A line coding scheme in which data is modulated using
used for data centers, but the trend is to build new cen- a single carrier frequency.
ters to ensure that the highest standards of fire safety Overview
and security are used. Carrierless amplitude and phase modulation (CAP) is
Marketplace used for transmission of voice information over a phone
The global carrier market has become complex over the line. The transmission is considered “carrierless”
last decade, with traditional incumbent telcos in the because the carrier is suppressed before transmission
United States and Post, Telegraph, and Telephone and is reconstructed at the receiver. CAP is algorithmi-
(PTT) companies in Europe being challenged on all cally similar to the quadrature amplitude modulation
sides by newcomers to the game. International carriers (QAM) line coding scheme, which encodes bits as dis-
can be classified in different types, including crete phase and amplitude changes, but it has different
transmission characteristics.
● Incumbents: These are traditional or established
carriers such as public telephone companies, long Notes
distance companies, and PTTs in Europe. Some competitive local exchange carriers (CLECs)
deploy Asymmetric Digital Subscriber Line (ADSL)
● Cross-border infrastructure owners: These are using CAP as the encoding method, but results of some
companies that own the international lines carrying independent tests suggest that CAP-encoded ADSL
voice and data between countries, regions, and lines might cause spectral interference with proximate
continents. T1 lines and Integrated Services Digital Network
● Resellers: This includes companies reselling both (ISDN) circuits, resulting in bit errors that can reduce
local loop and long haul services purchased whole- throughput. However, these tests might be misleading
sale from other carriers. because of the limited number of ADSL circuits cur-
rently deployed by CLECs. Check with your carrier
To complicate things further, many large national carriers before signing up for ADSL services to get the latest
are constantly making efforts to expand into the interna- information about this issue.
tional market by acquiring, or merging with, other car-
riers, upgrading their core equipment to provision new Such interference is not a problem with symmetric dig-
high-speed data services, while relegating some exist- ital subscriber line (SDSL) technologies, which use the
ing services to the legacy domain and trying to cope 2B1Q encoding scheme. Furthermore, ADSL deployed
with the ever-exploding amounts of Internet bandwidth by incumbent local exchange carriers (ILECs) uses dis-
demanded by their customers. Because of the state of crete multitone (DMT) technology, which does not pro-
duce the same degree of spectral interference as CAP.
215
Carrier Sense Multiple Access with Collision Avoidance Carrier Sense Multiple Access with Collision Detection
Competitive local exchange carriers generally do not with Collision Detection (CSMA/CD) method used in
use DMT for ADSL because they must deal with the Ethernet networking.
C copper local loop, which effectively supports DMT
See Also: AppleTalk, Carrier Sense Multiple Access
only about half the time but can support CAP about
with Collision Detection (CSMA/CD), Ethernet, media
85 percent of the time. Furthermore, DMT has been
access control method
adopted as the standard for ADSL by both the Ameri-
can National Standards Institute (ANSI) and the Inter-
national Telecommunication Union (ITU). Carrier Sense Multiple Access
with Collision Detection
See Also: line coding
(CSMA/CD)
The media access control method used by Ethernet.
Carrier Sense Multiple Access Overview
with Collision Avoidance Carrier Sense Multiple Access with Collision Detection
(CSMA/CA) (CSMA/CD) is a type of media access control method
The media access control method used by AppleTalk. developed by Xerox Corporation in the 1970s for plac-
ing signals on baseband transmission networks.
Overview
Because baseband networks can carry only one data
Carrier Sense Multiple Access with Collision Avoid-
signal at a time, there must be some way of controlling
ance (CDMA/CA) is a type of media access control
which station has access to the media at any given time.
method for placing signals on baseband transmission
CSMA/CD is one such control method.
networks. Because baseband networks can carry only
one data signal at a time, there must be some way of Implementation
controlling which station has access to the media at any In networking technologies that use CSMA/CD as their
given time. CSMA/CA is one such control method. access method, a station first “listens” to the network
media to make sure there is no signal already present
Uses
from another station before it tries to place its own sig-
CSMA/CA is the standard access method for Apple-
nal on the media. If a carrier signal is detected on the
Talk networks based on LocalTalk. LocalTalk is a leg-
media, which indicates that a station is currently trans-
acy network media technology that specifies the
mitting a signal, no other station can initiate a transmis-
proprietary cabling components of the original Apple-
sion until the carrier stops. If no carrier is detected, any
Talk networking architecture. LocalTalk uses a bus
station can transmit a signal.
topology or tree topology that supports up to 32 stations
on a network. If two stations listen to the wire and detect no carrier
signal, they may both decide to send signals simulta-
Implementation
neously. If this happens, a collision occurs between the
In networking technologies that use CSMA/CA as their
two signals generated. Next, both stations detect the
access method, stations announce their intention to
collision and stop transmitting their signals immedi-
transmit before they actually transmit their data onto the
ately, sending out a jamming signal that informs all
network media. Each station “listens” constantly to the
other stations on the network that a collision has
wire for these announcements, and if it hears one, it
occurred and that they should not transmit. Meanwhile,
avoids transmitting its own data. In other words, on a
the two stations whose signals created the collision
CSMA/CA network, stations try to avoid collisions
cease transmitting and wait random intervals of time
with signals generated from other stations. The extra
(usually a few milliseconds) before attempting to
signaling generated by CSMA/CA makes it a slower
retransmit.
access method than the Carrier Sense Multiple Access
216
carrier signal cascading style sheets (CSS)
217
Cat5 cabling catalog
called a style sheet. The genius of CSS is that it sepa- Cat5 cabling
rates the content of the page (formatted in HTML) from
C the page layout (defined in the style sheet using CSS).
Stands for Category 5 cabling, the most common grade
of unshielded twisted-pair (UTP) cabling used for
Style sheets define the functions of different HTML structured wiring in commercial buildings.
tags on your site’s Web pages and allow you to make
See: Category 5 (Cat5) cabling
global changes to your site’s style by changing a single
entry on a style sheet. Web pages then link to style
sheets using a <LINK> tag. Cat5e cabling
For example, you can use a style sheet to define the Stands for enhanced Category 5, a form of Category 5
<H1> tag as representing green, 18-point, Arial font (Cat5) cabling that supports higher speeds.
text, and you can then apply this style to the entire site See: enhanced Category 5 (Cat5e) cabling
or a portion of it. Cascading style sheets involve the
operation of several levels of style sheets that provide
control over how an element on an HTML document is
Cat6 cabling
placed. CSS applies these settings in the following Stands for Category 6 cabling, the proposed next step
order: up from enhanced Category 5 (Cat5e) cabling.
● The STYLE attribute in the object’s tag See: Category 6 (Cat6) cabling
218
Category 1 (Cat1) cabling Category 3 (Cat3) cabling
219
Category 4 (Cat4) cabling Category 5 (Cat5) cabling
See Also: cabling, Category 5 (Cat5) cabling, See Also: cabling, Category 5 (Cat5) cabling,
enhanced Category 5 (Cat5e) cabling, premise cabling, enhanced Category 5 (Cat5e) cabling, premise cabling,
structured wiring structured wiring
220
Category 6 (Cat6) cabling Category 6 (Cat6) cabling
The following table summarizes the electrical charac- There is widespread agreement that Cat5 cabling will
teristics of Cat5 cabling at different frequencies, which not be able to support networks beyond GbE, such as
correspond to different data transmission speeds. Note the 10 GbE architecture currently under development. C
that attenuation increases with frequency, while Such ultra-high speed networks will likely work only
near-end crosstalk (NEXT) decreases. with fiber and will not support copper.
Cat5 Cabling Characteristics See Also: cabling, enhanced Category 5 (Cat5e)
Characteristic Value at 10 MHz Value at 100 MHz cabling, premise cabling, structured wiring
Attenuation 20 decibels (dB)/ 22 dB/1000 feet
1000 feet Category 6 (Cat6) cabling
NEXT 47 dB/1000 feet 32.3 dB/1000 feet The proposed next step up from enhanced Category 5
Resistance 28.6 ohms/1000 28.6 ohms/1000 feet cabling (Cat5e).
feet
Impedance 100 ohms (± 15%) 100 ohms (± 15%) Overview
Capacitance 18 pF/feet 18 pF/feet Category 6 (Cat6) is a proposed Electronic Industries
Structural 16 dB 16 dB Association/Telecommunications Industry Association
return loss (EIA/TIA) cabling standard that represents the next
Delay skew 45 nanoseconds 45 ns/100 meters step up from Cat5 and Cat5e cabling. The following
(ns)/100 meters
table shows the current draft standard for Cat6 cabling
Marketplace characteristics.
There are a vast number of different brands of Cat5 Proposed Cat6 Cabling Characteristics
cabling on the market today. One estimate is that there
Characteristic Value at 250 MHz
are over 150 different vendors of such cabling. Not all
Attenuation 19.9 decibels (dB)/1000 feet
Cat5 cabling is alike, and before undertaking a costly
NEXT 44.3 dB/1000 feet
large-scale deployment of structured wiring, the enter-
Impedance 100 ohms (± 15%)
prise architect should carefully investigate and compare
Return loss 20.1 dB
the different brands. Delay skew 45 nanoseconds (ns)/100 meters
Notes PS-NEXT 42.3 dB
For typical installations of Ethernet and Fast Ethernet,
Cat5 cables in work areas should be no more than 300 Implementation
Great care must be taken when installing Cat6 cabling
feet (90 meters) long, and Cat5 patch cords should be
in order to have it achieve its design goals because
no longer than 33 feet (10 meters). Check the Ethernet
poorly installed Cat6 cabling may offer only Cat5 per-
specifications for exact lengths permitted.
formance. To get best performance out of Cat6 cabling
Many vendors offer an enhanced Cat5 (Cat5e) cabling for high-speed networking, be sure to follow the follow-
grade with electrical characteristics exceeding those of ing guidelines:
standard Cat5. Cat5e cabling typically supports data
● Buy cabling that has a definite spline separating the
transmission up to frequencies of 350 MHz, and new
cables to reduce crosstalk.
standards are under development to allow even higher
data transmission frequencies. Cat5e networking is rec- ● Make sure twists in wires are kept flush with con-
ommended for Gigabit Ethernet (GbE) over copper, but nections at all termination blocks to avoid
properly installed Cat5 cabling should work in most return-loss issues.
GbE setups. For best performance of GbE networks,
● Liberally use a hook and loop fastener, such as
however, use Cat5e or Cat 6 cabling whenever possible.
Velcro, to prevent cable from becoming excessively
crimped.
221
Category 7 (Cat7) cabling Category 7 (Cat7) cabling
222
CBCP CDF file
223
CDFS CDMA2000
file can be created for a site, allowing users to subscribe initiative of the International Telecommunication
to information in different fashions. For example, a Union (ITU). CDMA2000 will boost the bandwidth of
C news site can have separate CDF files for news, sports, existing cdmaOne cellular systems to 2 megabits per
and weather subscriptions. second (Mbps), making global broadband wireless
communications a reality.
Notes
For specific information on the syntax of CDF files and Because the proposed CDMA2000 upgrade includes
how to create them, refer to the Microsoft Internet Cli- only a small portion of the overall wireless communica-
ent software development kit (SDK). tion market, the IMT-2000 initiative also includes pro-
posed upgrades to Time Division Multiple Access
Channels in Active Channel enable personalized deliv-
(TDMA) systems such as Global System for Mobile
ery of Web content using Web applications designed for
Communications (GSM). A competing upgrade for
Internet Information Service (IIS) for Windows 2000.
TDMA systems is General Packet Radio Service
Active Server Pages (ASP) can be used for dynamically
(GPRS), which is closer to implementation than
generating personalized CDF files for users. Cookies
CDMA2000 and might therefore win more initial
can also be used for dynamically generating customized
support than CDMA2000.
CDF files for users. These CDF files can be customized
on the basis of preferences that a user specifies on an The term CDMA2000 1x is commonly used to describe
HTML form prior to subscribing to the channel. various interim CDMA2000 systems that use existing
IS-95a base stations to provide 2.5G cellular services.
See Also: Channel Definition Format (CDF)
CDMA2000 1x systems expect to achieve data trans-
mission speeds of between 144 kilobits per second
CDFS (Kbps) and 307 Kbps and are therefore classed as 2.5G
Stands for CD-ROM File System, a file system cellular services instead of the much faster 3G ser-
designed for read-only CD-ROM media. vices envisioned by IMT-2000. The proposed 3G sys-
tem Wideband CDMA (W-CDMA) is comparable
See: CD-ROM File System (CDFS) to CDMA2000 2x, meaning the 3G version of
CDMA2000.
CDMA The CDMA Development Group is also promoting a
Stands for Code Division Multiple Access, a second- different CDMA2000 upgrade called High Data Rate
generation (2G) digital cellular phone technology that (HDR) CDMA2000 1x. This platform is based on the
uses spread-spectrum techniques, popular in the United American National Standards Institute (ANSI) IS-95c
States and some other parts of the world. standard and is viewed as an alternative upgrade path
See: Code Division Multiple Access (CDMA) from CDMAone toward 3G. It involves a hardware
upgrade using chipsets produced by QUALCOMM (the
originators of CDMA) and may provide data speeds up
CDMA2000 to 2.4 Mbps, even better than the 2 Mbps speeds antici-
A proposed third-generation (3G) upgrade for existing pated by W-CDMA. In some respects HDR may be
Code Division Multiple Access (CDMA) cellular tele- superior to W-CDMA, the 3G version of CDMA being
phone systems. proposed by the ITU in its IMT-2000 initiative. Specif-
Overview ically, while W-CDMA is expected to provide 2 Mbps
CDMA2000 was developed by the Telecommunica- service only for stationary users, and much slower
tions Industry Association (TIA) and is part of the Inter- speeds for mobile and roaming users, HDR is intended
national Mobile Telecommunications 2000 (IMT-2000) to provide the same 2.4 Mbps speed for all users
whether mobile or stationary. However, W-CDMA has
224
cdmaOne CD-ROM File System (CDFS)
the advantage of being a proposed standard for imple- CD-ROM File System (CDFS)
menting compatible systems throughout the world.
Only time will tell which system achieves market
A file system designed for read-only CD-ROM media.
C
dominance. Overview
CD-ROM File System (CDFS) is an International Orga-
For More Information nization for Standardization (ISO) standard (ISO 9660)
Visit the CDMA Development Group at www.cdg.org. for a read-only formatting standard for CD-ROM
See Also: 3G, cellular communications, cdmaOne, media. CDFS provides the same kind of file and direc-
Code Division Multiple Access (CDMA) tory management for CD-ROM devices that the file
allocation table (FAT) and NTFS file systems (NTFS)
do for hard disks.
cdmaOne
CDFS is implemented on the Microsoft Windows 95,
The commercial name for the Code Division Multiple
Windows 98, Windows Millennium Edition (Me),
Access (CDMA) cellular communications system used
Windows NT, Windows 2000, Windows XP, and
in North America and parts of Asia.
Windows .NET Server platforms. On 32-bit Windows
See: Code Division Multiple Access (CDMA) systems, CDFS uses a 32-bit protected-mode driver that
replaces the 16-bit real-mode Microsoft CD-ROM
CDN Extension (MSCDEX) driver that was used in the leg-
acy 16-bit Windows and MS-DOS operating system
Stands for content delivery network, a method for effi-
platforms. In Windows 95 and Windows 98, the file sys-
ciently pushing out content over the Internet to users.
tem driver that supports CDFS is called Cdfs.vxd, and
See: content delivery network (CDN) in Windows NT, Windows 2000, Windows XP, and
Windows .NET Server, it is called Cdfs.sys.
CDO CDFS is optimized for reading compact discs that
Stands for Collaboration Data Objects, a collection of have a standard data block size of 2048 bytes (2 KB).
Component Object Model (COM) objects that allow The Microsoft implementation of CDFS includes
developers to create Microsoft Internet Information a dynamic, protected-mode cache pool for caching
Services (IIS) Web applications that send and receive CD-ROM data to improve read performance. This
electronic mail. allows CDFS to read ahead to ensure that playback
of multimedia content from CDs is smooth and
See: Collaboration Data Objects (CDO) seamless. On Windows 95 OEM Service Release 2
(OSR2), Windows 98, Windows Me, Windows NT,
CDP Windows 2000, Windows XP, and Windows .NET
Server platforms, CDFS includes a number of enhance-
Stands for Content Delivery Provider, a company that
ments over the original version of CDFS for Windows 95,
builds and operates a content delivery network (CDN).
such as
See: content delivery network (CDN)
● CD-XA support for optimized reading of Moving
Picture Experts Group (MPEG) video CDs having
CDPD larger block sizes of 2352 bytes.
Stands for Cellular Digital Packet Data, a type of
● Auto-Run, which allows applications on CDs to
packet-switched data transmission network operating as
start immediately when the CD is inserted into the
an overlay for a cellular communications system.
drive. To do this, the operating system reads the
See: Cellular Digital Packet Data (CDPD) Autorun.inf file that is stored in the root of the
directory structure on the CD.
225
CDSL cell (ATM)
CDFS does have several limitations compared to disk ATM cells are standardized at a fixed-length size of 53
file systems such as FAT and NTFS, namely: bytes to enable faster switching than is possible on net-
C ● Names for files and directories can be no longer
works using variable-packet sizes (such as Ethernet).
It is much easier to design a device to quickly switch
than 32 characters
a fixed-length packet than to design a device to
● Directories can be nested only eight levels deep switch a variable-length packet. (Switching a fixed-
length packet is easier because the device knows in
CDFS is now considered a legacy format and is being
advance the packet’s exact length and can anticipate
replaced by the industry-standard Universal Disk For-
the exact moment at which the last portion of the packet
mat (UDF), the new standard for read-only disk media.
will be received. With variable-length packets, the
Notes device must examine each packet for length informa-
Using Services for Macintosh, you can create an Apple tion.) Using fixed-length cells also makes it possible to
Macintosh–accessible volume on a CDFS volume by control and allocate ATM bandwidth more effectively,
following the same steps you would use to make an making support for different quality of service (QoS)
NTFS volume accessible to Macintosh clients. Of levels for ATM possible.
course, the CDFS volume has one difference: it is
The functions of information stored in the 5-byte header
read-only.
of an ATM cell include the following:
See Also: file system, Universal Disk Format (UDF)
● Providing information about the physical layer
transmission method being used
CDSL
● Providing flow control to enable a steady flow of
Stands for Consumer DSL, a broadband transmission cell traffic and to reduce cell jitter
technology based on Digital Subscriber Line (DSL)
technology. ● Specifying virtual path or channel identification
numbers so that multiplexed cells belonging to the
See: Consumer DSL (CDSL) same ATM connection can be distinguished from
cells belonging to other ATM connections and cells
cell (ATM) can be switched to their intended destination
A 53-byte packet of data, the standard packet size used
● Specifying the nature of the payload contained in
by Asynchronous Transfer Mode (ATM) communica-
the cell—that is, whether it contains actual user data
tion technologies.
or ATM cell-management information
Overview ● Specifying the priority of the cell to determine
Cells are to ATM technologies what frames are to Ether-
whether the cell can be dropped in congested traffic
net networking. In other words, they form the smallest
conditions
element of data for transmission over the network.
● Providing error checking by means of an 8-bit field
ATM cell containing cyclical redundancy check (CRC) infor-
mation for the header itself
48-byte 5-byte
data payload header Two kinds of header formats are used in ATM cells:
226
cell (cellular communications) Cellular Digital Packet Data (CDPD)
● Network-Node Interface (NNI) format: Used small as 330 feet (100 meters) can be used, especially in
within the ATM network itself after the cell has high-tier Personal Communications Devices (PCD) cel-
been multiplexed for transmission over its virtual lular technologies. C
path
Cell Radius Measures by Technology
Notes Wireless Technology Cell Radius
Why a 48-byte data payload for ATM cells? This is Wireless LANs 10 to 100 meters
the result of a trade-off between larger 64-byte payloads Cellular telephone 0.1 to 50 kilometers
that contain more data but take longer to package and PCD 0.1 to 1 kilometer
unpackage— and are therefore not suitable for real-time Satellite-based 1000 kilometers or more
transmissions such as voice or multimedia—and
shorter 32-byte payloads that provide better real-time Notes
transmission but are inefficient for larger amounts of When a mobile caller using a cell phone passes from
data. By compromising at a 48-byte payload size, one cell to another, the cellular phone system transfers
ATM has good transmission capabilities for both voice the call to the system servicing the adjacent cell, a pro-
and data communication, providing efficient packet cess called roaming.
transfer with low latency.
See Also: cellular communications, wireless
See Also: Asynchronous Transfer Mode (ATM) networking
227
cellular communications cellular communications
casting and is an open standard based on the Open collisions of data streams from multiple
Systems Interconnection (OSI) reference model for Mobile-End Systems.
C networking.
● Mobile Data Base Station (MDBS): A telco
Architecture device for receiving and transmitting CDPD data.
CDPD makes use of idle times between calls in cellular
● Mobile Data Intermediate System (MDIS): Pro-
phone network channels for interleaving packets of dig-
vides the central control for a CDPD network.
ital data. In other words, CDPD makes use of the
“bursty” nature of typical voice transmission on the Marketplace
AMPS cellular system. Voice communication has gaps In the United States, the main providers of CDPD ser-
or pauses where packet data can be inserted and trans- vices are AT&T Wireless and Verizon Wireless. CDPD
mitted without interfering with the communication tak- is also supported by several carriers in Canada and by
ing place between customers. AirData in New Zealand. CDPD is not widely deployed
as a cellular data transmission technology, and coverage
CDPD uses the Reed-Solomon forward-error-correct-
in the United States is spotty even in urban areas.
ing code to encode each block or burst of data sent, and
includes built-in RC4 encryption to ensure security and For More Information
privacy of the transmitted data. CDPD is also based on You can find the CDPD Forum at www.cdpd.org.
the industry standard Internet Protocol (IP), allowing
See Also: cellular communications, wireless
data to be transmitted to and from the Internet.
networking
Although CDPD supports data transmission rates of
19.2 kilobits per second (Kbps) and higher, actual data
cellular communications
throughput is usually around 9.6 Kbps. This is because
A group of technologies that support roaming
of the large overhead added by CDPD to each data
cell-based wireless communications.
block transmitted. This overhead is designed to ensure
that communications are reliable and to maintain syn- Overview
chronization between the modems at each end of the Common to all forms of cellular communications is the
transmission. In addition, a color code is added to every concept of the cell. Instead of using one extremely pow-
data block to detect interference resulting from trans- erful transmission to provide coverage for a geographi-
missions on the same channel from neighboring cell cal area (for example, a city, state, region, or country),
sites. the area is divided into a series of overlapping smaller
areas called cells. Each cell has a relatively low-power
Implementation base station that provides coverage for users within that
A typical implementation of CDPD consists of three
cell, and when a user moves (roams) from one cell to
components:
another, the first base station seamlessly hands off ser-
● Mobile-End System (M-ES): A user device such vicing of the user to the second base station and the user
as a laptop equipped with a cellular modem. This experiences no interruption in communication.
system communicates in full-duplex mode with a
Mobile Data Base Station (MDBS) using the Digi-
tal Sense Multiple Access protocol, which prevents
228
cellular communications cellular communications
229
cellular communications cellular communications
AMPS was a first-generation (1G) analog cellular ● Personal Communications Services (PCS):
phone system that used frequency modulation for voice These systems can be TDMA-based or CDMA-
C transmission and frequency-shift keying (FSK) for based and operate in the higher 1900 MHz
transmission of signaling information. AMPS uses frequency band using smaller cell sizes than 800
channels within the 800 megahertz (MHz) frequency MHz cellular systems. Sprint PCS, for example, is
band of the electromagnetic spectrum, and channel based on CDMA technology.
access is provided by using Frequency Division Multi-
Issues
ple Access (FDMA) as the media access method.
A major concern that has been receiving media atten-
AMPS achieved widespread implementation across the
tion lately is the safety of using cellular phones. While
United States in the 1980s and is still widely used.
most agree that using a cellular phone while driving can
Another wave of cellular communications systems was increase the chances of an accident (and some civic and
developed in the 1990s and is still widely deployed. municipal governing bodies have passed laws regulat-
These second-generation (2G) systems differ from ing use of cellular phones while driving), scientists con-
AMPS in being digital rather than analog in nature, and tinue to debate whether other health hazards might be
they can support not just voice but also data transmis- associated with the long-term use of cell phones. A par-
sion, typically at 9.6 to 19.2 kilobits per second (Kbps). ticular concern is the possible link between cell phone
Several competing digital cellular systems have evolved use and brain cancer, particularly among children
and have become widely deployed: whose brains are still forming. Cell phones transmit
microwave energy through their antennas, and micro-
● Time Division Multiple Access (TDMA): The
waves have a known heating effect (think of a micro-
main TDMA system deployed in the United States
wave oven, for example). When a cell phone is held
is AT&T Wireless Services, a subsidiary of AT&T.
next to the ear, some of the microwave energy pene-
This TDMA system operates in the same 800 MHz
trates into the brain, and while the FCC has mandated
frequency band as AMPS and is sometimes referred
emission standards for cellular phones to keep these
to as either Digital AMPS (D-AMPS) or North
emissions below dangerous levels, some researchers
American TDMA (NA-TDMA).
believe that long-term exposure to even low-level
● Code Division Multiple Access (CDMA): CDMA microwave radiation may be harmful to the brain and
was developed by QUALCOMM, and its cdmaOne other organs, particularly in children. On the other
system is the most popular digital cellular system in hand, many researchers believe that there is no conclu-
North America. Other CDMA carriers include Bell sive link between brain cancer and cell-phone use, and
Mobility, Sprint Corporation, and Verizon Commu- in general such associations between cancer and envi-
nications. CDMA is more complex than TDMA, ronment factors are difficult to prove (consider how
but it is more efficient in its utilization of the fre- long it took to resolve the controversy over whether cig-
quency spectrum. arettes caused lung cancer). The American Medical
Association and other bodies continue to call for further
● Global System for Mobile Communications
study of these issues, but it will likely take years for
(GSM): This system is based on TDMA and is the
studies to produce any significant results. Some govern-
most popular digital cellular phone technology in
ing bodies are already taking steps, however, such as the
Europe and much of Asia. GSM can operate in the
United Kingdom, which has mandated that mobile tele-
900, 1800, or 1900 MHz frequency bands. There
phone handsets must now come with leaflets warning of
are only a few GSM carriers in the United States,
potential health risks to children who use these devices
and they cover only a small portion of the market.
over a prolonged period.
An example is VoiceStream Wireless Corporation.
230
central office (CO) central office (CO)
231
Centrex Centrex
The CO contains the Class 5 switching equipment that typically copper, but telcos lay fiber to the building for
connects telephone subscribers to both local and customers requiring high-speed services not supported
C long-distance phone services. A telco typically has one by copper lines.
CO servicing several dozen square miles in urban areas,
Finally, a telco may have dozens of COs in a dense
so in large cities there may be many COs for each telco.
urban area, all interconnected using cross-links and
A typical CO may look like a fortress built to withstand redundant switches. Each CO services subscribers
an earthquake or any other natural disaster. Building within a specific geographical area and manages voice
standards for COs are high because of the importance of and data traffic in that area. When a call is made from a
the communications infrastructure to a nation’s eco- customer over the local loop to the CO, the call is either
nomic health and safety. Banks of batteries and diesel switched to another circuit within the same exchange
generators provide backup power in case of blackouts (for local calls) or switched to a trunk line joining the
so that phone communication will not be disrupted. CO to a CO belonging to a different company, typically
a long-haul carrier such as Sprint or AT&T. For busi-
Multitudes of twisted-pair copper telephone lines from
ness customers needing multiple telephone lines at their
customer premises usually enter the building through
location, the carrier typically deploys a private branch
the underground cable vault. These twisted-pair lines
exchange (PBX) at the customer premises.
are grouped into bundles of thousands of lines, forming
large cables 3 to 4 inches (7.5 to 10 centimeters) in Notes
diameter. The cables have grounding mesh to provide a Not all of a telco’s switching and telecommunications
drain for unwanted electrical surges and tough polyvi- equipment is located at a central office. There are recent
nyl chloride (PVC) insulating jackets that are pressur- trends where telcos have pushed out their ATM switch-
ized to prevent water from seeping in at cable junctions. ing gear to within 500 feet (150 meters) of residential
Steel racks organize these cables as they enter the cable neighborhoods in pursuit of better-quality Digital Sub-
vault. scriber Line (DSL) connections. These remote stations
shorten the copper DSL connections between customer
From the vault, the cables snake their way to the main
premises and the provider’s switching gear, and the
cross-connect grid. It is in these steel-frame grids that
remote Asynchronous Transfer Mode (ATM) concen-
all the individual twisted-pairs fan out and connect
trators are then connected to the COs using fiber.
through feeders to the main switching equipment. The
importance of the feeders is that they allow any incom- In countries and regions other than the United States, a
ing twisted-pair line to connect to virtually any switch- CO is often referred to as a public exchange.
ing bank. This makes it possible for customers to move
See Also: telco
to a different part of the city and maintain their old tele-
phone number at their new location. It also allows for
redundancy: if a switch fails, a CO technician can Centrex
rewire the feeder blocks quickly and easily. The main An acronym for Central Office Exchange Service, a
switches are then used to route calls to other local sub- business telephone service provided by telcos.
scribers or to a long-distance telecommunications car-
Overview
rier such as AT&T or MCI WorldCom. In the United
By using a Centrex instead of a Private Branch
States, these Class 5 telephone switches are usually
Exchange (PBX), a business can eliminate the necessity
Basic-5ESS switches, also called AT&T basic rate
of having its own dedicated switching facilities at its
switches.
customer premises. Centrex also eliminates the need for
Subscribers are connected to their local CO through a customers to upgrade to expensive new telephones
segment of wiring called the local loop. This wiring is because existing telephone lines and touch tone phones
232
certificate certificate authority (CA)
can be used with it. This frees the customer from the Overview
need to invest in the cost and management of customer Before issuing a digital certificate to someone, the cer-
premises equipment (CPE). tificate authority (CA) must verify the user’s identity C
according to a strictly established policy, which can
Centrex services partition the switching capabilities of
involve face-to-face communication, examination of a
the telco’s central office (CO) equipment and allow a
driver’s license with photograph, or another method of
portion of these capabilities to be dedicated to a partic-
establishing a user’s identity. When the user’s identity
ular customer. In essence, the business customer is leas-
has been verified, the certificate is issued to the user.
ing dedicated switching facilities at the CO to enable a
This certificate can then be presented by the user as a
large number of employee telephones to be routed
“digital driver’s license” to identify himself or herself
through a few telephone lines. All routing of calls to
during network transactions.
individual employee telephones takes place using the
Centrex. Configuration changes can be performed at the CAs can be trusted third parties such as the private com-
CO instead of requiring technicians to visit the cus- panies VeriSign, CyberTrust, and Nortel Networks; or
tomer premises. This can save the cost of installing a they can be established within your own organization
local PBX at the customer premises. using Microsoft Certificate Server. CAs can be stand-
alone authorities with their own self-signed certificates
Centrex can handle advanced communication features
(that is, they validate their own identity as a root CA),
such as internal call handling, inbound and outbound
or they can be part of a hierarchy in which each CA is
call handling, and multiparty calling. Each individual
certified by the trusted CA above it (up to a root CA,
connected can have customized calling features just as
which must always be self-certified).
they can with a PBX. Maintenance is entirely the
responsibility of the telco central office, which provides For digital certificates to work as an identification
around-the-clock support. scheme, both client and server programs must trust the
CA. In other words, when a client program presents a
Notes
certificate to a server program, the server program must
Some carriers such as Pacific Bell Telephone Company
be able to validate that the certificate was issued by a
also offer Integrated Services Digital Network (ISDN)
valid and trusted CA. Certificate authorities also main-
as a Centrex service in addition to standard business
tain a certificate revocation list (CRL) of revoked certif-
ISDN lines.
icates. Certificates issued by CAs expire after a
See Also: central office (CO), Private Branch specified period of time.
Exchange (PBX), telco
CAs are necessary for the functioning of a public key
infrastructure (PKI), which is essential to the widespread
certificate acceptance and success of any public key cryptography
Also called digital certificate, a technology for verifying system. Microsoft Windows 2000 and Windows .NET
the identity of the user or service you are communicating Server can use standard X.509 digital certificates to
with. authenticate connections across unsecured networks
such as the Internet and to provide single sign-on using
See: digital certificate smart card authentication systems.
For More Information
certificate authority (CA) Visit VeriSign, Inc. at www.verisign.com.
Any entity (individual, department, company, or organi-
zation) that issues digital certificates to verify the iden- See Also: digital certificate, public key infrastructure
tity of users, applications, or organizations. (PKI)
233
certificate mapping certificate request
234
certificate revocation list (CRL) Challenge Handshake Authentication Protocol (CHAP)
235
challenge/response challenge/response
236
Change and Configuration Management channel bank
Change and Configuration elements. The channels that a user has subscribed to are
Management listed as part of his or her channel bar.
C
A set of features in Microsoft Windows 2000, See Also: Channel Definition Format (CDF)
Windows XP, and Windows .NET Server for managing
user settings and installing applications.
channel bank
Overview A telecommunications device that consolidates multi-
Change and Configuration Management is included in ple Digital Signal Zero (DS0) channels into a larger sin-
Windows 2000, Windows XP, and Windows .NET gle digital transmission.
Server to provide support for tasks such as
Overview
● Installing initial operating systems on new computers Channel banks usually combine 24 different voice and
● Managing deployment of software on computers data 64 kilobits per second (Kbps) DS0 channels into a
single 1.544 megabits per second (Mbps) DS1 channel,
● Managing user desktop configuration settings and though some channel banks are capable of combining
user personal folders up to 96 DS0 channels into a 6.312 Mbps DS2 channel.
Change and Configuration Management is an umbrella The channel bank combines the individual DS0 signals
term for two underlying Microsoft technologies that using a technique called multiplexing, which allows
make these things possible. These two technologies are multiple signals to be combined for transmission over a
single line. The resulting multiplexed digital signal can
● Intellimirror: Enables management of user prefer- then be sent over a T1 line to the telco.
ences, user documents, and software installation
and maintenance. A channel bank interfaces with the wires of the local loop
connection that carry the phone signals from the customer
● Remote Operating System (OS) Installation: premises to the telco’s central office (CO). In a typical
Uses Remote Installation Services (RIS) to install business scenario, the channel bank would be connected
Windows 2000, Windows XP, and Windows .NET to the front end of an analog Private Branch Exchange
Server on remote machines. (PBX) to support multiple telephones within the com-
See Also: IntelliMirror pany. The channel bank also includes circuits for convert-
ing the analog voice signals into digital data signals,
usually using pulse code modulation (PCM). The result-
channel (Active Channel) ing modulated digital signal conforms to the standard
The delivery method in Active Channel, a technology 64-Kbps DS0 format. The digital signals can then be
for Microsoft Internet Explorer that allows Web content routed through the digital switching backbone of the Pub-
to be “webcast” to users. lic Switched Telephone Network (PSTN) as necessary.
Overview Channel banks are typically located at the telco’s CO
Channels deliver content to users’ Web browsers. The and support the digital switching functions of the
content is displayed as ordinary Web pages and can be PSTN. However, channel bank equipment can also be
viewed off line. Channels are delivered to users by way installed at customer premises for larger enterprises.
of Microsoft Corporation’s Channel Definition Format
(CDF) technology. Channels can contain Hypertext Notes
Markup Language (HTML); Microsoft ActiveX con- Channel banks are becoming obsolete as older analog
trols; Microsoft Visual Basic, Scripting Edition PBXs are being replaced by digital PBXs. When a dig-
(VBScript); Java applets; and other dynamic Web ital PBX is used, the PBX can be connected directly to
237
channel bar Channel Definition Format (CDF)
238
channel (Microsoft Windows Media Player) Channel Service Unit (CSU)
● User control: The user can use CDF to specify Channel Service Unit (CSU)
which portions of a site to download to his or her
browser, instead of pulling a lot of content off the site
A device that is used to connect a synchronous digital
telecommunications line to a computer network.
C
and hoping that it contains the needed information.
Overview
Notes Channel Service Units (CSUs) are used to link local
CDF is not true webcasting in the sense of Internet Pro- area networks (LANs) into a wide area network (WAN)
tocol (IP) multicasting because it is a “pull” technology. using telecommunications carrier services such as Dig-
True webcasting is supported by Microsoft Windows ital Data Services (DDS), T-carrier services such as a
Media Player for delivery of content using IP multi- T1 line, and frame relay links.
casting.
The function of a CSU is to terminate the carrier’s digi-
tal line at the customer premises. It also provides signal
channel (Microsoft Windows amplification and allows the carrier to perform remote
Media Player) loopback testing to monitor and troubleshoot the integ-
In Microsoft Windows Media Player, a mechanism that rity of the line. Some CSUs also support Simple Net-
supplies clients with information needed to receive and work Management Protocol (SNMP) features that
render Advanced Streaming Format (ASF) streams. allow the unit to be monitored by the service provider.
Overview
A Windows Media Player channel specifies the multi- Customer premises
Service
cast address and port number the clients should listen to providers
in order to receive the stream. The channel also speci- network
fies the data types and formats in the stream, enabling
the client to correctly render the stream. Windows
LAN
Media Player saves channel information as files with
the extension .nsc. A Windows Media Player channel is
analogous to a television channel or a radio frequency:
DDS line
if a Windows Media Player client is tuned to a channel
at the right time, the client receives streaming informa- Router
tion sent by the Windows Media Player server. (DTE) DDS line
Windows Media Player channels also support addi-
tional features, such as
CSU
● Roll over to unicast: If clients cannot receive a
V.35
multicast, you can configure the channel so that
they automatically receive a unicast of the same
program.
DSU
● Stream distribution: On corporate Transmission (DCE)
Control Protocol/Internet Protocol (TCP/IP) net- GC0XX09 (was G0CUI09 in 1E, see editors note for more below)
239
Channel Service Unit/Data Service Unit (CSU/DSU) Channel Service Unit/Data Service Unit (CSU/DSU)
Implementation
The service provider interface of the CSU terminates at
C the telco’s digital line where it enters the customer pre-
mises. The other interface of the CSU then connects to LAN CSU/DSU
a DSU, and then the DSU connects with data terminal
equipment (DTE) on the LAN (a router, switch, or other
LAN device). The DTE is typically an RS-232 or a V.35 DDS or
serial transmission interface. Frame Relay
Router
Typically, the telecommunications service provider will Router
lease the CSU to the customer, having preconfigured it
DDS or
for the type of digital line to be supported. CSUs usu- Frame Relay
ally come in a dual Channel Service Unit/Data Service
Unit (CSU/DSU) package that drops into the edge of
the network to provide WAN link connectivity. LAN
CSU/DSU
Dedicated stand-alone CSUs are typically used only for
interfacing with installed customer premises telecom-
munications equipment that contains integrated DSUs.
This installed equipment could be a channel bank, Pri- GC0XX10 (was G0Cui10 in 1E)
vate Branch Exchange (PBX), T1 multiplexer, or some Channel Service Unit/Data Service Unit (CSU/DSU).
other device. Some access routers have built-in CSU/ Using a CSU/DSU to connect two local area networks
(LANs) over a wide area network (WAN) link
DSUs as well.
Implementation
See Also: Channel Service Unit/Data Service Unit
CSU/DSUs essentially function as the digital counterpart
(CSU/DSU), Data Service Unit (DSU)
to analog modems. They are typically external units that
look similar to an external modem, but they can also
Channel Service Unit/Data come in sizes that can be mounted in a rack. Unlike ana-
Service Unit (CSU/DSU) log modems, CSU/DSUs do not perform signal conver-
A device that combines the functions of both a Channel sion because the signal at both ends is already digital.
Service Unit (CSU) and a Data Service Unit (DSU). Digital lines usually terminate at customer premises
Overview with four-wire connections having various connector
Channel Service Unit/Data Service Units (CSU/DSUs) types, including RJ-45, four-screw terminal blocks,
are placed between the telephone company network and and M-block connectors (used for V.35 interfaces).
the customer network at the demarcation point and are The four-wire connection is joined to the appropriate
the local interfaces between the data terminal equip- connector on the CSU/DSU. The CSU/DSU typically
ment (DTE) at the customer premises and the telco’s adjusts itself to the line speed of the digital data ser-
digital communications line (such as a T1 line). vice (DDS) line using an autosensing feature. The cus-
tomer’s CSU/DSU then connects directly to the
CSU/DSUs package digital data into a format suitable customer’s router and from there connects to the
for the particular digital transmission line they are ser- customer’s network.
vicing and buffer and rate-adapt digital signals going to
and from the telephone company network. CSU/DSUs At the other end of the DDS line at the central office
ensure that data frames are properly formed and timed (CO), the telco has a similar CSU that interfaces with a
for the telephone company network and provide a pro- multiplexer to feed into the carrier’s backbone network.
tective barrier to electrical disturbances that can harm
customer premises equipment (CPE).
240
CHAP CIM Object Manager (CIMOM)
Notes CIDR
When purchasing CSU/DSUs, consider first the traffic
requirements of your wide area network (WAN) link and
Stands for classless interdomain routing, an alternative
way of classifying Internet Protocol (IP) addresses
C
make sure they support the full range of data rates for the
from the traditional class A-E system. Also called
DDS lines you plan to use (56 K, 64 K, or T1 speed).
supernetting.
See Also: Channel Service Unit (CSU), Data Service
See: classless interdomain routing (CIDR)
Unit (DSU)
CHAP CIFS
Stands for Common Internet File System, a public
Stands for Challenge Handshake Authentication Proto-
version of the Server Message Block (SMB) file-
col, a standard form of challenge/response authentica-
sharing protocol that has been tuned for use over the
tion protocol.
Internet.
See: Challenge Handshake Authentication Protocol
See: Common Internet File System (CIFS)
(CHAP)
241
CIMOM circuit layer proxy
CIMOM
return path
Stands for CIM Object Manager, part of the Microsoft
GC0XX11 (was G0CUI13 in 1E)
242
circuit-level gateway circuit-switched services
to form a circuit between the proxy server and the client circuit-level gateway
computer.
Overview
A type of firewall that provides session-level control
over network traffic.
C
Microsoft Proxy Server is a product that combines fire- Overview
wall and proxy server functions and has two services for Similar in operation to packet filtering routers, cir-
providing circuit-level proxy functions: cuit-level gateways operate at a higher layer of the
● Winsock Proxy Service: This enables Microsoft Open Systems Interconnection (OSI) reference model
Windows Sockets clients such as Microsoft Windows protocol stack. Circuit-level gateways are host-based
Media Player, RealAudio, and Internet Relay Chat and reside on individual clients and servers inside the
(IRC) to function as if they are directly connected network, rather than on a dedicated machine as they do
to the Internet. The Winsock Proxy Service provides with other types of firewalls. Circuit-level gateways
Windows NT Challenge/Response Authentication examine incoming Internet Protocol (IP) packets at the
with clients, regardless of whether the clients session level—Transmission Control Protocol (TCP) or
support it, and supports Windows Sockets version User Datagram Protocol (UDP)—and act as relays
1.1–compatible applications on computers running by handing off incoming packets to other hosts.
Windows. The Winsock Proxy Service can control Circuit-level gateways are rarely used as a stand-alone
access by port number, protocol, and user or group. firewall solution; instead, they are typically used in
Ports can be enabled or disabled for specific users or combination with application layer proxy services
groups, and the list of users that can initiate outbound and packet filtering features in dedicated firewall
connections on a given port can differ from the list applications.
of users that can listen for inbound connections on Microsoft Proxy Server combines the features of packet
that port. filtering, circuit-level gateways, and application layer
● SOCKS Proxy Service: This includes support for proxy to provide a full firewall solution for protecting
the SOCKS 4.3a protocol. The SOCKS Proxy Ser- your corporate network. Proxy Server supports both the
vice provides support for Macintosh-based and SOCKS protocol, which provides nontransparent cir-
UNIX-based client computers, while the Winsock cuit-level gateway security, and the Winsock Proxy,
Proxy Service supports only Windows-based com- which provides transparent circuit-level gateway
puters. SOCKS uses Transmission Control Protocol security.
(TCP) and can be used to control access to the Telnet, See Also: firewall, proxy server
File Transfer Protocol (FTP), Gopher, and Hypertext
Transfer Protocol (HTTP) protocols. The SOCKS
Proxy Service does not support RealAudio, streaming circuit-switched services
video, or Windows Media Player clients. A term describing any telecommunications service that
provides switched connections between a telco and
Notes their customers.
Circuit layer proxies support a wider variety of proto-
cols than application layer proxies. Overview
Circuit switching is the oldest form of digital communi-
See Also: application layer proxy cations used by telecommunications carriers. Circuit-
switched telecommunications services can be provided
to businesses by both local telcos and long-distance
carriers. The Public Switched Telephone Network
243
circuit-switched services circuit-switched services
244
circular logging Class A
A disadvantage with circuit-switched services is tal or differential ones, because you can restore infor-
that they are usually dial-up in nature, and a dial-up mation only up to the last full backup.
connection takes time to be established. This connection
Notes
C
time varies with the technology used. For example,
Do not use circular logging if data recoverability is of
analog modems might take 10 to 20 seconds to establish
high importance to your mail system, which is almost
a connection, and an ISDN terminal adapter might take
always the case with e-mail. Circular logging is enabled
only 1 to 2 seconds. This latency interval tends to make
by default. You should always disable it and ensure that
circuit-switched lines unsuitable for dedicated services,
you have enough free disk space to hold the transaction
such as those used for connecting company Web servers
files. The only reasons you might want to enable circu-
to the Internet.
lar logging would be if you run low on disk space or if
Another disadvantage of circuit-switched services is your server is being used for noncritical data only, such
that the quality can differ substantially between connec- as a public news server.
tions, because each circuit is a temporary connection
that can exist along different paths, switches, and com-
class
munication devices.
More precisely called “object class,” a logical grouping
See Also: Integrated Services Digital Network (ISDN), of objects within Active Directory directory service in
leased line, Multiprotocol Label Switching (MPLS), Microsoft Windows 2000 and Windows .NET Server.
packet-switching services, T1
Overview
Objects are organized within Active Directory by their
circular logging classes. Examples of object classes can include users,
A feature of Microsoft Exchange Server whereby trans- groups, computers, domains, and organizational units
action logs can be overwritten when full. Circular log- (OUs). Each class of objects has its own defining proper-
ging lowers disk space usage but reduces the chances of ties or attributes, as laid out in the Active Directory
successfully recovering from a system crash. schema. Grouping objects logically into classes makes it
easier to find and access these resources on the network.
Overview
Exchange Server databases, such as the directory data- Active Directory comes with predefined object classes.
base and information store, maintain special log files You can create additional classes or modify existing
called transaction log files. These log files improve the ones using the Active Directory schema.
performance and fault tolerance of the databases, and
See Also: Active Directory, object (Active Directory)
help track and maintain changes made to them. Trans-
actions are immediately written both to the log files and
to memory, and only afterward to the database files. Class A
Transaction logs are normally kept on a different drive A type of Internet Protocol (IP) network where the first
from the database files to ensure fault tolerance in case octet of IP addresses ranges between 0 and 126 inclusive.
of a disaster that causes data loss, such as a crashed disk
Overview
or a power failure.
Class A networks were originally intended for very
When circular logging is enabled, only a few transac- large internetworks. Using the default class A subnet
tion log files are maintained, and these are overwritten mask of 255.0.0.0, each class A network can support a
when they become full. This prevents log files from maximum of 16,777,214 individual hosts with unique
continually building up, which saves disk space. How- IP addresses—large enough for the largest of enterprise
ever, circular logging has the disadvantage of allowing networks. However, there are no longer any Class A
you to perform only full backups, rather than incremen- networks available since all 125 of them were assigned
245
Class B class-based queuing (CBQ)
in the 1980s to large corporate customers, organiza- Address Translation (NAT), IANA recommends using
tions, and the military. None of these organizations Class B addresses whose first two octets range from
C actually has networks large enough to require the full 172.16 to 172.31. This provides many thousands of
16 million host addresses provided by their Class A host addresses ranging from 172.16.0.1 through
addresses, so classless interdomain routing (CIDR) was 172.31.255.254 and up to 16 different subnets if
developed by the Internet Engineering Task Force required.
(IETF) to allow unused Class A addresses to be reas-
See Also: Class A, Class C, Class D, Class E, classful
signed to other users.
domain, classless domain, IP address
Notes
For a huge private network not directly connected to the
class-based queuing (CBQ)
Internet or hidden behind a firewall using Network
An emerging technology for wide area network (WAN)
Address Translation (NAT), the Internet Assigned
traffic management.
Numbers Authority (IANA) recommends using Class A
addresses whose first octet is 10. This provides millions Overview
of possible host addresses ranging from 10.0.0.1 to Traditionally, WAN traffic for different classes of ser-
10.255.255.254. vice (CoS) have been managed using router-based
schemes that provide best-effort control of bandwidth
The Class A address 127.0.0.1 is reserved for loopback
allocation. For example, a router might be configured to
and represents the local host being used.
allow no more than 20 percent of available bandwidth
See Also: Class B, Class C, Class D, Class E, classful for streaming video. Such a bandwidth allocation is rel-
domain, classless domain, classless interdomain rout- ative (percentage) rather than absolute (bps) in nature,
ing (CIDR), IP address which does not give much granularity for control of
traffic, particularly mission-critical network traffic.
Class B Class-based queuing (CBQ) is an emerging technology
A type of Internet Protocol (IP) network where the first for WAN access routers that allows network managers
octet of IP addresses ranges between 128 and 191 to classify traffic types into a hierarchy of classes and
inclusive. then assign absolute bandwidth allocations to each type.
For example, CBQ could first be used to divide traffic
Overview
types according to different kinds of business applica-
Class B networks were originally intended for large
tions and then to create a second level classifying traffic
internetworks. Using the default Class B subnet mask
according to the department using the application. The
of 255.255.0.0, each Class B network can support up to
customer relationship management (CRM) software
65,534 individual hosts with unique IP addresses—
used by the marketing department could then be assured
large enough for the largest of enterprise networks.
a given minimum bandwidth.
There are 65,536 possible Class B networks that can be
assigned, and in the early days of internetworking a Implementation
number of these network IDs were assigned to large CBQ operates at Level 2 (the network layer) for IP
corporations and to the military by the Internet traffic and works with any IP protocol including Trans-
Assigned Numbers Authority (IANA). Today it is mission Control Protocol (TCP), User Datagram Pro-
virtually impossible to obtain a class B network ID. tocol (UDP), or Internet Control Message Protocol
(ICMP). To implement CBQ in a corporate WAN set-
Notes
ting, a CBQ-capable access router would be inserted
For a large private network not directly connected to the
at the WAN edge of each corporate local area network
Internet or hidden behind a firewall using Network
(LAN) and configured with suitable classes to control
246
Class C Class D
allocation of bandwidth for WAN traffic. CBQ classes work Address Translation (NAT), the Internet Assigned
are implemented on routers by using policies. Numbers Authority (IANA) recommends using Class C
addresses whose first three octets range from 192.168.0 C
through 192.168.255. This provides thousands of
host addresses ranging from 192.168.0.1 through
192.168.255.254 and up to 256 different subnets if
LAN required.
See Also: Class A, Class C, Class D, Class E, classful
domain, classless domain, IP address
WAN
router Class D
A type of Internet Protocol (IP) network where the first
octet of IP addresses ranges between 224 and 239 inclusive.
LAN Overview
CBQ-based Class D addresses are used exclusively for multicasting
access router purposes. Most Class D addresses whose first octet is
224 are reserved for special purposes, as shown in the
table. For multicasting within a private network not
WAN directly connected to the Internet or hidden behind a
router firewall using Network Address Translation (NAT), the
Internet
Internet Assigned Numbers Authority (IANA) recom-
mends using Class D addresses whose first octet is 239.
For multicasting over the Internet you must first obtain
CBQ-based a multicast address from IANA.
access router
GC0XX13 (new to 2E) Examples of Some Reserved Class D Addresses
Class-based queuing (CBQ). Implementing CBQ on a WAN. with First Octet 224.
See Also: wide area network (WAN) Address Reserved for
224.0.0.1 Multicasting to all hosts on the local
Class C subnet
A type of Internet Protocol (IP) network where the first 224.0.0.2 Multicasting to all routers on the local
octet of IP addresses ranges between 192 and 223 inclusive. subnet
224.0.0.4 Multicasting to all Distance Vector
Overview Multicast Routing Protocol (DVMRP)
Class C networks were originally intended for small routers
internetworks. Using the default Class C subnet mask 224.0.0.5 Multicasting to all Multicast Open
of 255.255.255.0, each Class C network can support up Shortest Path First (MOSPF) routers
to 254 individual hosts with unique IP addresses. There 224.0.0.9 Multicasting to all Routing Internet
are 16,777,216 possible Class C networks that can be Protocol version 2 (RIPv2) routers
assigned, and it is relatively easy to obtain a Class C 224.0.0.10 Multicasting to all Interior Gateway
network ID from your Internet Service Provider (ISP) Routing Protocol (IGRP) routers
should your company require it. 224.0.18.255 Dow Jones multicasting service
247
Class E Classical IP (CIP)
Overview Overview
A classful domain is an IP network that contains only the Classical IP (CIP) is an alternative to LAN Emulation
single default subnet. All hosts on the network are there- (LANE) as a way of transporting IP packets over Asyn-
fore in the same broadcast domain. For example, a net- chronous Transfer Mode (ATM) networks. CIP is based
work that is using a Class A address such as 10.0.0.0 and on RFC 1577 and supports only IP and no other net-
the default subnet mask 255.0.0.0 is a classful domain. The work protocols (LANE can also be used to transport
same would be true of a network using a Class B address multiprotocol traffic such as IP and Internetwork Packet
such as 172.11.0.0 with subnet mask 255.255.0.0 and a Exchange [IPX] over ATM). CIP has a number of
network using a Class C address such as 192.16.33.0 with benefits that make it an attractive solution in many
subnet mask 255.255.255.0—all three of these are exam- situations:
ples of classful domains and are networks with only one ● CIP is fast—speeds of 25 megabits per second
subnet and therefore one broadcast domain. (Mbps), 155 Mbps, 625Mbps, and 2.4 gigabits per
Generally speaking, classful domains are not the way to second (Gbps) are supported, making it competitive
go as they are very busy places with respect to traffic with Fast Ethernet and Gigabit Ethernet (GbE) as a
and may be susceptible to broadcast storms. Large net- network transport.
works are thus subnetted into a group of subnets form- ● CIP is a circuit-switched technology that provides
ing what is called a classless domain. full bandwidth to each station on the network.
See Also: classless domain, IP address, subnetting ● CIP is simpler to implement, manage, and trouble-
shoot than LANE and utilizes fewer ATM resources
classful routing protocol (virtual circuits).
A routing protocol for classful networks. ● CIP utilizes bandwidth effectively by eliminating
Overview broadcast traffic (as described later).
Classful routing protocols require that all Internet Pro- Implementation
tocol (IP) addresses on a network have the same sub- CIP groups IP hosts together into groupings called
net mask. For example, if a Class B network ID of logical IP subnets (LISs). Each LIS has an Address
172.24.0.0 is subnetted into several subnets such as
248
Classic desktop classless domain
Resolution Protocol (ARP) server to support IP broad- desktop or upgrade to the newer Active Desktop
casts. Because broadcasts are essential to IP for the included with Microsoft Internet Explorer beginning
operation of the ARP, CIP implements a device called with version 4: C
an ARP server to eliminate the need for these broad-
● The cost of introducing users to the new desktop
casts. This is necessary because ATM in itself does not
paradigm
support broadcasts. When an IP host appears on a CIP
network, it first registers itself with the ARP server so ● The necessity for tight integration among the desk-
that IP communications can take place. top, the corporate network, and the Internet
When an IP host needs to communicate with a target
host on the network, it passes the IP address of the tar-
get host to the ARP server in the LIS, which returns the
ATM address of the target host. To make this possible,
the ARP server must be preconfigured with mappings
of the IP and ATM addresses of each IP host in the LIS.
When the host knows the target host’s ATM address,
a switched virtual circuit (SVC) can be established
between the two hosts and IP packets can be transmitted
to the target host.
An alternative implementation of CIP is called CIP over
PVC (permanent virtual circuit). This is used primarily
for wide area network (WAN) connections that are
always on. GC0XX14 (was G0Cui15 in 1E)
249
classless interdomain routing (CIDR) classless interdomain routing (CIDR)
data-link layer and can partition a network into different (RFCs), namely RFCs 1517 to 1520, that brought a way
collision domains, but they do not create different out of the dilemma. These RFCs formed the basis of
C broadcast domains. CIDR and provided a way of not only reducing the
growing load on the Internet’s core routing tables
See Also: classful domain, IP address, subnetting
(another result of the Internet’s rapid growth) but also of
reusing unused IP addresses to make about 8 million
classless interdomain routing additional IP networks of Class C size available for
(CIDR) assignment to other companies and organizations.
Also called supernetting, an alternative way of classify-
ing Internet Protocol (IP) addresses from the traditional Uses
CIDR is used primarily by routers and gateways on the
Class A-E system.
backbone of the Internet for routing packets across the
Overview Internet. CIDR is not used much in private networks
Classless interdomain routing (CIDR) is a more effi- because most networks are hidden behind firewalls and
cient routing mechanism than the original method of can use any arbitrary block of IP addresses, such as the
segregating network IP addresses into classes named 10.x.y.z block allocated by Internet Network Informa-
Class A, B, and C. The trouble with the old system is tion Center (InterNIC) for general, private use. Instead,
that it leaves too many unused IP addresses. For exam- CIDR comes into its own on the Internet backbone to
ple, while Class A networks support large numbers of facilitate routing and ensure the continued functioning
network nodes, there are not enough Class A networks of the Internet. However, CIDR is viewed only as a
to go around and none of the owners of these networks workaround to the issues of insufficient numbers of IP
make anywhere near full use of the large number of IP networks available for allocation and maintaining the
addresses available to them. As a result, large numbers routing tables of backbone routers at workable sizes.
of Class A (and Class B) IP addresses go unused, and Most Internet architects see IPv6 as the real solution to
CIDR was developed as a way of reclaiming those IP these issues and expect the need to change over to this
addresses for allocation elsewhere. Similarly, while system of addressing in the next few years.
many Class C network IDs are available, many compa-
nies require more than the 254 IP addresses available on Implementation
CIDR replaces the old class method of allocating 8, 16,
a Class C network, but not nearly as many as the 65,534
or 24 bits to the network ID, and instead allows any
IP addresses available on any Class B network.
number of contiguous bits in the IP address to be allo-
History cated as the network ID. For example, if a company
In the late 1980s, prescient architects of the Internet needs a few thousand IP addresses for its network, it
foresaw that the standard Class A-E method for assign- can allocate 11 or 12 bits of the address for the network
ing IP addresses would eventually fail and that the rout- ID instead of 8 bits for a Class C (which would not
ing tables used by the core routers of the Internet’s work because you would need to use several Class C
backbones would eventually grow unmanageably large. networks) or 16 bits for Class B (which is wasteful).
The class system provides for a huge number of IP
CIDR assigns a numerical prefix to each IP address. For
addresses, but for only about 2 million different IP net-
example, a typical destination IP address using CIDR
works. As the number of networks attached to the Inter-
might be 177.67.5.44/13 (the last part being pro-
net grew exponentially, a time was anticipated when
nounced “slash thirteen”). The suffix /13 indicates that
there would be no more network numbers left to assign
the first 13 bits of the IP address identify the network,
for new Class B and C networks (all Class A networks
while the remaining 32–13 = 19 bits identify the host. In
were assigned early on).
subnetting notation, the CIDR address 177.67.5.44/13
In the early 1990s the Internet Engineering Task Force would be equivalent to the combination of IP address
(IETF) produced a group of Requests for Comments 177.67.5.44 and subnet mask 255.255.128.0 (see the
250
classless routing protocol classless routing protocol
251
CLB client
252
client access license (CAL) client certificate
Overview Overview
Planning the hardware, software, configuration, deploy- Every client computer on a network, regardless of
ment, and maintenance of clients is as important to whether it is running a Microsoft or non-Microsoft C
the network administrator as the other server-related operating system, requires a client access license (CAL)
activities. if it will be accessing any of the following Microsoft
Windows NT, Windows 2000, Windows XP, or
Choice of a client operating system depends on various
Windows .NET Server services:
considerations. For example, in determining whether to
install Microsoft Windows Millennium Edition (Me), ● File services, for accessing shared files and folders
Windows 2000 Professional, or Windows XP Profes- on a server
sional on client computers, users should consider the
● Print services, for accessing shared network
following:
printers
● Both client operating systems, in conjunction with
● Remote Access Service (RAS) or Routing and
Microsoft Internet Explorer versions 5 and later,
Remote Access Service (RRAS)
offer the same desktop configuration options, simi-
lar utilities, and similar support for features such ● File and Print Services for NetWare (FPNW)
as user profiles, hardware profiles, and system
● File and Print Services for Macintosh (FSM)
policies.
● Microsoft Transaction Server (MTS) and Microsoft
● Windows 2000 Professional or Windows XP
Message Queue (MSMQ) Server access
Professional will provide client machines with bet-
ter performance, greater reliability, and more robust ● Windows NT Terminal Server functionality
security, but they have higher hardware require-
Client access licenses can operate in one of two modes:
ments than Windows Millennium Edition (Me).
● Per Server licensing, which is based on concurrency
● Windows Me supports a broader range of devices
of access to network resources
and legacy software applications, and includes
power-management support—making it a better ● Per Seat licensing, which is the more commonly
solution for mobile users. implemented solution and is supported by all Back-
Office applications
Notes
In configuring clients to operate on a network, appropri- See Also: license
ate software must be installed on each client to allow it
to access servers on the network. For example, to access
client certificate
Windows 2000 servers, client machines require
A digital certificate obtained for a client application
Microsoft client software such as Client for Microsoft
(such as a Web browser) that can be used by the client to
Networks. To access Novell NetWare servers, client
digitally sign data it transmits.
machines require NetWare-compatible clients, such as
Client for NetWare Networks. Overview
Client certificates can be used to enable client machine
See Also: client/server, server
authentication for the purpose of secure communication
over the Internet using the Secure Sockets Layer (SSL)
client access license (CAL) protocol.
A license that grants a client machine access to a
Microsoft BackOffice product running on a network
of computers.
253
Client for Microsoft Networks Client for NetWare Networks
254
client installation point client/server
Overview Overview
Client for NetWare Networks requires that the IPX/ Creating a client installation is the first step in preparing
SPX-Compatible Protocol be installed. Client for Net- to install software over the network. To create a client C
Ware Networks cannot be used for accessing Microsoft installation point, create a directory on a server and
servers such as Windows NT, Windows 2000, and share the folder with full permissions for administrators
Windows .NET Server. You must install Client for and read-only permissions for ordinary users. Either
Microsoft Networks to access these servers. Windows copy the installation files for the software from the CD
95 and Windows 98 allow you to install more than one to the shared directory, or run the setup program using a
client at a time to access different kinds of servers on special switch to copy the files so that they can be used
the network. for network installation—for example, to uncompress
the cabinet files on the CD. Users can then connect to
Use the Network utility in Control Panel to install
the shared directory, run the setup program, and com-
Client for NetWare Networks on a computer running
plete the installation process.
Windows 95 or Windows 98. Then use the property
sheet of Client for NetWare Networks to configure the
preferred NetWare server, to select the first drive letter client/server
to use for mapping network drives from NetWare com- A paradigm for deploying two-tiered distributed
mand-line utilities, and to enable processing of logon applications.
scripts on the preferred server.
Overview
Notes In the client/server model, an application is split into a
Client for NetWare Networks can connect to NetWare 3 front-end client component and a back-end server com-
and earlier servers, or NetWare 4 servers running in ponent. The front-end client part of the application runs
bindery emulation mode. If you want to use Client for on a workstation and receives data that is input by the
NetWare Networks to connect to a NetWare 4 server user. The client component prepares the data for the
running Novell Directory Services (NDS), you must server by preprocessing it in some fashion, and then
also install Service for NetWare Directory Services on sends the processed information to the server, usually in
the Windows 95 or Windows 98 client. This service is the form of a request for some service. The back-end
available with Windows 95 OSR2 or Service Pack 1 for server component receives the client’s request, pro-
Windows 95, and is included with Windows 98. cesses it, and returns information to the client. The cli-
ent receives the information returned from the server
Before installing Client for NetWare Networks on a
and presents it to the user by way of its user interface.
computer running Windows 95 or Windows 98, make
Usually most of the processing is done at the back end
sure you remove any real-mode NetWare requestor
(server end) where database servers, messaging servers,
software running on the machine, such as NETX (the
file servers, and other resources are located.
NetWare 3.x client shell) or VLM (the NetWare 4.x
client shell). An example of a simple client/server application is a
Web application that is designed for Microsoft Internet
Information Services (IIS) using a combination of
client installation point server-side Active Server Pages (ASP) programming
A shared directory on a network file server to which
and client-side scripting. The ASP scripts run on the
users on your network can connect to install client soft-
Web server, while the client-side scripts run on the cli-
ware locally on their client computers.
ent Web browser.
See Also: distributed application
255
Client Services for NetWare (CSNW) cloud
Client Services for NetWare CSNW supports connections to servers running version
256
cluster clustering
Cloud. The Internet depicted as a cloud of paths and also implement the extension dynamic-link libraries
connections. (DLLs) of Cluster Administrator, which allow them to
be managed using Cluster Administrator. These features
Circuit-switched services are often represented as
allow developers to write high-scalability applications
clouds as well. In circuit-switched services, communi-
that can operate across the different nodes in a cluster.
cation switches at various telco and carrier central
offices (COs) and switching facilities are temporarily A cluster-aware application is one that is aware of the fact
used for establishing circuits between two communicat- that it is running on a cluster and can make use of the scal-
ing nodes. Each time communication is terminated and ability, load balancing, and failover aspects of clustering
reestablished, different sets of switches can be used. to provide high availability for mission-critical business
environments. Cluster-aware applications include data-
See Also: telecommunications services
base applications such as Microsoft SQL Server, messag-
ing applications such as Microsoft Exchange Server, and
cluster Web applications for running on Web servers such as
A group of two or more nodes within a system support- Microsoft Internet Information Services (IIS).
ing clustering.
See Also: clustering
Overview
When a client on a network tries to access shared
resources or applications on a cluster, the cluster
clustering
Any technology that enables two or more servers to
appears to the client as a single node or server instead
appear to clients as a single system.
of the group of nodes or servers it really is.
257
clustering clustering
258
CMAK CMAK
● Fault-tolerant clustering: Nodes are paired within .NET Server Enterprise Server and Datacenter Server
a cluster, and all nodes perform all tasks simulta- editions, and it was formerly called Windows Load Bal-
neously. This is an expensive solution from a hard- ancing Services (WLBS) on the Windows NT Server 4 C
ware point of view, but latency for failover is platform. NLB provides load balancing of Internet Proto-
reduced to a second or less. col (IP) traffic to up to 32 independent network nodes
(servers) and is typically used to build farms of Web serv-
Marketplace
ers or Exchange 2000 Outlook Web Access (OWA) serv-
Many different clustering solutions are in the market-
ers for large enterprises. When one node in an NLB
place, but this article focuses on four different cluster-
cluster goes down, the load is simply redistributed to the
ing technologies delivered by Microsoft platforms and
remaining nodes.
products, namely:
Application Center 2000 is a part of Microsoft Corpora-
● Windows clustering, previously known as
tion’s .NET Server family, and is a stateless clustering
Microsoft Cluster Services (MCSC)
platform designed to provide a single point of manage-
● Network Load Balancing (NLB) ment for farms of Web servers. Appcenter is typically
used in conjunction with NLB and CLB to provide high
● Application Center 2000
availibity, high reliability clustering that can scale out to
● Component Load Balancing (CLB) large numbers of users. Appcenter manages a collection
of servers in a Web farm as a single entity and can be
You can find additional information in separate articles
used to create new clusters, join servers to existing clus-
on each of these four solutions.
ter, remove nodes from clusters, deploy applications
Windows clustering is a feature of Microsoft Windows and application components to different nodes within a
2000 Advanced Server and Datacenter Server and of cluster, move components between nodes of a cluster,
Windows .NET Server. Windows clustering is probably monitor the performance of a cluster, and manage load
Microsoft’s best-known clustering platform and was orig- balancing of network connections to cluster nodes and
inally developed for Microsoft Windows NT Server COM+ components within a cluster-aware application.
Enterprise Edition where it was code-named Wolfpack
Component Load Balancing (CLB) is supported by all
during its development. Windows clustering is a stateful
versions of Windows 2000 Server and is used to provide
clustering solution that enables system architects to create
load balancing of COM+ objects across distributed
clusters from groups of independent computer systems
applications deployed on up to 16 nodes (servers). CLB
and to run and manage cluster-aware applications. Using
is a stateless clustering solution that requires no special
Windows clustering, you can build two-way clusters (that
hardware but needs Microsoft Application Center 2000
is, clusters with only two nodes) on Windows 2000 and
in order to operate.
Windows .NET Server Enterprise Server edition or four-
way clusters on Windows 2000 and Windows .NET See Also: Application Center, cluster, cluster-aware
Server Datacenter Server edition (Windows NT Server application, Component Load Balancing (CLB)
Enterprise Edition supported only two-way clustering). In
Windows clustering a cluster connects nodes together
CMAK
using a shared file system and clusters can utilize active/
active clustering for maximum reliability and availability. Stands for Connection Manager Administration Kit, a
Windows clustering makes an excellent choice for cluster- wizard-based tool for creating custom connectivity
ing database and messaging applications for enterprises. solutions, and a component of Internet Connection Ser-
vices for Microsoft Remote Access Service (RAS).
Network Load Balancing (NLB) is a stateless clustering
solution included with Windows 2000 and Windows See: Connection Manager Administration Kit (CMAK)
259
CMP cabling coaxial cabling
260
codec Code Division Multiple Access (CDMA)
261
Code Division Multiple Access (CDMA) Code Division Multiple Access (CDMA)
262
Coded Orthogonal Frequency Division Multiplexing (COFDM) code-operated switch
different frequencies, instead of one, which made it spread between divergent signal paths. Each symbol
extremely difficult for the Germans to pick up entire transmitted is proceeded and followed by a cyclic prefix
signals. called a guard interval, which helps give the baseband C
processor time to receive and process the information.
For More Information
Additional error-correcting information is encoded to
You can find the CDMA Development Group at
help reduce the effects of interference.
www.cdg.org. QUALCOMM is at www.qualcomm.com.
See Also: 2G, 2.5G, 3G, Advanced Mobile Phone Ser-
vice (AMPS), CDMA2000, cellular communications, Building
Global System for Mobile Communications (GSM),
t+ t1
Time Division Multiple Access (TDMA)
t
Coded Orthogonal Frequency
Division Multiplexing (COFDM)
A technique for enhancing the speed of wireless
802.11a t+ t2 Base
networking.
client station
Overview
Coded Orthogonal Frequency Division Multiplexing Wall
(COFDM) is employed by the 802.11a wireless net-
(delay spread = tmax)
working standard as a way to work around the difficulty GC0XX19 (new to 2E)
of radio frequency (RF) interference caused by scatter- Coded Orthogonal Frequency Division Multiplexing
ing and reflection off of buildings, walls, and similar (COFDM). COFDM helps overcome the delay spread caused
objects. The problem with wireless networking, as when signals are reflected off of interfering objects.
opposed to wireline (wired) networking, is that Using COFDM, wireless networks based on 802.11a
although wireline networks usually have a single path can break through their current speeds of 10 to 20
between different stations, wireless communication is megabits per second (Mbps) to achieve speeds of 155
often multipath. As the figure shows, a signal can travel Mbps or even higher.
between a wireless client and a base station along dif-
ferent paths due to reflection of RF signals off walls and See Also: 802.11a, wireless networking
other objects. The result is that when the signal arrives
it is spread out in time. If the time over which a signal code-operated switch
can be spread out by interference (the delay spread) is A switch with a combination of input and output ports,
less than the time between individual packet transmis- the connections between which can be remotely recon-
sions (the symbol rate), then the receiver can still be figured by commands entered into a computer.
processing one packet while the next one arrives, creat-
ing a problem.
Overview
Code-operated switches are useful in environments
COFDM works around this problem not only by slow- where remote switching is needed for file-sharing or
ing down the symbol rate (the rate of packet transmis- monitoring purposes. For example, you could use an
sion) but also by cramming as much information as RS-232 serial code-operated switch to remotely switch
possible into each packet. COFDM thus transmits data between pieces of data terminal equipment (DTE), such
in a massively parallel fashion, ensuring that each as servers or routers for running diagnostics from a
symbol can be processed in a time less than the delay remote console.
263
COFDM cold boot
Code-operated
switch
C
RS-232
Modem Data collector
Oscilloscope
Remote user Modem
Plotter
Printer
GC0XX20 (was G0Cui21 in 1E)
Code-operated switch.
Implementation COFDM
Internal dual inline package (DIP) switches are usually
Stands for Coded Orthogonal Frequency Division Mul-
used to configure the code-operated switch so that a dif-
tiplexing, a technique for enhancing the speed of wire-
ferent arming character can be used to trigger each con-
less networking.
nected device. The code-operated switch then examines
the incoming data stream for these special text-string See: Coded Orthogonal Frequency Division
codes in order to determine to which device it should Multiplexing (COFDM)
route data. An example might be the remote switching
between printers. A remote computer could send an
embedded switching character to specify which printer
cold boot
Restarting the computer by turning the power switch off
connected to the code-operated switch should be used
and then on, or by shutting down the computer, turning
for printing the data.
it off, and then turning it on again.
A remote user can connect to the company network
Overview
using a modem that interfaces with a code-operated
If you perform the first type of rebooting, open files will
switch, and then use the switch to control a variety of
not be properly closed and data can be lost. However,
serial-controlled devices in an industrial environment,
this method ensures that memory is cleared and devices
such as a group of laboratory instruments. Code-oper-
are properly reset. An example might be when you
ated switches are available from different vendors in
reconfigure the settings of a legacy modem using the
configurations supporting up to 64 different serial
modem utility in Control Panel. You might find that you
devices from one remote connection.
must cold boot your machine in order for the new
Besides embedding switching characters in the data configuration settings to fully take effect.
stream, embedded control characters can also be used to
See Also: boot
directly control the code-operated switch.
See Also: switch
264
Cold Fusion collapsed backbone
265
collision collision domain
backbones make use of centralized switches, which pro- occurred. Both stations then stop transmitting and wait
vide virtual point-to-point connections for LAN connec- a random length of time before retransmitting their
C tions. These switches are located in the same place as the signals. The amount of time the stations wait before
network servers—in fact it was the move toward central- retransmitting increases with the number of collisions
ized location of network servers that helped drive the occurring on the network.
development of collapsed backbones.
See Also: Carrier Sense Multiple Access with Collision
In a typical collapsed backbone scenario, instead of Detection (CSMA/CD), collision domain, Ethernet
having a hub for each floor located in that floor’s wiring
closet, a set of stackable Ethernet switches would be
collision domain
located in the equipment room in the basement, with
An area of a network where signals transmitted by
individual cables running from this closet through ver-
different stations with that area can collide.
tical rises to wiring closets on each floor where hubs
distribute connections to stations in work areas. Overview
In Carrier Sense Multiple Access with Collision Detec-
Advantages and Disadvantages tion (CSMA/CD) networks such as Ethernet, a collision
The advantages of using a collapsed backbone are that
can occur if two computers on the network attempt to
they eliminate the costs of backbone cabling installa-
transmit signals at the same time. When a collision
tion, they require fewer devices, their equipment
occurs, the network is momentarily offline and no
administration is more centralized, and they offer
computers can communicate on it.
higher available bandwidth for each station. The disad-
vantages are that collapsed backbones generally are not The larger the collision domain of an Ethernet network,
feasible for use in more than one building, they require the more computers present and the higher the probabil-
more cabling, they use more expensive devices, and ity of collisions occurring and negatively affecting net-
they have a more limited distance capability. work performance. When collision domains become
too large, so many collisions occur that network com-
See Also: backbone, network
munications become possible. As a result, it is impor-
tant to segment Ethernet networks to keep collision
collision domains small enough that the effect of collisions is
A condition that occurs when two or more computers minimized on the network.
on a network try to transmit signals over the same wire
Segmenting a collision domain can be accomplished
at the same time.
using bridges, switches, routers, and other devices. For
Overview example, if two Ethernet hubs are connected directly to
Collisions are inevitable on a network as long as there is a third hub, the resulting local area network (LAN) is
more than one computer on the network. Handling col- still only a single collision domain because only hub
lisions is one of the main functions of a network access connections are used between segments of the network.
method. For example, in Ethernet networks, collisions But if the two hubs are directly connected to an Ether-
often occur when two or more stations attempt to place net switch, you have two collision domains because the
frames on the wire at the same time. To handle this sit- switch enables the two networks to function indepen-
uation, Ethernet uses the access method called Carrier dently. Routers also segment networks into broadcast
Sense Multiple Access with Collision Detection domains to prevent the occurrence of broadcast storms.
(CSMA/CD).
See Also: broadcast domain, broadcast storm,
When a station begins transmitting a signal and detects Carrier Sense Multiple Access with Collision
a collision, the station stops transmitting and issues a Detection (CSMA/CD), collision, Ethernet
jam signal to tell the other station that a collision has
266
COM COM component object
267
command command
Remote command
A method by which actions can be performed on a com-
COM puter running Microsoft Windows by typing text into a
object command prompt window. The commands that are
available depend on which version of Windows is used.
Machine 2
Overview
GC0XX21 (was G0Cui22 in 1E) Examples of commands common to most Windows plat-
COM component object. In-process, local, and remote forms include the Attrib command, Cacls command,
COM components.
Copy command, Dir command, and Diskcopy command.
COM components can be run on an application server, a In addition to these Windows commands, some special
Web server, a Microsoft Transaction Server (MTS), or a commands are available only when certain networking
client. COM components can be stand-alone applica- services or protocols are installed. For example, if Trans-
tions or reusable software components, and they make mission Control Protocol/Internet Protocol (TCP/IP) is
the development of Web applications comparable to the installed on a computer running Windows, a number of
development of system applications. TCP/IP commands are available, including the Arp com-
mand, Ping, Tracert, and Nbtstat.
COM components interact with each other and with
user applications in a client/server fashion. The client Commands are useful for administering different
therefore uses the functionality of the server component aspects of a system or network using a command-line
by creating instances of classes that the server compo- interface, such as a telnet connection or a command
nent provides and calling their properties and methods. prompt. Commands are also often used in writing batch
files that can perform a group of operations on a sys-
COM components can be designed to run in three dif-
tem or network service. You can run such a batch file
ferent modes:
directly, or you can schedule its operation for a prede-
● In-process: The component executes in the calling termined time.
application’s process space.
Finally, many Windows programs can be started in dif-
● Local: The component executes in its own process ferent ways from the command prompt using optional
space. switches. For example, Windows Explorer can be run
by typing explorer.exe from the command prompt.
● Remote: The component executes in a process
These programs are normally run using a graphical user
space on another machine.
interface (GUI), are started by desktop shortcuts, and
An in-process COM component has the extension .ocx or are not usually referred to as commands.
.dll, while an out-of-process COM component (one run-
See Also: UNIX commands, Windows commands
ning outside the calling application process) has the
268
command interpreter command prompt
the operating system shell, especially on UNIX plat- Command prompt. The command prompt in Windows
2000.
forms. Entering a command into the command inter-
preter is referred to as “working at the command line.” Notes
In Windows 2000, Windows XP, and Windows .NET
See Also: command line, command prompt
Server, the command prompt application is Cmd.exe,
located in the %SystemRoot%\system32 folder. In
command line Windows Millennium Edition (Me), it is called the
A general name for any user interface that allows MS-DOS prompt, has the executable filename Com-
text-based commands to be entered and executed on a mand.com, and is in the \Windows folder. The
system. The term command line is popular in UNIX Windows 2000, Windows XP, and Windows .NET
environments, but Microsoft Windows systems use Server versions can be configured using the Console
command prompt to mean essentially the same thing. utility in Control Panel.
See Also: command interpreter, command prompt For security reasons, should you wish as an administra-
tor to disable the command prompt on a Windows 2000,
command prompt Windows XP, or Windows .NET Server machine, you
A Microsoft Windows application that allows text- can accomplish this by either renaming Cmd.exe to
based Windows commands to be entered and executed. something only you yourself are aware of, set NTFS file
system (NTFS) permissions so that only Administrators
Overview can access it, or (not recommended) delete Cmd.exe
The Windows command prompt provides a com- entirely from the system.
mand-line interface (CLI) similar to those provided by
UNIX systems. The command prompt can be used for See Also: command interpreter
269
Commerce Server 2000 Common Desktop Environment (CDE)
Commerce Server 2000 utilizing these services of a CSP, customers do not have
to acquire licenses for the software the CSP provides.
C Microsoft Corporation’s platform for building and man-
aging e-commerce solutions.
See Also: xSP
Overview
Commerce Server 2000 reduces the time it takes to
develop and deploy complex e-commerce solutions.
Committed Information Rate
Commerce Server is based on Microsoft Site Server
(CIR)
A way of guaranteeing bandwidth in frame relay
version 3 Commerce Edition (SSCE), and it builds on
services.
the strength of this earlier product. Commerce Server is
part of the Microsoft Windows .NET Server family. Overview
Committed Information Rate (CIR) provides a way of
Commerce Server provides core services for managing
guaranteeing minimum bandwidth for frame relay cus-
your e-commerce site, including
tomers. Because customers on a frame relay network
● Profile system: Used to profile and manage cus- share the network, it is possible that service providers
tomers and trading partners might oversubscribe the service—with the result that
some customers receive insufficient bandwidth.
● Product catalog system: Lets you manage millions
Another situation where this can be a problem is if
of different products and find them quickly
many customers try to access the frame relay network at
● Targeting system: Lets you target customers with the same time.
personalize one-on-one marketing
CIR guarantees that data throughput on frame relay
● Business processing pipelines system: Lets you connections will not drop below a previously agreed-
customize your products to meet your customers’ upon contractual lower limit. However, CIR does permit
needs short bursts of traffic to occupy greater amounts of
bandwidth.
In addition to these services, Commerce Server
includes administration and development tools for See Also: frame relay
building and managing your site, sample e-commerce
sites you can use as templates and models, a data-
warehousing decision-making system, help-desk
Common Desktop Environment
customer support functionality, and much more.
(CDE)
A graphical user interface (GUI) or desktop environ-
For More Information ment developed for UNIX systems.
Find out more at www.microsoft.com/commerceserver/.
Overview
See Also: .NET platform Common Desktop Environment (CDE) was developed
by IBM, Sun Microsystems, and Hewlett-Packard
under the Common Open Software Environment
commercial service provider (COSE) initiative. CDE is a paradigm that is widely
(CSP) used in the UNIX industry. CDE is based on various
Internet service providers (ISPs), online service provid-
industry standards including the X Window System
ers, telephone and cable network operators, and other
(X11) release 5, X/OPEN, OSF/Motif 1.2, and others.
companies.
CDE is designed to provide UNIX users with a simple
Overview
and consistent desktop interface that includes
CSPs provide software services such as community
access to mail, news, chat, and conferencing services. By ● Standard Windows-management features
270
Common Gateway Interface (CGI) Common Gateway Interface (CGI)
● File-system browsing tools supporting multiple process the input data, generate the results, and pass
views these results back to the Web server, which then returns
● Customizable user interface–management tools for
them properly formatted in Hypertext Markup Lan- C
guage (HTML) to the client.
changing backdrops, mouse and keyboard settings,
and screen savers The main disadvantage of CGI is that each request must
spawn a new CGI process and that, after the request is
● Extensive and easily accessed online help features
satisfied, the process is killed. Thus a Web server expe-
● Multiple workspaces for increasing available desk- riencing multiple simultaneous requests from clients
top area will spawn multiple copies of the gateway process, each
of which consumes memory and processing overhead.
See Also: UNIX, X Window System
The fact that processes are terminated at the end of each
request limits CGI to single-step Web applications and
Common Gateway Interface requires much ingenuity to handle data across a multi-
(CGI) step user session.
A mechanism by which a Web browser can request a
Web server to execute an external application. Examples
CGI applications are often used as form handlers for
Overview Web forms, and are executed using a <FORM> tag
Common Gateway Interface (CGI) was developed in embedded in the form document. When a Web client
the UNIX networking environment to allow Web such as Microsoft Internet Explorer submits a form or
browsers to execute “gateway” applications on Web otherwise passes information to a Web server using
servers. These gateway programs are typically written CGI, the Web server receives the information from the
either in a compiled language such as C or in an inter- client and passes it to the gateway program for process-
preted language such as Perl. CGI allows Web servers ing. The gateway program then returns the result of the
to run scripts or programs on the server and send the processing to the server, which returns it to the Web
output to the client Web browser, thus turning the Web browser as an HTML page. Here’s a simple example:
into a platform for running dynamic applications
<FORM METHOD=POST ACTION=
instead of merely presenting static information to
"http://www.northwind.microsoft.com/cgi-bin/
clients. results.pl">
Architecture In this example, the Perl script results.pl in the cgi-bin
CGI programs are called “gateway” programs because
directory functions as the form handler for processing
the Web server passes the CGI request to the external
the information submitted using the form.
program, which then runs as a separate process to
HTTP server
HTTP client (web server)
(browser) CGI app
271
Common Information Model (CIM) Common Information Model (CIM)
Notes Uses
Although CGI was developed for UNIX-based systems, CIM is similar to the Simple Network Management
C it is supported by most Web servers, including Microsoft Protocol (SNMP) and Desktop Management Interface
Internet Information Services (IIS). Microsoft Internet (DMI) standards. However, unlike SNMP and DMI,
Server API (ISAPI) is a set of server extensions for IIS CIM is able to manage the widest possible range of
that functions similarly to those of CGI but uses fewer hardware and software systems. CIM also shows the
resources. The main difference is that with CGI the sys- relationships between the different hardware and soft-
tem creates a unique process for every CGI request, but ware components of an enterprise network more com-
ISAPI extensions do not require separate processes. pletely, making it easier to troubleshoot complex
This makes ISAPI applications generally more respon- distributed systems and applications.
sive than CGI applications.
CIM information that is collected can be shared
See Also: Internet Server API (ISAPI), UNIX, Web between systems on a peer-to-peer basis. This informa-
server tion sharing allows network devices to not only be man-
aged from a centralized management console but also to
talk to one another to resolve problems as they arise.
Common Information Model
(CIM) CIM was designed by the DMTF to operate together
A schema for defining manageable network objects. with their Web-Based Enterprise Management
(WBEM) initiative to provide a broad WBEM/CIM
Overview
framework for managing resources across a network.
The Common Information Model (CIM) defines a set of
schema for describing information collected for net- Architecture
work and systems management purposes. CIM was CIM is based on an object-oriented programming
developed by the Distributed Management Task Force model that allows inheritance to be used to grant sub-
(DMTF), formerly named the Desktop Management classes the characteristics of their parent classes. CIM
Task Force, as an extensible, object-oriented schema for classes have the properties, methods, and associations
managing information collected from computers, net- typical of object classes. CIM supports both physical
working devices, protocols, and applications. and logical objects and models these objects for pur-
poses of network management applications. CIM is also
CIM supports management of two types of objects:
extensible and allows vendors to define the features of
● Hardware objects: This includes router interfaces their products using inherited subclasses. The fact that
and disks. these subclasses are inherited from standard parent
classes ensures that data collected from different ven-
● Software objects: This includes applications,
dors’ systems will be compatible with the CIM
application components, and services.
standard.
Another way of defining the different types of informa-
CIM consists of two parts: a language definition speci-
tion that can be described by CIM is as follows:
fying the constructs and methods that can be used to
● Static information: Examples include the capacity model network and system resources, and a set of
of a hard drive on a desktop computer or the schema that describes how specific types of resources
specific applications installed on a server. will be represented.
● Dynamic information: Examples include the cur-
rent bandwidth being used on a port on a switch or
router.
272
Common Internet File System (CIFS) Common Name Resolution Protocol (CNRP)
CIM supports three kinds of schema: Microsoft has submitted CIFS to the Internet Engineer-
ing Task Force (IETF). CIFS client and server software
● Core schema: These define general areas of net-
work and system management, and core CIM
is available for the Windows 2000 operating system C
platform.
classes are platform-independent.
See Also: Server Message Block (SMB)
● Common schema: These define specific areas of
management.
Common Name Resolution
Extension schema: These define the management
●
Protocol (CNRP)
of vendor-specific technologies.
A proposed Internet Engineering Task Force (IETF)
Notes standard for a protocol to replace Uniform Resource
Microsoft Systems Management Server (SMS) 2 is Locators (URLs) with a simpler, more natural scheme
capable of collecting CIM data from managed systems for navigating the Web.
and exporting this data to other enterprise management
Overview
applications, such as NetView from Tivoli Systems and
The existing Internet naming systems (domain names
Unicenter from Computer Associates.
and URLs) are not particularly user friendly, as anyone
See Also: Distributed Management Task Force knows who has ever picked up the phone and heard
(DMTF), Web-Based Enterprise Management (WBEM) someone ask, “What is the URL for [name of Web
page]?” After tediously repeating a long string of char-
acters and slashes, you begin to wish the Internet com-
Common Internet File System munity could come up with something different.
(CIFS)
A public version of the Server Message Block (SMB) Enter the proposed Common Name Resolution Protocol
file-sharing protocol that has been tuned for use over (CNRP), an initiative of Network Solutions, AT&T, and
the Internet. other companies. Using CNRP, users could enter the
name of a company into their browsers to reach the
Overview
company home page, then enter a product name to
Common Internet File System (CIFS) is a remote file
reach the page for a particular product, and enter “2000
system access protocol that enables groups of users to
Sales Figures” to retrieve a document with these fig-
collaborate and share documents over the Internet or
ures. Areas where CNRP might excel include govern-
within corporate intranets. CIFS is an open, cross-plat-
ment and public information portals and corporate
form technology that is based on the native file-sharing
intranets. Wireless Internet access may also benefit by
protocols of Microsoft Windows platforms. It is sup-
eliminating the need to enter long, complex URLs on
ported by other platforms such as UNIX.
small keypads in order to access specific content on the
CIFS has been viewed as a possible replacement for both Internet.
the File Transfer Protocol (FTP) and the Network File Sys-
Architecture
tem (NFS) file system protocols. CIFS supports encrypted
CNRP basically runs on top of Hypertext Transfer Pro-
passwords and Unicode filenames, and it can be used to
tocol (HTTP) as an Extensible Markup Language
mount a remote file system as a directory or drive on the
(XML)–encoded service. A user could enter “Go:2000
local machine. CIFS also includes features not supported
Sales Figures” into the browser’s address bar, and the
by NFS, including write-ahead and native support for
browser would encode this request in XML and forward
locks. Microsoft Corporation’s Distributed file system
it to a CNRP name server. The name server would then
(Dfs) is covered as part of the CIFS specification.
return the URL of the requested page to the browser,
which would then request the actual content from where
it is located on the Internet or corporate intranet.
273
Common Object Request Broker Architecture (CORBA) Common Object Request Broker Architecture (CORBA)
274
community Competitive Local Exchange Carrier (CLEC)
275
Competitive Local Exchange Carrier (CLEC) Competitive Local Exchange Carrier (CLEC)
Customer premises CO
PSTN
Class 5
ATM switch
IAD switch
voice
(CLEC)
LAN T1 line
data
Router
Internet
Customer premises CO
GC0XX25 (new to 2E)
Competitive Local Exchange Carrier (CLEC). Two ways CLECs can provision customers with voice and data services.
On the other hand, contracting CLECs to provision tele- Implementation
communication services for your company instead of Because the ILECs own the infrastructure of the last-mile
ILECs has an element of risk. This is evidenced by the (local loop) wiring serving residential and business mar-
changing nature of the CLEC market, in which some star- kets in the United States, the Telecommunications Act
tups have failed and others have been acquired, and by lit- required ILECs to open up use of the local loop to
igation initiated by some CLECs against ILECs. An CLECs, allow CLECs to colocate their equipment at the
example is Pronto, a project of mega-bell SBC Communi- ILEC central offices (COs), and allow CLECs to lease
cations, which is building out thousands of neighborhood use of the local loop from the ILECs that provision it.
DSL remote terminals to shorten customer DSL connec- CLECs can architect to provision services in many ways,
tions, thereby improving DSL reliability and data rates. two of which are shown in the diagram.
CLECs that want to provide their own DSL services to the
The top part of the diagram shows a DSL modem at the
same customers have complained to the Federal Commu-
customer premises that connects the customer’s local
nications Commission (FCC) that Pronto cuts them out of
area network (LAN) over the local loop to a DSL
the loop because they cannot service Pronto customers
Access Multiplexer (DSLAM) colocated by the CLEC
using DSLAMs colocated at SBC’s COs. Other RBOCs
at the CO of the customer’s incumbent telco. The
are contemplating similar projects, which could undercut
CLEC’s DSLAM is connected to the ILEC’s switching
the operations of many CLECs.
276
Competitive Local Exchange Carrier (CLEC) Competitive Local Exchange Carrier (CLEC)
backbone to provide the customer with voice and data in the marketplace in 2001, with a market capitalization
services. Such an arrangement is typical of a CLEC that of about $6 billion.
functions as a DSL provider.
One aim of the Telecommunications Act of 1996 was to
C
The bottom part shows an Integrated Access Device open the doors for cable TV companies and utilities to
(IAD) at the customer premises. The IAD converts the begin competing with ILECs for residential and business
Internet Protocol (IP) packets of the customer’s Ether- voice and data services. When the act was passed, these
net LAN to Asynchronous Transfer Mode (ATM) cells companies were slow to build out these services, and a
for transmission over the T1 line to an ATM switch diverse host of CLECs appeared to compete in the residen-
colocated by the CLEC at the ILEC’s CO. In this case, tial, office, and metropolitan marketplaces. Now, however,
the ILEC is responsible for provisioning the T1 for the cable companies and utilities are beginning to deploy
CLEC and acts as a wholesaler of T1 services toward high-speed data services in large rollouts, and so now
the ILEC. The CLEC’s ATM switch then filters the many CLECs face competition on two fronts instead of
voice and data traffic from the customer. The voice traf- from just the ILECs. Finally, FCC rulings have begun to
fic is routed either to the ILEC’s telephone switch or come down on the side of large carriers, which may
directly to an IXC, while the data traffic is routed to an squeeze many smaller startups out of the marketplace or
ISP for Internet access or to an IXC for long-haul wide lead to their being acquired by big carriers such as AT&T
area network (WAN) connections to branch offices. and SBC.
Marketplace The shakeout in the CLEC market and its uncertain future
The CLEC landscape is constantly changing, but some makes it advisable for businesses to use due diligence in
of the bigger players include Covad Communications investigating the financially viability of CLECs before
Company (www.covad.com), Intermedia Communica- deploying mission-critical WAN services just to save costs
tions (www.intermedia.com), Cogent Communications over similar services offered by RBOCs. Many enterprise
(www.cogentco.com), and others. Despite these big play- network architects believe that leasing reliable services for
ers and the large number of smaller CLECs on the market, WAN and Internet access from large RBOCs is more
analysts estimate that CLECs currently have less than 10 important than saving a few dollars by using CLECs. On
percent of the local telecom market, with more than 90 the other hand, some e-commerce companies have chosen
percent still in the hands of the incumbent ILEC/RBOCs. to go with CLECs because they can typically provision
services much faster than traditional RBOCs. CLECs that
CLECs that provision DSL services typically pay
are building out their own infrastructure (own their own
RBOCs about $15 to $25 per month to use their local
fiber) are probably more likely to succeed in the long term.
loop connection for deploying such services, the cost of
Enterprise network architects should also consider pur-
which must be recovered when they resell such services
chasing redundant services from different carriers to pro-
to businesses and consumers, typically at $40 to $60 per
vide fault-tolerance for their WAN connections, but they
month. A newer technology called line sharing may
should realize that as the CLEC market consolidates, their
lower the cost for CLECs to lease lines from ILECs,
options may narrow.
and the savings might be passed on to consumers.
For More Information
Prospects
You can find industry news on CLECs at www.clec.com
Times have gotten tough in the telecommunications indus-
and www.clec-planet.com. A current list of CLECs can
try in general at the start of the new millennium. After the
be found at www.dslreports.com/clecs.
dot-com crash of 2000, sources of venture capital for new
telecom startups has dried up, leaving some CLECs in See Also: carrier, Digital Subscriber Line (DSL),
financial difficulty (the same difficulties are faced by 3G Incumbent Local Exchange Carrier (ILEC),
wireless vendors and other segments of the telecom sec- inter-exchange carrier (IXC), line sharing, local loop,
tor). Although a few CLECs have failed and others have Regional Bell Operating Company (RBOC), telco
been acquired, there were still about 200 different CLECs
277
complete trust model Component Load Balancing (CLB)
278
Component Object Model (COM) Component Object Model (COM)
C
GbE
switch
Database
Internet servers
Firewall
Switch
RAID5
shared
COM+ app storage
Switch Back-end
servers
Mid-tier
Web servers
Key
NLB Cluster
CLB Cluster
Front-end
MCSC Cluster
Component Load Balancing (CLB). Using CLB to provide high reliability and availability for distributed COM+ applications.
To distribute the load across the nodes of the CLB clus- Component Object Model
ter, CLB uses round-robin techniques and polling algo-
rithms based on server response time. Because CLB
(COM)
An object-based programming architecture developed
uses frequent polling, be sure to implement your CLB
by Microsoft Corporation that allows applications to be
cluster on a fast network (100 megabits per second
built from binary software components.
[Mbps] or faster).
See Also: Application Center, clustering Overview
Component Object Model (COM) is both a set of spec-
ifications for building application components and a
group of underlying services for supporting these com-
ponents. COM defines a standard method for building
components and specifies what these components will
279
Component Object Model (COM) Component Object Model (COM)
280
CompTIA Computer Browser service
281
Computer Browser service Computer Browser service
Different computers on the network have different ● Backup browser: Maintains copies of the browse
roles. These computers include the following: list received from the master browsers and distrib-
utes this list to any network client requesting a net-
C ● Domain master browser: Collects and maintains
the master browse list for the domain, and synchro-
work resource. This can be a computer running
Windows 2000, Windows XP, Windows .NET
nizes this list with other domain master browsers in
Server, Windows NT, Windows 95, Windows 98,
different domains. In a Windows NT network, the
or Windows for Workgroups.
domain master browser must be the Primary
Domain Controller (PDC). ● Potential browser: Any computer on the network
configured so that it can assume the role of a master
● Master browser: Collects and maintains the master
browser or backup browser if required. This can be a
browse list for the domain and distributes this list to
computer running Windows 2000, Windows XP,
backup browsers in the domain. This can be a com-
Windows .NET Server, Windows NT, Windows 95,
puter running Windows 2000, Windows XP,
Windows 98, or Windows for Workgroups.
Windows .NET Server, Windows NT, Windows 95,
Windows 98, or Windows for Workgroups. ● Nonbrowser: Any computer that cannot be a
browser but can share resources with the network.
Master
browser
Server information
for browse list......
......
List of backup
browsers
5 3
Request for 2 Request for
.....share list .....
browse list.....
Client
GC0XX28 (was G0Cui26 in 1E)
282
Computer Management computer name
When a client tries to access a shared resource on the ● Manage services such as Dynamic Host Configuration
network, such as a shared folder on a file server, it first Protocol (DHCP) and Domain Name System (DNS)
contacts the master browser for a list of backup brows-
● Start and stop system services
C
ers. Then it contacts a backup browser for a copy of the
browse list. When the client has the browse list, it con- ● Configure properties of storage devices
tacts the file server for a list of shares, and then connects
● Monitor system events and application errors
to the desired share.
● Display device settings and add new device drivers
Notes
The Workstation service and Server service must be To use Computer Management for modifying adminis-
started for the Computer Browser service to function. trative settings, you must be a member of the Adminis-
trators group.
See Also: browse list, browsing
See Also: Microsoft Management Console (MMC)
Computer Management
A Microsoft Windows 2000, Windows XP, and computer name
Windows .NET Server management console that pro- For computers running Microsoft Windows, a name
vides a single integrated desktop tool for managing that identifies a computer on the network.
local and remote machines.
Overview
Computer names can be up to 15 characters in length.
In Windows NT, Windows 95, and Windows 98, you
specify a computer’s name using the Network utility in
Control Panel. (In Windows 2000, Windows XP, and
Windows .NET Server, use the Network Identification
tab of the System utility in Control Panel.) The computer
must be restarted if its name is changed. This name is
used by services that perform NetBIOS name resolution
on the network, such as the Windows Internet Name Ser-
vice (WINS). Computer names provide a friendly way of
accessing network resources without having to remem-
ber complex numerical addresses such as IP addresses.
GC0XX29 (was G0Cui27 in 1E)
Computer Management. A typical Computer Management A hidden 16th character is appended to the computer
console. name to form the NetBIOS name for NetBIOS-
Overview aware networking services on the machine. Each
Computer Management combines a number of adminis- NetBIOS-aware service has a different NetBIOS name,
trative utilities from Windows NT with additional some of which are based on the name of the computer
Windows 2000, Windows XP, and Windows .NET Server and others of which are based on the name of the
tools to provide an easy way of viewing and managing domain in which the computer resides.
properties of any computer running Windows 2000, Notes
Windows XP, or Windows .NET Server on the network. Give friendly names, derived from some common
Using Computer Management, an administrator can per- source such as A Midsummer Night’s Dream, to groups
form the following actions on local and remote machines: of computers offering related services. For example,
● Create and manage shares you could call your servers Puck, Oberon, and Titania.
This makes it easy to remember that these computers all
● Display a list of connected users belong to the same group.
283
computer-telephony integration (CTI) COM Transaction Integrator (COMTI)
284
concurrency connectionless protocol
concurrency Overview
An example would be a Microsoft Windows NT Work-
A term referring to the simultaneous access to a net-
work resource by more than one client. station, Windows 95, or Windows 98 client computer C
accessing a shared folder or printer on a Windows 2000
Overview server. The term connection is also used to describe the
Concurrency is an important issue in the licensing of a establishment of communication over a WAN link, as in
server operating system or application. For example, using a dial-up connection over a modem.
the Per Server licensing mode for Microsoft Windows
NT Server is based on concurrency. If you purchase 10 When a client computer tries to connect to a server, the
client access licenses (CALs) for your Windows NT success or failure of the attempt can depend upon
Server, a maximum of 10 concurrent connections can whether
legally be formed with that server for accessing net- ● The server has shared the resource that the client
work resources. wants to connect to
Notes ● The client has been properly authenticated or has
Some products, such as Microsoft Outlook 98, do not permission to access the resource
support concurrent access. In other words, you cannot
install a central copy of Outlook 98 on a server and have ● The client is properly licensed to connect to the
thin clients run this program from the centralized loca- server, and free licenses are available
tion. Instead, you must install one copy of Outlook 98 See Also: client access license (CAL), license
on each client that needs to run it.
connectionless protocol
connected network (CN) Any transport layer protocol that relies on broadcast
In Microsoft Message Queue (MSMQ) Server termi- packets instead of directed packets.
nology, a name for a collection of computers in which
any two computers can directly communicate. Overview
Connectionless protocols can only offer “best-effort”
Overview delivery and cannot guarantee that packets will arrive in
Computers in the same connected network must be run- the correct order or even at all. Connectionless proto-
ning the same network protocol. A connected network cols cannot guarantee delivery of packets. Instead, reli-
(CN) is essentially a label describing how MSMQ serv- ability of packets is handled by the application itself or
ers are related in an enterprise. CNs are logical group- some higher layer of the protocol stack.
ings of computers that can communicate directly using
MSMQ messages. When you install an MSMQ server, An example of a connectionless protocol is the User
you specify a connected network for each network Datagram Protocol (UDP), which is part of the Trans-
address on the server. mission Control Protocol/Internet Protocol (TCP/IP)
protocol suite. UDP provides connectionless services
When you specify connected networks for your MSMQ for delivering small packets of information commonly
enterprise, it is a good idea to use meaningful labels so called datagrams. Another connectionless transport
that administrators can easily select a connected net- layer protocol is the Appletalk Transaction Protocol
work from a list when they need to override the default (ATP), part of the AppleTalk suite of protocols.
connected network settings.
Notes
The term connectionless is also used to describe any
connection delivery mechanism where complete addressing infor-
A link between two computers for the purpose of mation (the address of the source and the address of the
exchanging information. destination) is included in every packet. Packets are
285
Connection Manager Administration Kit (CMAK) connection-oriented protocol
then placed on the network and are delivered to their connection-oriented protocol
destination independently, sometimes taking different
C routes and arriving in a mixed-up order that needs to be
Any transport layer protocol that establishes a connec-
tion first in order to reliably send packets over the
sorted out using packet numbers. network.
In this more general context, we can also examine pro- Overview
tocols at other layers such as the network layer and data Connection-oriented protocols guarantee delivery of
link layer. Most local area network (LAN) protocols at packets by making use of acknowledgments and
these layers are connectionless. For example, at the net- retransmission of data. Connection-oriented protocols
work layer we have IP, Internetwork Packet Exchange are used primarily for reliable delivery of large packets
(IPX), Datagram Delivery Protocol (DDP), which is of data, as opposed to the unreliable connectionless pro-
part of the legacy AppleTalk protocol suite, and DEC- tocols that are used to deliver small datagrams.
net Routing Protocol (DRP), which is part of the legacy
DECnet protocol suite, all connectionless. At the An example of a connection-oriented protocol is TCP,
datalink layer we have Ethernet, Token Ring, Fiber which is part of the Transmission Control Protocol/
Distributed Data Interface (FDDI), and others, again all Internet Protocol (TCP/IP) protocol suite. The TCP pro-
connectionless. An example of a data-link layer proto- tocol uses a TCP three-way handshake to establish a
col that is connection-oriented instead of connection- connection between two hosts on a network. During
less is Asynchronous Transfer Mode (ATM). session establishment, the hosts negotiate the TCP win-
dow size, segment size, and other information needed to
See Also: connection-oriented protocol, protocol ensure reliable and efficient communication. A TCP
connection is terminated using a similar handshake pro-
Connection Manager cedure. Another example of a connection-oriented
Administration Kit (CMAK) transport layer protocol is Sequenced Packet Exchange
(SPX), part of the NetWare suite of protocols. The leg-
A wizard-based tool for creating custom connectivity
acy network service provider (NSP) protocol of the
solutions, and a component of Internet Connection Ser-
DECnet suite of protocols is also a connection-oriented
vices for Microsoft Remote Access Service (RAS).
transport layer protocol.
Overview
Notes
The Connection Manager Administration Kit (CMAK)
At lower Open Systems Interconnection (OSI) levels
is used to customize the Microsoft Connection Manager
such as the network layer and data link layer, most local
(CM) client component. Internet service providers
area network (LAN) protocols are connectionless
(ISPs) can use this tool to customize dial-up installation
instead of connection-oriented. Asynchronous Trans-
packages for their customers. Customization features
fer Mode (ATM) is an exception and is connection-
include
oriented. In ATM a virtual circuit (data pathway) is first
● Animated logon screen, which can include a established prior to sending any data. Instead of
custom logo addressing data packets (actually cells) with source and
destination addresses as in a connectionless protocol,
● Desktop icons
ATM assigns the circuit number to the cells to ensure
● The language the dialer displays to the customer they reach their destination. Because circuit numbers
are much smaller than network addresses, connection-
● Support numbers and help files
less protocols such as ATM have less overhead than
● Various connect actions that the dialer performs connection-oriented protocols such as IP or Ethernet.
when dialing, such as shutting down applications or
See Also: connectionless protocol, protocol
downloading files
286
connection pooling connector (device)
287
connector (device) connector (device)
BNC BNC-T
C BNC
DB
Modular
Centronics
Fiber-optic
HD
SCSI
288
Connector for Lotus cc:Mail connector (Microsoft Exchange)
A single connector may be used for a variety of pur- Connector for Lotus Notes
poses and different interfaces. For example, the DB-60
connector supports any of the following interfaces:
A component of Microsoft Exchange Server 5.5 that
enables message transfers and directory synchroniza-
C
V.35, X.21, EIA-530, EIA/TIA-232, and EIA/TIA-449. tion between Exchange Server and Lotus Notes
So you cannot always tell from the appearance of a con- systems.
nector what its function is—it depends on the interface
it implements. Overview
The Connector for Lotus Notes allows either single or
There are literally dozens of types of connectors used in multiple Lotus Notes servers to be accessed from a single
networking, and the networking professional needs to machine running Exchange Server. The Connector for
be familiar with many of them. The illustration shows Lotus Notes is implemented as a Microsoft Windows NT
some of the common connector types used in different service on Exchange Server and supports
aspects of networking and telecommunications. Many
of these connectors are discussed in separate articles ● Message transfer between Exchange Server and
elsewhere in this book. Lotus Notes
● Synchronization of directory information between
Connector for Lotus cc:Mail Exchange Server and Lotus Notes
A component of Microsoft Exchange Server 5.5 that The Connector for Lotus Notes also converts message
enables message transfer and directory synchronization content to Rich Text Format (RTF) and converts Object
between Exchange Server and Lotus cc:Mail systems. Linking and Embedding (OLE) objects on Exchange
Overview Server to Lotus Doclinks objects.
Lotus cc:Mail uses a shared-file messaging architec- The Connector for Lotus Notes supports Lotus Notes
ture similar to that of Microsoft Mail. The Connector 3.x and Lotus Notes/Domino 4.x.
for Lotus cc:Mail is implemented as a Microsoft
Windows NT service on Exchange Server and Notes
supports the following functions: Be sure to install the Lotus Notes client on the computer
running Exchange Server prior to attempting to install
● Message transfer between Exchange Server and the Connector for Lotus Notes on the machine. The
cc:Mail messaging systems connector needs this client to log on to the Lotus Notes
● Synchronization of directory information between mail server. If you have trouble establishing connectiv-
Exchange Server and cc:Mail servers ity, check that the connector has a valid Lotus Notes ID
and that this ID has the appropriate permissions needed
Only one Connector for Lotus cc:Mail can be installed on to access the databases on the machine running Lotus
a given computer running Exchange Server, and that con- Notes.
nector can connect to only one cc:Mail postoffice. How-
ever, multiple computers running Exchange Server can
each have a cc:Mail connector installed in order to con- connector (Microsoft
nect to multiple postoffices throughout a cc:Mail mes- Exchange)
saging system. The Lotus cc:Mail programs export.exe A component of Microsoft Exchange Server 5.5 used to
and import.exe must be installed on the computer run- connect Exchange sites or to connect an Exchange
ning Exchange Server for connectivity to be established. organization to foreign mail systems.
289
Consumer DSL (CDSL) container (NTFS)
Connectors are implemented on Exchange as However, CDSL has the advantage of not requiring
Microsoft Windows NT services and can be stopped installation of a splitter at the customer premises. CDSL
C and started using the Services utility in Control Panel. can operate only at distances of up to 18,000 feet (5500
meters) from the telco’s central office (CO).
Various types of connectors can be installed on
Exchange, including the following: See Also: Digital Subscriber Line (DSL)
● Site Connector: Used for establishing high-speed
messaging links between different sites in an container (Active Directory)
Exchange organization In Microsoft Windows 2000 and Windows .NET
Server, an object in Active Directory directory service
● X.400 Connector: Used for establishing connectiv-
that can contain other objects.
ity with a foreign X.400 messaging system such as
those found in different parts of Europe Overview
Examples of containers include organizational units
● Dynamic RAS Connector: Used for establishing
(OUs), domains, and local networks. Domains are the
dial-up connectivity between sites in an Exchange
core containers for organizing the structure of Active
organization
Directory. The other kinds of objects in Active Directory
● Internet Mail Service: Used for establishing con- are leaf objects, which cannot contain other objects.
nectivity with the Internet’s Simple Mail Transfer
Objects created in a container inherit the discretionary
Protocol (SMTP) messaging system
access control list (DACL) of the container itself. In
● Microsoft Mail Connector: Used for establishing other words, a child object obtains its permissions from
messaging connectivity with legacy Microsoft Mail its parent object by inheritance.
networks
Notes
● Connector for Lotus cc:Mail: Used for establish- Groups are not containers; they are security principals.
ing connectivity with a foreign cc:Mail system
See Also: Active Directory
● Connector for Lotus Notes: Used for establishing
connectivity with a Lotus Notes network container (Microsoft
See Also: Connector for Lotus cc:Mail, Connector for Management Console)
Lotus Notes In Microsoft Management Console (MMC), any node
in a console tree to which other nodes can be added.
290
Content Advisor content caching
Overview Overview
Objects created in a container inherit the access control Content Analyzer can visually display the structure and
list (ACL) of the container itself. In other words, a child integrity of a site in the form of a diagram called a Web C
object obtains its permissions from its parent object by map. Web maps allow administrators to visually exam-
inheritance. For example, if a directory on an NTFS ine a site’s structure and quickly identify problems,
volume has read permission assigned to the Everyone such as loops and broken links. Web maps display vari-
group, any new file that you create or save in the direc- ous Web content items using different icons and can use
tory will inherit the same permission. Using containers a variety of colors to convey different kinds of informa-
therefore simplifies the assignment of permissions to tion. You can also use Content Analyzer to search Web
objects in the file system. maps for various kinds of information using predefined
Quick Searches. When you find an item of interest on a
See Also: NTFS file system (NTFS)
Web map, you can open your Web page editing tool
directly from the Web map. You can also export Web
Content Advisor map information into a database or spreadsheet file for
A feature of Microsoft Internet Explorer that allows you further analysis.
to control user access to Web sites based on the content
Content Analyzer can also generate predefined site
ratings of the sites.
reports you can use to identify broken links and analyze
Overview the structure of Web sites. These site reports can be gen-
The Internet provides individuals with access to a wide erated in Hypertext Markup Language (HTML) format
variety of information, but some of this information might for easy reading and evaluation and can identify
be unsuitable for certain viewers. For example, parents are changes to the content of a site, broken links, and other
often concerned about their children being exposed to vio- information.
lent or sexually explicit material on the Internet.
Content Advisor lets you control the kind of Internet content caching
content that can be accessed using Internet Explorer. A feature of a proxy server such as Microsoft Proxy
This is a useful feature in corporate networks that have Server.
high-speed connectivity to the Internet because it can be
Overview
used to discourage improper use of Web browsers on
Content caching allows a proxy server to cache the
employee machines, thus helping to implement a com-
results of a client request. The next time a client
pany’s acceptable use policy for the Internet. With Con-
requests the same content, it is retrieved from the cache
tent Advisor, you can specify ratings settings to indicate
to improve performance. Content remains in the cache
acceptable levels of content to view with regard to sex,
for a predetermined period of time, or until the cache
nudity, violence, and offensive language, and you can
becomes full and old content is moved to allow new
password-protect these settings.
content to be cached.
Notes
Microsoft Proxy Server makes use of distributed cach-
Content Advisor functions properly only with Web sites
ing, which lets content caching take place closer to
that are rated.
users and allows caching activity to be load-balanced
across several Proxy Servers for scalability and fault
Content Analyzer tolerance. For example, within corporate intranets,
A tool included with Microsoft Site Server and caching can be moved toward the branch office and
Microsoft Site Server Express that lets Web server workgroup levels of the organization. For Internet ser-
administrators perform content analysis and link vice providers (ISPs), caching can be moved toward
management of Web sites.
291
content delivery network (CDN) content delivery network (CDN)
regional points of presence (POPs). Distributed caching hosting centers to push content out to caching servers at
is particularly effective for solving network bandwidth the edges of the Internet, allowing users around the
C problems associated with Internet push technologies. globe to access streaming media presentations from
nearby caching servers instead of from centralized
Microsoft Proxy Server’s distributed caching can be
streaming media servers many network hops away. The
implemented in two ways:
result was a system with better performance than exist-
● Array-based caching: In this approach, an array or ing implementations of streaming media.
group of proxy servers works together and is
CDNs are now used not just for streaming media but for
administered as a single, logical entity. A cache
supporting a wide variety of different kinds of content
array provides load balancing, fault tolerance, scal-
delivered over the Internet including static and dynamic
ability, and ease of administration. Cache arrays can
Web content, video-on-demand, and other services.
provide a higher cache hit rate than an individual
proxy server because of the larger size of the virtual Implementation
cache. There are many ways to implement a CDN, and the
technology continues to evolve rapidly. A simple exam-
● Hierarchical caching: In this approach, you
ple would be a CDP that hosts content for a company on
arrange proxy servers in a hierarchy by branch
Web and media servers in its data center and then uses a
office or department. Requests from clients are then
private network to push this content out to caching serv-
forwarded up the hierarchy until the requested
ers colocated at points of presence (POPs) of regional
object is found in a proxy server’s cache.
ISPs located near the company’s customers. The private
See Also: proxy server network could be a satellite link, leased lines, private
backbone networks (such as those owned by AT&T
Wireless), or a leased portion of Internet backbone
content delivery network
bandwidth (usually an expensive solution). Private
(CDN)
peering arrangements between ISPs and the CDP
A method for efficiently pushing out content over the
enable the CDN to work. Personalization servers keep
Internet to users.
track of user personalization data for customers in dif-
Overview ferent regions.
The idea of content delivery networks originated as the
The resulting CDN can be envisioned as a “content
next evolutionary step up from caching of Web content
island” within the ocean representing the Internet—
on the Internet. Like caching, the idea of CDN is to
only subscribers on this island can make use of the
deliver content to users over the Internet as efficiently
CDN to improve access to hosted content. With many
and quickly as possible. CDN takes caching a step
CDNs in existence around the globe and run by differ-
further by actively pushing content out rather than pas-
ent CDPs, interoperability between them becomes an
sively caching frequently-requested content. A company
issue—what if a subscriber of one CDN wants to access
that builds and operates a CDN is sometimes called a
content in a different CDN? To solve this problem, the
Content Delivery Provider (CDP).
Content Bridge is a vendor consortium of CDNs and
Akamai Technologies developed the first CDN solution CDPs whose aim is to move toward developing new
to efficiently deliver streaming media content over the protocols to enable interoperability between different
Internet. Akamai accomplished this through alliances CDNs so that a subscriber of one CDN can access con-
with regional Internet service providers (ISPs) for host- tent from the network of a different CDN. The Internet
ing their caching servers around the globe and setting Engineering Task Force (IETF) is also working on a
up their own advanced Web hosting centers. Akamai number of draft protocols to support interoperability
then used forward-proxy caching servers at their between different CDNs.
292
Content Delivery Provider (CDP) Content Delivery Provider (CDP)
Content is pushed
to cache servers Content
over private network servers
or satellite link.
POP of
regional ISP
Corporate
customers Content is
retrieved from
cache servers. Internet
Cache
servers
GC0XX31 (new to 2E)
293
content filter control message
294
Control Panel Control Panel
port 119 and manually typing various control messages Common Control Panel Utilities
and examining their results.
C
Windows 95 and 98
Windows XP and
See Also: Network News Transfer Protocol (NNTP),
Windows 2000
Usenet
Windows NT
.NET Server
Control Panel Control Panel
A Microsoft Windows feature consisting of a number of Utility Function
utilities for configuring hardware devices and operating 32-bit ODBC Database x x x
system services. connectivity
Accessibility Help for visually or x x x
Overview
Options motor-impaired
The following table shows some of the more common
individuals
Control Panel utilities in Windows 95, Windows 98,
Add New Hardware x
Windows NT, Windows 2000, Windows XP, and
Hardware installation wizard
Windows .NET Server and briefly describes their func- Add/Remove Hardware x x
tion. Note that some utilities are named differently in Hardware installation wizard
the various Windows versions, such as 32-bit ODBC for Add/Remove Installs new soft- x x x x
Windows NT and ODBC (32 bit) for Windows 95 or 98; Programs ware or Windows
these utilities are listed separately here. Note also that components
some Control Panel utilities are present only when Administrative Shortcut to Admin- x x
additional Windows components have been installed. Tools istrative Tools
For example, the GSNW utility is present only when program group
Gateway Services for NetWare has been installed. Console Command prompt x
Finally, installing additional third-party software can window
add new utilities to Control Panel associated with that Date/Time Date, time, time x x x x
software. zone
Desktop Configures appear- x
Themes ance of desktop
Devices Startup profiles for x
hardware devices
Dial-Up Monitors RAS x
Monitor connections
Display Screen and desktop x x x x
settings
Folder Enables Active x x
Options Desktop and deter-
mines how folders
are displayed
Fonts Installs new fonts x x x x
Game Configures x x x
Controllers joysticks
GSNW Gateway Services x x x
GC0XX32 (was G0Cui29 in 1E) for NetWare
Control Panel. Windows 2000 Control Panel. Internet Internet Explorer x x
options
(continued)
295
Control Panel Control Panel
Common Control Panel Utilities continued Common Control Panel Utilities continued
Windows 95 and 98
Windows 95 and 98
Windows XP and
Windows XP and
Windows 2000
Windows 2000
Windows NT
Windows NT
.NET Server
.NET Server
Control Panel Control Panel
Utility Function Utility Function
Internet Internet Explorer x x Power Advanced power x x x
Options options Management management settings
Keyboard Style and response x x x x Power Advanced power x x
rate Options management
Licensing Changes licensing x x x settings
mode and config- Printers Adds printer x x x x
ures replication wizard and manages
MacFile Services for x printers
Macintosh Regional Currency and other x x
Mail Messaging profiles x x x x Options settings for coun-
Message Configuration x x tries and regions
Queuing options for Regional Currency and other x x
Microsoft Message Settings settings for coun-
Queue Server tries and regions
Modems Modem settings x x Scanners and Configures these x x
Mouse Mouse settings x x x x Cameras devices
Multimedia Audio/video settings x x Scheduled Schedule system x x
Network Networking clients, x x Tasks management tasks
services, SCSI Adapters SCSI device settings x
protocols, and Server Server role x
adapters Services Starting and x
Network and Creates and x x stopping services
Dial-up configures network Sounds System sounds x x
Connections connections Sounds and Audio/visual hard- x x
ODBC (32-bit) Database x Multimedia ware/software and
connectivity system sounds
Passwords Configures pass- x System Boot, file system, x x x x
words, enables profiles, devices,
remote administra- environment, net-
tion, and enables work identification,
user profiles and other functions
PC Card Settings for Personal x x x x (depending on the
Computer Memory version of Windows)
Card International Tape Devices Tape drive settings x
Association (PCM- Telephony TAPI location x x
CIA) cards settings
Phone and Modem and TAPI x x UPS Uninterruptible x
Modem location settings Power Supply
Ports COM port settings x settings
(continued) Users User profiles x
296
control set cookie
297
copper cabling Copper Distributed Data Interface (CDDI)
only once, it would be inefficient to dedicate a large The types of copper cabling commonly used in net-
portion of server storage to tracking anonymous clients working include
C who might never return. Furthermore, client prefer-
● Twisted-pair cabling, such as unshielded
ences (such as IP address) might change between ses-
twisted-pair (UTP) cabling and shielded
sions, especially for dial-up clients, so servers would
twisted-pair (STP) cabling
have no way of recognizing clients if cookie informa-
tion were saved on the server. Cookies therefore pro- ● Coaxial cabling, such as thinnet and thicknet
vide a way for the server to recognize that the client
For more information on these types of copper cabling,
previously visited the site and record what the client did
refer to their individual entries in this book.
during previous visits, allowing the server to customize
the HTTP session to meet the needs of the client (or the Implementation
needs of the site’s advertisers!). UTP cabling of Category 5 (Cat5) grade is the most com-
monly used copper cabling in networking environments
Cookies are harmless text files and cannot be used to
today. Cat5 cabling comes in either solid core or stranded
transmit a virus to the client. Cookies are simply passive
cabling. Solid core cabling is stiffer, but it has better con-
holders of information; they cannot be used by hackers
ductivity and less attenuation, and it is simpler to termi-
and other unauthorized users to “get” information off
nate than stranded cabling. Stranded cabling is more
your computer such as your e-mail address. Nevertheless,
flexible and easier to work with than solid cabling, and it
most Web browsers, such as Microsoft Internet Explorer,
is more resistant to breaking or fracturing. Use solid core
have an optional setting that allows users to reject cook-
UTP cabling for fixed horizontal cable runs, cross-con-
ies. However, rejecting cookies can result in poorer
nects, and backbone cabling; use stranded UTP cabling
browsing experiences on sites that are cookie-dependent.
for locations where equipment is frequently moved, for
You can also delete any cookies on a computer running
short cable runs between computers and wall plates, or as
Microsoft Windows by deleting the contents of the Cook-
patch cables in the wiring closet.
ies subdirectory within the user profile directory on your
hard drive (do not delete the directory itself, however!) See Also: cabling, coaxial cabling, fiber-optic cabling,
unshielded twisted-pair (UTP) cabling
Notes
Web applications written using Microsoft Active Server
Pages (ASP) technology can use cookies for maintain- Copper Distributed Data
ing session state information. Interface (CDDI)
A form of Fiber Distributed Data Interface (FDDI)
Shareware sites offer a variety of third-party browser
deployed over copper cabling instead of fiber.
plug-ins for managing or disabling cookies.
Overview
See Also: Hypertext Transfer Protocol (HTTP), Web
Copper Distributed Data Interface (CDDI) can send
browser, Web server
data over unshielded twisted-pair (UTP) cabling at 100
megabits per second (Mbps), but cable lengths are lim-
copper cabling ited to about 330 feet (100 meters). The architecture
One of the two basic types of physical cabling media and operation are similar to FDDI, but CDDI is not as
(the other being glass, or fiber-optic, cabling). commonly implemented as FDDI (and because FDDI is
usually considered a legacy networking architecture
Overview
now, CDDI is also likely to fade away quickly.
Copper cabling is cheap and flexible, but it is susceptible
to electromagnetic interference (EMI), has limited range If cost is an issue, CDDI offers an alternative to FDDI.
because of attenuation, and generates electromagnetic CDDI still provides a 100-Mbps network with redun-
radiation that can be intercepted by nearby equipment. dancy, but at reduced cost because copper cabling is
298
copy backup Core-Based Trees (CBT)
299
counter country code
300
country code country code
301
coupler credentials
Country Codes continued The term coupler is also used to refer to modular con-
nectors that can snap into customizable patch panels to
C Code
ua
Country/Region
Ukraine
Code
vi
Country/Region
Virgin Islands allow different kinds of cabling to be mixed in one
(US) patch panel.
ug Uganda vn Viet Nam
uk United Kingdom vu Vanuatu CPE
um US Minor Outlying wf Wallis and
Islands Futuna Islands Stands for customer premises equipment (CPE), tele-
us United States ws Samoa communications equipment that is installed at the cus-
uy Uruguay ye Yemen tomer’s location.
uz Uzbekistan yt Mayotte
See: customer premises equipment (CPE)
va Vatican City State yu Yugoslavia
vc Saint Vincent and za South Africa
The Grenadines CRC
ve Venezuela zm Zambia
Stands for cyclical redundancy check, an error-
vg Virgin Islands zr Congo (Demo-
(British) cratic Republic of checking technique for ensuring packets are success-
Congo) fully delivered over a network
zw Zimbabwe See: cyclical redundancy check (CRC)
credentials
Information required from users who want to log on to a
network and access its resources.
Overview
GC0XX33 (was G0Cui30 in 1E)
Credentials, which are formed by combining a user’s
Coupler. A Category 5 UTP (unshielded twisted-pair) coupler.
username and password, identify users so that they can
302
crimper crossover cable
A cabling installation tool used for attaching connectors Crimper. A crimper with connector set.
to cabling. See Also: cabling, connector (device)
Overview
Crimpers are used to terminate cables by applying CRL
appropriate pressure to contacts within a connector
Stands for certificate revocation list, a list, maintained
so that it remains physically attached to the cable with-
by a certificate authority (CA), of digital certificates
out soldering. A crimper is an essential component of
that have been issued and then later revoked.
a network administrator’s toolkit. Crimpers can include
built-in strippers for removing the outer insulation from See: certificate revocation list (CRL)
a cable. They can include a set of dies for crimping dif-
ferent kinds of connectors, or they can be specialized
for a single type of termination. Crimpers are most often
CRM
used for terminating Category 5 (Cat5) unshielded Stands for Customer Relations Management, a type
twisted-pair (UTP) cabling with RJ-45 connectors. A of business application used to manage business-to-
good crimper should be made of heavy-duty metal and consumer (B2C) connections
be able to cut, strip, and terminate a cable easily. See: Customer Relationship Management (CRM)
crossover cable
Twisted-pair cabling with the send and receive pairs of
wires crossed.
Overview
Crossover cables are primarily used for connecting hubs
to each other. In addition, a small, two-station local area
303
crosstalk Cryptographic Message Syntax Standard
network (LAN) can be established by connecting two ● The cable ends connected to a patch panel or
computers together with 10BaseT network interface cards wall plate are untwisted no more than 0.5 inch
C (NICs) and a crossover cable. This configuration is often (1.3 centimeters)
utilized when one computer is used to test the networking
See Also: cabling, near-end crosstalk (NEXT)
functions of another because it allows the computer being
tested to be isolated from the network. The illustration
shows the pinning configuration of a crossover cable. CryptoAPI
A core component of the latest versions of Microsoft
pin numbers Windows that provides application programming inter-
87654321 connector connector faces (APIs) for cryptographic security services that
1 3 provide secure channels and code signing for communi-
2 6 cation between applications.
3 1
4 5 Overview
5 4 CryptoAPI provides a set of standard Win32 libraries for
6 2 managing cryptographic functions using a single consis-
7 8 tent interface independent of the underlying cryptographic
Front view of 8 7
RJ-45 connector algorithms and ciphers. CryptoAPI interfaces with mod-
GC0XX35 (was G0Cui32 in 1E)
ules called cryptographic service providers (CSPs), such
Crossover cable. Pinning for a crossover cable. as the Microsoft RSA Base Cryptographic Provider, to
See Also: cabling, twisted-pair cabling provide cryptography functions such as hashing, data
encryption and decryption, key generation and exchange,
digital signature issuance and verification, and so forth.
crosstalk
A form of interference in which signals in one cable CryptoAPI is natively supported by the latest versions of
induce electromagnetic interference (EMI) in an adja- Windows NT, Windows 98, Windows 2000, Windows XP,
cent cable. and Windows .NET Server. Microsoft Internet Explorer
version 4 provides CryptoAPI support for Windows 95.
Overview The current version of CryptoAPI is version 2.
The ability of a cable to reject crosstalk in Ethernet net-
works is usually measured using a scale called near-end See Also: cryptography
crosstalk (NEXT). NEXT is expressed in decibels (dB),
and the higher the NEXT rating of a cable, the greater Cryptographic Message Syntax
its ability to reject crosstalk. A more complex scale Standard
called Power Sum NEXT (PS NEXT) is used to quan- A standard that defines the general syntax for data that
tify crosstalk in high-speed Asynchronous Transfer includes cryptographic features such as digital signa-
Mode (ATM) and Gigabit Ethernet (GbE) networks. tures, encryption, and certificate chains.
The twisting in twisted-pair cabling reduces the amount Overview
of crosstalk that occurs, and crosstalk can be further Cryptographic Message Syntax Standard, also known
reduced by shielding cables or physically separating as PKCS #7, specifies the format in which the data is
them. Crosstalk is a feature of copper cables only— signed and encrypted, and the types of encryption
fiber-optic cables do not experience crosstalk. Crosstalk algorithms used.
can be a problem for unshielded twisted-pair (UTP)
cabling. To minimize crosstalk, make sure that Data encrypted according to the PKCS #7 standard can
have multiple digital certificates attached, including
● You do not untwist or sharply bend the UTP cabling certificate revocation lists (CRLs). Certificates include
304
cryptography CSP (caching service provider)
information concerning the issuer and serial number of ● A public key that is distributed to any user (or to any
the public key of the signer so that the recipient can client program) requesting it
decrypt the message.
● A private key that is known only to the owner (or
C
See Also: cryptography, digital certificate, encryption the owner’s client program)
To send an encrypted message, the sender uses his or her
cryptography private key to encrypt the data, and the recipient uses the
In networking and telecommunications, the process of sender’s public key to decrypt it. Similarly, the recipient
securely transmitting data over a network in such a way can return a response to the original sender by using the
that if the data is intercepted, it cannot be read by unau- sender’s public key to encrypt the response, and the origi-
thorized users. nal sender uses his or her private key to decrypt it.
Overview See Also: digital certificate, public key cryptography
Cryptography involves two complementary processes:
● Encryption: The process of taking data and modi- CSMA/CA
fying it so that it cannot be read by distrusted users. Stands for Carrier Sense Multiple Access with Colli-
● Decryption: The process of taking encrypted data sion Avoidance, the media access control method used
and rendering it readable for trusted users. by AppleTalk.
Encryption and decryption are performed using algo- See: Carrier Sense Multiple Access with Collision
rithms and keys. An algorithm, a series of mathematical Avoidance (CSMA/CA)
steps that scrambles data, is the underlying mathemati-
cal process behind encryption. There are a variety of CSMA/CD
cryptographic algorithms that have been developed
Stands for Carrier Sense Multiple Access with Colli-
based on different mathematical processes.
sion Detection, the media access control method used
Some algorithms result in stronger encryption than oth- by half-duplex Ethernet networks.
ers—the stronger the algorithm, the more difficult the
See: Carrier Sense Multiple Access with Collision
encrypted data is to crack. For example, Network and
Detection (CSMA/CD)
Dial-up Connections in Microsoft Windows 2000 sup-
ports standard 40-bit RAS RC4 encryption, but if you
are located in the United States or Canada, you can get CSNW
a stronger 128-bit version. Similar versions are offered Stands for Client Services for NetWare, a Windows
for Windows NT. 2000, Windows XP, and Windows .NET Server service
that provides Microsoft Windows clients with access to
Encryption algorithms involve mathematical values
Novell NetWare file, print, and directory services.
called keys. Earlier cryptography systems were secret
key encryption systems in which only the hosts See: Client Services for NetWare (CSNW)
involved in transmitting and receiving the encrypted
transmission knew the key. This key had to somehow be
transported securely to anyone needing to decrypt a
CSP (caching service provider)
message. This was the main disadvantage with secret Stands for caching service provider, a company that
key cryptosystems. maintains caching servers that speed the transfer of
information across the Internet’s infrastructure and
Most cryptography today involves a process called pub- offers managed access to these servers for a fee.
lic key encryption, which uses two different keys:
See: caching service provider (CSP)
305
CSP (commercial service provider) Ctrl+Alt+Delete
CSP (commercial service back into Exchange. Many applications can export log
306
custom authentication customer premises equipment (CPE)
● Examine a client’s digital certificate to determine See Also: customer premises equipment (CPE),
whether to allow access enterprise resource planning (ERP)
307
Customer Relationship Management (CRM) cyclical redundancy check (CRC)
Alternatively, customers may purchase or lease their Besides the big CRM players, a number of emerging
own CPE from third-party vendors. In this case the cus- pure-play PRM vendors are attracting market share.
C tomer is usually responsible for configuring and moni- These include Allegis, ChannelWave, and many others.
toring the equipment. In general, cost/benefit is usually
See Also: B2B, enterprise resource planning (ERP)
on the side of leasing CPE from the provisioning carrier
because the cost of replacing defective or failed equip-
ment or upgrading equipment to support enhanced custom recipient
services is the burden of the carrier. A recipient in Microsoft Exchange Server that does not
reside in the Exchange organization.
See Also: carrier, customer premises, local loop, tele-
communications services, wide area network (WAN) Overview
When creating a custom recipient, you specify the
Customer Relationship e-mail address of the remote user first, and then config-
Management (CRM) ure the properties of the recipient. An example of a cus-
A type of business application used to manage tom recipient is the Simple Mail Transfer Protocol
business-to-consumer (B2C) connections. (SMTP) address of a user on the Internet.
308
D
D
Another example is the HTTPd daemon for the Apache
D
DAB
Web server, which waits for Hypertext Transfer Proto-
Stands for Digital Audio Broadcasting, a specification col (HTTP) requests from Web browser clients and ful-
for broadband digital radio. fills them.
See: Digital Audio Broadcasting (DAB) A third example of a daemon is the nfsd daemon, which
supports the remote file access aspect of the Network File
DACL System (NFS) in a UNIX environment. The nfsd daemon
Stands for discretionary access control list, an access con- runs in the background on UNIX servers, waiting for
trol list (ACL) that can be configured by administrators. remote procedure calls (RPCs) from NFS clients.
See: discretionary access control list (DACL) Daemons typically use RPCs for communication with
clients. Because NFS is implemented as daemon pro-
cesses at the user level instead of at the kernel level, NFS
daemon is thread-safe for execution, allowing multiple NFS pro-
The UNIX equivalent of a Microsoft Windows 2000, cesses to run as independent threads of execution.
Windows XP, or Windows .NET Server service.
Notes
Overview The Microsoft equivalent of daemon is service. For
A daemon is a program associated with the UNIX oper- example, the Workstation service of Windows 2000
ating system that runs in the background and performs would be known in UNIX as a daemon instead of a
some task without instigation from the user. An exam- service.
ple of a daemon is the telnet daemon, which runs con-
tinuously in the background, waiting for a connection See Also: service
request from a telnet client. The telnet daemon facili-
tates the remote connection and makes it possible for daily copy
the user to control the machine. A type of tape backup in which only files and folders
that have changed on that day are backed up.
UNIX server
Overview
When a daily copy is performed during a backup, files
UNIX client and folders modified on that day are backed up but their
archive attribute is not marked.
Daily copies are not a common type of backup opera-
tion. They are typically used only if a user wants to take
home copies of the files she has been working on during
1 .RPCs. the day. Few administrators would be willing to sched-
nfsd daemon NFS ule and run the system backup software just to make
(always running) .Responses. client
2 copies of these files, so users taking advantage of this
to RPCs backup type usually have a locally attached backup
G0Dui01 (same as in 1E)
309
D-AMPS dark fiber
device along with a similar device attached to their sys- amplifiers, repeaters, switches, routers, and such, the
tems at home. light can be turned on and the fiber is no longer dark.
Dark fiber is thus simply unused fiber or fiber that is not
Daily copy backups are likely to be performed on media
yet ready to be used.
D such as Iomega Zip or Jaz disks rather than on tape.
Before dark fiber is activated, the system is usually
Notes
tested using an optical time domain reflectometer
Daily copy backups are supported by the Microsoft
(which measures and analyzes a fiber link) and other
Windows 2000 Backup utility.
measuring devices to determine whether the system has
See Also: backup, backup type integrity, and to measure its bandwidth and attenuation
parameters.
D-AMPS Implementation
Stands for Digital Advanced Mobile Phone Service, the When an enterprise needs a fiber connection for wide
digital version of the Advanced Mobile Phone Service area usage, it can take three possible approaches:
(AMPS) cellular communications system. ● Lay their own fiber: This is an expensive solution,
See: Digital Advanced Mobile Phone Service not only because large amounts of fiber may be
(D-AMPS) required, but also because expertise in fiber-optic
cabling technologies is needed and is often in short
supply. Right of way must also often be purchased
DAO in order to lay the fiber, and this is often difficult or
Stands for Data Access Objects, a Microsoft technology downright impossible. Only the largest enterprises
that enables you to use a programming language to can afford this approach, and it is rarely imple-
access and manipulate data stored in both local and mented beyond campus networks.
remote databases.
● Lease dark fiber: This involves paying a telecom-
See: Data Access Objects (DAO) munications carrier for one or more strands of
fiber-optic cabling from the carrier’s own system.
DAP Companies that want to maintain total control of
their wide area network (WAN) links can choose
Stands for Directory Access Protocol, a protocol for
this route. They first lease dark fiber from a carrier,
accessing information in a directory service based on
and then install switches and repeaters to build their
the X.500 recommendations.
own long-haul fiber-optic network. Leasing dark
See: Directory Access Protocol (DAP) fiber was a popular solution for many enterprises in
the 1990s, especially for financial institutions that
required the highest level of privacy and security for
dark fiber
their WANs. Also, in the 1990s carrier networks
Any fiber-optic cabling or fiber device such as a
were almost exclusively Asynchronous Transfer
repeater that is installed but not currently in use.
Mode/Synchronous Optical Network (ATM/
Overview SONET)–based, and the WAN services they offered
When no light is being transmitted through fiber-optic were expensive; enterprises saw leasing dark fiber
cabling, it is called dark fiber since it is, in effect, dark. as a way of controlling costs and simplifying their
When a carrier or cabling company first provisions WANs.
fiber, it is called dark fiber. Then once all the compo-
● Leasing managed wavelength services: With the
nents of the system are installed, including connectors,
advent of dense wavelength division multiplexing
310
Data Access Objects (DAO) data alarm
(DWDM) on carrier networks at the end of the uses code to create and manipulate different kinds of
1990s, the carrying capacity of carrier networks databases.
increased dramatically. This, and the emergence of
DAO supports two different interfaces, which are
new carriers such as Metropolitan Gigabit Ethernet
providers, drove down the cost of carrier WAN ser-
known as workspaces: D
vices, making leasing WAN services more cost ● ODBCDirect workspace: This lets you can access
attractive to some enterprises than leasing their own database servers such as Microsoft SQL Server
dark fiber. New providers called managed wave- through open database connectivity (ODBC). This
length services providers quickly arose as resellers workspace lets you execute queries or stored proce-
of fiber capacity from traditional carriers. Some of dures against a database server, perform batch
these managed wavelength services providers updates, and execute asynchronous queries. ODB-
include 360networks, Global Crossing, Level 3, CDirect makes it possible for you to take advantage
Metromedia, XO Communications, and others. of Remote Data Objects (RDO) technology in your
AT&T also directly leases managed wavelength DAO code.
services up to 2.4 gigabits per second (Gbps) to
● Microsoft Jet workspace: This lets you access
large companies.
databases based on Jet technology or on installable
Notes indexed sequential access method (ISAM) data
Although the term dark fiber at first sounds like there is sources in other formats such as Paradox, dBase,
a problem in the fiber-optic cabling system, this is not and Btrieve. You use this workspace to access a sin-
the case. However, various problems can occur in a gle database, such as a .mdb database from
fiber-optic cabling system that can cause it to remain Microsoft Access, or to join together data originat-
dark once the system is turned on. These can include the ing from several different database formats.
following:
Prospects
● Microfractures in the glass core or cladding caused DAO and RDO are both available now, but these tech-
by improper installation techniques, such as exces- nologies are being superseded by Microsoft ActiveX
sive bending or stretching of a segment of cable Data Objects (ADO) and Remote Data Service (RDS).
All these components can be found in the Microsoft
● Improper terminations for the fiber or loose
Data Access Software Development Kit.
connectors
See Also: ActiveX Data Objects (ADO), open database
● Malfunctioning repeaters
connectivity (ODBC)
See Also: dense wavelength division multiplexing
(DWDM), fiber-optic cabling
data alarm
A device for alerting network administrators to network
Data Access Objects (DAO) problems relating to serial transmission.
A Microsoft technology that enables you to use a pro-
Overview
gramming language to access and manipulate data
Data alarms typically monitor serial lines such as
stored in both local and remote databases.
RS-232 connections for the presence or absence of cer-
Overview tain signals. For example, you can monitor the connec-
Data Access Objects (DAO) lets you access and man- tion between a print server and its attached printer or
age databases, along with their structure and objects, by between an access server and a modem or a Channel
providing a framework called an object model that Service Unit/Data Service Unit (CSU/DSU).
311
database database
CSU/DSU database
In its simplest form, a file used to store records of infor-
mation, with each record containing multiple data
Server Router
D fields. More generally, any application used to manage
structured information.
Overview
Databases are an essential component of every business,
representing the back-end of a company’s information
structure. Databases are used to store a broad range of
Data alarm
information including inventory, customer contacts, sales
Phone
network records and invoices, catalogs, and so on. Without data-
bases, modern businesses could not operate with the scope
Modem
and range that they have, as they would be overwhelmed
Remote with information they could not manage.
workstation
Databases allow information to be stored, updated,
Problem manipulated, and queried. Sales figures for a given
report month can be extracted from a database using a stan-
dard programming language for building queries called
Structured Query Language (SQL), versions of which
are built into products from every database vendor.
Implementation
Pager service Printer The most popular type of database is the relational data-
G0Dui02 (same as in 1E)
312
database owner (DBO) data communications equipment (DCE)
four system databases plus one or more user databases database owner (DBO)
installed on it. The system databases are as follows: In Microsoft SQL Server, the user account that created
● The master database, which is used for tracking sys- the database and is responsible for managing adminis-
tem-wide information. trative tasks related to the database.
D
● The tempdb database, which is used for temporary Overview
working storage and sort operations. Each SQL Server database is considered to be a self-
contained administrative domain and is assigned a data-
● The model database, which is a template for creat- base owner (DBO) who is responsible for managing the
ing new databases. permissions for the database and performing tasks such
● The msdb database, which is used to store system data as backing up and restoring the database’s information.
and transaction logs and to support the SQL Server The DBO also applies to any database object, including
Agent service and its scheduling information. The tables, indexes, views, functions, or stored procedures.
msdb database is stored on two devices, the Msdbdata Essentially, the DBO can do anything within the data-
system device and the Msdblog system device. base. By default, the SA (system administrator) account
Marketplace is also a DBO account for any database on a computer
Major players in the enterprise database market include running SQL Server. The DBO has full permissions
Microsoft Corporation with its SQL Server, Oracle Cor- inside a database that it owns.
poration with its Oracle 9i, IBM with its DB2, and oth- Notes
ers. These database products frequently compete for To avoid the complexity of managing separate DBO
mindshare in the enterprise arena by surpassing each accounts for each SQL Server database, you might want
other in TCP-C benchmark figures. to perform all administration tasks—both server-wide
Competing with these major players are open-source and specific to the database—using only the SA
databases such as MySQL from NuSphere Corporation account.
and PostgreSQL from Great Bridge, which run on the See Also: SQL Server
Linux and Berkeley Software Distribution (BSD) plat-
forms and build upon the stability of those platforms.
data communications
Given the ubiquity and importance of databases to busi- equipment (DCE)
ness, a wide spectrum of tools is available for planning, Any device that supports data transmission over a serial
implementing, managing, tuning, monitoring, and trouble- telecommunications link.
shooting database platforms. For example, pocketDBA
has a module for the wireless Palm OS handheld device Overview
which allows an administer to remotely monitor and man- Typically, data communications equipment (DCE) refers
age Oracle databases using a Palm. Similar applications to analog and digital modems, Integrated Services Digi-
will soon be available for the PocketPC platform as well. tal Network (ISDN) terminal adapters, Channel Service
Units (CSU), multiplexers, and similar devices. The pur-
Notes pose of a DCE is to provide termination for the tele-
The term database can have different meanings for dif- communications link and to provide an interface for
ferent vendors. In Oracle products, for example, data- connecting data terminal equipment (DTE) to the link.
base refers to the entire Oracle DBMS environment. In
SQL Server, databases provide a logical separation of The term DCE specifically refers to serial transmission,
data, applications, and security mechanisms, but in which generally occurs over links such as a local loop
Oracle this separation is achieved using tablespaces. Plain Old Telephone Service (POTS) connection, an
ISDN line, or a T1 line. An example of a DCE is an
See Also: SQL Server analog modem, which provides a connection between a
313
Data Encryption Standard (DES) Data Encryption Standard (DES)
computer (the DTE) and the local loop POTS phone line Issues
(the serial transmission line). A DCE accepts a stream of DES was originally designed for hardware encryption
serial data from a DTE and converts it to a form that is (dedicated devices that encrypt information at high
suitable for the particular transmission line medium being speeds). The newer AES standard is more flexible in its
D used. The DCE also works in reverse, converting data application, and performs well in a variety of different
from the transmission line to a form the DTE can use. environments from small-footprint devices such as
smart cards to ordinary desktop computers running
On a Cisco router, the DCE interface is typically an
standard operating systems.
RJ-45 jack on the back of the router.
While the large number of keys available makes DES
See Also: data terminal equipment (DTE), Integrated
fairly secure, it was known early on that DES was crack-
Services Digital Network (ISDN), serial transmission,
able in theory. In 1997, Whitfield Diffie and Martin Hell-
T-carrier
man (developers of Diffie-Hellman public key encryption)
proposed a DES cracking machine that could in principle
Data Encryption Standard be built with existing hardware at a cost of about $20 mil-
(DES) lion. Then in 1997 a DES key was successfully cracked
The former U.S. government standard for encryption, using the idle processing cycles of 14,000 computers
now replaced by Advanced Encryption Standard cooperating over the Internet. The next year a DES crack-
(AES). ing machine costing only $210,000 was created by the
Electronic Frontier Foundation (EFF). The EFF machine
Overview
was capable of cracking a DES key in about four days.
In 1972 the National Bureau of Standards called for
Despite these accomplishments, DES is still viewed in
proposals for an encryption standard to enable secure
practice as a secure encryption algorithm because so far no
transmission of government documents by electronic
other method for cracking DES keys than simple brute
means. IBM responded to the call with a 128-bit key
force (trying every possible key) has been found.
algorithm called Lucifer, which was accepted in 1976,
reduced to 56-bit key length, renamed Data Encryption Notes
Algorithm (DEA), and then further developed by the A more secure variant of DES, Triple DES, encrypts
National Security Agency (NSA). In 1977, DEA was each message using three different 56-bit keys in suc-
officially adopted as the Data Encryption Standard cession. Triple DES thus extends the DES key to 168
(DES) and became the official encryption standard of bits in length, providing for a total of approximately 6.2
the U.S. government. DES is formally defined by Fed- x 1057 different keys. Unfortunately Triple DES is a rel-
eral Information Processing Standard FIPS 46-1. atively slow encryption mechanism that is not suitable
for some situations, such as cell phones having limited
Implementation
processing power.
DES is a symmetric encryption scheme in which both
the sender and the receiver need to know the secret key Another symmetric encryption scheme is IDEA (Inter-
in order to communicate securely. DES is based on a national Data Encryption Algorithm), which uses a
56-bit key (actually a 64-bit key with 8 parity bits 128-bit key and performs 8 cipher rounds on 64 bit
stripped off) that allows for approximately 7.2 x 1016 blocks of information. Other symmetric encryption
possible keys. When a message is to be encrypted using schemes include Blowfish, CAST, RC2, RC4, and
DES, one of the available keys is chosen and applied in others. The most common examples of asymmetric
16 rounds of permutations and substitutions to each encryption schemes are Diffie-Hellman and Rivest-
64-bit block of data in the message. Because DES Shamir-Adleman encryption (RSA).
encrypts information 64 bits at a time, it is known as a
See Also: Advanced Encryption Standard (AES),
block cipher.
encryption
314
datagram data isolator
data integrity
The correctness and consistency of data stored in a
database.
Overview
Maintaining integrity is essential, because a database is
only useful if its contents can be retrieved and manipulated
as expected. For example, without data integrity, data could RS-232
be input into the system and then be inaccessible. Data
integrity must be enforced on the database server. The
following items are among those that should be verified:
Terminal
● Individual field contents during insertion, updating, Data Terminals
or deletion of data isolator
relative to another (especially for foreign keys) Data isolator. Using a data isolator.
315
data line protector Data Link Control (DLC)
placed inline between stations on the network and con- Data line protector. Using a data line protector.
centrating hubs or other devices in the wiring closet. Notes
Data line protectors are available from different vendors Most newer hubs, switches, routers, and other network-
for virtually every kind of networking connection, ing devices include built-in data line protection cir-
including RJ-45 connections for Ethernet networks, cuitry, which eliminates the need for additional data
RJ-11 connections for telephone lines, and RS-232 line protectors.
connections for serial lines.
See Also: Ethernet
You connect a data line protector directly to one of the
two connected devices, and then you attach the ground
wire to a good ground connection so that there will be a Data Link Control (DLC)
path for voltage surges to flow down. For Ethernet net- Generally, the services that the data-link layer of the
works using unshielded twisted-pair (UTP) cabling, Open Systems Interconnection (OSI) reference model
data line protectors are available with multiple ports provides to adjacent layers of the OSI protocol stack.
that are attached directly to the hub or the switch. Addi- Specifically, Data Link Control (DLC) is a specialized
tional 10BaseT surge protectors can also be installed network protocol.
directly on the stations on the network for more Overview
protection. The DLC protocol is used primarily for two purposes:
● To provide connectivity with IBM mainframe or
AS/400 environments, such as Systems Network
Architecture (SNA), which are configured to run
316
data-link layer data-link layer
DLC. DLC complements SNA because SNA oper- then click New Port. Enter the friendly name for the
ates only at higher levels of the OSI model. printer and select its MAC address from the list (or
type it if the print device is offline).
● To provide connectivity for network print devices
(such as certain Hewlett-Packard printers that have
their own network cards and are connected directly
See Also: data-link layer, Open Systems Interconnec-
tion (OSI) reference model, printing terminology
D
to the network).
DLC is not used as a network protocol in the usual sense data-link layer
of enabling communication among computers on the net- Layer 2 of the Open Systems Interconnection (OSI) ref-
work. It is not used by the redirector by the Microsoft erence model.
Windows 2000 operating system and so cannot be used
Overview
for session-level communication over a network. DLC is
The data-link layer converts frames of data into raw bits
not routable; it is designed only to give devices direct
for the physical layer and is responsible for framing,
access to the data-link layer. DLC is supported by most
flow control, error correction, and retransmission of
Windows operating systems, including Windows 95,
frames. media access control (MAC) addresses are used
Windows 98, Windows Millennium Edition (Me),
at this layer, and bridges and network interface cards
Windows NT, and Windows 2000. DLC is no longer
(NICs) operate at this layer.
supported on Windows XP and Windows .NET Server.
Windows 95 OSR2 includes both a 16-bit and a 32-bit
version of DLC. Logical link
Data-link control (LLC) layer
Implementation layer Media access
To use DLC on Windows 2000 to connect to a control (MAC) layer
Hewlett-Packard network print device, perform the
G0Dui05 (same as in 1E)
following steps: Data-link layer. Two sub-layers of the data link layer.
1 Connect the printer to the network, and run the The data-link layer establishes and maintains the data
self-test routine to obtain the printer’s MAC link for the network layer above it. It ensures that data is
address. Also, think of a friendly name for the transferred reliably between two stations on the net-
printer. work. It is responsible for packaging data from higher
2 Install the DLC protocol on the Windows NT or levels into frames, which are basically constructs con-
Windows 2000 server that will be used as a print taining data, a header, and a trailer.
server for the network print device. (Use the Net- Uses
work utility or the Windows 2000 Network and A variety of network protocols can be implemented at
Dial-Up Connections utility in Control Panel.) the data-link layer. These differ depending on whether
3 Run the Add Printer Wizard on the print server, you are establishing local area network (LAN) or wide
choosing My Computer, Add Port, Hewlett- area network (WAN) connections between stations.
Packard Network Port, and New Port. Enter the Data-link protocols are responsible for functions such
friendly name for the printer, and select its MAC as addressing, frame delimiting and sequencing, error
address from the list (or type it if the print device is detection and recovery, and flow control.
offline). In Windows 2000, run the Add Printer Examples of data-link protocols for local area network-
Wizard, then right-click on the printer in the Print- ing include the following:
ers folder and choose Properties. In the Property
sheet for the printer, click the Ports tab, click Add ● IEEE 802.3, which provides the Carrier Sense Mul-
Port, select Hewlett-Packard Network Port, and tiple Access with Collision Detection (CSMA/CD)
access method for baseband Ethernet networks
317
Data Manipulation Language (DML) Data Over Cable Interface Specification (DOCSIS)
● IEEE 802.5, which provides the token-passing access computer language designed specifically for the manip-
method for baseband token ring implementations ulation of structured data. In common use, DML refers
to a subset of SQL commands used specifically for
For WANs, data-link layer protocols encapsulate LAN
manipulating data in a database. The four SQL com-
D traffic into frames suitable for transmission over WAN
links. Common data-link encapsulation methods for
mands that comprise DML are
WAN transmission include the following: ● SELECT: Lets you retrieve rows from tables
● Point-to-point technologies such as Point-to-Point ● INSERT: Lets you add rows to tables
Protocol (PPP) and High-level Data Link Control
● DELETE: Lets you remove rows from tables
(HDLC) protocol
● UPDATE: Lets you modify rows in tables
● Multipoint technologies such as frame relay, Asyn-
chronous Transfer Mode (ATM), Switched Multi- See Also: Structured Query Language (SQL)
megabit Data Services (SMDS), and X.25
Implementation Data Over Cable Interface
For LANs, the Project 802 standards of the Institute of Specification (DOCSIS)
Electrical and Electronics Engineers (IEEE) separate the A specification defining standards for implementation
data-link layer into two sublayers. The reason for doing of cable modem systems.
this is to make it simpler for network equipment vendors
Overview
to develop drivers for data-link layer services. The two
Data Over Cable Interface Specification (DOCSIS) is a set
sublayers of the data-link layer are the following:
of standards developed by CableLabs together with a con-
● Logical link control (LLC) layer: This is the sortium of cable system vendors and operators to promote
upper of the two layers, which is responsible for interoperability between different cable modem systems.
flow control, error correction, and resequencing The DOCSIS standards focus on the interaction between
functions for connection-oriented communication, equipment at cable providers and their customers.
but which also supports connectionless communi-
DOCSIS is also a certification issued by CableLabs to
cation. Programming of the LLC layer is generally
cable modem system vendors meeting DOCSIS specifi-
done by software vendors.
cations and requirements. CableLabs is responsible for
● Media access control (MAC) layer: This is the lower certifying DOCSIS-compliant cable modems and
of the two layers, which is responsible for providing a related equipment.
method for stations to gain access to the medium. Pro-
Architecture
gramming of the MAC layer is generally done by
In its original and widely implemented version, DOCSIS
manufacturers of network cards and similar devices.
1 provides a specification for transmission of a single
See Also: Carrier Sense Multiple Access with Colli- stream of data from a Cable Modem Termination System
sion Avoidance (CSMA/CA), High-level Data Link (CMTS) router at the provider, through a distribution
Control (HDLC), Open Systems Interconnection system of more routers, to a cable modem at the cus-
(OSI) reference model, Point-to-Point Protocol (PPP) tomer premises. The cable modem data stream defined
by DOCSIS is a best-effort shared-media system that
uses contention on upstream traffic and has limited sup-
Data Manipulation Language port for class of service (CoS) differentiation between
(DML) different types of traffic. DOCSIS defines the physical
A subset of Structured Query Language (SQL).
and data-link layers for cable modem systems and solves
Overview the problem of eavesdropping due to the shared nature of
Generally speaking, the term Data Manipulation the network by supporting 56-bit Data Encryption Stan-
Language (DML) can apply to any nonprocedural dard (DES) encryptions of all cable modem traffic.
318
Data Provider Data Provider
319
Data Service Unit (DSU) data source name (DSN)
VSAM data sets using the IBM DDM protocol native to Implementation
many IBM host systems without needing to install addi- As an example, in T1 transmission technologies, the
tional Microsoft software on the host system. You can DSU converts network data frames that are received
also integrate unstructured legacy file data on host sys- from the router’s RS-232, RS-449, or V.35 serial trans-
D tems with data stored in a Microsoft Windows 2000 net- mission interface into the standard DSX framing for-
working environment. mat, encoding scheme, and voltages of the T1 line. The
DSU also converts the unipolar networking signal into a
See Also: Systems Network Architecture (SNA)
bipolar signal suitable for transmission over the digital
line. The DSU is also responsible for handling signal
Data Service Unit (DSU) regeneration and for controlling timing errors for trans-
A digital communication device that works with a mission over the T1 line. DSUs usually provide other
Channel Service Unit (CSU) to connect a local area net- functions such as line conditioning of the T1 line, as
work (LAN) to a telecommunications carrier service. well as remote diagnostic capabilities such as Simple
Network Management Protocol (SNMP), which allows
Overview
the telco central office (CO) to monitor the state of the
Data Service Units (DSUs) provide a modem-like inter-
line at the customer premises.
face between data terminal equipment (DTE) such as a
router and the CSU connected to the digital service line. Notes
DSUs also serve to electrically isolate the telco’s digital DSUs are usually integrated with CSUs to create a sin-
telecommunication line from the networking equip- gle device called a CSU/DSU (Channel Service Unit/
ment at the customer premises. While the CSU con- Data Service Unit). If these devices are separate, the
nects to the termination point of the carrier’s digital line telco usually supplies and configures the CSU, while
at the customer premises, the DSU connects to the the customer supplies the DSU. If the devices are com-
access device (typically a router) at the border of the bined, the telco usually supplies, configures, and main-
customer’s LAN. tains the CSU/DSU for the customer premises.
The DSUs (or CSU/DSUs) at either end of a digital data
transmission line should be from the same manufac-
turer. If they are not, they might not communicate with
each other correctly because different vendors employ
different multiplexing and diagnostic technologies that
LAN
are often incompatible with those of other vendors.
CSU
See Also: Channel Service Unit (CSU), Channel Ser-
T1 vice Unit/Data Service Unit (CSU/DSU), T-carrier
UTP
DSU
data source name (DSN)
A unique name used to create a data connection to a
database using open database connectivity (ODBC).
Router
Overview
V.35 Data source names (DSNs) are used by applications
that need to access or manage data in its associated
database. All ODBC connections require that a DSN be
G0DXX07 (was G0Dui06 in 1E)
Data Service Unit (DSU). Using a DSU. configured to support the connection. When a client
application wants to access an ODBC-compliant data-
base, it references the database using the DSN.
320
Data Space Transfer Protocol (DSTP) data tap
Overview
The Data Space Transfer Protocol (DSTP) is a new pro-
tocol designed to transport gigabits of information at
high speeds around the globe. DSTP finds typical appli-
cations in international research projects between dif- D
ferent universities where large amounts of data are
generated and need to be shared and analyzed. Typical
applications include human genome analysis and parti-
cle physics.
Implementation
DSTP is derived from Network News Transfer Protocol
G0DXX08 (was G0Dui07 in 1E)
(NNTP) and uses a similar stream architecture aug-
Data source name (DSN). Configuring a DSN.
mented by a command set similar to Simple Mail Trans-
You can configure a DSN for an ODBC-compliant data- fer Protocol (SMTP). DTSP enables information stored
base using the Microsoft Windows 2000, Windows XP, in different formats on servers in different locations to
or Windows .NET Server Administrative Tools\Data be indexed and retrieved in the form of a database file
Sources (ODBC) utility in Control Panel. You can cre- consisting of rows and columns. Indexing and retrieval
ate three kinds of DSNs: is facilitated using a key called a Universal Correlation
Key (UCK), which is used to create an Extensible
● User DSN: This is visible only to the user who cre-
Markup Language (XML) index file by tagging
ates it and can be used only on the current machine.
columns in databases.
● System DSN: This is visible to all users on the
DSTP is capable of transferring multiple flat-file data-
machine and is also accessible to Windows NT,
bases simultaneously at high speeds.
Windows 2000, Windows XP, or Windows .NET
Server services. A system DSN is stored in the For More Information
registry. Find out more about DSTP at www.www.ncdm.uic.edu/
dstp.
● File DSN: This can be shared by users who have the
same ODBC drivers installed. A file DSN is stored See Also: Network News Transfer Protocol (NNTP),
in a file. Simple Mail Transfer Protocol (SMTP)
Notes
When you design Web applications that use Microsoft data tap
ActiveX Data Objects (ADO) for accessing database A type of networking device that you can use to monitor
information, be sure to use either a file DSN or a system the flow of data in serial lines.
DSN because ADO does not work with user DSNs.
Overview
See Also: open database connectivity (ODBC) Data taps provide an easy way to connect monitoring
equipment such as data scopes to serial interfaces such
as RS-232. These serial connections are used for a vari-
Data Space Transfer Protocol ety of networking purposes, including connecting data
(DSTP) terminal equipment (DTE) such as servers and routers
A protocol for accessing large amounts of information
to data communications equipment (DCE), such as
stored in distributed locations.
modems, and CSU/DSUs (Channel Service Unit/Data
Service Units) for implementing wide area networks
(WANs); connecting dumb terminals to asynchronous
321
data terminal equipment (DTE) data terminal equipment (DTE)
mainframe hosts; and connecting servers to plotters and data terminal equipment (DTE)
other serial devices. Data taps generally display net- Any device that is a source of data transmission over a
work traffic in binary, hexadecimal, or character format serial telecommunications link.
and are used for troubleshooting various kinds of net-
D work connections. Overview
The term data terminal equipment (DTE) specifically
Data tap refers to a device that uses serial transmission such as
the transmissions involving the serial port of a com-
puter. Most serial interface devices contain a chip called
a universal asynchronous receiver-transmitter (UART)
that can translate the synchronous parallel data trans-
mission that occurs within the computer’s system bus
into an asynchronous serial transmission for communi-
cation through the serial port. The UART also performs
other functions in a DTE, including the following:
LAN
Data scope ● Error detection: Ensures that data arrives at its
destination uncorrupted
● Clocking: Ensures that data is sent at the correct
RS-232
rate in order to be received at its destination
Router
Typically, data terminal equipment (DTE) can be a
RS-232 computer, a terminal, a router, an access server, or some
Data tap similar device. The earliest form of DTE was the tele-
type machine.
Implementation
CSU/DSU To connect a DTE to a telecommunications link, you
use data communications equipment (DCE). The DCE
provides termination for the telecommunications link
and an interface for connecting the DTE to the link. In
other words, the DCE connects to the carrier’s phone
G0DXX09 (was G0Dui08.eps in 1E) line and the DTE connects to the customer’s network or
Data tap. Using a data tap to troubleshoot a serial connection. system. The DTE and DCE are then joined together
A data tap is essentially a three-way connector in which using a serial cable. Typical serial interfaces for
the third connector interfaces with the test equipment. DCE-to-DTE connections include RS-232, RS-449,
For RS-232 serial lines, data taps come in a variety of RS-530, X.21, V.35, and HSSI.
configurations, with mixtures of male and female DB-9 An example of a DCE would be an analog modem,
and DB-25 connectors. which can be used for connecting a DTE such as the
See Also: serial transmission serial port on a computer or router to the local loop con-
nection of the Plain Old Telephone Service (POTS).
322
DAWS DCE
LAN .RS-232.
Digital
.telecommunication.
D
link
Electrical
UART isolation
G0DXX10 (was G0Dui09.eps in 1E)
DB connector DBO
A common family of connectors used for connecting
Stands for database owner, the user account in
data terminal equipment (DTE).
Microsoft SQL Server that created the database and is
Overview responsible for managing administrative tasks related to
The letters DB stand for data bus and are followed by a the database. The DBO also owns any database object,
number that indicates the number of lines or pins in the including tables, indexes, views, functions, or stored
connector. DB connectors were formerly called procedures.
D-series connectors. DB connectors can be used for
See: database owner (DBO)
either serial or parallel connections between devices.
Common members of the DB family include the
following:
DCE
Stands for data communications equipment, which
● DB-9: A 9-pin serial connector for connecting refers to any device that supports data transmission over
modems, serial printers, mouse devices, and so on a serial telecommunications link.
See: data communications equipment (DCE)
323
D channel DCOM Configuration Tool
Switched
data DCOM Configuration Tool
services A Microsoft Windows NT, Windows 2000, Windows
network
XP, Windows .NET Server, and Windows 98 utility
used to configure 32-bit Windows applications for
G0DXX11 (was G0Dui10.eps in 1E)
Distributed Component Object Model (DCOM)
D channel. How the D channel works. communication between components of distributed
The D channel forms the “D” part of a 2B+D Basic Rate applications on a network.
Interface ISDN (BRI-ISDN) line and carries signaling
Overview
information at a rate of 16 kilobits per second (Kbps).
You can use the DCOM Configuration Tool to config-
On a 23B+D Primary Rate Interface ISDN (PRI-ISDN)
ure DCOM applications to run across computers on a
line, the D channel carries signaling information at the
network. Computers can be configured to operate as
faster rate of 64 Kbps.
DCOM clients (making calls to DCOM servers),
Implementation DCOM servers, or both. Using this tool, you can con-
D channel communication uses a completely separate figure the locations of components of distributed appli-
out-of-band communication network called the Signal- cations and the security settings for those components.
ing System 7 (SS7) network, as shown in the illustration.
324
DDNS dead spot
Implementation DDoS
To start the tool, choose Run from the Start menu, and then
Stands for Distributed Denial of Service, a form of
type dcomcnfg. To use the tool to configure a distributed
Denial of Service (DoS) attack that employs a large
application, you must specify the security and location
properties of both the calling client application and the
number of intermediate hosts to multiply the effect of
the attack.
D
responding server application. For the client application,
you specify the location of the server application that will See: Distributed Denial of Service (DDoS)
be called by the client. For the server application, you
select a user account that will have permission to start the
DDR (Demand-Dial Routing)
application and the user accounts that will run it.
Stands for Demand-Dial Routing, a method of
forwarding packets on request across a Point-to-Point
Protocol (PPP) wide area network (WAN) link.
See: Demand-Dial Routing (DDR)
DCOM Configuration Tool. Using the DCOM Configuration See: digital data service (DDS)
Tool.
325
decibel DECnet
326
dedicated line default gateway
Data Interface (FDDI). The current release of DECnet Dedicated Token Ring (DTR)
is called Phase V, but DECnet is essentially a legacy A high-speed Token Ring networking technology.
protocol that is rarely used nowadays.
Overview
dedicated line
Dedicated Token Ring (DTR) is an extension of 802.5 D
Token Ring technologies developed as an evolutionary
Any telecommunications line that is continuously avail- upgrade to higher speeds for Token Ring users. It
able for the subscriber with little or no latency. defines a set of signaling protocols and topologies that
Overview are backward-compatible with standard Token Ring
Dedicated lines are also referred to as leased lines, networking.
since businesses lease these lines from telcos so that DTR uses the same 802.5 frame format as standard
they can have continuous, uninterrupted communica- Token Ring and supports full-duplex communications
tion with branch offices and with the Internet. The using the Transmit Intermediate (TXI) protocol to allow
opposite of a dedicated line is a dial-up line, which simultaneous transmission and reception of frames by
costs less because it is used intermittently and requires stations.
fewer telco resources. However, dial-up lines suffer
from the delaying effects of latency as well as less avail- DTR uses special concentrators to create high-speed
able bandwidth. Dial-up lines are generally local loop ring topology networks. A traditional Token Ring Mul-
Plain Old Telephone Service (POTS) connections that tistation Access Unit (MAU) can be joined to a DTR
use modems and provide backup services for more concentrator to enable 802.5 stations to communicate
expensive leased lines. Dedicated lines, on the other over the high-speed ring.
hand, use specially conditioned phone lines and are Prospects
allocated to the subscriber’s private domain with dedi- Although DTR began development in 1995, it has fallen
cated switching circuits. By contrast, circuits for into eclipse in recent years along with standard Token
dial-up lines are shared with all other subscribers in the Ring technologies due to the continued evolution of
Public Switched Telephone Network (PSTN) domain. Ethernet into its Fast Ethernet and Gigabit Ethernet
Dedicated lines can be either point-to-point or multi- (GbE) varieties.
point communication paths. They are generally syn- See Also: 802.5, Multistation Access Unit (MAU or
chronous digital communication lines, and are MSAU), Token Ring
terminated with one of the following serial interfaces:
RS-232, RS-449, RS-530, X.21, V.35, or HSSI.
default gateway
Advantages and Disadvantages An address in a routing table to which packets are for-
The main advantages of dedicated lines are the warded when there is no specific route for forwarding
following: them to their destination.
● They involve minimal connection delays and mini- Overview
mal latency for establishing communication. In an internetwork, a given subnet might have several
● They provide a consistent level of service. router interfaces that connect it to other, remote sub-
nets. One of these router interfaces is usually selected
● They are always available without any busy signals. as the default gateway of the local subnet. When a
The main disadvantage of dedicated lines is that they host on the network wants to send a packet to a destina-
cost more than dial-up lines. tion subnet, it consults its internal routing table to deter-
mine whether it knows which router to forward the
See Also: dial-up line, leased line, T-carrier
327
Defense Messaging System (DMS) defragmentation
packet to in order to have it reach the destination subnet. Defense Messaging System
If the routing table does not contain any routing infor- (DMS)
mation about the destination subnet, the packet is A global messaging system for the U.S. Department of
forwarded to the default gateway (one of the routers
D with an interface on the local subnet). The host assumes
Defense (DoD).
defragmentation
Default The process of reorganizing information written on disk
gateway drives to make reading the information more efficient.
interface
Overview
G0DXX14 (was G0Dui13.eps in 1E)
When files on disk drives are frequently written, copied,
Default gateway. How a default gateway works. moved, and deleted, the information stored on the drive
When configuring a client machine on a TCP/IP tends to become fragmented over time. Instead of stor-
internetwork, the client must know the Internet Protocol ing a file across several contiguous (successive) sectors
(IP) address of the default gateway for its network. On of the drive, files tend to become split up into discontig-
Microsoft Windows NT, Windows 95, and Windows 98 uous (disconnected) portions scattered all over the
clients, you configure this information on the TCP/IP drive. Then when the file needs to be accessed again,
property sheet for the client. The property to configure is the drive heads need to skip around a lot to find and read
known as the Default Gateway Address. In Windows 2000, the successive portions of the file, which is a slower
Windows XP, and Windows .NET Server, you can have a process than if the file was located in only one continu-
default gateway assigned automatically using Dynamic ous section of the drive. Fragmented drives thus per-
Host Configuration Protocol (DHCP). form more poorly for disk reads (and writes) than drives
that are not significantly fragmented. And the more
See Also: IP address, routing table often files are modified on a drive, the more fragmented
it tends to become and the more poorly it performs (you
328
delegation delegation
329
Delegation of Control Wizard demand priority
330
demarc demarc
demarc
1 Client requests The point in a carrier’s wide area network (WAN)
access to media service at which the customer’s responsibility for line
G0DXX15 (was G0Dui14.eps in 1E)
management ends and the carrier’s responsibility
Demand priority. How the demand priority media access begins.
method works.
The key feature of the demand priority access method, Overview
as shown on the illustration, is that the 100VG-AnyLan Demarc is short for demarcation point and indicates the
hubs control which computers are allowed to transmit point at which the carrier assumes responsibility for
signals on the network at any given moment. Hubs can troubleshooting the WAN connection. For example,
be thought of as servers and end nodes as computers if a carrier provides the customer with a Channel Ser-
(clients). With demand priority, a client (a computer vice Unit/Data Service Unit (CSU/DSU) for a leased
with a 100VG-AnyLan network interface card installed line, the CSU/DSU is included within the carrier’s
331
demilitarized zone (DMZ) denial of service (DoS)
responsibility and the demarc point is the serial inter- Generally speaking, DoS attacks occur when a malicious
face on the CSU/DSU to which the customer’s router is user consumes so many resources on a remote network or
connected. If the demarc point instead is the RJ-48 con- system that none are left for legitimate users who need
nector that terminates the leased line at the customer them. The resources attacked might include processors,
D premises, then the customer is responsible for manag- disk space, memory, network connections, modems, and
ing and troubleshooting (and possibly also providing) telephone lines. In a way, a DoS attack is like driving an
the CSU/DSU that connects to this connector. extra-wide truck down a freeway—the truck blocks legit-
imate traffic from getting through to its destination.
See Also: telecommunications services
Another general goal of DoS attacks is to disable criti-
cal services on a machine. Once these services are dis-
demilitarized zone (DMZ)
abled, requests from legitimate users cannot be serviced
Also called a perimeter network, a security network at until the machine is rebooted. For example, if an
the boundary between a corporate local area network attacker can send malformed packets to a Web server to
(LAN) and the Internet. shut down its Hypertext Transfer Protocol (HTTP) ser-
See: perimeter network vice, the attacker has succeeded in denying access to the
server by its real clients.
DEN History
Stands for Directory Enabled Network, an initiative DoS attacks are not new in theory—a similar technique,
toward a platform-independent specification for storing jamming, was used during World War II to render
information about network applications, devices, and enemy radar systems unusable by overwhelming them
users in a directory. with useless information. The developers of TCP/IP
envisioned the possibility of DoS attacks early on as an
See: Directory Enabled Network (DEN), inevitable result of the open nature of TCP/IP, but it was
not until 1996 that DoS attacks caught widespread pub-
denial of service (DoS) lic attention when an Internet service provider (ISP)
Any attack conducted against a system that tries to called PANIX in New York experienced a sustained
prevent legitimate users from accessing it. DoS attack on its servers that denied Internet services to
legitimate users for more than a week. This attack dem-
Overview onstrated the Internet’s fragility and led many vendors
Denial of service (DoS) refers to a broad family of differ- to patch weaknesses in their products that could be
ent methods that hackers use to try to prevent legitimate exploited by DoS attacks.
users from accessing Web servers, mail servers, net-
works, and other systems. DoS attacks exploit weak- DoS again made the front page in 1999 when a number
nesses inherent in the Transmission Control Protocol/ of U.S. government Web sites (including the FBI’s Web
Internet Protocol (TCP/IP) suite, bugs in operating sys- site) were attacked by disgruntled hackers as retaliation
tems and applications, and holes in firewalls and other for an FBI crackdown on some of their members.
security devices. Over the last half dozen years, holes More recently, a new and deadlier type of attack called
have been discovered in Apache, Berkeley Internet Name Distributed Denial of Service (DDoS) made headlines
Domain (BIND), Sendmail, Internet Information Ser- in February 2000 when a young Canadian nicknamed
vices (IIS), Common Gateway Interface (CGI), Simple Mafiaboy allegedly denied service for several hours to a
Network Management Protocol (SNMP), and other sys- number of major commercial Web sites, including
tems that make them vulnerable to DoS attacks. Vendors Yahoo!, eBay, Amazon.com, Buy.com, E-Trade.com,
of these systems have issued patches to guard against ZDNet, and CNN.com. Also in 2000, a coordinated
these attacks, but new ones are often being discovered. Distributed Denial of Service (DdoS) attack was
332
denial of service (DoS) denial of service (DoS)
launched against the Internet’s Internet Relay Chat ● Ping of Death: This type of attack floods a machine
(IRC) system, crippling the system for several weeks. or network with malformed Packet Internet Groper
(PING) packets to crash remote systems. Many oper-
The Internet Engineering Task Force (IETF) is currently
ating systems are vulnerable to this type of attack, as
working on a new Internet protocol called ICMP Trace-
back Messages that, if implemented widely, would allow
are some routers and network printers. Check with D
your vendor for any patches that have been released
networks experiencing DoS attacks to better determine
to deal with this type of attack. Also be sure to con-
the source of the attacks. Until then, network managers
figure your routers not to allow broadcasts to pass
and system administrators need to be vigilant in applying
into your network from outside.
the latest patches to systems and monitoring their net-
works for evidence of intrusion and DoS attacks. ● Smurf attack: This variant of the Ping of Death
employs an intermediate network to send broadcast
Types
pings to tie up a system. A broadcast ping is an
There are a number of different types of DoS attacks.
Internet Control Message Packet (ICMP) directed
Some of these are described in some detail below, but
to a subnet broadcast address and is received by all
others are mentioned only briefly.
hosts on the subnet. The source address of the
● Synchronous idle character (SYN) flooding: This broadcast ping is spoofed to appear as the address
famous attack exploits weaknesses in the three-way of the machine being targeted. The effect is for the
handshaking protocol of TCP. Typically, SYN flood- targeted system to receive a flood of ICMP Echo
ing is used to render a Web server’s networking ser- response packets, depending on how many interme-
vices unavailable. SYN flooding is a type of attack in diate systems are employed. For more information,
which TCP connection request packets (SYN pack- see the article “Distributed Denial of Service
ets) are sent in large numbers to a Web server. These (DDoS)” elsewhere in this chapter.
packets use a false or “spoofed” source IP address to
● Overlapping fragment attack: This attack frag-
hide the attacker to fool the server into sending
ments packets into small pieces and then reassem-
responses to a nonexistent client. SYN packets are
bles them starting from the middle of a packet
used to place the TCP ports in the SYN _RECEIVED,
instead of the beginning. The resulting bad packets
or “half-open,” state on the Web server and then do
are held in the receiving system’s buffer until the
nothing with them until they time out. If enough of
system’s memory resources are full, causing the
these ports are half-opened, the server cannot handle
machine to hang up.
requests from normal clients until the unused ports
expire. Unfortunately, it takes time for the half- ● Address Resolution Protocol (ARP) cache poi-
opened ports to time out because when a SYN packet soning: This attack preloads false information into
is received, the server generates a SYN-ACK packet a system’s ARP cache, preventing it from commu-
to acknowledge the request and then waits for a final nicating over the network with other systems.
ACK from the requester before fully opening the port
● Domain Name System (DNS) cache poisoning:
for a communication session. (This is called a TCP
This attack fills the cache on name servers with
three-way handshake.) However, that final ACK is not
name lookup information about nonexistent hosts,
received because the source address in the SYN
causing legitimate name lookup requests to be
packet was spoofed. The SYN-ACK packet is thus
dropped. Upgrading to the latest version of BIND
retransmitted several times at increasingly longer time
solves this problem.
intervals until, after a total time of 189 seconds (in the
implementation of TCP/IP on Microsoft Windows ● User Datagram Protocol (UDP) attack: This
platforms), the server finally gives up and closes the attack causes two systems to send a continuous
half-open port. For that time period, the requested port flood of UDP packets to each other, preventing
is unavailable to perform any other services. legitimate network communications from being
able to occur.
333
dense mode dense mode
● Mail bombs: This type of attack tries to overwhelm www.nipc.gov, and Forum of Incident Response and
mail servers by sending them large amounts of use- Security Teams at www.first.org.
less messages. Mail filters are the usual method for
See Also: Distributed Denial of Service (DDoS), hack-
dealing with such attacks.
D Notes
ing, security, spoofing
334
dense wavelength division multiplexing (DWDM) DES
An example of a DWDM deployment is AT&T, which See: Data Encryption Standard (DES)
has implemented DWDM switching equipment through
335
desktop Desktop Management Interface (DMI)
336
destination address DHCP
● Physical address: For example, the media access ● The tempdb system database, which is used for
control (MAC) address of an Ethernet frame temporary storage purposes
● Logical address: For example, the Internet Proto- ● The model system database, which is a template for
col (IP) address of an IP packet generating new databases
Destination addresses can be either specific or general. ● The msdb database, which is used by SQL Server
Specific addresses point to a specific host on the net- Agent for scheduling alerts and jobs, and recording
work. A general address points the packet or frame to operators
all hosts on the network or multicasts it to a specific
multicast group of hosts on the network. Dfs
You can see the destination address of a packet or frame Stands for distributed file system, a network file system
by using a network sniffer device such as Network Moni- that makes many shares on different file servers look
tor, a tool included with Microsoft Systems Management like a single hierarchy of shares on a single file server.
Server (SMS). Network Monitor displays destination
See: Distributed file system (Dfs)
addresses in both ASCII and hexadecimal form.
Notes DHCP
The other kind of address in a packet or frame is the
source address. This is the address of the host from Stands for Dynamic Host Configuration Protocol, a
which the packet originates (unless the source address protocol that enables the dynamic configuration Inter-
is being spoofed). net Protocol (IP) address information for hosts on an
internetwork.
See Also: source address
See: Dynamic Host Configuration Protocol (DHCP)
337
DHCP client DHCP Client service
338
DHCP console DHCP lease
Microsoft Windows includes support for DHCP and pro- ● Creating reservations for servers that need specific
vides client software that lets you manage a machine’s IP IP addresses
address over a network. This software runs as a service
● Monitoring DHCP statistics
under Windows 2000, Windows XP, Windows .NET
Server, and Windows NT. DHCP simplifies the adminis- The DHCP console also includes the following D
tration and management of IP addresses for machines on advanced features, which are new to Windows 2000
a TCP/IP network. and are also included with Windows .NET Server:
See Also: DHCP Server service, Dynamic Host ● Automatic detection of rogue DHCP servers on the
Configuration Protocol (DHCP) network
● Automatic self-assignment of temporary IP
DHCP console addresses to clients if a lease cannot be obtained
A Microsoft Windows 2000 and Windows .NET Server from a DHCP server
administrative tool for managing the DHCP Server ser-
vice on Windows 2000 Server and Windows .NET Server. ● New DHCP options for multicast groups (class D
IP addresses), superscopes for grouping together
Overview DHCP scopes for management purposes, and other
The DHCP console is the main tool used for managing vendor-specific functions
and configuring all aspects of the Dynamic Host Con-
figuration Protocol (DHCP) on a Windows 2000– and ● Integration of DHCP and Domain Name System
Windows .NET Server–based network and is imple- (DNS), allowing clients to use dynamic update to
mented as a snap-in for the Microsoft Management update their host names to IP address mappings in
Console (MMC). DNS server zone files
See Also: Dynamic Host Configuration Protocol
(DHCP)
DHCP lease
The duration for which a Dynamic Host Configuration
Protocol (DHCP) server lends an IP address to a DHCP
client.
Overview
G0DXX17 (was G0DUI17 in 1E)
You can configure the lease duration using the Micro-
DHCP console. The DHCP console for Windows 2000
Server. soft Windows NT administrative tool DHCP Manager
or the Windows 2000 or Windows .NET Server console
You can use the DHCP console for the following stan- snap-in. If your Transmission Control Protocol/Internet
dard DHCP administration tasks: Protocol (TCP/IP) network configuration does not
● Creating a scope of Internet Protocol (IP) addresses change often or if you have more than enough IP
to lease to DHCP clients addresses in your assigned IP address pool, you can
increase the DHCP lease considerably beyond its
● Creating a set of scope options, which are passed on default value of three days. However, if your network
to clients configuration changes frequently or if you have a lim-
● Configuring the lease duration for IP addresses ited pool of IP addresses that is almost used up, keep the
leased to clients reservation period short—perhaps one day. The reason
is that if the pool of available IP addresses is used up,
● Viewing and terminating active leases on a network
339
DHCP options DHCP relay agent
machines that are added or moved might be unable to DHCP relay agent
obtain an IP address from a DHCP server and thus will A host that enables a Dynamic Host Configuration
be unable to participate in network communication. Protocol (DHCP) server to lease addresses to hosts on a
D See Also: DHCP console different subnet than the one the server is on.
Overview
DHCP options DHCP relay agents make it unnecessary to maintain a
Additional Internet Protocol (IP) address settings that a separate DHCP server on every subnet in an internet-
Dynamic Host Configuration Protocol (DHCP) server work. Without DHCP agents, every subnet on an inter-
passes to DHCP clients. network would need at least one DHCP server to
provide address leases to hosts on that subnet. With
Overview DHCP agents, you can manage with only a single
When a DHCP client requests an IP address from a DHCP server for your entire internetwork (though two
DHCP server, the server sends the client at least an IP are recommended in case of failure).
address and a subnet mask value. Additional informa-
tion can be sent to clients if you configure various DHCP server
DHCP options. You can assign these options globally to
all DHCP clients, to clients belonging to a particular
scope, or to an individual host on the network.
You can configure a number of different DHCP options
using the Microsoft Windows 2000 or Windows .NET
Server snap-in DHCP console, but the options listed in
2 Request is
the following table are the ones most commonly used DHCP relay forwarded
by Microsoft DHCP clients. In Windows 2000– and agent
Windows .NET Server–based networks, options 3, 6, Router
and 15 are commonly used.
DHCP Options Subnet B
Number Option What It Configures
3 IP address
003 Router Default gateway IP 1 returned
address
DHCP client
006 DNS Servers IP addresses of DNS
servers
015 DNS Domain Parent domain of associ-
Name ated DNS servers
044 NetBIOS over IP addresses of Win-
TCP/IP Name dows Internet Name Ser- Subnet A
Server vice (WINS) server
G0DXX18 (was G0DUI19 in 1E)
340
DHCP scope DHCP server
341
DHCP Server service Dial-on-Demand Routing (DDR)
342
dial-up line differential backup
dedicated T1 line. DDR allows ISDN calls to be placed lines with dedicated circuits. Dial-up lines are generally
to one or more remote networks as required. These calls much less expensive to use, but they have less available
typically take less than 5 seconds to connect and begin bandwidth.
transferring data. During the connection phase a
switched circuit must be established between the net-
Companies often use dial-up lines for occasional,
low-bandwidth usage (such as remote access network-
D
works. After the call is finished, this circuit is torn down
ing) or as a backup for more costly dedicated lines.
after a prespecified idle time period has elapsed to save
Dial-up lines are shared with all subscribers in the Pub-
money. Since different circuits may be used for each
lic Switched Telephone Network (PSTN) domain,
DDR session, the quality of the connection can vary
while dedicated or leased lines are allocated solely to
from session to session.
the subscriber’s private telecommunications domain.
When used with ISDN, DDR allows different service
Besides dial-up lines using analog modems over local
types to be assigned to different kinds of traffic. Only
loop connections, there are also some digital services
traffic classified as “interesting” causes a dial-up ses-
that can be dial up (instead of dedicated) in nature.
sion to be initiated—all other traffic is ignored by the
These services include
DDR-capable router. A typical scenario might be to use
DDR to connect when Simple Mail Transfer Protocol ● ISDN (Integrated Services Digital Network)
(SMTP) mail needs to be forwarded to a remote net-
● X.25
work. On a Cisco router you use the dialer-list com-
mand from the Internetwork Operating System (IOS) See Also: dedicated line
command set to specify which kinds of traffic are
“interesting” from the standpoint of DDR. For IOS 11
DID
and higher, DDR supports a number of different proto-
cols including Internet Protocol (IP), Internetwork Stands for direct inward dialing, a service provided by a
Packet Exchange (IPX), and Appletalk. local exchange carrier (LEC) to a corporate client.
When implementing DDR for a WAN link, make sure See: direct inward dialing (DID)
you configure static routes to your remote network.
Using dynamic routing will generate routing table differential backup
advertisements that may trigger unwanted DDR sessions. A backup type in which the only files and folders that are
backed up are those that have changed since the last nor-
Notes
mal backup occurred.
Dial-on Demand Routing (DDR) is different from
Demand-Dial Routing (DDR), a Microsoft technology Overview
for forwarding packets on request across a Point- Unlike an incremental backup, a differential backup does
to-Point Protocol (PPP) WAN link. not clear the archive attribute for each file and folder. You
can use differential backups in conjunction with normal
See Also: Integrated Services Digital Network (ISDN),
backups to simplify and speed up the process. If a normal
routing
backup is done on a particular day of the week, differential
backups can be performed on the remaining days of the
dial-up line week to back up the files that have changed since the first
Any telecommunications link that is serviced by a day of the schedule. Differential backups are faster than
modem. normal backups and use less tape or other storage media.
Overview Notes
Dial-up lines are ordinary phone lines used for voice Differential backups are cumulative (unlike incremental
communication, but dedicated or leased lines are digital backups), so when you need to do a restore, you need
343
Differentiated Services (DS) Digital Advanced Mobile Phone Service (D-AMPS)
only the normal backup and the most recent differential ric encryption schemes form the basis of the Secure
backup. Differential backups take longer to complete Sockets Layer (SSL) protocol used on the Internet.
than incremental backups, but you can restore data from
See Also: Data Encryption Standard (DES), public key
them faster.
D See Also: backup type, incremental backup
cryptography
digital
Differentiated Services (DS) Transmission of signals that vary discretely with time.
A system for service classification of network traffic.
See Also: digital transmission
Overview
Differentiated Services (DS) was developed by the
diff-serv working group of the Internet Engineering
Digital Advanced Mobile Phone
Task Force (IETF) as a framework for standardizing
Service (D-AMPS)
The digital version of the Advanced Mobile Phone Ser-
service classification mechanisms. DS manages net-
vice (AMPS) cellular communications system.
work traffic based on the forwarding behaviors of pack-
ets instead of by traffic priority or application. DS is Overview
rule-based and can be used for policy-based traffic AMPS is the oldest cellular phone system still widely
management. deployed. It is an analog system operating in the 800
megahertz (MHz) band and is based on the EIA-533
Implementation standard.
DS works by packaging Differentiated Services Code
Point (DSCP) information within standard Internet Pro- Digital Advanced Mobile Phone Service (D-AMPS) is
tocol (IP) headers. This DSCP information specifies the the digital version of AMPS and is based on the IS-54
level of service required for the packet, and supports up standard. D-AMPS has been around since 1992, and it
to 64 different traffic forwarding behaviors. DSCP builds on the large installed base of AMPS cellular net-
maps a particular packet to a packet hop behavior work installations. D-AMPS is used in North and South
(PHB) applied by a policy to a DS-compliant router. America and in parts of Asia and the Pacific region. The
technical name for D-AMPS is Time Division Multiple
See Also: quality of service (QoS)
Access/IS-136.
Implementation
Diffie-Hellman (DH) D-AMPS uses the same 800 Mhz frequency band as
An encryption scheme used in public key cryptography.
AMPS, specifically frequencies between 824 and 891
Overview MHz (although a dual-band 800/1900 MHz system
Diffie-Hellman (DH) is an asymmetric encryption has also been implemented). D-AMPS also uses 30-
scheme that uses a key pair consisting of different pub- kilohertz (kHz) channels as AMPS does, but whereas
lic and private keys. The private key is used to encrypt AMPS can carry only one conversation per channel,
the message, and the public key is used to decrypt it. D-AMPS can carry between three and six conversa-
DH also specifies a key exchange mechanism that tions. As a result, D-AMPS extends the capacity of
allows private keys to be used over the Internet. AMPS from 50 conversations per cell to up to 300 con-
versations per cell, making D-AMPS more efficient in
Another asymmetric encryption algorithm is RSA,
bandwidth utilization than AMPS.
developed by Ron Rivest, Adi Shamir, and Leonard
Adleman. Asymmetric encryption schemes typically While AMPS transmits information continuously,
have much larger keys than symmetric schemes such as D-AMPS transmits in bursts over a time-shared system
DES (Data Encryption Standard). A key for an asym- based on Time Division Multiple Access (TDMA) tech-
metric scheme is typically 1024 bits or larger. Asymmet- nology as the media access method. D-AMPS is more
344
Digital Advanced Wireless System (DAWS) Digital Audio Broadcasting (DAB)
immune to interference from noise than AMPS and can Mbps envisioned. Examples include wireless network-
be scrambled to make it more secure (AMPS is very ing, Internet browsing, video conferencing, file transfer,
easy to eavesdrop on). and Voice over IP (VoIP).
D-AMPS is cheaper and easier to implement than other
digital cellular systems such as Code Division Multiple
See Also: Global System for Mobile Communications
(GSM), International Mobile Telecommunica-
D
Access (CDMA), but its transmissions are not as secure tions-2000 (IMT-2000), Terrestrial Trunked Radio
as CDMA. D-AMPS represents a simpler upgrade (Tetra)
path from AMPS than Global System for Mobile Com-
munications (GSM), which also uses TDMA technol-
Digital Audio Broadcasting (DAB)
ogy but does so in an incompatible format.
A specification for broadband digital radio.
See Also: Advanced Mobile Phone Service (AMPS),
cellular communications, Code Division Multiple Overview
Digital Audio Broadcasting (DAB) is a specification for
Access (CDMA), Global System for Mobile Communi-
broadband transmission of digital information at speeds
cations (GSM), Time Division Multiple Access (TDMA)
up to 2.4 megabits per second (Mbps). DAB is designed
for transmission of digital audio and is envisioned as a
Digital Advanced Wireless replacement for existing analog AM/FM radio systems.
System (DAWS) DAB is a European specification only; however, a sim-
A proposed standard for a multimegabit packet-switch- ilar (but not interoperable) specification called IBOC
ing radio network from the European Telecommunica- (In Band, On Channel) is being developed in the United
tions Standards Institute (ETSI). States.
Overview Uses
The Digital Advanced Wireless System (DAWS) will Although DAB is intended mainly for audio broadcast-
be compatible with the existing packet radio system ing and is regulated as such, the possibility of it sup-
called the Terrestrial Trunked Radio (Tetra), which porting digital data broadcasts, and even Internet
enables terminals to communicate directly with each access, are currently being explored. Since digital audio
other in regions without cellular coverage. only requires 56 kilobits per second (Kbps), DAB’s 2.4
DAWS is being developed in response to the rapid Mbps bandwidth leaves lots of room for broadcasting
deployment of Global System for Mobile Communica- location-based information such as weather reports,
tions (GSM) wireless cellular communication systems traffic information, airline arrivals and departures, stock
and the increasing demand for high-speed wireless quotes, and so on.
mobile data services in response to the phenomenal Britain leads the world in DAB deployment, with five
growth of the Internet in recent years. The ultimate goal channels already allocated to the BBC. Other European
of the DAWS effort is to provide mobile wireless Asyn- countries and regions are following with their own
chronous Transfer Mode (ATM) data communication deployments. Psion has introduced a DAB receiver that
services with full-terminal mobility over wide areas of plugs into the USB port of a PC to provide users with
roaming. ATM has been selected by ETSI as the tech- reception of DAB broadcasts, and other vendors are
nology of choice for the backbone of the future envis- developing similar devices.
aged European Information Infrastructure (EII).
Although DAB is a broadcast (one-way) service, some
DAWS will be designed to support applications that carriers are envisioning using DAB to provide users
require data rates in excess of the 2-megabit-per-second with high-speed Internet access by using conventional
(Mbps) rate supported by the International Mobile Tele- or wireless modems for the upstream connection and
communications-2000 (IMT-2000) standards, with DAB for downstream.
eventual planned support for full ATM rates of 155
345
digital certificate digital certificate
346
digital dashboard digital data service (DDS)
347
Digital Data Storage (DDS) Digital Data Storage (DDS)
To use DDS services for wide area network (WAN) Digital Data Storage (DDS)
connectivity, route packets from your local area net- A tape backup technology that evolved from Digital
work (LAN) through a bridge or a router, which is con- Audio Tape (DAT) technologies.
nected by means of a V.35 or RS-232 serial interface to
D a Channel Service Unit/Data Service Unit (CSU/DSU). Overview
The CSU/DSU is connected to the four-wire termina- Digital Data Storage (DDS) is a tape backup technology
tion of the DDS line by means of an M-block connector, broadly used in all levels of businesses. DDS provides
a screw terminal block, or some other connection high capacity and performance at a relatively low cost.
mechanism. The Channel Service Unit (CSU) converts Although commonly called DAT instead of DDS, this is
the data signal into a bipolar signal suitable for trans- a misnomer and refers only to the type of tape
mission over the telecommunications link. The DDS employed.
lines themselves use four wires and support speeds of Implementation
64 Kbps, but 8 Kbps of bandwidth is usually reserved DDS records information on tapes using a helical scan
for signaling, so the actual data throughput is usually method similar to that used in VCRs. Tracks are laid
only 56 Kbps. down at an angle in sweeps across the width of the tape,
which allows DDS tape drives to operate at slower
speeds than parallel-scan drives. The result of lower
tape speeds is less wear and tear on both the tape and
the drive.
348
digital line digital nervous system
Overview Notes
Quantum has recently developed an upgrade to DLT
D
The distinguishing feature of a digital line is that it is
digital from end to end and does not employ any kind of called SuperDLT, which competes with linear tape open
analog modem technologies. As a result, digital lines (LTO) tape drive technology in speed and storage
have higher traffic-carrying capacities, less noise, and capacity.
better error-handling features than analog lines. The See Also: tape format
term digital line can refer to circuits based on the
following:
digital modem
● Digital data service (DDS) Any type of modem used for synchronous transmission
● Integrated Services Digital Network (ISDN) of data over circuit-switched digital lines.
349
Digital Signal Zero digital signature
whether it is text, graphics, audio, or video—flows within the next decade or so. If you use digital signa-
between businesses much as electrical impulses flow tures for documents that have to be archived for the long
between parts of the body. A stimulus of information term, you need to also include a verification trail of how
entering one business that is generated by another busi- the documents are transmitted and stored. This eviden-
D ness produces a response. The greater the complexity tiary trail might be necessary should the authenticity of
and the more interconnected the nervous system, the these signatures ever be challenged in court.
higher the organism—and the same applies to business.
Implementation
Greater interflow of digital information can lead to the
Digital signatures are based on public key cryptogra-
evolution of new forms of doing business. The Inter-
phy. In order for digital signatures to work, the sender
net and its related paradigms “intranet” and “extranet”
must have both a digital certificate and a key pair issued
serve as examples of this evolution. These concepts
by a certificate authority (CA) such as VeriSign.
grew naturally—almost organically—from the complex
interconnectedness fostered by advances in software A digital signature for a particular document is created
and networking. by first performing a mathematical hash of the docu-
ment. A hash is an iterative cryptographic process that
For More Information
employs a complex one-way mathematical function. To
You can visit the Digital Nervous System site at
create digital signatures, a special hash called SHA-1
www.microsoft.com/dns.
(Secure Hash Algorithm-1) is employed, and the end
result of this process is a 160-bit text file called a mes-
Digital Signal Zero sage digest (MD). The MD is then encrypted using the
More usually known simply as DS-0, a transmission sender’s private key to create the digital signature, and
standard for digital telecommunications having a trans- the resulting signature is then attached to the document,
mission rate of 64 kilobits per second (Kbps) and which is then transmitted to its intended recipient. Note
intended to carry one voice channel. that each digital signature is unique and depends on the
document being transmitted.
See: DS-0
When the recipient receives the signed message, the
same hash is performed on the received document to
digital signature create a new message digest. The sender’s public key is
An electronic signature that you can use to validate the
then applied to the MD, and the result is compared with
identity of the sender of a digital transmission.
the signature of the received message to determine
Overview whether the message is from its expressed recipient and
Digital signatures can be used to sign a document being whether it is intact or has been tampered with during
transmitted by electronic means such as e-mail. Digital transmission.
signatures validate the identity of the sender and ensure
Marketplace
that the document they are attached to has not been
The complexity of public key cryptography and the
altered by unauthorized parties during the transmission.
wide variety of CAs in the marketplace have slowed the
Uses general adoption of digital signatures for sender verifi-
Digital signatures are mainly intended for signing doc- cation purposes. In 2000, however, the U.S. government
uments that have a relatively short lifespan of no more passed legislation called Esign (the Electronic Signa-
than a few years. Examples include business contracts, tures in Global and National Commerce Act) that
invoices, and similar documents. They are not generally should speed widespread adoption of digital signatures.
suited for documents requiring long-term archiving, Esign basically makes digital signatures carry the same
such as medical or financial documents, because weight in law as regular signatures.
advances in cryptography might render them insecure
350
digital signature digital signature
D
Document SHA-1 Message Encryption Digital Attach signature to
hash digest signature document and send
351
Digital Subscriber Line (DSL) Digital Subscriber Line (DSL)
(personal identification number) code known only to DSL actually represents a family of related services
the sender. Because of its location on the hard drive, commonly referred to as “xDSL,” which includes the
however, the private key is often vulnerable to hackers following:
who break into networks to collect such information.
D Should hackers obtain a copy of your private key and
● Asymmetric Digital Subscriber Line (ADSL):
This flavor of DSL is asymmetric in nature, with
somehow guess or determine your PIN code, they can
different upstream (customer to carrier) and down-
sign electronic documents using your identity, and
stream (carrier to customer) speeds. ADSL theoret-
unless there is an evidential trail to the contrary, these
ically supports data rates of up to 6.1 megabits per
signed documents would be legally enforceable.
second (Mbps) downstream and 640 kilobits per
To better protect the sender’s private key, another new second (Kbps) upstream at distances of 18,500 feet
technology has emerged that may help propel the wide- (5340 meters) from the telco CO. In practice, how-
spread use of digital signatures. This new technology is ever, typical ADSL speeds are more like 1 Mbps
called Universal Serial Bus (USB) crypto-tokens, and it downstream and several hundred Kbps upstream.
consists of a small device such as a smart card that Because of its faster downstream speeds, ADSL is
securely stores the sender’s private key in a medium ideal for high-speed Internet access. ADSL is an
inaccessible to hackers (you could, of course, still lose American National Standards Institute (ANSI)
your USB token and land in trouble, but you could lose standard called T1.413.
your driver’s license as well, with similar results).
● G.Lite: This is a variety of ADSL that was
See Also: cryptography, digital certificate, message designed to be simpler to install at the customer’s
digest (MD) algorithms, public key cryptography premises than regular ADSL (an external ADSL
modem is used, and a splitter is not required at the
customer’s premises). G.Lite is an International
Digital Subscriber Line (DSL)
Telecommunication Union (ITU) standard called
A group of broadband telecommunications technolo-
G.992.2 and is sometimes called DSL Lite or
gies supported over copper local loop connections.
ADSL Lite. Transmission rates for G.Lite range
Overview from 1.544 to 6 Mbps downstream and 128 to 384
Digital Subscriber Line (DSL) was originally designed Kbps upstream. GLite is growing in popularity as a
to provide high-speed data and video-on-demand ser- “plug and play” form of DSL that customers can
vices to subscribers. DSL is an always-on service such install themselves using DSL modems provided by
as Integrated Services Digital Network (ISDN) but providers. The disadvantage is that G.Lite generally
works at much faster speeds compared to T1 (and even has to be deployed using a second phone line
T3) leased lines for a fraction of the cost. because it provides unacceptable performance for
voice transmission.
DSL uses the same underlying PHY layer as ISDN Basic
Rate Interface (BRI) and is basically a form of modem ● Rate-adjusted Digital Subscriber Line (RADSL):
technology that specifies a signaling process for high- This is a form of ADSL that dynamically negotiates
speed, end-to-end digital transmission over the existing the best possible speed based on changing line con-
copper twisted-pair wiring of the local loop. DSL accom- ditions. Speeds for RADSL are comparable to those
plishes this feat by using advanced signal processing and for ADSL.
digital modulation techniques. DSL uses digital modems
● ISDN Digital Subscriber Line (IDSL): This is
in which the digital signals are not converted to analog or
essentially ISDN with no voice service, only data.
vice versa; instead, the signals remain digital for the
IDSL provides 144 Kbps throughput in both direc-
complete communication path from the customer pre-
tions, and unlike ISDN, it is always on and has no
mises to the telco’s central office (CO).
need for call setup.
352
Digital Subscriber Line (DSL) Digital Subscriber Line (DSL)
● High-bit-rate Digital Subscriber Line (HDSL): Many small to mid-sized businesses look on DSL as a
This flavor supports high-speed, full-duplex com- replacement for aging 56 Kbps synchronous lines,
munications over four-wire telephone lines at dis- ISDN lines, frame relay, and other traditional WAN
tances up to 12,000 feet (3650 meters) from a telco services. DSL provides much higher bandwidth than
CO. HDSL provides equal upstream and down- these services, typically at half the cost or less. For D
stream speeds of up to 1.544 Mbps, equal to a T1 example, although a T-1 line might cost more than
line in throughput (it usually requires a conditioned $1,000 a month, HDSL can provide similar throughput
line such as a T1 line as well). HDSL is usually for less than $400 a month.
deployed using bridges or routers instead of
Implementation
modems, and is best suited for wide area network
DSL can be deployed in different ways depending on
(WAN) links.
the flavor being used. In ADSL, for example, an ADSL
● Symmetric Digital Subscriber Line (SDSL): This modem and a signal splitter are installed at the cus-
is a two-wire variety of HDSL that is the same in tomer’s premises and connected to the copper phone
every respect except that it is half-duplex instead line. The splitter separates voice and data signals so that
of full-duplex. Another name for this service is a single phone line can carry both voice and data. At the
HDSL II. telco’s CO, a Digital Subscriber Line Access Multi-
plexer (DSLAM) connects subscribers to a high-speed
● Very-high-rate Digital Subscriber Line (VDSL):
Asynchronous Transfer Mode (ATM) backbone, which
This form of ADSL supports speeds of up to 54
typically uses a permanent virtual circuit (PVC) con-
Mbps upstream and 2.3 Mbps upstream over short
nection to an ISP for Internet access.
distances of up to 1000 feet (305 meters). At longer
distances the speed drops rapidly, and VDSL can DSL modems can use a variety of signal coding meth-
rarely be provisioned beyond 4500 feet (1,370 ods, including carrierless amplitude and phase modula-
meters) from the CO. VDSL is currently vendor- tion (CAP) or discrete multitone (DMT) technology
specific technology that has not been standardized, modulation, depending on the vendor’s implementa-
and because of its high speed and short distances, it tion, with CAP currently being the most popular modu-
is essentially a solution in search of a problem. lation scheme used. DSL modems are simple Layer-2
devices that generally have few security features, lack
Uses
remote management capability, and are intended for
In the last few years, the use of DSL for residential
connecting a single computer to the Internet. For con-
broadband Internet access has skyrocketed, and DSL is
necting an office LAN, a DSL router with built-in fire-
currently the main competition for cable modem ser-
wall and Network Address Translation (NAT) support is
vices to provide such services. DSL also can deliver
used instead of a DSL modem. All customer premises
other services to homes and businesses, including digi-
equipment (CPE) DSL devices are technically called
tal TV and Voice over DSL (VoDSL).
ADSL Transmission Unit-Remote (ATU-R), and
Another common use of DSL is for telecommuting DSLAMs and similar DSL equipment at telco COs are
(working remotely from home). DSL modems provide known as ADSL Transmission Unit-Central office
a cheap and easy way of gaining high-speed access to (ATU-C).
corporate intranets for telecommuters. DSL offers good
Advantages and Disadvantages
security, performance, and reliability for telecommut-
The main advantage DSL has over cable modem tech-
ers, but its distance limitation means that they must
nology for delivering high-speed Internet access is that
reside in metropolitan areas.
DSL uses ordinary phone lines to accomplish this, and
such phone lines are everywhere. By contrast, cable TV,
353
Digital Subscriber Line (DSL) Digital Subscriber Line (DSL)
the service on which cable modem Internet access rides, DSL is also inherently more secure than cable modem
has been widely deployed in residential areas but is rare services and offers better throughput guarantees. This is
in business districts and industrial parks. As a result, because each DSL connection between subscriber and
DSL has the advantage of having a ready-made wiring telco CO is a dedicated connection. By comparison, all
D infrastructure, while cable companies have to invest cable modem users in a given neighborhood essentially
money and effort to build their infrastructure out to operate as a shared local area network (LAN). As a
business customers. result, cable modem users can often see each other’s
computers on the network, and the more cable modem
users simultaneously accessing the Internet in a given
1 Single-customer residential DSL
neighborhood, the slower the download speed everyone
Customer Telco central will experience. By contrast, DSL line speeds are inde-
premises office pendent of other users and depend only on the distance
DSLAM from the CO and the backbone capacity of the carrier’s
Computer connection to the Internet.
For businesses, DSL can provide wide area network
(WAN) links that are faster and cost less than traditional
WAN services such as Frame Relay and ISDN. Unlike
Internet ISDN and modem-based services, DSL is an always-on
Splitter
Local technology as well.
loop
DSL does have several disadvantages, however, the
DSL Modem
most important being its distance limitations. DSL typ-
ically cannot be deployed beyond 18,500 feet (5340
meters) from a CO, and even within this distance, the
farther the subscriber is from the CO, the worse the con-
2 Business DSL nection and slower the speed. DSL is thus restricted
mainly to dense urban areas and is often not an option in
rural areas. Using remote DSL access terminals, how-
DSLAM ever, some regional bell operating companies (RBOCs)
are pushing DSL farther out from the CO (see Issues
LAN below).
Another issue is that DSL may be impossible to deploy
over older portions of the PSTN. This is because load
Internet coils and bridged taps often prevent DSL signals from
passing between the customer’s premises and the telco
Local CO. Load coils are induction coils that shift frequen-
loop
cies upward for voice transmission to compensate for
unwanted wire capacitance, and unfortunately this
DSL router often shifts voice transmission into the frequency band
used by DSL, causing interference. Bridged taps are a
G0CXX21 (new to 2E)
shortcut method for telcos to provide local loop phone
Digital Subscriber Line (DSL). Implementing DSL for services to customers without actually running dedicated
residential and business customers.
354
Digital Subscriber Line (DSL) Digital Subscriber Line (DSL)
lines to those customers. Instead, an existing local loop ers (CLECs), though their services are generally limited
line is tapped somewhere in the middle to run a line to a to DSL. Other names sometimes used to describe them
second customer. Too many such taps cause excessive include competitive DSL providers and DSL local
echoes that can create noise that interferes with DSL exchange carriers (DLECs).
signals. Finally, if a telco has fiber deployed anywhere
DSL providers generally offer high-speed residential
D
along a local loop, DSL cannot be provisioned since it
Internet access for service charges in the range of $40 to
works only over copper and not over fiber (see Issues
$60 a month. Business customers generally pay up to
below).
10 times more, primarily because of additional services
DSL is also more difficult to provision than cable supported, such as providing access to multiple users on
modem services. This is because to provision DSL typ- a LAN, managed firewalls, service level agreements
ically requires the cooperation of three different compa- (SLAs), and top-tier customer support.
nies: the DSL provider, which deploys the connection at
Some DSL providers offer a service called bonding,
the customer premises, the RBOC or inter-exchange
which allows two or more DSL connections to be com-
carrier (IXC) from which the DSL provider purchases
bined into a higher throughput connection. In a typical
wholesale DSL services to retail to customers, and the
bonding scenario, two or four 144 Kbps IDSL lines are
ISP, which provides the actual connection to the Inter-
connected to a DSL router and combined using MLPPP
net. As a result of this complexity, DSL provisioning
(Multilink PPP) into a single 576 Kbps connection.
can sometimes take weeks or even months, and when a
Bonding-enabled DSL routers are much cheaper to
connection goes down, finger-pointing among the dif-
deploy at the customer premises than a DSLAM, which
ferent players can sometimes make for slow resolution
can accomplish the same thing but has greater space
of problems.
requirements.
Finally, for business purposes traditional leased lines
Issues
have a much better track record of reliability than DSL
A major issue that has hindered the widespread use of
because of the aforementioned lack of cooperation
DSL is that different DSL vendors use proprietary solu-
among the DSL provider, RBOC, and ISP. T-1 lines are
tions that make equipment from one vendor incompati-
generally provisioned by a single company (the RBOC),
ble with that from another. This situation is particularly
which makes problems easier and quicker to trouble-
aggravating for businesses with offices scattered around
shoot. Medium and large companies often consider
geographically, as each office may use different equip-
DSL an option for backup WAN services, but many are
ment provided by different DSL providers or RBOCs.
reluctant to make DSL their front-tier WAN service,
To overcome this issue, the OpenDSL initiative has
despite the cost savings they can achieve by replacing
been formed by 3Com Corporation, Cisco Systems,
their T-1 and fractional T-1 lines with DSL connections.
SBC Communications, Qwest Communications, and
Marketplace others. The goal of OpenDSL is to standardize all
While most RBOCs offer DSL services, several inde- aspects of DSL the same way the Data Over Cable Ser-
pendent DSL providers have recently appeared. How- vice Interface Specification (DOCSIS) has done with
ever, some of these have failed or been acquired by cable modem technologies. Widespread acceptance of
RBOCs during the dot-com shakeout of 2000. Some of OpenDSL will likely drive DSL deployment further,
the larger players that remain in the pure-play DSL especially in the business marketplace, but it is likely to
arena include Covad Communications Company, Earth- take a few years for RBOCs and Competitive Local
Link, and Rhythms NetConnections. These providers Exchange Carriers (CLECs) to replace their proprietary
are often classified as competitive local exchange carri- DSL systems with the new standard.
355
Digital Subscriber Line (DSL) Digital Subscriber Line (DSL)
356
Digital Subscriber Line Access Multiplexer (DSLAM) digital transmission
service, but now reaching the market are newer Digital transmission.
DSLAMs are that support multiple services (including
357
DIME direct burial fiber-optic cabling
The opposite of digital transmission is analog transmis- direct burial fiber-optic cabling
sion, in which information is transmitted as a continu- Fiber-optic cable designed for burial.
ously varying quantity. An analog signal might be
converted to a digital signal using an analog-to-digital Overview
D converter (ADC) and vice versa using a digital-to-ana- Direct burial fiber-optic cable typically consists of mul-
log converter (DAC). ADCs use a method called “quan- tiple fiber-optic cables bundled together and enclosed in
tization” to convert a varying AC voltage to a stepped a protective sheath. Direct burial fiber-optic cabling is
digital one. designed to be buried in trenches and contains a gel fill-
ing that protects the individual fibers from temperature
See Also: analog and moisture variations. A strip of strengthening mate-
rial runs axially down the cable to prevent excessive
DIME bending, which can fracture the individual fibers. Direct
burial cabling can have steel-armor construction with
Stands for Direct Internet Message Encapsulation, a
heavy waterproof polyethylene jackets and can contain
protocol for encapsulating attachments to Simple
either multimode or single-mode fiber-optic strands.
Object Access Protocol (SOAP) routing protocol
messages.
See: Direct Internet Message Encapsulation (DIME)
Building Building
Equipment Equipment
room room
Direct burial fiber-optic cabling. Deploying direct burial fiber-optic cable to connect networks in different buildings.
358
Direct Cable Connection Direct Internet Message Encapsulation (DIME)
359
direct inward dialing (DID) directory
361
Directory Access Protocol (DAP) Directory Access Protocol (DAP)
● Access method: Nowadays everything needs to be guage called Directory Service Markup Language
Web-enabled, and information within an enterprise (DSML) is being developed to better allow different
directory should be accessible by issuing LDAP directories to communicate with one another. Other
queries over Hypertext Transfer Protocol (HTTP) related initiatives include Simple Object Access Proto-
D through a simple Web browser. col (SOAP) and the Universal Description, Discovery,
and Integration (UDDI) specification.
● Management tools: Directories that can be managed
using LDAP/HTTP are a distinct advantage over oth- Finally, it must be mentioned that simply implementing a
ers where remote administration is concerned. directory will not necessarily save costs for an enterprise
or make the lives of administrators easier. Directories can
● Namespace design: Most general-purpose NOS
be complex to implement, especially if legacy informa-
directories map a company’s geographical structure
tion needs to be migrated to them. Also, tools for man-
to its directory namespace. This may be the simplest
aging directories can be difficult to use and require
and most logical thing to do, but whether it is most
extensive training. As a result of such complexity, indus-
efficient for LDAP searching is something that you
try analysts estimated that as of 2000 less than 35 percent
should consider before implementing the directory.
of all companies were using LDAP directories.
For a company that has already implemented its
directory but has trouble searching it efficiently, a See Also: Active Directory, Directory Access Proto-
product called RadiantOne from Radiant Logic can col (DAP), directory database, directory replication
help by mapping a virtual LDAP namespace over the (Windows 2000 and Windows .NET Server), Direc-
top of the existing namespace to speed search queries tory Service Markup Language (DSML), Lightweight
and maintain directory independence when the net- Directory Access Protocol (LDAP), metadirectory,
work configuration is changed. Novell Directory Services (NDS), Simple Object
Access Protocol (SOAP), Universal Description, Dis-
Issues
covery, and Integration (UDDI), Windows NT Direc-
The main issue confronting the enterprise concerning
tory Services (NTDS), X.500
directories is interoperability. A large enterprise typi-
cally has many different directories implemented at var-
ious levels of its network, and consolidating all these Directory Access Protocol
directories into a single directory through migration is (DAP)
often impractical from the point of view of cost (large A protocol for accessing information in a directory ser-
enterprises tend to be heterogeneous in many ways and vice based on the X.500 recommendations.
for many reasons).
Overview
To allow directories from different vendors to share The Directory Access Protocol (DAP) specifies how an
information with one another, a number of metadirec- X.500 Directory User Agent (DUA) communicates
tory products has appeared in the marketplace. Exam- with a Directory System Agent (DSA) to issue a query.
ples of metadirectory software include Microsoft Using DAP, users can view, modify, delete, and search
Metadirectory Services (MMS) and Novell’s DirXML. for information stored in the X.500 directory if they
have suitable access permissions.
Another issue regarding interoperability between direc-
tories is that the LDAP standard has certain limitations DAP is a complex protocol with a lot of overhead,
that require directory vendors to add their own propri- which makes it generally unsuitable for implementa-
etary extensions to LDAP if they want to give their tions in a Microsoft Windows environment. A simpler
LDAP directory products greater functionality. Thus version called Lightweight Directory Access Protocol
even different LDAP-compliant directories from differ- (LDAP) is growing in popularity and can be used to
ent vendors might not be able to interoperate to a access and update directory information in X.500
desired degree. To solve this problem, an XML lan- directories. LDAP is more suitable than DAP for
362
directory database Directory Enabled Network (DEN)
implementation on the Internet and has mostly super- Directory Enabled Network
seded DAP as an access protocol for X.500-based direc- (DEN)
tories (which are now often called LDAP directories). An initiative toward a platform-independent specifica-
See Also: directory, Lightweight Directory Access Pro-
tocol (LDAP), X.500
tion for storing information about network applications,
devices, and users in a directory.
D
Overview
directory database Directory Enabled Network (DEN) was started by
The central store of directory information on a network. Microsoft Corporation and Cisco Systems in 1997
with the goal of developing standards for directory-
Overview based management of network resources. DEN is a
The directory database is one of two components of a policy-based mechanism that binds a user’s name and
typical directory application, the other being the direc- network access profile to a policy. This procedure maps
tory service, which allows the directory database to be users to network services to make a more intelligent
searched and modified. network that can better manage its resources, especially
In Microsoft Windows NT, Windows 2000, and bandwidth. User rights on the network and bandwidth
Windows .NET Server, the directory database resides on allocation can then be assigned to the user by using the
the domain controllers, which manage all security- profile.
related aspects of the network. In Windows NT, the direc- DEN’s goal is to unify the disparate network manage-
tory database is generally called the Security Accounts ment platforms in existence today to provide a single,
Manager (SAM) database. In Windows 2000 and directory-based, cross-platform specification for the
Windows .NET Server, the directory database is the data- development of standard network management sys-
base component of Active Directory directory service. tems. The DEN initiative is now managed by the Dis-
Both the SAM database and the Active Directory direc- tributed Management Task Force (DTMF) and is open
tory service store information about objects on the net- to network device vendors, Internet service providers
work. The SAM is limited to storing information about (ISPs), independent software vendors (ISVs), carriers,
users, groups, and computers that participate in the and others who might be interested.
domain and security policy information such as pass- Prospects
word expiration policies and audit policies. The SAM DEN has not materialized as fast as many had hoped, but
stores its information in a privileged area of the registry. the Desktop Management Task Force (DMTF) is still
The practical upper limit for a SAM database is 40 guiding it toward final release within the next few years.
megabytes (MB), which corresponds to approximately Part of this is because one of the major driving forces ini-
26,000 user and computer accounts. If an enterprise has tially behind DEN was the hope of managing quality of
more than 26,000 users, the Windows NT directory service (QoS) policies using directories. This would
database can be partitioned (split) into two or more por- allow bandwidth to be allocated to users and applications
tions and trust relationships can be configured accord- more easily. The pressure to do this has lessened in the
ing to a multiple master domain model. last few years, however, as bandwidth costs continue to
Active Directory is considerably more flexible and drop, especially with the emergence of Gigabit Ethernet
powerful than the Windows NT SAM. Active Directory (GbE). As a result, QoS issues can be sidestepped in
scales upward to tens of millions of objects, and these many situations simply by overprovisioning bandwidth.
objects may be users, groups, computers, printers, Furthermore, simple Internet Protocol (IP) QoS tech-
shares, and many other forms of information. niques such as 802.1p have lessened the need for more
complex directory-based QoS schemes.
See Also: Active Directory, directory, directory repli-
cation (Windows 2000 and Windows .NET Server),
Security Account Manager (SAM) database
363
directory export directory hierarchy
Technical issues have also hindered the development of for re-importing the modified account information back
DEN as a real-life specification. One recent step for- into Exchange. Using directory export/import is in fact
ward involved the mapping of Common Information the usual method in Exchange for modifying the proper-
Model (CIM) schema to Lightweight Directory Access ties of a large number of recipients at one time.
D Protocol (LDAP) so that CIM object information could
See Also: directory, directory import, Exchange Server
be stored and accessed in LDAP-compliant directories
such as Microsoft’s Active Directory directory service.
directory hierarchy
See Also: Active Directory, Common Information
The hierarchy of objects in a directory.
Model (CIM), directory, Distributed Management Task
Force (DMTF), Lightweight Directory Access Protocol Overview
(LDAP) Directories typically store information about the objects
they manage in a hierarchical fashion. As an example
we can consider the containers and leaf objects in a
directory export Microsoft Exchange Server directory, which is dis-
The process of exporting information from a directory
played and configured using the Exchange Administra-
to another application.
tor program. This hierarchy is based on the directory
Overview recommendations given by X.500.
An example of directory export can be found in
Microsoft Exchange Server, which supports the export-
ing of information about recipients stored in its direc-
tory database. This information can be exported to a
comma-delimited text file (.csv file), edited, and then
imported into another system.
Directory hierarchy.
The Exchange directory hierarchy begins at a root
object called the Organization container, and then
branches down into sites, servers, connectors, recipi-
ents, and other objects. To configure any object in the
directory hierarchy, you use its property sheet.
364
directory import directory replication (Windows 2000 and Windows .NET Server)
● Leaf objects: These are end nodes in the directory Microsoft Windows 2000 or Windows .NET Server,
tree and whose properties can be configured using which stores copies of the directory database on
their property sheets. machines called domain controllers. In Windows 2000,
directory replication is thus the process of replicating
See Also: directory, Exchange Server, X.500
Active Directory updates to all the domain controllers D
on the network. Directory replication ensures that users
directory import have access to resources on the network by ensuring
The process of importing information into a directory that information about users, groups, computers, file
from another application. shares, printers, and other directory objects is current
on all domain controllers in the network.
Overview
An example of directory import can be seen in Directory replication of Active Directory on a
Microsoft Exchange. Here the information to be Microsoft Windows 2000– or Windows .NET Server–
imported must be in a format that the importing system based network takes place in two ways, depending on
can understand, usually a delimited text file such as a whether the participating domain controllers are in the
.csv file. Microsoft Exchange Server allows recipient same site.
information to be imported into its directory database
● Intrasite: Within a site, intrasite replication
and allows recipients exported from other mail systems
between domain controllers uses remote procedure
to be imported into Exchange. For example, you can
calls (RPCs) by means of a dynamically allocated
use the Exchange Migration Wizard to extract mailbox
port number. This replication takes place automati-
information from a foreign mail system into a .csv file.
cally every five minutes. Domain controllers within
You can then import this information into a spreadsheet
a site exchange update information in a ring fash-
program such as Microsoft Excel, modify it as needed,
ion, from one domain controller to another. This
and import it into Exchange to create new mailboxes in
ring topology is established by a process called
your organization for users of the foreign mail system
the Knowledge Consistency Checker (KCC) and
who are migrating to Exchange.
ensures a minimum of two replication paths
See Also: directory, directory export between each pair of domain controllers and a
maximum replication hop count of three to support
directory replication (Windows efficient replication and fault tolerance.
2000 and Windows .NET Server) ● Intersite: Between sites, intersite replication can
A process that ensures that all directory servers contain use RPCs if the local area network (LAN) or wide
identical copies of the directory database. area network (WAN) connection supports them or
Overview some other method, such as Simple Mail Transfer
In a typical implementation of a directory, the directory Protocol (SMTP) e-mail messages. Intersite repli-
database is replicated to a number of servers called cation uses a compressed format for more efficient
directory servers. These servers are located at different use of slow WAN links and is easier to schedule and
points around the network to provide accessible points manage than intrasite replication. To take advantage
for clients needing to search the directory for resources of the greater flexibility of intersite replication and
on the network. to use it instead of intrasite replication, configure
your domain controllers to belong to more than one
Implementation physical site.
As an example of the directory replication process,
consider the Active Directory directory service in See Also: Active Directory, directory, directory
database
365
directory replication (Windows NT) directory replication (Windows NT)
Implementation Notes
The Directory Replicator Service replicates files from Do not use directory replication as a substitute for a reg-
an export computer to an import computer. The export ular program of tape backups. The Directory Replicator
computer must be running the Windows NT Server Service can create a lot of network traffic and should
operating system, but the import computer can run not be used for backing up data across a network. If the
Windows NT Server, Windows NT Workstation, or data you are replicating contains large files that change
LAN Manager for OS/2 servers. frequently, replication traffic can cause network con-
gestion unless you watch it carefully. Be especially
The export server is the computer that contains the mas-
careful when you replicate directory structures over
ter copy of the directory tree to be replicated. This
366
directory service log Directory Service Markup Language (DSML)
slower wide area network (WAN) links to avoid conges- Directory Service Manager for
tion that interferes with other essential forms of traffic NetWare (DSMN)
such as logon traffic. An optional Windows 2000 utility for managing direc-
The Directory Replicator Service on Windows NT can
export only one directory tree from a given export server.
tory information stored on NetWare servers.
D
Overview
It is a good idea to leave the default export location as it is Directory Service Manager for NetWare (DSMN)
and move the directory structure and information you enables Windows 2000 domain controllers to manage
want to replicate to this default export location. This account information on NetWare 2.x, 3.x, and 4.x servers.
allows you to also replicate logon scripts because by It does this by copying NetWare account information to
default these are located on a PDC in the location the primary domain controller (PDC) and then propagat-
%SystemRoot%\system32\repl\export\scripts and on a ing changes back to the bindery on the NetWare servers.
BDC in the location %SystemRoot%\system32\repl\import. DSMN also synchronizes accounts across all NetWare
Since these script directories are located within the servers allowing users to access any NetWare server
default export and import paths, they can be replicated using a single logon username. DSMN does not come
along with other data. with Windows 2000 but can be ordered separately from
your Microsoft value-added reseller (VAR).
367
Directory Service Migration Tool (DSMigrate) directory synchronization (Windows NT)
368
Direct Sequence Spread Spectrum (DSSS) disaster recovery
369
disaster recovery disaster recovery
370
discrete multitone (DMT) discretionary access control list (DACL)
371
disk duplexing disk imaging
372
disk mirroring Diskperf command
373
disk quotas disk quotas
Diskperf –n sets the system to not use any disk perfor- on the property sheet for an NTFS volume. To configure
mance counters. disk quotas for users, you essentially specify two values:
For the full syntax of this command, type diskperf /? ● Quota limit: How much disk space the user is
D on the command line. allowed to use
See Also: Windows commands ● Quota threshold: The conditions under which an
event should be logged to indicate that the user is
nearing his or her quota limit
disk quotas
A mechanism for managing how much data users can
store on disks.
Overview
Disk quotas are a feature of Microsoft Windows 2000,
Windows XP, and Windows .NET Server that administra-
tors can use to track and control disk usage on a per-user
basis for each NTFS file system (NTFS) volume that the
user stores data on. Support for disk quotas is built into
the new version of NTFS on Windows 2000, Windows
XP, and Windows .NET Server.
Disk quotas are tracked independently for each NTFS
volume even if several volumes are on the same physi-
cal disk. For purposes of managing disk quotas for
users, disk space usage is based on file and folder own-
ership. Windows 2000, Windows XP, and Windows .NET
Server ignore compression when it calculates how much
disk space a user is utilizing. Whatever is unallocated in
a user’s disk quota is reported as free space for applica- Disk quotas. Configuring disk quotas in Windows 2000.
G0DXX27 (was G0DUI31 in 1E)
374
disk status Distance Vector Multicast Routing Protocol (DVMRP)
limit. Note also that enabling disk quotas incurs slight Distance Vector Multicast
overhead in file system performance. Routing Protocol (DVMRP)
See Also: NTFS file system (NTFS), storage A multicast routing protocol based on the spanning tree
algorithm.
D
disk status Overview
Information about whether a disk is healthy or has a Distance Vector Multicast Routing Protocol (DVMRP)
problem. is one of three routing protocols used for multicast rout-
ing, the other two being Protocol Independent Multicast
Overview Dense Mode (PIM-DM) and Multicast Open Shortest
In Microsoft Windows 2000, Windows XP, and Path First (MOSPF). DVMRP is used for dense mode
Windows .NET Server, disk status is displayed in the multicasting where the hosts receiving the multicast are
Disk Management portion of the Computer Management densely congregated in large pockets of the network.
console. The Status column shows the status indicators DVMRP assumes that all hosts on connected subnets
according to the following table. The letter B here indi- want to receive the multicast. A typical scenario where
cates that the status indicator can apply to basic disks, and DVMRP might be used would be for webcasting sports
D indicates dynamic disks. events, concerts, or corporate presentations.
Disk Status Implementation
Disk Status Description/Prescription DVMRP floods the network with multicast packets to
Online The disk is accessible. There are no try to get information out as rapidly as possible to the
(BD) problems. furthest corner of the network. DVMRP assumes that
Online— I/O errors detected. Try reactivating there is sufficient bandwidth to support this operation.
Errors (D) the disk to see whether the errors are Once a multicast session is established, DVMRP then
transient. prunes the routing tree by cutting off multicasts to rout-
Offline (D) The disk is not accessible and might be ers whose connected networks have no hosts receiving
corrupted, disconnected, or powered them. If a router determines using Internet Group Mem-
down. Try reactivating the disk, and bership Protocol (IGMP) that no downstream hosts or
check the cables and the controller. routers require the multicast transmission, it contacts
Foreign (D) The disk has been moved to this the upstream DVMRP router and asks to be removed
machine from another computer run- from its list for the multicast session.
ning Windows 2000 (same for Win-
dows XP and Windows .NET Server). DVMRP routers check their routing tables frequently to
You must import the foreign disk determine the optimal route to nearby DVMRP routers.
before you can use it. DVMRP uses broadcasts to keep routing tables up to
Unreadable The disk is not accessible and might be date, which tends to consume a lot of network band-
(BD) corrupted, have I/O errors, or hardware width. As a result, DVMRP should only be imple-
failure. Try rescanning the disk or mented on connections that have sufficiently high
rebooting the system to see whether it bandwidth to support it.
recovers.
Unrecognized The disk type is unknown, and the disk See Also: dense mode, Multicast Open Shortest Path
is probably from a different operating First (MOSPF), multicasting, Protocol Independent
system, such as UNIX. Multicast-Dense Mode (PIM-DM), routing protocol
No Media The drive is either a CD-ROM drive or
some type of removable drive and has
no media in it.
375
distance vector routing algorithm distance vector routing algorithm
376
distance vector routing protocol distinguished name (DN)
377
distributed application Distributed Component Object Model (DCOM)
● User principal name (UPN): This is the name processor- or storage-intensive portion runs on a server.
used when a user logs on to the network. This type of distributed application is called a client/
server application. Examples of client/server applica-
For example, let’s consider a User object within Active
tions include the following:
D Directory. A User object is an example of a leaf object
because it cannot contain other objects. User objects ● Microsoft Exchange Server (back end) as a mail
such as Jeff Smith are identified using CNs. A container server with users running Microsoft Outlook (front
is a directory object that can contain other objects. In end) on their client machines
Active Directory, containers are referred to as organiza-
● Microsoft Access (front end) as an interface for
tional units (OUs) because they are used to organize
accessing database information stored in Microsoft
other objects into hierarchies of containers. For exam-
SQL Server (back end)
ple, the user Jeff Smith would typically be contained
within the Users container. At the top of the container ● A Web application written using Active Server
hierarchy are the containers that represent different Pages (ASP) for Internet Information Services (IIS)
components of the domain itself. These components are (back end) that is accessed from a client machine
called domain components (DCs). For example, if user running Microsoft Internet Explorer (front end)
Jeff Smith exists in the microsoft.com domain, the DN
In a more complex scenario, three tiers are used to create
for this user is represented by the path
a distributed application. The back end may be an SQL
DC=com,DC=microsoft,OU=Users,CN=Jeff Smith.
database containing customer or sales information. The
In Microsoft Exchange Server 5.5, which used its own front end might be a simple Web browser, used by the
proprietary directory instead of Active Directory, DNs employee to request sales information from the database.
were also used to identify recipients. Exchange auto- The middle tier of the distributed application would be
matically creates a DN for every recipient object in its the Web application running on an IIS machine.
directory database, including objects such as mail-
See Also: client/server, distributed computing
boxes, distribution lists, and public folders. For exam-
ple, if a user Jeff Smith has a mailbox named JeffS
located on an Exchange server in Redmond at the orga- Distributed Component Object
nization Microsoft, the DN for this user would be repre- Model (DCOM)
sented internally as A Microsoft programming technology for developing
O=Microsoft,OU=Redmond,CN=Recipients,CN=JeffS. distributed applications.
378
distributed computing distributed computing
Client Overview
The architecture of programming applications has gone
through several evolutionary steps over the last few
COM COM decades. The original mainframe computing model had
run time run time
all the processing done centrally on the mainframe,
Security provider Security provider with dumb terminals used for input and displaying
DCE (Distributed DCE (Distributed results. The next evolutionary step was client/server
Computing Computing computing where the client and server shared different
Environment) Environment) aspects of the processing. Applications had to be spe-
RPC RPC cially tailored to take advantage of the client/server pro-
Protocol stack Protocol stack cessing model. Recently a three-tier model has become
dominant, which augments the client/server paradigm
with a middle tier that encapsulates business logic in
DCOM programming constructs.
network
protocol The next evolutionary step in business computing is the
distributed computing model. In distributed computing,
there is no single centralized server. Instead, network
G0DXX28 (was G0DUI32 in 1E)
communications are used to connect servers, clients,
Distributed Component Object Model (DCOM). How
DCOM works. handheld devices, and other smart devices into a pro-
cessing fabric. The different components of this fabric
The client object cannot call the server object directly. may be scattered widely across a network.
Instead, the operating system intercepts the DCOM
request and uses interprocess communication mecha- Microsoft Corporation’s new .NET platform is
nisms such as remote procedure calls (RPCs) to provide designed to maximize processing gains through imple-
a transparent communication mechanism between the menting a distributed computing model for building
client and server objects. The COM run time provides Web services and applications. Distributed computing
the necessary object-oriented services to the client and is poised to revolutionize business services and how
server objects. The COM run time also uses the security they are developed, and .NET supports peer-to-peer
provider and RPCs to create network frames that con- (P2P) computing as one manifestation of its distributed
form to the DCOM standard. computing model.
See Also: client/server, .NET platform, peer-to-peer
network
379
Distributed Denial of Service (DDoS) Distributed Denial of Service (DDoS)
Distributed Denial of Service To launch a DDoS attack against a specific Web server,
(DDoS) an attacker first finds a vulnerable network and installs
A type of denial of service (DoS) attack that employs a DDoS tools on hundreds or even thousands of hosts on
that network. Common tools used include Tribe Flood-
D large number of intermediate hosts to multiply the
effect of the attack. Net (TFN), TFN2K, trinoo, Stacheldraht, and many
others easily downloaded from locations on the Inter-
Overview net. These compromised hosts become “zombies”
Although a DoS attack typically uses the attacker’s under the attacker’s control (other terms used to
machine or group of machines to launch it, a DDoS describe them include agents, daemons, or DDoS serv-
attack uses unwitting third-party hosts instead. The ers). Linux and Solaris systems have been the most pop-
result can be devastating if hundreds—or thousands— ular systems exploited as zombies so far. A good
of machines are involved. indicator that an attacker might be trying to compro-
mise your network by installing DDoS tools on hosts is
a sudden increase in Rcp (remote copy protocol) traffic,
which is often used to install these tools remotely. This
kind of activity can be detected by a network intrusion
detection system (firewall logs are less help, as attack-
ers usually compromise a single host on the network
and then use Rcp to install the tools on other hosts inter-
nally on the network from that point on).
Once the intermediate network is compromised and
tools installed, the attacker launches the attack using a
Web server remote management console, and the zombies then
DDoS
management attack the target host using a DoS attack method such as
console synchronous idle character (SYN) flooding, User Data-
gram Protocol (UDP) flooding, a smurf attack, or Inter-
net Control Message Protocol (ICMP) flooding. The
attack is usually overwhelming, usually bringing down
the targeted server and often saturating the target’s net-
Attacker work so that other servers on the network are unable to
Target
communicate as well. Address spoofing is used to make
it difficult to trace the machines launching the attack,
and even if these zombies are identified, it is usually
even more difficult to trace the single machine from
which the attacker is managing the attack. An even
Masters
more insidious version of DDoS makes it even harder to
track the attacker by employing another layer of inter-
mediate machines called masters, which are controlled
by the attacker’s management console and which them-
Zombies selves control the zombies. A master is typically the
G0DXX29 (new to 2E)
380
Distributed file system (Dfs) Distributed file system (Dfs)
intermediate networks, each with their own master and Distributed file system (Dfs)
hundreds of zombies. A network file system that makes many shares on dif-
Prospects ferent file servers look like a single hierarchy of shares
The most famous DDoS attack was instituted by Mafiaboy,
a Canadian teenager who allegedly brought down a
on a single file server.
D
Overview
number of major Web sites for hours in February 2000, Distributed file system (Dfs) is a feature of the Microsoft
including Amazon.com, Buy.com, CNN.com, eBay, Windows 2000 and Windows .NET Server operating
E-Trade.com, Yahoo!, and ZDNet. The attack was per- systems and a separately available add-on for the
formed using tools that are easily downloadable from a Windows NT operating system. Dfs allows file servers and
number of sites on the Internet. network shares to be logically organized into a single Dfs
There is still no simple solution for protecting sites directory tree. This simplifies management of network
against DDoS attacks. The main problem is the large resources and makes it easier for users to locate and access
number of networks connected to the Internet that are network resources. From the user’s perspective, Dfs makes
poorly secured and are open to exploitation for using it appear that there is only one server containing a hierar-
their machines as zombies for launching DDoS attacks chical tree of resources, while in fact these resources might
on other, better-secured sites. Lack of vigilance on the be distributed across multiple servers in different loca-
part of the administrators of these vulnerable networks tions.
thus affects the success of everyone’s sites on the Inter- Dfs simplifies directory browsing, offers search tools that
net. Omissions such as allowing directed inbound simplify locating network resources, and offers adminis-
broadcasts to networks and failing to implement ingress trative tools for building and managing Dfs directory trees.
and egress filtering properly on routers on a network’s It also eliminates the need for Windows 95, Windows 98,
border are typical mistakes by administrators that ren- or Windows NT Workstation clients to form multiple per-
der corporate networks vulnerable to hijacking for per- sistent network connections because users require only
forming DDoS attacks. one persistent connection to the directory tree.
One step forward was the establishment in 2001 of the Implementation
Information Technology Information Sharing and Anal- In the Windows 2000 and Windows .NET Server imple-
ysis Center (ITISAC) by the U.S. Department of Com- mentation, you first open the Dfs snap-in for Microsoft
merce. ITISAC is designed to help companies share Management Console (MMC) to create a Dfs root node.
information about DDoS attacks to better defend You can then create Dfs child nodes under the root
against them. Another issue is the impending prospect node. Each child represents a shared folder that can be
of organizations being held liable for their poorly located anywhere on the network. When users want to
secured corporate networks should hackers establish access a resource on the network, they navigate through
zombies on these networks and use them to launch the Dfs tree and do not need to know the particular
DDoS attacks against other sites. The Internet Engi- server the resource is located on. Users must have Dfs
neering Task Force (IETF) is also involved and has client software installed on their machines. Dfs client
established a working group RFC 2267+ to help strate- software is included with Windows 2000, Windows XP,
gize on the best way to deal with DDoS attacks. Despite Windows .NET Server, Windows NT, and Windows 98.
these initiatives, the Internet remains vulnerable to such An optional Dfs client can be downloaded for Windows
attacks and will likely continue to be so for the immedi- 95 from the Microsoft Web site.
ate future.
You can configure Dfs to operate in two ways:
See Also: denial of service (DoS), hacking, network
security ● Stand-alone Dfs: This type of Dfs stores the
description of the Dfs file system topology on a
381
Distributed Management Task Force (DMTF) distribution box
single computer. If that computer fails, the entire ● Directory Enabled Networking (DEN): A specifi-
Dfs system goes down, although users can still cation for how to store network and systems man-
access resources the traditional way using mapped agement information in a directory.
network drives or Universal Naming Convention
D (UNC) paths if they know which servers these
A complementary set of standards for cross-platform
network and system administration is being developed
resources are stored on and the names of the shares.
by the Internet Engineering Task Force’s (IETF) Policy
● Fault-tolerant Dfs: This type of Dfs stores the Dfs Framework Working Group.
topology information in Active Directory directory
Notes
service on Windows 2000 and Windows .NET Server
Windows Management Interface (WMI) is Microsoft
domain controllers. This configuration is better for
Corporation’s implementation of the DMTF’S WBEM
fault tolerance and file replication.
architecture. WMI is a core feature of the Microsoft
Notes Windows 2000, Windows XP, and Windows .NET Server
If a server containing Dfs shares fails, you can simply operating system platforms.
move the files to another machine, create new shares,
For More Information
and map the existing Dfs child nodes to the new shares.
You can find the DMTF at www.dmtf.org.
Your users will not even know that anything has
changed. If you assign a user permission to access a See Also: browser (Web browser), Common Informa-
shared folder, that person automatically has permission tion Model (CIM), Directory Enabled Network (DEN),
to access it through the Dfs tree as well. network management, Web-Based Enterprise Man-
agement (WBEM), Windows Management Instrumen-
See Also: file system, storage
tation (WMI)
382
distribution group DML
383
DMS DNS console
384
DNS database DNS namespace
● Control how zones are stored and replicated Name System (DNS) servers, these DNS database files
between DNS servers are stored as flat-file database (text) files, that is, simple
ASCII files.
● Configure how DNS servers will process DNS
queries and handle dynamic updates On a Windows NT server with the Microsoft DNS Ser-
vice installed, DNS database files are located in the
D
● Configure security for specific zones and resource
\System32\DNS directory. The DNS database files in
records
this directory are
● The zone file, which has the extension .dns and con-
tains the resource records that the DNS server manages
● The reverse lookup file, which resolves Internet
Protocol (IP) addresses into host names
● The cache file, which has the names and IP
addresses of the root name servers for DNS
● The boot file, which is used for startup configura-
tion of the DNS server and is needed only for
resolving the names of hosts that are located outside
the zones for which the DNS server is authoritative
G0DXX30 (was G0DUI33 in 1E)
DNS console. The DNS console in Windows 2000. On a Windows 2000 or Windows .NET Server DNS
server, DNS database information can be either stored
Notes in the preceding standard text files or can be integrated
Windows 2000 Server and Windows .NET Server into Active Directory directory service, depending on
include a new command-line utility, Dnscmd, which how DNS is installed and configured on the machine.
can be used for managing certain aspects of DNS serv- Using Active Directory for storing DNS database infor-
ers. This utility can be run from the command prompt or mation has the benefits of Active Directory’s enhanced
scripted into batch files to automate certain aspects of security features and multimaster replication, providing
DNS administration. To use this command, you must faster and more efficient replication of DNS zone infor-
install the Windows 2000 Support Tools from the \Sup- mation than using standard DNS text files.
port\Tools folder on the Windows 2000 product CD
(Windows .NET Server also supports Dnscmd and is See Also: Active Directory, Domain Name System
also part of the Windows .NET Server Support Tools). (DNS), zone
Type dnscmd /? to see the syntax for this command.
See Also: Domain Name System (DNS), DNS server, DNS namespace
Microsoft Management Console (MMC) The collection of domains, subdomains, and fully qual-
ified domain names (FQDNs) within the Domain Name
System (DNS).
DNS database
The collection of database files, or zone files, and asso- Overview
ciated files that contain resource records for a domain. DNS uses a namespace that is hierarchical in structure and
is stored as a distributed database on servers called name
Overview servers. The term namespace can have two meanings:
Zone files are stored on a name server and are used to
provide name resolution in response to name lookup ● The abstract space of FQDNs that are used to iden-
requests. On Berkeley Internet Name Domain (BIND) tify hosts on the Internet or on a private corporate
name servers and Microsoft Windows NT Domain TCP/IP internetwork
385
DNS query DNS Security Extensions (DNSSEC)
386
DNS Security Extensions (DNSSEC) DNS Security Extensions (DNSSEC)
established. The role of DNSSEC in all this is that when Although larger enterprises will likely move quickly to
these exchanges are going on between name servers, digi- upgrade their name servers to support DNSSEC,
tal signatures are issued and verified at each stage to verify smaller businesses may balk at the expense involved,
that the responses are being received from the actual name particularly in the management of DNSSEC name
servers rather than spoofing name servers. servers. To meet this need, companies such as Nomi- D
mum and UltraDNS Corporation are planning to offer
DNSSEC name outsourced DNSSEC services to such businesses.
server at ISP
Browser Issues
HTTP GET A number of issues may delay the full-scale deploy-
ment of DNSSEC on name servers all across the Inter-
net (DNSSEC must be widely deployed for it to work
Verified reliably):
response Key exchange
● DNSSEC has greater processor and memory
requirements than standard DNS in order to support
Name query
the additional load of issuing and managing digital
certificates and cryptographic keys.
● DNSSEC utilizes greater network bandwidth for its
Root name server communications, both with DNS clients (resolvers)
G0DXX31 (new to 2E)
and with other name servers.
DNS Security Extensions (DNSSEC). How DNSSEC works.
DNSSEC works at both the zone and resource record ● DNSSEC is more complicated to install and main-
levels to secure DNS information. DNSSEC requires tain than standard DNS, particularly because of the
several new resource records in name server databases: key management issues involved.
● SIG: This resource record supplies digital signa- ● The root name servers of the Internet must be
tures signed with private keys to encrypt resource upgraded first for DNSSEC to properly operate,
record information. and this requires political decisiveness on the part
of the Internet Corporation for Assigned Names and
● PUB: This resource record supplies the necessary Numbers (ICANN), the agency that runs most of
public keys to decrypt encrypted resource record these servers.
information.
● Regional and local ISPs must upgrade their name
● NXT: This resource record determines which servers next in order for DNSSEC to succeed, and
records are mapped to which names. this involves additional costs due to hardware and
Marketplace management overhead that some ISPs may feel
The first DNS name server software to support DNS- reluctant to commit.
SEC is also the most popular in the Internet community, ● Finally, name servers have traditionally been man-
the Berkeley Internet Name Domain (BIND). DNSSEC aged on an “ If it ain’t broke, don’t fix it” basis,
is included in BIND 9, the latest release of the name where network administrators are reluctant to
server software, and is being packaged with most major upgrade a server that is critical for the successful
UNIX operating systems including those from Sun operation of a dot-com enterprise.
Microsystems, Hewlett-Packard, and Red Hat Linux.
The funding for developing DNSSEC for BIND 9 was Despite all of these issues, there is still tremendous
provided by the U.S. Defense Information Systems pressure for DNSSEC to go ahead, and it is likely to be
Agency (DISA) and the work was done by NAI Labs fully deployed across the Internet in the next few years.
and the Internet Software Consortium (ISC).
387
DNS server DOCSIS
Prospects Notes
DNSSEC is seen by many as an essential upgrade for DNS servers can provide a simple means of load bal-
the Internet’s DNS infrastructure. Governments, B2B ancing connections to heavily used file or application
exchanges, financial servers, and others are likely to be servers such as Internet Information Services (IIS). The
D early adopters of this technology. The U.S. military is method is called Round Robin DNS, and it works as its
already taking steps to implement DNSSEC by enhanc- name implies. Say you have three Web servers hosting
ing existing BIND 8 name servers with additional soft- identical content and you want to load balance incom-
ware to make the .mil top-level domain more secure. ing Hypertext Transfer Protocol (HTTP) requests
across these servers. You can create three A records in
See Also: Berkeley Internet Name Domain (BIND),
the DNS zone file, each with the same host name but
Domain Name System (DNS), name server
different IP addresses, one IP address for each Web
server, as shown in this example:
DNS server www.northwind.microsoft.com 172.16.8.33
A server that is used to resolve host names or fully qual-
www.northwind.microsoft.com 172.16.8.34
ified domain names (FQDNs) into Internet Protocol www.northwind.microsoft.com 172.16.8.35
(IP) addresses on a TCP/IP network.
When a DNS client requests resolution of the name
Overview www.northwind.microsoft.com into its IP address, the
A Domain Name System (DNS) server, which is also
DNS server returns all three IP addresses (.33, .34, .35),
called a name server, accomplishes name resolution by
and the client chooses the first address (.33) and sends
accepting DNS queries from DNS clients (called resolvers)
the HTTP request to the Web server associated with
and by performing DNS queries among other DNS servers,
this address. The next time the DNS server receives
depending on how the servers have been configured.
the same name resolution request, it rotates the IP
The most common type of name server in use on the Inter- addresses in round-robin fashion (.34, .35, .33) and
net is the Berkeley Internet Name Domain (BIND) name returns them to the client. The client picks the first
server, which runs on the UNIX operating system. For address, which is now .34. This way, each DNS name
Windows 2000 and Windows .NET Server deployments resolution returns a different IP address, and the load is
using Active Directory directory service, Microsoft balanced between the Web servers.
Windows 2000 Server and Windows .NET Server can
The drawback to using Round Robin DNS is that if a
function as a DNS server and are managed using an
server fails, DNS will continue to return the address of
administrative tool, DNS console, which is a snap-in for
the failed server.
the Microsoft Management Console (MMC). Windows
2000 and Windows .NET Server DNS servers include See Also: Berkeley Internet Name Domain (BIND),
advanced capabilities such as dynamic update, which Domain Name System (DNS)
allows DNS servers to update their DNS database files
automatically using Dynamic Host Configuration Protocol DOCSIS
(DHCP). Another feature of Windows 2000 and Windows
Stands for Data Over Cable Interface Specification, a
.NET Server is tight integration of DNS and Active Direc-
specification defining standards for implementation of
tory. For example, when a Windows 2000, Windows XP,
cable modem systems.
or Windows .NET Server client needs to locate a Windows
2000 or Windows .NET Server domain controller, the Net- See: Data Over Cable Interface Specification
Logon service uses the DNS server’s support for the SRV (DOCSIS)
resource record to allow registration of domain controllers
in the local DNS namespace.
388
Document Object Model (DOM) DoD model
389
DOM domain blocking
Overview DOM
The DoD model was developed in the 1970s as the net-
Stands for Document Object Model, a set of program-
working model for the Transmission Control Protocol/
ming interfaces for developing and managing Extensi-
Internet Protocol (TCP/IP), which was first deployed by
D in the ARPANET project and is now the worldwide de
ble Markup Language (XML) documents.
facto standard for the Internet. The DoD model is older See: Document Object Model (DOM)
than the seven-layer Open Systems Interconnection
(OSI) model, which was developed in the 1980s by the
Domain Admins
International Organization for Standardization (ISO) to
A built-in group on Microsoft Windows NT, Windows
provide a more detailed framework for developing net-
2000, and Windows .NET Server networks for users who
work protocols.
need administrator-level access to systems.
Architecture Overview
The DoD model consists of four layers. These layers
The Domain Admins group simplifies administration of
map loosely to the seven-layer OSI model in the fashion
users on the network. It is a global group and does not have
described below. Describing the DoD layers from the
any preassigned system rights. The initial membership of
top down, they are
the group is the sole user account called Administrator.
● Application/Process Layer: Also called simply Other user accounts that are added to this group gain rights
Application Layer, this layer covers the functions of and privileges equivalent to those of the Administrator
the top three layers of the OSI model. TCP/IP pro- account and can perform actions similar to those of the
tocols at this layer include Hypertext Transfer Pro- Administrator account. All network administrators in a
tocol (HTTP), File Transfer Protocol (FTP), Simple given domain should be members of this group.
Mail Transfer Protocol (SMTP), Simple Network
Notes
Management Protocol (SNMP), and many others.
On Windows 2000– and Windows .NET Server–based
● Host-to-Host Layer: Also called the Transport networks, the Domain Admins group is created by
Layer, this layer functions similarly to the OSI default in the Users organizational unit (OU) within
model Transport layer. Protocols at this layer Active Directory directory service.
include Transmission Control Protocol (TCP) and
See Also: built-in group
User Datagram Protocol (UDP).
● Internetworking Layer: This layer functions sim- domain blocking
ilarly to the OSI model Network Layer. Protocols at The ability to block traffic from a specific Domain
this layer include Internet Protocol (IP), Internet Name System (DNS) domain.
Control Message Protocol (ICMP), Internet Group
Membership Protocol (IGMP), and Address Reso- Overview
lution Protocol (ARP). Domain blocking is a security technology used in
Microsoft Internet Information Server (IIS) Web serv-
● Network Interface Layer: This layer functions ers to protect them from undesirable traffic. It was first
similarly to the OSI model Data Link and Physical introduced with IIS4.
layers. There are no TCP/IP protocols at this layer.
Instead, TCP/IP runs over standard networking Domain blocking allows IIS administrators to grant or
architectures such as Ethernet and Token Ring, deny access to content on the server based on a client’s
which are defined at this layer. Internet Protocol (IP) address, subnet, or Internet
domain name. This is a useful security feature for pro-
See Also: OSI model, Transmission Control Protocol/ tecting machines running Internet Information Server
Internet Protocol (TCP/IP)
390
domain controller domain controller
from repeated attack by hackers. Domain blocking can Windows 2000 and Windows .NET Server domain con-
be applied at various levels, including the following: trollers contain a complete, writeable copy of the Active
Directory information for the domain in which they are
● All virtual servers on the machine (master level)
installed. Run the Active Directory Installation Wizard
● A specific virtual server to promote any Windows 2000 or Windows .NET Server D
member server to the role of a domain controller. A
● A specific virtual directory
domain controller manages information in the Active
● A specific file Directory database and enables users to log on to the
domain, be authenticated for accessing resources in the
See Also: domain name, IP address, subnet
domain, and search the directory for information about
users and network resources. A Windows 2000 or
domain controller Windows .NET Server domain controller contains a
A server running Microsoft Windows NT, Windows 2000, writeable copy of the domain directory database.
or Windows .NET Server that manages security for the
Unlike in a Windows NT–based network, where domain
domain.
controllers are in a hierarchy, all domain controllers in a
Overview Windows 2000– or Windows .NET Server–based network
Users and computers that need to obtain access to network are equal, and changes to the domain directory database
resources within the domain must be authenticated by a can be made at any domain controller. Replication of
domain controller in the domain. Windows NT domain directory information between Windows 2000 and Win-
controllers are the foundation of Windows NT Directory dows .NET Server domain controllers follows a multi-
Services (NTDS), and Windows 2000 and Windows .NET master model. In this configuration, each domain
Server domain controllers are based on Active Directory controller acts as a peer to all other domain controllers. In
directory service. other words, there are no primary or backup domain con-
trollers in Windows 2000 or Windows .NET Server, only
In a Windows NT–based network, the domain control-
domain controllers.
lers form a hierarchy. There are two types of Windows
NT domain controller: Although most domain controller options (sending and
receiving updates that add, move, copy, and delete
● Primary domain controller (PDC): This contains
objects from the directory) are multimaster in nature, a
a writeable master copy of the domain directory
few domain controller operations function on only cer-
database. A domain can have only one PDC, which
tain domain controllers. These special functions are
is at the top of the domain controller hierarchy. All
called flexible single-master operations (FSMO) and
changes to directory information (such as user
perform functions such as modifying the schema,
accounts or passwords) must be made on the PDC.
assigning pools of relative identifiers to other domain
● Backup domain controller (BDC): This contains controllers within a domain, emulating a Windows NT
read-only replicas of the domain directory database PDC for downlevel compatibility with Windows NT
stored on the PDC. There can be zero or more BDCs domain controllers, updating security identifiers and
per domain. BDCs provide redundancy and load bal- distinguished names in cross-domain objects when such
ancing for the domain. Periodically, the BDCs in a an object is moved or deleted, and ensuring that all
domain undergo directory synchronization with the domain names within a forest are unique.
PDC to ensure that the BDCs contain an accurate
copy of the domain directory database. This replica- Uses
An important issue regarding domain controllers in
tion ensures the proper functioning of the NTDS.
Windows 2000– and Windows .NET Server–based net-
A Windows 2000 or Windows .NET Server domain con- works is where to place them. After an administrator
troller is any Windows 2000 server or Windows .NET implements Active Directory and populates its initial
Server with the optional Active Directory installed. information, most Active Directory–related traffic will
391
domain (DNS) domain forest
come from users querying for network resources. The domain (DNS)
key to optimizing user queries is in how you locate the A collection of related hosts in the hierarchical Domain
domain controllers and the global catalog servers on Name System (DNS).
your network. Placing a domain controller at each phys-
D ical site optimizes query traffic but increases replication Overview
traffic between sites. Nevertheless, the best configura- Domains are the building blocks of DNS. A domain
tion is usually to place at least one domain controller consists of a group of nodes in the DNS namespace that
at each site with a significant number of users and have the same domain name. Domains are organized
computers. hierarchically in the DNS namespace, with the topmost
domain called the root domain.
In a pure Windows 2000 networking environment, all
domain controllers can be configured to run in native DNS domains can be classified as one of the following:
mode. If you have a mix of Windows NT 4 and ● A parent domain, which contains other domains.
Windows 2000 domain controllers, the Windows 2000 An example of a parent domain is microsoft.com.
domain controllers must be configured to run in mixed
mode. ● A child domain, or subdomain, which is contained
within a parent domain. Examples of child domains
Notes in the microsoft.com parent domain are north-
To upgrade a Windows NT–based network to Windows wind.microsoft.com and marketing.microsoft.com.
2000, upgrade the PDC first. This allows the domain to
immediately join a domain tree, and administrators can Domain names can include only the characters a–z,
administer the domain using the administrative tools of A–Z, and 0–9, the dash (-), and the period. A name that
Windows 2000 and create and configure objects in completely identifies a host in the DNS namespace is
Active Directory. called a fully qualified domain name (FQDN).
If you need to move a Windows NT domain controller See Also: Domain Name System (DNS)
to a new domain, you must reinstall Windows NT.
Domain controllers cannot migrate from one domain to domain forest
another because when you create a domain, a unique Also called simply a forest, a logical structure formed
security identifier (SID) is created to identify the by combining two or more Microsoft Windows 2000 or
domain, and domain controllers have this SID Windows .NET Server domain trees.
hard-coded into their domain directory database.
Overview
You can use the administrative tool Active Directory Forests provide a way of administering enterprise net-
Users and Computers to convert a Windows 2000 works for a company whose subsidiaries each manage
domain controller from mixed mode to native mode. their own network users and resources. For example, a
However, domain controllers running in native mode company called Contoso, Ltd. might have a domain tree
cannot be changed to mixed mode. If you create a new with the root domain contoso.com, and a subsidiary
domain controller for an existing Windows 2000 company called Fabrikam, Inc. might have a domain
domain, this new domain controller is referred to as a tree with the root domain fabrikam.com. Note that these
replica domain controller. Replica domain controllers two companies do not share a contiguous portion of the
are typically created to provide fault tolerance and DNS namespace; this is typical of trees in a forest. The
better support for users who access resources over the two companies might want to administer their own
network. users and resources but make those resources available
See Also: Active Directory, domain modes, flexible to each other’s users. They can combine the two domain
single-master operation (FSMO) trees into a forest by establishing a two-way transitive
trust between the root domains of the two trees.
392
Domain Guests domain local group
contoso.com fabrikam.com
393
domain master browser domain (Microsoft Windows)
To use a domain local group, you first determine domain (Microsoft Windows)
which users have similar job responsibilities in your A model developed by Microsoft Corporation for
enterprise. Then you identify a common set of network grouping computers together for administrative and
resources in a domain that these users might need to
D access. Next, you create a domain local group for the
security purposes.
394
domain model domain model
● Member servers: These are stand-alone servers Windows 2000 domains use peer domain controllers,
typically used for file and print services, Web ser- which are all equal in status. In Windows 2000, domains
vices, or running applications such as Microsoft are core entities within Active Directory and act as a
SQL Server. Member servers cannot authenticate boundary for network security and for the replication of
users as domain controllers can. directory information over the network. If you establish a D
security policy in one domain, the settings, rights, and
● Workstations or client computers: These partici-
discretionary access control lists (DACLs) of that policy
pate in the security policies of the domain and are
are limited to that domain. Domains are also the funda-
members of the domain, but they are used as desktop
mental containers for all network objects within them.
machines for users instead of as network servers.
Domains contain users, groups, computers, and other
A Windows NT or Windows 2000 network can be directory objects. These objects can be grouped together
installed as either a domain or a workgroup. The using a hierarchy of organizational units (OUs).
domain model is preferable because it allows computers
See Also: Active Directory, domain controller, domain
to share a common security policy and a common
(DNS), workgroup
domain directory database. Machines running Windows
Millennium Edition (Me), Windows 98, Windows 95,
and legacy 16-bit Windows machines can also partici- domain model
pate in domain security on Windows NT and Windows A model for building an enterprise-level network using
2000 networks but are not considered full members of Microsoft Windows NT or Windows 2000 domains.
the domain because they have no computer accounts
Overview
within the domain directory database.
Windows NT uses domain models for building enterprise
A Windows NT domain requires only one primary networks radically different from those used by Windows
domain controller (PDC) and can have a number of 2000 and Windows .NET Server. In Windows NT net-
backup domain controllers (BDCs). By creating a PDC, works, four main domain models can be implemented:
you create a new domain. Windows NT member servers
● Single domain model: This model keeps all of the
and workstations can join a domain. Other systems,
machines in the network in a single domain and is usu-
such as computers running Windows 95 and Windows
ally implemented in smaller companies
98, can participate in a domain but are not considered
members of the domain because they have no computer ● Single master domain model: This model separates
accounts in the domain directory database. resource domains from a master or accounts domain
and is suitable for companies with a hierarchical orga-
nizational structure
● Multiple master domain model: This model uses
OU
multiple accounts or master domains and is suitable
OU=organizational unit for large organizations that span different countries,
OU OU regions, or continents
● Complete trust model: This model is used by very
OU OU OU decentralized organizations or during the transition
period when two companies merge
OU OU OU
Because of their two-way transitive trusts between
G0DXX33 (was G0DUI35 in 1E)
domains, Windows 2000 and Windows .NET Server are
Domain (Microsoft Windows). This illustration shows a capable of building more flexible domain structures than
Windows 2000 domain. Windows NT. In addition to the single domain model
above, Windows 2000 and Windows .NET Server
395
domain modes domain name
396
Domain Name System (DNS) Domain Name System (DNS)
The most popular domain names that companies regis- For More Information
ter are the .com domain names. These were originally You can find a list of ICANN-accredited domain name
intended for commercial enterprises only, but they are registrars at www.ispworld.com/isp/ICANN.htm.
also used by individuals, nonprofit organizations, and
other entities that want to establish a clear presence on
See Also: Domain Name System (DNS), fully qualified
domain name (FQDN), top-level domain (TLD)
D
the Internet. About 75 percent of all registered domain
names belong to the .com top-level domain. As of 2000,
there were about 15 million registered domain names Domain Name System (DNS)
worldwide, and this figure is climbing rapidly. A hierarchical naming system for identifying Transmis-
sion Control Protocol/Internet Protocol (TCP/IP) hosts
Prospects on the Internet.
The Internet and its Domain Name System were devel-
oped in the United States, and the fact that the Internet is Overview
now a worldwide entity has put new pressures on DNS. The Domain Name System (DNS) is a distributed, hier-
Countries and regions have pressed for modifications to archical system that provides
DNS to allow domain names to be registered in languages
● A method for identifying hosts on the Internet using
other than English, including languages that do not use
alphanumeric “friendly” names called fully qualified
Roman alphabet characters, such as Chinese. The IETF
domain names (FQDNs) instead of using difficult to
has established an Internationalized Domain Name (IDN)
remember numeric Internet Protocol (IP) addresses
working group to develop such a system, which is likely to
be based on the Unicode standard for internationalization ● A distributed mechanism for storing and maintain-
of alphabets. The goal is to implement non-English DNS ing a database of the FQDNs and their associated IP
with minimal modifications to existing DNS itself. addresses for all hosts on the Internet
ICANN is also in the process of creating additional ● A method for locating hosts on the Internet by
top-level domains as alternatives for companies that are resolving their FQDN into their associated IP
unable to register suitable .com domain names and for address so that network communication can be
other purposes such as personal home pages. For the initiated with the host
latest developments in this regard, see the ICANN Web
History
site at www.icann.org.
Until 1983 the Internet computers used locally stored
Notes Hosts files to perform name resolution. Hosts files are
In an interesting development, a commercial company text files that are basically lists of FQDNs and their
called New.net has created its own new set of TLDs and is associated IP addresses for remote hosts that the local
selling domain names based on them without the host may need to communicate with. With the rapid
ICANN’s approval. This is probably an attempt to apply growth of the Internet, however, updating these Hosts
market pressure to what is often perceived as ICANN’s files became an unmanageable chore—each machine
slow, politically based decision-making process of creat- had to have its own local Hosts file that needed to be
ing new TLDs. New.net is collaborating with commercial kept up to date, and whenever a host was added to the
DNS provider UltraDNS to provide support for these new Internet or removed from it, the Hosts file needed an
TLDs on name servers. To do this, Internet service provid- appropriate modification.
ers (ISPs) install special software on their own name serv-
To solve this problem, the hierarchical DNS naming
ers that allows client lookups for these new TLDs to be
system was invented in 1984 and name servers were
forwarded directly to UltraDNS’s name servers. Users
deployed across the Internet. The original RFCs 882
whose ISPs do have such software installed on their name
and 883 that defined DNS have since been replaced by
servers can download a free plug-in from New.net to allow
RFCs 1034 and 1035, and additional RFCs have been
them to access sites using these TLDs.
added for additional features added to DNS.
397
Domain Name System (DNS) Domain Name System (DNS)
for network authentication purposes). In addition, the Domain Name System (DNS). The hierarchical structure
following advanced DNS features are recommended for of DNS.
name servers that will support Active Directory: The DNS naming system assigns a unique name to each
● DNS dynamic updates described in RFC 2136. TCP/IP host on the Internet. Here the word host typically
refers to servers, workstations, routers, TCP/IP printers,
● DNS change notification described in RFC 1996. and similar devices. This unique name for a host is called
● Incremental zone transfer (IXFR) described in RFC the fully qualified domain name (FQDN) of the host.
1995. The DNS namespace is defined as the collection of all
Windows 2000 and Windows .NET Server DNS service FQDNs for all hosts on the Internet. This DNS name-
supports all of the above features by default. If you want space is hierarchical in structure, beginning with the
to use Berkeley Internet Name Domain (BIND) name root domain, which branches to top-level domains, then
servers to support an Active Directory implementation, second-level domains, and so on to the individual host
you must use at least BIND 8.1.2 and preferably BIND name. The FQDN barney.northwind.microsoft.com can
8.2 or higher. Make sure you also disable name check- be broken down as follows:
ing so your BIND name servers will ignore the illegal ● Host name: barney
underscore character used by Active Directory’s ver-
sion of DNS. ● Third-level domain: northwind (stands for North-
wind Traders Ltd., a fictitious Microsoft subsidiary)
Note that in BIND, name servers zone information is
stored in text files. In Windows 2000 and Windows .NET ● Second-level domain: microsoft (Microsoft
Server, zone information can be stored either in text files Corporation)
or stored in and replicated using Active Directory. ● Top-level domain: com (commercial domain)
398
Domain Name System (DNS) Domain Name System (DNS)
The root domain has a null label and is not expressed in ● Caching-only name server: This type contains no
the FQDN. zone information of its own but can cache names
resolved by other name servers and then use this cached
The DNS namespace is stored as a distributed database
information to respond to subsequent name lookups
on name servers located at various points on the Inter-
net. Each name server on the Internet is responsible for Finally, companies and organizations can obtain
D
a subset of the DNS namespace known as a zone. Each domain names for their networks from domain name
zone can consist of one or more domains and subdo- registrars. These registrars are accredited by the Inter-
mains over which the zone is said to be authoritative. net Corporation for Assigned Names and Numbers
(ICANN), which used to maintain the DNS system
The most important name servers on the Internet are the
itself until recently.
dozen or so root name servers, which are responsible
for maintaining the infrastructure of the domain name Marketplace
system. These root name servers are maintained mostly Most ISPs run their own name servers (usually BIND)
by the Internet Network Information Center (InterNIC) and implement registered DNS domains for a small fee
and by U.S. military agencies (because the Internet to allow companies to run Web servers and mail servers
evolved from the ARPANET project of the U.S. accessible to the Internet. A new type of player is the
Defense Department in the 1970s). pure-play DNS service provider, which runs its own
dedicated DNS name servers and provides managed,
Name servers typically store their DNS information in text
high-availability DNS services to companies for a
files called zone files, which consist of a series of resource
monthly service charge. Once such company is Ultra-
records (but Microsoft Windows 2000 and Windows .NET
DNS, which uses a network of redundant DNS servers
Server can do this differently, as discussed later in this arti-
for failover support and locates these servers near the
cle). There are many types of resource records, but the
Internet’s backbone for best performance.
most common type is the A (address) record, which maps
the host name or FQDN of a single host to its IP address. Issues
Security is the most important issue regarding DNS.
The main function of a name server is to answer queries
Since DNS was designed to be completely open (any
from DNS clients called resolvers. A resolver contacts a
host on the Internet may query any name server), it is
name server, asking it for the IP address associated with
inherently insecure and open to attack. The most impor-
a given host name or FQDN. The name server then
tant type of attack is the denial of service (DoS) attack,
replies to the resolver with the IP address of the host or
which floods a name server with so many false DNS
contacts a different name server for this information if it
queries that it is unable to respond to real queries.
is unable to provide it itself.
Access to a company’s Web server can be completely
All name servers can answer queries from resolvers or stopped through DoS attacks on name servers.
forward these queries to other name servers. However,
Since DNS is critical to the operation of the Internet, it is
name servers also function in four specific roles within
also viewed sometimes as a prize target by hackers seek-
the Domain Name System:
ing to disrupt the Internet’s operation (actually these are
● Primary name server: This type of name server more like anarchists than hackers, since a true hacker
stores the master copy of the zone file for the zones needs DNS in order to intrude into networks connected to
that the name server has authority over the Internet). BIND name servers, which are the primary
● Secondary name server: This type obtains its zone form of name server used on the Internet, have had a
files by means of a zone transfer from a master number of well-publicized vulnerabilities discovered in
name server recent years, and an essential task of Internet service pro-
viders (ISPs) is keeping up with patches for their BIND
● Master name server: This type of name server is
name servers to protect them against attack.
capable of providing zone information to secondary
name servers
399
domain tree domain tree
downlevel compatibility with Windows NT in networks Domain tree. Example of a domain tree.
that have not been fully upgraded from Windows NT to
Windows 2000 or Windows .NET Server. In a domain tree, all domains share their resources and
security information to act as a single administrative
Windows 2000 and Windows .NET Server also use other unit. A user who logs on anywhere in a domain tree can
naming conventions besides DNS. For example, to access file, printer, and other shared resources any-
locate objects within Active Directory, the following where in the tree if he or she has appropriate permis-
naming conventions can be used: sions. A domain tree has only one Active Directory, but
● The Lightweight Directory Access Protocol (LDAP) each domain controller in a tree maintains only the por-
naming convention of distinguished names and rela- tion of Active Directory directory service that repre-
tive distinguished names (RDNs). This includes sents the objects in that particular domain.
LDAP Uniform Resource Locators (URLs).
400
domain user account DoS
Domains in a domain tree are joined using two-way (OUs). Domain user account information is replicated
transitive trusts. These trusts enable each domain in the to all domain controllers in a domain using directory
tree to trust the authority of every other domain in the replication. This replication enables the user to quickly
tree for user authentication. This means that when a and easily log on from any part of the domain.
domain joins a domain tree, it automatically trusts every
You create domain user accounts using the administra-
D
domain in the tree.
tive tool called Active Directory Users and Computers,
For child domains to be part of a domain tree, they must a snap-in for the Microsoft Management Console
share a contiguous namespace with the parent domain. (MMC). You can create domain user accounts in the
The namespace of a Windows 2000 or Windows .NET default Users OU or in any other OU that you have cre-
Server domain is based on the Domain Name System ated in Active Directory.
(DNS) naming scheme. For example, in the illustra-
Notes
tion, the child domains proseware.contoso.com and
Windows 2000 and Windows .NET Server also include a
adatum.contoso.com share the same namespace as
number of built-in accounts that simplify the task of
the parent domain contoso.com. In this example,
administering users on a network. The two built-in user
contoso.com is also the name of the root domain—
accounts are the Administrator and Guest accounts.
the highest-level parent domain in the tree. The
root domain must be created first in a tree.
Domain Users
All domains in a domain tree have their directory informa-
A built-in group on Microsoft Windows NT, Windows
tion combined into a single directory: Active Directory.
2000, and Windows .NET Server networks.
Each domain provides a portion of its directory informa-
tion to an index on the domain controllers. By searching Overview
this index, users can locate and access shared resources, The Domain Users group simplifies administration of
applications, and even users anywhere in the domain tree. users on the network. It is a global group and does not
have any preassigned system rights. Its initial member-
Notes
ship is empty until ordinary network users are created
Two or more domain trees that do not share a contigu-
for the domain. User accounts that are added to this
ous namespace can be combined into a domain forest.
group gain the rights and privileges that are assigned to
See Also: Active Directory, domain (Microsoft ordinary users in the network, such as the right to log on
Windows), domain forest, namespace over the network. All ordinary users on the network
should be members of this group.
domain user account Notes
One of two types of user accounts available on a On Windows 2000– and Windows .NET Server–based
Microsoft Windows 2000– or Windows .NET Server– networks, the Domain Users group is created by default
based network. in the Users organizational unit (OU) within Active
Overview Directory.
User accounts enable users to log on to domains or See Also: built-in group
computers and access any resources in the domain for
which they have appropriate permissions. This is in
contrast to local user accounts, which are used only for DoS
logging on to a specific machine (such as a member Stands for Denial of Service, any attack conducted
server) and accessing resources on that machine. against a system that tries to prevent legitimate users
from accessing the system.
Domain user accounts are created in Active Directory
directory service and stored in organizational units See: denial of service (DoS)
401
DOS Dr. Watson
402
DS DS-1
DS-1
Also known as DS1, a transmission standard for digital
G0DXX36 (was G0DUI39 in 1E) telecommunications.
Dr. Watson. A report generated by Dr. Watson.
Overview
A DS-1 circuit consists of 24 DS-0 circuits multiplexed
DS together into a circuit. The bandwidth of a DS-1 cir-
Stands for Differentiated Services, a system for service cuit is 1.544 Mbps, and a common name for such an
classification of network traffic. arrangement is a T1 line. DS-1 is also a typical signal-
See: Differentiated Services (DS) ing rate for frame relay links.
Implementation
DS-0 DS-1 circuits can be implemented singly or multiplexed
Also known as DS0, stands for Digital Signal Zero, a together to form fatter pipes for carrying data faster.
transmission standard for digital telecommunications. Multiple DS-1 circuits can be bonded together to create
NxDS-1 circuits. Here N can be from 2 up to 8, provid-
Overview ing a maximum throughput of 12 Mbps. In this arrange-
DS-0 defines a transmission rate of 64 Kbps and can ment, the first DS-1 circuit is the one responsible for
carry either a single voice channel or data. Telecommu- managing the link, and if this circuit goes down the
nication carriers transmit digital signals in multiples of entire link fails.
403
DS-3 DS-3
DS-3
Also known as DS3, a transmission standard for digital
telecommunications.
2 Implementing NxDS-1
Overview
A DS-3 circuit consists of 672 DS-0 circuits multi-
plexed together into a circuit. The bandwidth of a DS-3
Frame circuit is 44.736 Mbps, and a common name for such an
LAN relay
arrangement is a T3 line.
Implementation
DS-3 circuits are typically connected to enterprise local
area networks (LANs) using an Asynchronous Transfer
Mode (ATM) switch. DS-3 is rarely available for frame
Inverse relay links and is usually reserved for dedicated leased
HSSI multiplexer
Router lines only.
DS-3 is usually available in several forms:
● Channelized DS-3: This consists of multiplexed
G0DXX37 (new to 2E)
DS-1 lines that terminate at the customer premises
DS-1. Implementing DS-1 and NxDS-1 on a Frame Relay at a device called an M13 (DS-1 to DS-3 multi-
network.
plexor). You can implement from 1 to 28 DS-1 cir-
NxDS-1 is typically used when you do not expect your cuits in channelized DS-3, which is cost-efficient
data requirements to radically increase for several because you pay only for what you need.
years. If you are expecting much faster growth in data
rates, consider moving to DS-3 or fractional DS-3 ● Fractional DS-3: This is similar to channelized DS-3
instead of NxDS-1. but lets you add or remove bandwidth in 3-Mbps
chunks (equivalent to a pair of DS-1 circuits).
Issues
When you want to upgrade form DS-1 to NxDS-1, you ● Full DS-3: In this scenario an M13 is not required,
typically need to give up your old DS-1 circuits and and the coax cable at the demarc point where the
obtain all new ones. This is because carriers terminate circuit enters the customer’s wiring closet is simply
single and multiplexed DS-1 circuits differently at their connected directly to the router (only the most pow-
erful routers support this arrangement).
404
DSL DTE
Notes DSN
Most companies do not have a need for DS-3, and a
Stands for data source name, a unique name used to cre-
slower (and cheaper) alternative is NxDS-1, which uses
ate a data connection to a database using open database
multiplexed DS-1 circuits.
See Also: DS-0, DS-1, frame relay
connectivity (ODBC). D
See: data source name (DSN)
DSL DSSS
Stands for Digital Subscriber Line, a group of broad-
Stands for Direct Sequence Spread Spectrum, a combi-
band telecommunications technologies supported over
nation of two transmission technologies, direct
copper local loop connections.
sequencing and spread spectrum, used in wireless net-
See: Digital Subscriber Line (DSL) working and cellular communications.
See: Direct Sequence Spread Spectrum (DSSS)
DSLAM
Stands for Digital Subscriber Line Access Multiplexer, DSTP
the DSL termination device at a telco central office (CO).
Stands for Data Space Transfer Protocol, a new protocol
See: Digital Subscriber Line Access Multiplexer for rapidly transporting large amounts of information.
(DSLAM)
See: Data Space Transfer Protocol (DSTP)
DSMigrate DSU
Stands for Directory Service Migration Tool, a tool for
Stands for Data Service Unit, a digital communication
migrating information from Novell NetWare networks
device that works with a Channel Service Unit (CSU) to
to Microsoft Windows 2000.
connect a local area network (LAN) to a telecommuni-
See: Directory Service Migration Tool (DSMigrate) cations carrier service.
See: Data Service Unit (DSU)
DSML
Stands for Directory Service Markup Language, a spec- DTD
ification based on Extensible Markup Language (XML)
Stands for document type definition, a file that defines
that enables different directory applications to share
the allowed structure of an Extensible Markup Lan-
information.
guage (XML) document.
See: Directory Service Markup Language (DSML)
See: document type definition (DTD)
DSMN DTE
Stands for Directory Service Manager for NetWare, an
Stands for data terminal equipment, any device that is a
optional Microsoft Windows 2000 utility for managing
source of data transmission over a serial telecommuni-
directory information stored on NetWare servers.
cations link.
See: Directory Service Manager for NetWare (DSMN)
See: data terminal equipment (DTE)
405
DTMF duplex
406
DVMRP dynamic DNS (DDNS)
407
Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP)
changes, the more work this entails for DNS adminis- name and the name of a Windows 2000 domain. When
trators. Once a zone file is updated on a name server, the DNS is integrated with Active Directory and configured
updated information is then propagated to other name for dynamic updates, the root zone and forward lookup
servers by zone transfers, which are typically scheduled zones are created and configured automatically for each
D to occur periodically. domain, but administrators must enable and manage
reverse lookup zones.
Dynamic DNS (DDNS) lets changes to zone files to be
made automatically instead of manually, saving DNS DDNS is similar to ordinary DNS in that zone update
administrators the labor-intensive work of maintaining operations occur using primary or master servers only.
up-to-date zone information concerning all hosts on DDNS, however, allows primary servers to receive
their network. To accomplish this, DDNS uses a pro- updates initialed by a specified list of “authorized
cess called dynamic updates outlined in RFC 2136. servers,” which can include secondary zone servers,
domain controllers, and other servers that perform
Uses
name registration services, such as Windows Internet
DDNS in Microsoft Windows 2000, Windows XP, and
Name Service (WINS) or DHCP servers.
Windows .NET Server is used in two scenarios:
Most name servers on the Internet either do not yet sup-
● Registration of DHCP clients: When DDNS is
port or are configured not to support DDNS because of
enabled and used in conjunction with DHCP,
the extra security issues involved when using it. DDNS
Windows 2000, Windows XP, and Windows .NET
is currently most popular in corporate networks using
Server machines that initialize on the network dynam-
Windows 2000 and Active Directory.
ically acquire an Internet Protocol (IP) address and
then automatically register their DNS name and IP Notes
address with the DNS server by adding an A record for You can use the DNS Manager snap-in for the Microsoft
the client to the name server’s zone file. Management Console (MMC) to enable Active Direc-
tory integration on an existing DNS server. The zone file
● Registration of domain controllers. When a domain
information will be written into Active Directory.
controller boots up for the first time, it registers an
SRV record with the DNS server. This SRV record is Note that by default DDNS on Windows 2000 and
needed by DNS clients so they can locate the domain Windows .NET Server does not automatically scavenge
controller in order to log on to the network. (purge) old resource records for clients no longer on the
network—you need to manually enable and schedule
Implementation
scavenging.
DDNS is supported by the Windows 2000 and
Windows .NET Server implementation of DNS and See Also: Active Directory, Domain Name System
greatly simplifies the administration of DNS zone infor- (DNS), name server, zone
mation in Windows 2000 and Windows .NET Server net-
works. DDNS is recommended for Windows 2000– and
Dynamic Host Configuration
Windows .NET Server–based networks because Active
Protocol (DHCP)
Directory directory service uses DNS as its name locator
A protocol that enables the dynamic configuration
service for locating hosts on the network and DDNS also
Internet Protocol (IP) address information for hosts on
reduces the chances of error that occur when DNS is
an internetwork.
administered manually.
Overview
Dynamic update lies at the heart of Active Direc-
Dynamic Host Configuration Protocol (DHCP) is an
tory because domain names in Windows 2000 and
extension of the bootstrap protocol (BOOTP). DHCP is
Windows .NET Server are also DNS names. For exam-
implemented as a client-server protocol that uses
ple, northwind.microsoft.com can be both a legal DNS
DHCP servers and DHCP clients.
408
Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP)
3
DHCPREQUEST Implementation
When you implement DHCP on a network, you should
D
DHCPACK consider the following:
4
DHCP client DHCP server ● DHCP servers do not share their database of leased
G0DXX38 (was G0DUI40 in 1E)
IP addresses, so if your network has more than one
Dynamic Host Configuration Protocol (DHCP). How a DHCP server, be sure that their DHCP scopes do
DHCP client leases an IP address from a DHCP server. not overlap.
A DHCP server is a machine that runs a service that can ● Assign DHCP options to the DHCP server if clients
lease out IP addresses and other Transmission Control need them.
Protocol/Internet Protocol (TCP/IP) information to any
DHCP client that requests them. For example, on ● Assign static IP addresses to non-DHCP clients,
Microsoft Windows 2000 servers, you can install the and exclude these addresses from the scope on the
Microsoft DHCP Server service to perform this function. DHCP server if necessary.
The DHCP server typically has a pool of IP addresses that ● Assign static IP addresses to all servers on your net-
it is allowed to distribute to clients, and these clients lease work or assign them DHCP client reservations on
an IP address from the pool for a specific period of time, the DHCP server to ensure that they always lease
usually several days. Once the lease is ready to expire, the the same IP address.
client contacts the server to arrange for renewal.
● Configure DHCP relay agents if one DHCP server
DHCP clients are client machines that run special must serve hosts on several subnets.
DHCP client software enabling them to communicate
with DHCP servers. All versions of Windows include Marketplace
DHCP client software, which is installed when the Although network operating system platforms such as
TCP/IP protocol stack is installed on the machine. Microsoft Windows 2000 and Novell NetWare include
their own DHCP services, enterprise network architects
DHCP clients obtain a DHCP lease for an IP address, a may also want to consider self-contained DHCP applica-
subnet mask, and various DHCP options from DHCP tions from third-party vendors as well. Some of these
servers in a four-step process: third-party DHCP products include additional features
1 DHCPDISCOVER: The client broadcasts a such as query and reporting tools that make them attrac-
request for a DHCP server. tive to use in an enterprise environment. Some examples
of such products include Shadow Ipserver from Network
2 DHCPOFFER: DHCP servers on the network
TeleSystems (recently acquired by Efficient Networks),
offer an address to the client.
IP AddressWorks from Process Software, NetID from
3 DHCPREQUEST: The client broadcasts a request Nortel Networks, network Registrar from Cisco Systems,
to lease an address from one of the offering DHCP and Meta IP from CheckPoint Software Technologies.
servers.
For More Information
4 DHCPACK: The DHCP server that the client Find out more about DHCP at www.dhcp.org.
responds to acknowledges the client, assigns it any
configured DHCP options, and updates its DHCP data- See Also: BOOTP, Domain Name System (DNS),
base. The client then initializes and binds its TCP/IP IP address
protocol stack and can begin network communication.
409
Dynamic HTML (DHTML) dynamic packet filtering
410
dynamic routing dynamic routing protocol
Winsock Proxy server to start a Telnet session on behalf Using dynamic routing protocols also creates additional
of the client. When the Winsock Proxy determines that network traffic due to routing table updates and
the client has closed the Telnet session, it tells the exchanges, and different dynamic routing protocols offer
Packet Filter Manager to close the socket and thus their own advantages and disadvantages in this regard.
blocks any further packets from the remote system.
Dynamic routers cannot exchange information with static
D
See Also: firewall, packet filtering, proxy server, router routers. To configure static and dynamic routers to work
together on the same internetwork, you must add manual
routes to the routing tables of both types of routers.
dynamic routing
A routing mechanism for dynamically exchanging rout- Notes
ing information among routers on an internetwork. You can configure a multihomed Microsoft Windows
2000 or Windows .NET Server server as a dynamic RIP
Overview
router by selecting Enable IP Forwarding on the Rout-
Dynamic routing operates using a dynamic routing proto-
ing tab of the Transmission Control Protocol/Internet
col, such as Routing Information Protocol (RIP) or Open
Protocol (TCP/IP) property sheet and then using the
Shortest Path First (OSPF) Protocol. Routers that use
Services tab of the Network property sheet to add the
dynamic routing are sometimes called dynamic routers.
RIP for Internet Protocol (IP) service to the server.
For dynamic routing to work, the routing protocol must Another example of a dynamic router is a multihomed
be installed on each router in the internetwork. The rout- computer running Windows 2000 Server with Routing
ing table of one router is manually seeded with routing and Remote Access Service (RRAS) and either RIP or
information for the first hop, and then the routing proto- OSPF configured.
col takes over and dynamically builds the routing table
See Also: router, routing table, static routing
for each router. Dynamic routers periodically exchange
their routing information so that if the network is recon-
figured or a router goes down, the routing tables of each dynamic routing protocol
router are automatically modified accordingly. A protocol that enables dynamic routing to be used to
simplify management of a routed network.
Advantages and Disadvantages
Dynamic routers are much simpler to administer than Overview
static routers, but they are sometimes less secure If we focus on Internet Protocol (IP) routing, which is
because routing protocol information can be spoofed. If the standard for the Internet and most corporate net-
the network is reconfigured or a router goes down, it works, several kinds of dynamic routing protocols can
takes a certain period of time for this information to be deployed. These routing protocols can be classified
propagate between the various routers on the network. in a hierarchical scheme as shown in the illustration.
This router reconfiguration process is usually referred
First, dynamic routing protocols can be one of two types:
to as convergence. However, getting a dynamic router
up and running is often as simple as connecting the ● Interior Gateway Protocols (IGPs): These are
interfaces and turning it on—routes are discovered used to manage routing within autonomous systems
automatically by communications with other routers on (ASs). IGPs are further classified below.
the network. Dynamic routers are also fault-tolerant, for
● Exterior Gateway Protocols (EGPs): These are
when a router fails the other routers soon learn about it
used to manage routing between different ASs. The
and adjust their routing tables accordingly to maintain
de facto example of an EGP is the Border Gateway
communications across the network.
Protocol (BGP) used on the Internet.
411
dynamic volume dynamic volume
412
E
E
413
EDGAR EDGAR
414
EDGE eDirectory
415
effective permissions EIA
effective permissions Third, when a user attempts to access a folder or file over a
In Microsoft Windows 2000, Windows XP, and Windows network that has both NTFS permissions (the first exam-
.NET Server, the cumulative permissions a user has for ple) and shared folder permissions (the second example)
accessing a resource based on a user’s individual permis- configured on it, the effective permission is the most
sions, group permissions, and group membership. restrictive (least permissive) permission. For example,
417
electromagnetic interference (EMI) Electronic Business Extensible Markup Language (ebXML)
browser include many factors, such as the machine’s greater resistance to the effects of EMI than using
operating system, version, and role. Eventually, one twisted-pair cabling. Fiber-optic cabling is an even bet-
potential browser prevails over other machines on the ter solution in heavy industrial settings because it is
network because it has superior election criteria, and wholly resistant to EMI. (Changing electromagnetic
the election ends. fields has no effect on the light waves traveling along a
glass fiber.)
E Notes
Elections also occur when domain controllers are See Also: cabling, noise, signal
restarted.
See Also: browsing, Computer Browser service Electronic Business
Extensible Markup Language
electromagnetic interference (ebXML)
An Extensible Markup Language (XML) standard that
(EMI) allows businesses to locate each other on the Internet,
Electrical noise induced in cabling by the presence of
form partnerships, and exchange business information.
nearby electrical equipment such as motors, air condi-
tioners, fluorescent lights, and power lines. Overview
The ebXML standard specifies protocols and mecha-
Overview
nisms that allow businesses to use the Internet and
Electromagnetic interference (EMI) can interfere with
XML to create and centrally store business profiles
the transmission of signals and render network commu-
of their companies, find other companies providing
nications unreliable or impossible. EMI is only a prob-
desired types of business services, enter into partner-
lem if copper cabling is used-fiber-optic cabling is
ship agreements, and collaborate through electronic
immune to sources of EMI.
document exchange such as invoicing, receipts, ship-
EMI is caused when the changing electromagnetic ping notices, and so on. The ebXML standard is
fields generated by one cable induce extraneous cur- designed to promote electronic business between com-
rents or interference in adjacent or nearby cables. EMI panies of any size located anywhere in the world using
in copper cabling can be reduced to acceptable levels by a common infrastructure (the Internet) and a common
language for sharing structured information (XML).
● Avoiding bunching of unshielded cabling
The ebXML standard provides open specifications for
● Keeping all cabling away from power cords and
how companies define their business processes, create
transformers
and register company profiles and business processes,
● Using shielded twisted-pair (STP) cabling instead enter into trading agreements, and exchange business
of unshielded twisted-pair (UTP) cabling information using XML messages. Businesses can use
ebXML to exchange business information with each other
● Enclosing cabling in external mesh or wire
without being concerned about the structure of the under-
shielding
lying data processes of other partners in the process.
● Properly grounding electrical equipment and exter-
The ebXML standard is an initiative of the Organization
nal shielding
for the Advancement of Structured Information and Stan-
● Taking care not to excessively untwist the terminat- dards (OASIS) and a United Nations (UN) standards
ing ends of twisted-pair cabling body called UN/CEFACT (United Nations Center for
Trade Facilitation and Electronic Business). Development
EMI can be a greater concern in heavy industrial set-
of the ebXML standard began in 1999 with the backing
tings where high voltages and equipment, such as
and support of IBM, Sun Microsystems, BEA Systems,
motors and generators, produce high levels of electrical
Commerce One, and a number of other companies.
noise. Using coaxial cabling in these settings affords
418
Electronic Data Gathering, Analysis, and Retrieval electronic data interchange (EDI)
419
electronic data interchange (EDI) electronic data interchange (EDI)
implemented as a map between your business applica- EDI into the back end of their business processes but
tion’s data fields and the type of EDI standard appropriate involves additional expenditure of manual labor in
to the transaction performed. entering data into the forms. Nevertheless, this is a pop-
ular scheme that has become widely implemented in
EDI transactions are typically processed in batch form.
some sectors.
Some forms of interactive EDI have emerged, but the
E basic architecture of EDI was designed around the
concept of mainframe batch processing.
Advantages and Disadvantages
Besides its entrenched usage in the big business market-
place, particularly in government, manufacturing, trans-
Implementation
port, and warehouse sales, EDI has other advantages
EDI-enabled systems communicate through translation
over such emerging technologies as Extensible Markup
software that formats the data into standard EDI encod-
Language (XML). For one thing, EDI messages are
ing format. This information is then exchanged using
compact, using a highly condensed format that makes
one of several methods:
them difficult to read. XML messages, by comparison,
● Using a dedicated leased line between the business are plain text and tend to be much larger than EDI mes-
partners. This method is expensive but is often sages. As a result, small businesses that use dial-up con-
employed by large enterprises that have high vol- nections for exchanging business information with their
umes of EDI transactions to process. purchasers and suppliers can save online costs using
EDI compared to XML. Because EDI mainly uses
● Using a dial-up modem connection between busi-
leased lines, the technology is intrinsically more secure
ness partners. This method saves costs by using
than a technology such as XML that uses an insecure
EDI’s strength batch-processing strength. Transac-
public network such as the Internet. However, by
tions can be queued and then sent as a batch job
employing virtual private network (VPN) technology
over a dial-up connection to save money. Small to
for tunneling over the Internet, the level of security in
medium-sized supply-chain partners often use this
using XML has been made comparable to that of EDI.
method to exchange business information with a
large company purchasing their goods or services. While the costs of implementing EDI or leasing VAN
services might at first glance seem higher than XML,
● Through an external third-party value-added net-
this is not actually true because XML is not yet an
work (VAN) service provider that acts as a clearing-
established standard for communication of business
house for EDI transactions. The VAN processes
transactions. In particular, XML has the same hidden
EDI messages and routes them to the appropriate
costs as EDI due to the expense of building either sys-
electronic mailbox for the destination business part-
tem into a company’s back-end business processes,
ner, who can then retrieve the EDI messages from
which usually requires much customized programming
the mailbox and process the transactions using busi-
and tinkering.
ness applications. The VAN is responsible for mes-
sage routing, delivery, security, auditing, and EDI’s disadvantages are more perception than reality.
archiving. This approach has grown in popularity That EDI is difficult to implement is acknowledged, but
over the last decade and is probably the most popu- so is any translation system that must be deeply inte-
lar EDI implementation in use today. grated into the back end of a company’s business soft-
ware, and nowadays EDI-enabled Enterprise Resource
A newer method used by small suppliers to exchange
Planning (ERP) and customer relationship management
EDI information with large manufacturers is Web-
CRM systems are commonly available, as are tools for
enabled EDI. Typically, a VAN will offer a Web forms
helping developers custom-build EDI into existing
front end that the supplier can use to submit invoices
business processes. Another perceived disadvantage of
and issue receipts to the purchasing company. This
EDI is that it is complex and difficult to learn, but most
saves suppliers considerable costs over having to build
EDI programmers would disagree with this assessment.
420
Electronic Industries Alliance (EIA) Electronic Industries Alliance (EIA)
421
electronic tape vaulting e-mail
network cabling that are collectively known as the EIA/ example of such a service is provided by CNT, a special-
TIA wiring standards. Individuals and companies ist in storage area networking and other storage technol-
installing cabling for computer networks must follow ogies, and Iron Mountain, a global leader in records
these standards to meet government legal and safety management services. Using UltraNet, CNT’s storage
requirements. networking solution, a company can e-vault information
incrementally to Iron Mountain’s tape vaulting sites.
E For More Information
Visit the Electronic Industries Alliance (EIA) at Notes
www.eia.org. E-vaulting can also be used to back up data directly to
mirror servers running at remote locations controlled
either by the company itself or by storage service pro-
electronic tape vaulting
viders. This form of e-vaulting is more properly called
The practice of backing up data directly to a remote
mirroring.
backup facility.
See Also: backup, disaster recovery, mirroring
Overview
Classic backup procedures involve backing up data reg-
ularly to network tape drives and libraries. In addition, e-mail
daily copy backups are made of critical business data on Stands for electronic mail; any system for electronically
servers and these tapes are taken off-site to a secure sending and receiving messages.
storage facility. When a disaster occurs, recovery using
Overview
these off-site daily copies typically takes 48 to 72 hours
E-mail is arguably the technology that has had the great-
because the hardware failure must be repaired or the
est impact on how companies conduct businesses in
server replaced, the operating system installed, and
modern times. E-mail has become the lifeblood of busi-
tapes shipped in from the off-site storage location.
ness, with some analysts estimating that fully one-third
Some data is typically lost permanently under this sce-
of all business-related information resides on mail serv-
nario because the tapes are written only once a day but
ers, users’ personal folders, and mail archiving systems.
business transactions take place continually.
E-mail is used for virtually every type of business com-
Electronic tape vaulting, or e-vaulting, is a technique
munication, including marketing, invoicing, and cus-
that helps make recovery times faster and restores more
tomer service. E-mail saves businesses millions of
up-to-date. In a typical scenario, e-vaulting supple-
dollars through the elimination of costly paper con-
ments an existing backup plan similar to the one
tracts, invoices, and receipts. E-mail also costs busi-
described above. Information written to local storage on
nesses millions of dollars in wasted time dealing with
servers is also transmitted over the network through a
spam (unsolicited commercial e-mail) and undoing the
wide area network (WAN) link to a remote e-vaulting
effects of e-mail viruses. Despite these negative aspects,
site, where it is written to tape. Data can be e-vaulted
however, most companies would be at a standstill if
periodically (once an hour, for example), or even con-
their e-mail systems went down.
tinuously as each transaction occurs. This transactional
information, coupled with traditional daily copy back- Estimates suggest that the number of commercial and
ups, allows databases and other business information to private e-mail mailboxes globally was more than 500
be restored with little or no data loss. million in 1999 and may well top 1 billion by the end of
2002. With the advent of wireless messaging, this figure
Marketplace
may increase much more rapidly in the next few years.
Large enterprises have been using e-vaulting for some
E-mail today is what the telephone was at the beginning
time, but recently with the proliferation of storage service
of the century—a technology that shaped the evolution
providers (SSPs) even small to medium-sized business-
of business and commerce worldwide.
es can lease e-vaulting services from a provider. An
422
e-mail e-mail
423
e-mail e-mail
2000 Server includes a feature called Outlook Web messaging systems around the world. The first such
Access (OWA) that supports this kind of e-mail, as do instance was the Internet worm developed by Robert
Lotus iNotes R5, Novell GroupWise 5.5e, Imail Server Morris in 1988, which took advantage of a weakness
from Ipswitch, and InScribe Internet Messaging Server in Sendmail to bring down 6,000 SMTP mail servers
Web Mail from Critical Path. around the globe in only 24 hours. More recent exam-
ples include the Melissa and LoveLetter viruses, which
E In the wireless messaging arena, a major player is
Research In Motion (RIM) with its BlackBerry messag-
exploited enhanced collaboration features of Microsoft
Outlook to crash mail servers at major Internet service
ing system. The BlackBerry server application works
providers (ISPs) and large corporations.
with Microsoft Exchange or Lotus Notes mail servers
and allows messages to be relayed to BlackBerry hand- The growing trend toward Hypertext Markup Language
held devices. This allows mobile professionals such as (HTML) mail instead of plaintext messaging has also
IT (information technology) administrators, to be had its associated issues. For example, some marketing
alerted when systems go down, and it is a more effec- companies now send out their HTML messages with a
tive way of communicating than using simple pagers. tiny 1-pixel scripted image called a bug in them. The
BlackBerry is also a very secure messaging platform result is that when a user opens the message to read it
because it uses Triple Data Encryption Standard (Triple in his mail program, information such as his Internet
DES) for encrypting all transmissions. Protocol (IP) address and Web site visiting habits is
collected from his machine and transmitted to the com-
Service providers, too, now offer various commercial
pany. Some companies deal with such issues by simply
e-mail services to businesses. For businesses that need to
disabling HTML mail altogether or preventing scripts
send out mass mailings and do not want to overwhelm
from running on mail clients, but this seriously hinders
their mail servers with these duties, companies such as
the collaborative power of modern mail applications.
BoldFish offer server software that simplifies the creation
and transmission of large volumes of e-mail. Businesses Prospects
can also outsource this activity to service providers. E-mail continues to gain ground in the business world
through such innovative technologies as Web-based
Issues
messaging, which allows a user to access his personal
The greatest obstacle to wider use of e-mail in business
mailbox from any Internet-enabled PC that has a Web
has been security. Traditionally, SMTP mail has been
browser on it, and wireless messaging, the “next big
transmitted in clear text across the Internet, a notori-
thing,” is starting to make big inroads in the enterprise
ously unsafe place for such an action to be performed.
through BlackBerry and Personal Digital Assistants
The slow evolution toward universally trusted public
(PDAs) Palm and PocketPC.
key infrastructure (PKI) systems has hindered the wide-
spread deployment of encrypted messaging and has led On the other hand, the next big thing may be the legal
to other solutions such as PGP being adopted by some issues associated with the growing mountain of old
businesses in the meantime. Another solution called e-mail residing on mail servers in back rooms of corpo-
Privacy Enhanced Mail (PEM) was developed by the rate networks. In regulated industries such as banking
Internet Engineering Task Force (IETF) and is commer- and securities trading, the law requires that all docu-
cially offered by vendors such as RSA Data Security ments relating to business activity be retained for a
and Trusted Information Systems. number of years. Companies often archive old mail in
user folders to file servers, but this makes it difficult to
Besides the encryption issue, the last few years have
search for specific messages when required. In several
seen the proliferation of what many thought could never
instances, companies that were sued have been forced
occur: e-mail viruses. Some of these viruses have
to settle because it was simply not cost-feasible for
wreaked terrific havoc on corporate and commercial
424
e-mail address embedded system
● User portion: This indicates the name or alias of ● Automobile antilock brake systems
the user to whom the mail is directed. ● Automobile Global Positioning Systems (GPSs)
● Routing portion: This indicates the information ● DVD and VCR players
needed to route the message to the particular mail
system where the user’s mailbox resides. ● Digital cameras
425
Emergency Management Services (EMS) Emergency Management Services (EMS)
426
emergency repair disk (ERD) emergency startup disk
supports it, the VT100 client can also manage the head- recovery. Always create a new ERD after installing new
less server through the universal serial bus (USB) port services or software or upgrading hardware or device
or over an Ethernet network using an RJ-45 jack. drivers on a system.
Notes Uses
To run Windows .NET Server in headless mode, the To perform a system recovery on a machine running
system’s basic input/output system (BIOS) must allow
operation without a video card, keyboard, or mouse.
Windows 2000, try booting to Safe Mode first by press-
ing the F8 function key during startup. If this fails or if
E
the system cannot be repaired, boot the system using
See Also: Telnet, terminal emulator, Windows .NET
the four boot floppies, select the Repair option by press-
Server
ing the R key when prompted, and then either use the
ERD to attempt a repair or press C to open the Recovery
emergency repair disk (ERD) Console. The Recovery Console is a powerful com-
A Microsoft Windows 2000 recovery tool for repairing mand-line interface to the operating system designed
missing or corrupt files and restoring the registry. for use only by advanced administrators.
Overview Notes
In Windows NT, the emergency repair disk (ERD) If you cannot find your four Windows 2000 boot flop-
was a valuable recovery tool for restoring the registry pies, insert the Windows 2000 compact disc and a
or replacing boot files on a corrupted system. The blank floppy into any machine running MS-DOS or
Windows NT ERD contained compressed versions of Windows, click Start, select Run, and enter the follow-
registry hive, default user profile, setup.log, and other ing path into the Run box:
system configuration files, and it could be created from
<cdrom_drive>\bootdisk\makeboot a:
the command line using the Rdisk command.
In Windows XP and Windows .NET Server, ERD is
In Windows 2000, the ERD is a little different. Instead
being replaced by a feature called Automated System
of containing registry hives, it contains only boot files
Recovery (ASR).
and some pointers to operating system files. When a
Windows 2000 system is first installed, the registry See Also: Automatic System Recovery (ASR)
hives are backed up to \Winnt\repair directory. Also, the
ERD is created by selecting an option in the Windows
2000 Backup tool. When the Backup tool is used to
emergency startup disk
A floppy disk created during the setup process for Micro-
back up the registry, this backup is placed in
soft Windows 98 and Windows Millennium Edition (Me)
\Winnt\repair\regback.
that can be used to troubleshoot boot problems.
You can use the ERD to restore a corrupted master boot
Overview
record (MBR), restore missing or corrupted boot files
The emergency startup disk contains files necessary to
such as Ntldr, or restore the registry from backup. How-
load a command-line version of Windows, plus other
ever, when ERD is used to restore the registry, it does so
useful system-recovery utilities, including a real-mode
from \Winnt\repair instead of \Winnt\repair\regback,
registry editor. When you insert an emergency startup
using the pristine form of the registry that is backed dur-
disk into your computer and reboot, the computer starts
ing the initial installation. For more fine-grained control
from the disk instead of from the hard drive.
of restoring the registry, use the new Recovery Console
tool of Windows 2000 instead of the ERD. Having a current copy of the emergency startup disk for
each machine running Windows 98 or Windows Me on
Having a current copy of the ERD for each server on
your network helps with disaster recovery if these
your network is a critical part of preparing for disaster
machines fail to boot properly. You should create a new
427
EMI encapsulation
emergency startup disk whenever you make a configu- ● 5250: The 5250 synchronous protocol is used in
ration change to a machine running Windows—for the IBM S-series mainframe environment and in
example, when you install new hardware or update AS/400 midframe environments.
device drivers.
See Also: 3270, 5250
428
Encrypting File System (EFS) Encrypting File System (EFS)
Interconnection (OSI) reference model is usually placed in another system, the information on the drive
referred to as framing. Examples of different types of will be unreadable. In this way, EFS ensures the privacy
encapsulation include of a user’s information stored on disk and finds particu-
lar application with systems vulnerable to theft, such as
● An Ethernet frame that encapsulates an Internet
laptop computers.
Protocol (IP) packet, which itself encapsulates a
Transmission Control Protocol (TCP) packet,
which then encapsulates the actual data being trans-
EFS is integrated in the NTFS used by Windows 2000,
Windows XP, and Windows .NET Server; it is not avail-
E
mitted over the network able for older forms of NTFS, such as the one used in
Windows NT 4. EFS operates transparently from the
● An Ethernet frame encapsulated in an Asynchro-
point of view of users: files are automatically encrypted
nous Transfer Mode (ATM) frame for transmission
when they are created or moved to encrypted folders
over an ATM backbone
and are automatically decrypted when the user needs to
The data-link layer (Layer 2) of the OSI networking access the information stored within them.
model is responsible for encapsulating or framing data
EFS also includes a Data Recovery System that
for transmission over the physical medium. In local area
employs a trusted recovery agent (usually the Adminis-
network (LAN) technologies, this is usually Carrier
trator account) that can decrypt any user’s encrypted
Sense Multiple Access with Collision Detection
files in an emergency.
(CSMA/CD) for Ethernet networks. For wide area net-
work (WAN) technologies, the data-link protocols used The following EFS features have been added to
depend on whether the communications are point-to- Windows XP Professional and Windows .NET Server
point or multipoint: editions:
● For point-to-point communications, possible WAN ● Additional users can be authorized to access
data-link protocols include Point-to-Point Protocol encrypted files.
(PPP) and High-level Data Link Control (HDLC)
● Offline files can now be encrypted.
protocol.
● Data recovery agents are recommended options.
● For multipoint communications, possible WAN
data-link protocols include frame relay, ATM, ● The Triple-DES encryption algorithm can be used
Switched Multimegabit Data Services (SMDS), and to replace DESX.
X.25.
● A password reset disk can be used to safely reset a
See Also: frame, Open Systems Interconnection (OSI) user’s password.
reference model
● Encrypted files can be stored in Web folders.
429
encryption encryption
The advantage of using this combination of two encryp- of all secure communications since ancient times. With
tion schemes is that the faster symmetric encryption the rapid growth in recent years of the Internet as the
scheme is used for actual encryption and decryption of de facto medium for businesses and consumers to
file data and the slower public key scheme is used only exchange information, encryption has taken on new
to protect the user’s own private key from theft and mis- importance resulting in an explosion of cryptographic
use. Although EFS employs public key encryption, it technologies and standards has resulted.
E does not require a certificate authority (CA) to issue
Uses
public/private key pairs. Instead, EFS automatically
Symmetric key encryption is widely used for securing
generates these key pairs for individual users and for
digital transmission of information. For example, the
trusted recovery agents.
DES encryption scheme used by the U.S. government
Notes since 1974 is a symmetric key encryption algorithm, as is
If you are working with applications that create tempo- its recent successor, the Advanced Encryption Standard
rary files, you might want to enable encryption at the (AES). Symmetric key encryption is also employed in
folder level instead of the file level to guard against the Windows NT LAN Manager (NTLM) authentication
unauthorized access to your temporary files. With scheme of Microsoft Windows NT and in Kerberos, the
folder-level encryption, all files in the folder are default authentication scheme of Microsoft Windows
encrypted. 2000, Windows XP, and Windows .NET Server.
See Also: encryption, encryption algorithm Asymmetric or public key encryption, on the other hand,
is widely used on the Internet in the form of the SSL pro-
tocol discussed previously. Public key encryption was
encryption
developed by Whitefield Diffie and Martin Hellman in
The process of rendering information unreadable to all
1976, and it was made popular by Phil Zimmerman with
but the intended recipients, who have the ability to
his Pretty Good Privacy (PGP) encryption scheme for
decrypt it.
e-mail messaging, which was first released in 1991.
Overview
Asymmetric encryption is much slower than symmetric
Cryptography is the science of creating workable pro-
encryption, so many encryption technologies use a com-
cedures for encrypting and decrypting messages.
bination of the two. In SSL, for example, asymmetric
Encrypting messages and transmissions ensures their
encryption is used during SSL session initialization to
● Privacy: No one can read an encrypted message securely exchange a secret key between users so that the
other than its intended recipients. remaining encryption performed during the session is
done using the much faster symmetric encryption
● Integrity: An encrypted messages that is inter-
scheme.
cepted in transit and modified generally becomes
garbage when received by its intended recipient—a Implementation
simple test of whether the message has been tam- The basic element that makes possible both encryption
pered with. and decryption is the key. A key is typically a numeric
value that is employed in a mathematical procedure
● Authenticity: A good encryption scheme will help
called an encryption algorithm to convert ordinary text
you verify that the message was indeed sent by the
(plaintext) into encrypted text (ciphertext) and vice
person it says it is from by authenticating the iden-
versa (encryption algorithms are discussed separately in
tity of the sender.
the corresponding article in this chapter). The number
Cryptography’s goal is to ensure that an encrypted of keys used and the details of how they are employed
message intercepted by a distrusted user cannot be distinguishes two basic types of encryption, namely
decrypted in a feasible amount of time. Encryption is symmetric and asymmetric (public) key encryption.
synonymous with cryptography and has been the basis
430
encryption encryption
431
encryption algorithm encryption algorithm
432
End-User License Agreement (EULA) Enhanced Data Rates for Global Evolution (EDGE)
Overview
Enhanced Category 5 (Cat5e) cabling is the only rati- Enhanced Data Rates for
fied cabling standard that is capable of supporting trans- Global Evolution (EDGE)
mission speeds faster that 100 megabits per second A third-generation (3G) upgrade for the 2.5G General
(Mbps), although Category 6 (Cat6) and Category 7 Packet Radio Service (GPRS).
(Cat7) specifications have been proposed. Supporting Overview
frequencies up to 350 megahertz (MHz) or higher, Enhanced Data Rates for Global Evolution (EDGE) was
Cat5e cabling is typically four-pair solid conductor designed as a way of easily upgrading certain second-
24-gauge unshielded twisted-pair (UTP) cabling that generation (2G) cellular systems to 3G systems with little
has a low capacitance in the range of 13 to 14 pF/foot, additional cost. EDGE can be used to upgrade both Time-
as compared with regular Category 5 (Cat5) cabling Division Multiple Access (TDMA) systems such as
that has a capacitance of around 17 pF/feet. The imped- AT&T Wireless and Global System for Mobile Commu-
ance of Cat5e cabling is 100 ohms, the same as for reg- nications (GSM), which are also based on TDMA
ular Cat5 cable.
433
Enhanced Interior Gateway Routing Protocol (EIGRP) Enhanced Interior Gateway Routing Protocol (EIGRP)
434
enterprise enterprise
● Metrics can be based on values of bandwidth, route protocols (by contrast, RIPv2 is simply Routing Infor-
latency, reliability, and load. mation Protocol [RIP] with a few added features).
EIGRP can also work seamlessly with IGRP to allow
But EIGRP also differs from IGRP in many ways, and
routing information to be shared across boundaries of
most of these differences involve the incorporation of
autonomous systems, which simplifies the setup and
features common to link state routing protocols. For
configuration of EIGRP routers considerably.
example:
See Also: autonomous system (AS), classless routing
E
● EIGRP includes a mechanism for automatically
protocol, dynamic routing protocol, Interior Gateway
discovering neighboring routers using HELLO
Routing Protocol (IGRP), routing protocol
packets and downloading necessary routing infor-
mation from these neighbors.
enterprise
● Instead of using periodic broadcasts of entire rout-
A large, geographically distributed company with a
ing tables, which consumes valuable network band-
high number of users.
width, EIGRP sends out only incremental updates
for routing tables and only when a change in the Overview
tables requires such updates. In a computer networking context, an enterprise-level
network of computers refers to the network belonging
● Routing table information is contained within a
to an enterprise; that is, a network that typically consists
topology database similar to that used by link state
of thousands of computers distributed across several
routing protocols. Only information about adjacent
geographically remote locations and connected by wide
routers is kept in the database, not the routing table
area network (WAN) links.
for the entire network. This helps keep the topology
database small and efficient for fast routing and helps Enterprise-level networks generally use Transmission
an EIGRP router to recover quickly after a failure. Control Protocol/Internet Protocol (TCP/IP) and are
divided into a number of smaller networks called sub-
Other features of EIGRP include
nets, which are linked by routers. Enterprise-level net-
● Diffusing Update Algorithm (DUAL): This com- works are often heterogeneous networks consisting
plex routing algorithm that is similar to Dijkstra’s of different protocols and operating systems such as
algorithm provides fast convergence and avoids Microsoft Windows NT, Windows 2000, Windows XP,
routing loops. Windows .NET Server, Novell NetWare, and varieties
of UNIX, all interoperating to various degrees. Enter-
● Reliable Transport Protocol (RTP): This protocol
prise-level networks can include legacy mainframe and
guarantees delivery of EIGRP packets to neighbor-
minicomputer systems as well.
ing routers.
This mixture of systems and protocols can make it
● Protocol-dependent modules: This feature allows
challenging to administer and manage an enterprise-
an EIGRP router to support multiple network proto-
level network and offers a strong argument for upgrad-
cols including Internet Protocol (IP), Internetwork
ing legacy systems to newer, standardized ones. Com-
Packet Exchange (IPX), and AppleTalk.
panies can save considerable costs in the long run by
● MD5 authentication: Each EIGRP packet contains upgrading their networks to secure, reliable, scalable
an MD5 checksum to secure routing communica- network operating systems such as Windows NT,
tions from outside monitoring. Windows 2000, Windows XP, or Windows .NET
Server. The initial cost of upgrades and training are
Notes quickly recouped through lower maintenance and
Although EIGRP and IGRP share some characteristics
administration costs, the result of migrating an
and can work together, they are essentially different
435
Enterprise Admins Enterprise Information Portal (EIP)
enterprise’s heterogeneous combination of systems manage the flood of information that fuels business.
and protocols to a homogeneous network consisting Although the intranet revolutionized the way businesses
of computers running Windows NT, Windows 2000, handled information by providing a standard interface
Windows XP, or Windows .NET Server and running (the Web browser) for accessing such information, por-
TCP/IP. tals provide other tools such as user profiles, person-
alization services, workgroup and collaboration tools,
E Enterprise Admins automatic indexing, and push/pull information delivery
that help manage large amounts of information residing
A built-in group for the Microsoft Windows 2000 and
in the diverse data sources of a typical enterprise.
Windows .NET Server operating system platforms.
EIPs are simply a wedding of these two technologies,
Overview
turning corporate intranets into collaborative tools that
Enterprise Admins is one of four global groups that
deliver personalized business information to users as
Windows 2000 and Windows .NET Server create by
they need it. EIPs generally focus on managing struc-
default to help administrators organize users in their
tured information found in databases of two common
network. The other three groups are Domain Users,
types of business applications: enterprise resource plan-
Domain Guests, and Domain Admins.
ning (ERP) and customer relationship management
Although Domain Admins are users who can perform (CRM) applications. EIPs excel in helping users iden-
administrative tasks on any computer belonging to the tify, analyze, and present useful information mined
domain, the Enterprise Admins group is intended to from diverse databases used by businesses, and are in
have an even larger scope. Enterprise Admins must be many ways simply an extension of data warehousing
able to perform administrative tasks on any computer in (DW) and data mining (DM) technologies with an addi-
the enterprise. tional emphasis on integrated content management
(CM) technologies. EIPs generally excel in bringing
A Windows 2000– or Windows .NET Server–based
together data found in structured data sources such as
enterprise can consist of a number of domains intercon-
structured query language (SQL)– and open database
nected in a domain tree, or even several domain trees
connectivity (ODBC)–compliant databases. A further
connected into a domain forest. Enterprise Admins can
evolution of these systems called Enterprise Knowledge
administer the entire network for the enterprise.
Portals (EKPs) can also mine unstructured sources such
Just as with the Domain Admins group, the Enterprise as e-mail message repositories and document manage-
Admins group has one initial member: the Administra- ment systems.
tor user account that belongs to the domain. The Enter-
prise Admins group exists only in the root domain of Marketplace
Many new players have appeared since the EIP market
the forest.
exploded in 1999. Some of the early pioneers that have
See Also: built-in group gained significant market share with their packaged EIP
offerings include HummingBird International, Epicentric,
Enterprise Information Portal and Plumtree Software. Some examples of popular EIP
(EIP) offerings in the marketplace include Brio.Portal from
A business software system used to provide a single Brio Technology, Corporate Portal from Plumtree,
point of access to information stored in different corpo- DataChannel server from DataChannel, Freedom from
rate databases. InfoImage, iPlanet Portal server from Sun-Netscape Alli-
ance, and many others.
Overview
Enterprise Information Portals (EIPs) are an evolution of Major operating system and business applications
corporate intranets that apply portal technologies to help vendors such as IBM, Oracle Corporation, Microsoft
436
Enterprise Java Beans (EJB) Enterprise Knowledge Portal (EKP)
Corporation, and Sun Microsystems also offer suites of be used to build scalable, distributed applications that run
business applications that can be used to help build EIP on farms of application servers, and its component-based
solutions for corporate customers. Some EIP applications technology speeds and simplifies the development pro-
are more focused on providing corporate users with work- cess to gain better time-to-market advantage.
group tools for collaborative use, and others focus more
EJB operates as a server-side component technology. It
on enabling decision-makers in a company to access the
information they need to map their company’s future.
includes a number of services that make it easy for
developers to write middleware supporting distributed
E
Prospects transactional processing over the Internet. These ser-
The EIP market, which started in 1998, has grown to a vices include database connectivity, support for distrib-
multibillion-dollar industry and is expected to rival the uted transactions, and security functions.
traditional ERP and CRM markets in the next few years
Marketplace
in scope and deployment.
IBM and Inprise/Borland Corporation both offer EJB
See Also: Enterprise Knowledge Portal (EKP), enter- server platforms for building e-business solutions.
prise resource planning (ERP), intranet, portal Another company that is a popular player in this market
is BEA Systems. The open-source movement is contrib-
uting its own EJB server platform, called jBoss, as well.
Enterprise Java Beans (EJB)
A Java-based technology from Sun Microsystems for See Also: Java
building e-commerce systems.
Overview Enterprise Knowledge Portal
Enterprise Java Beans (EJB) is a set of Java specifica- (EKP)
tions that can be used for building Web-based distrib- A business software system that couples knowledge
uted transactional applications typical of e-commerce management tools with an Enterprise Information Portal
and e-business solutions. EJB is a core component of (EIP) to provide a powerful way of handling the flood of
Java 2 Enterprise Edition (J2EE) and works with Java information that characterizes large businesses today.
Server Pages (JSP) technologies to provide tools for
Overview
developers to meet the needs of businesses in today’s
Information is at the center of today’s business, but this
Internet economy. EJB is particularly popular in the
information is typically stored in diverse places, such as:
UNIX environment as an alternative to Common
Gateway Interface (CGI) solutions based on PERL and ● Structured data sources: This includes informa-
C/C++, but EJB applications can run on any Java- tion in enterprise resource planning (ERP), cus-
supporting platform, including Linux, Solaris, AIX, tomer relations management (CRM), and various
Windows NT and Windows 2000. structured query language (SQL) and open database
connectivity (ODBC) databases scattered on serv-
EJB was developed under the umbrella of the Java
ers throughout an enterprise.
Community Process, and its current version 1.1 is being
revised toward version 2. ● Unstructured data sources: This includes e-mail,
scheduling, and journaling information stored on
Implementation
mail servers and groupware servers, document
EJB is implemented as an object-oriented component
management systems that include file servers and
programming model based on the Java programming lan-
document archive systems, and Web-based infor-
guage. As a result, EJB is a platform-independent and
mation repositories such as intranets, extranets, and
vendor-neutral solution for building transactional appli-
public Web sites.
cations. EJB supports both stateful and stateless transac-
tions through its different types of session beans. It can
437
enterprise resource planning (ERP) enterprise resource planning (ERP)
● Legacy data sources: This covers all forms of data require months, or even years, to implement fully, with
stored on legacy systems such as IBM mainframe much of that time spent on custom development work.
and AS/400 systems. On the other hand, once these systems are fully imple-
mented, they are easy to maintain and they bring signif-
Enterprise Knowledge Portals (EKPs) are systems that
icant long-term cost savings by enabling faster, more
gather all these sources of information and allow corpo-
informed decision-making and improved communica-
E rate users to locate, analyze, deliver, and present per-
sonalized information through a single point of access.
tions among corporate users.
Using the simple Web browser as the universal front Marketplace
end for these systems, users can pull useful information A number of companies are offering turnkey EKP solu-
from these sources to help them make informed busi- tions that can fit the needs of medium-sized companies
ness decisions or have this information pushed out to without much development work. Portal-in-a-Box from
them on a regular basis using automatic search engines Autonomy Corporation is one example of a turnkey
that parse the data sources using intelligent criteria to EKP system that automatically classifies, links, and
determine what users might need. User profiles allow personalizes information and then delivers it to users as
EKPs to personalize the information delivered to users they need it.
to present what they need, when they need it, and how
Big players such as Lotus Development Corporation
they need it.
and OpenText Corporation also offer EKP systems that
Implementation focus more on the collaborative aspect of business deci-
EKPs work by combining two technologies: sion-making. And major business application vendors
such as Microsoft Corporation, IBM, Sun Microsys-
● Enterprise Information Portals (EIPs): These
tems, and Oracle Corporation offer their own suites of
systems are essentially portals to corporate intra-
applications that can be used to build EKP systems for
nets and provide features such as user profiles, per-
large enterprises.
sonalization services, single sign-on, customizable
interface, automatic indexing, and push/pull deliv- See Also: Enterprise Information Portal (EIP), enter-
ery of information to basic Web-based intranet prise resource planning (ERP), intranet, portal
systems.
● Knowledge Management (KM): These tools enterprise resource planning
enable useful information to be combined and (ERP)
mined from sources as diverse as SQL databases, A term describing software systems for managing a
Word documents, spreadsheets, slide-show presen- broad scope of an enterprise’s business functions.
tations, text files, and e-mail repositories.
Overview
By combining these two kinds of tools, EKP allows Enterprise resource planning (ERP) includes tasks such
information of every form within a company to be as planning, purchasing, tracking orders, supplying
unlocked and made available for making informed busi- customers, managing inventory, servicing customer
ness decisions. requests, producing financial reports, and bookkeeping.
ERP software is modular software designed to integrate
Advantages and Disadvantages these various business functions and simplify their
Although an EKP’s advantages are clear in that it pro-
management.
vides a unified single point of access to a company’s
varied sources of business information, the disadvan- ERP software typically consists of an integrated suite of
tages are also clear, in that EKP systems are costly to set tools for performing standard line-of-business functions
up and complex to implement. In particular, building an such as payroll, accounting, inventory management,
EKP into a company’s varied sources of data could and order entry. ERP software is used in transportation
438
enterprise server enterprise server
and automotive businesses, industrial environments, OIS has support for both XML and electronic data
and other large industrial settings. ERP software lets interchange (EDI) information exchange, and it is avail-
these businesses manage diverse business resources able for diverse platforms, including Windows NT,
across the enterprise to plan more effectively for growth UNIX, and Linux.
and expansion.
With the proliferation of third-party solutions, the big
History
ERP has its roots in the software-controlled inventory
three have also moved recently to Internet-enable their
traditional ERP offerings to make them more compe-
E
control systems developed and used by large companies titive. An example is mySAP from SAP AG, which
in the 1960s. These systems evolved in the 1970s to integrates customer relations management (CRM)
include scheduling features for automating procure- functions with ERP and provides a portal front end.
ment for assembly-line systems and were then called Although previously most ERP deployments were per-
Material Requirement Planning (MRP) systems. Dur- formed by consulting companies, the Big Three have
ing the 1980s, MRP systems continued to evolve to moved recently to offer their professional services.
include distribution and shop floor control and manage-
Prospects
ment capabilities and became known as Manufacturing
The most obvious trend in the ERP market is the con-
Resources Planning (MRP-II) systems. In the 1990s,
tinuing effort to fully Internet-enable ERP systems and
these systems were further extended to include the full
processes. Although early attempts at this represented
gamut of business functions, including project plan-
no more than embedding legacy client ERP interfaces
ning, engineering, finance, and human resources. The
within Web browsers, ERP systems continue to evolve
term enterprise resource planning emerged at this time
to make their Web-based interface friendlier and easier
to represent the wider scope of these large software
to use.
systems.
ERP was more than a $20-billion market in 2000 and is
Marketplace
expected to grow over the next few years. A large por-
The three big players in the traditional ERP market-
tion of this represents planning, consulting, licensing,
place are Oracle Corporation, PeopleSoft, and SAP. The
and maintenance fees for such systems. One recent
biggest of these vendors is Germany’s SAP AG, which
development is Enterprise Information Portals (EIPs),
has an estimated 35 percent share of the ERP market,
which provide a new and innovative way of managing
mainly with its SAP R/3 suite of ERP applications.
the flood of business data that traditional ERP appli-
Another big player is Baan, which has both a traditional
cations expose. EIPs integrate the functions of ERP,
ERP offering and an initiative to integrate Extensible
CRM, and SCM (supply-chain management) systems
Markup Language (XML)– ERP platform through their
into a single Web-based system. Many analysts believe
Baan OpenWorld Integration Framework.
that traditional ERP implementations are on their way
Traditional ERP systems are expensive and often take out and more sophisticated and powerful EIP systems
years to implement fully for large enterprises. In the last will grow rapidly, but because of the huge investment
few years, a flood of new companies entered the mar- most large enterprises have put into ERP systems and
ketplace offering applications that would provide Web- the ongoing costs of maintaining them, ERP is likely to
based front ends for traditional ERP software to Internet- be with us for many years.
enable this software for simplifying enterprise business
See Also: Enterprise Information Portal (EIP)
management. One example of this is the Online Infor-
mation System (OIS) from Impress Software, which
uses the application programming interfaces (APIs) enterprise server
from the big three ERP software vendors to provide A designated server running Microsoft Windows NT,
businesses access to their SAP R/3 manufacturing sys- Windows 2000, or Windows .NET Server in an enter-
tems and other enterprise applications over the Internet. prise, which is used as a central repository for software
439
environmental subsystems environment variables
licensing information regarding Windows NT, ● POSIX subsystem for running POSIX.1-compliant
Windows 2000, Windows .NET Server, and Microsoft applications
BackOffice.
Notes
Overview MS-DOS–based applications run on Windows NT,
In Windows NT networks an enterprise server is typi- Windows 2000, Windows XP, and Windows .NET
E cally a primary domain controller (PDC), yet can also be
a stand-alone server that is not part of any domain in the
Server in the context of a Win32 application called a
Virtual DOS Machine (VDM) that emulates an
enterprise. All PDCs in the enterprise replicate their MS-DOS environment.
licensing information with the enterprise server, so the
enterprise server contains a master database of this infor-
environment variables
mation. If there is only one domain in the enterprise, the
String variables containing information that an operat-
PDC for that domain is the master licensing server. If
ing system uses to control services and applications.
there are several domains, each domain’s PDC keeps
track of licenses for that domain, and all PDCs then rep- Overview
licate their licensing information to the specifically des- Environment variables have been used in Microsoft
ignated enterprise server. Stand-alone member servers operating systems since MS-DOS, where the PATH and
that are not part of any domain also must replicate their TEMP variables used in the Autoexec.bat file were early
licensing information with the enterprise server. examples. Microsoft Windows NT, Windows 2000,
Windows XP, and Windows .NET Server offer a far more
They can be more than one enterprise server in an
extensive selection of environment variables, including
enterprise, but it is simplest to have only one because
the following types:
enterprise servers cannot replicate with each other.
● System (predefined) environment variables such as
See Also: license
USERNAME, USERDOMAIN, WINDIR, and
HOMEPATH. These variables are set on the system
environmental subsystems no matter who logs on and cannot be changed by
Components of Microsoft Windows NT, Windows 2000, any user. They specify particular parameters per-
Windows XP, and Windows .NET Server that support the taining to the system itself, such as the location of
running of applications from different operating system the operating system files. They can be used in
architectures. logon scripts because they are always present when
any user logs on.
Overview
Environmental subsystems provide the necessary “envi- ● User (user-defined) environment variables, such as
ronment” in which these applications can run. They are the path to application files. User environment vari-
an essential part of the Windows NT operating system that ables take precedence over system environment
enables cross-platform support for applications written for variables when the two conflict.
different operating systems. Windows NT, Windows 2000,
● Autoexec.bat environment variables, such as those
Windows XP, and Windows .NET Server include the
used in path statements.
following environmental subsystems:
You can view and specify environment variables in
● Win32 subsystem for running 32-bit Windows
Windows NT, Windows 2000, Windows XP, and
applications
Windows .NET Server by using the System utility in
● OS/2 subsystem for running OS/2 1.X charac- Control Panel. Environment variables may be used in
ter-based applications (does not support the OS/2 logon scripts by enclosing them within percent sym-
Presentation Manager GUI or Warp versions) bols; for example, %USERNAME% contains the cur-
rently logged-on user name.
440
ERD Ethernet
441
Ethernet Ethernet
History Architecture
Ethernet was originally developed by Xerox Corpora- Ethernet uses the Carrier Sense Multiple Access with
tion in the 1970s and was proposed as a standard by Collision Detection (CSMA/CD) media-access control
Xerox, Digital Equipment Corporation (DEC), and method for determining which station can transmit at a
Intel Corporation in 1980. A separate standardization given time over the shared medium. In an Ethernet net-
process for Ethernet technologies was established in work, each station (computer) listens to the network and
E 1985 in the Institute of Electrical and Electronics Engi- transmits data only if no other station is using the net-
neers (IEEE) 802.3 standard known as Project 802. The work. If the wire is free of signals, any station can contend
IEEE standard was then adopted by the International (try to take control of) the network to transmit a signal.
Organization for Standardization (ISO), making it a Ethernet networks are thus based on the concept of con-
worldwide standard for networking. tention and operate on a first-come, first-served basis,
rather than relying on a master station that controls when
Ethernet in its original form, called Standard Ethernet
other stations can transmit. If two stations try to transmit
(or 10Base5 or thicknet), was first commercially avail-
data at the same time, a collision occurs, and both stations
able in 1981 and standardized as 10Base5 in 1984. A
stop transmitting. They wait a random interval of time
version running on thinner coaxial cable called thinnet
(measured in milliseconds) and then try again. The more
(or 10Base2) emerged in 1985 for workgroup LAN
stations on an Ethernet network, the higher the number of
deployments, while thicknet remained the providence
collisions, and the worse the network’s performance. Typ-
of campus backbones. The first commercial Ethernet
ical performance of a 10-Mbps Ethernet network with
bridges also appeared about 1985.
100 stations will support a bandwidth of only about 40 to
The next major advance was deploying Ethernet over 60 percent of the expected value of 10 Mbps. One way of
unshielded twisted-pair (UTP) cabling. This occurred in solving the collision problem is to use Ethernet switches
1990 with the standardization of 10BaseT Ethernet. A to segment an Ethernet network into smaller-collision
fiber version called 10BaseF was developed in 1993 but domains.
never really caught on as advances in technology allowed
the speed of Ethernet to be increased tenfold two years Destination MAC address
later with the development of Fast Ethernet or 100BaseT.
Frame type (IP or IPX)
Meanwhile, in 1992 the first commercial full-duplex
Ethernet products appeared in the marketplace.
8 6 6 2 46 to 1500 bytes 4
The next advance was another tenfold increase in speed
to 1000 Mbps or 1 Gbps. This was standardized in 1998
as GbE or 1000BaseX, which initially ran only over Source MAC
Preamble Data CRC
fiber but was extended in 1999 to run over copper as address
well in the form 1000BaseT.
Other significant advances in Ethernet technologies in Maximum 1518 bytes
the last decade include (excluding preamble)
G0EXX04 (was G0Eui05 in 1E)
● Auto-negotiation: This was developed in 1996 to Ethernet. The Ethernet II frame format.
support hybrid 10/100 Mbps Ethernet gear and has
been extended to 10/100/1000 Mbps as well. Ethernet stations transmit data over the wire in pack-
ages called frames. An Ethernet frame has a minimum
● Ethernet switching: The first Layer-2 switches size of 64 bytes and a maximum size of 1518 bytes. A
became available in 1992, and VLAN (virtual total of 18 bytes are used for information such as source
LAN) features were added in 1998. and destination addresses, network protocol being used,
and other frame overhead. Thus, the maximum payload
size (amount of data carried) for an Ethernet frame is
442
Ethernet Ethernet
1500 bytes. Ethernet packages data into a frame by four For example, 10BaseT means 10-Mbps baseband trans-
different Ethernet encapsulation methods: mission over Twisted-pair cabling media.
● Ethernet II, used for Transmission Control Proto- Prospects
col/Internet Protocol (TCP/IP) The prospects for the continuing evolution of Ethernet
look strong. On the horizon is 10 GbE (10 Gbps Ether-
● Ethernet 802.3, called Raw 802.3 in Novell net-
working and used for connectivity with NetWare
net), which will probably become the next upgrade for
enterprise network backbones. Another advance is the
E
3.11 and earlier
recent incorporation of Quality of Service (QoS) fea-
● Ethernet 802.2, also called Ethernet 802.3/802.2 tures into Ethernet using the 802.1p standard, making
without subnetwork access protocol (SNAP) and Ethernet more suitable for carrying delay-sensitive traf-
used for connectivity with NetWare 3.12 and later fic such as voice an area that until now has been domi-
nated by Asynchronous Transfer Mode (ATM).
● Ethernet SNAP, also called Ethernet 802.3/802.2
with SNAP and created for compatibility with Mac- Optical Ethernet is a new development that sees carriers
intosh and TCP/IP systems such as Yipes extend high-speed Ethernet metropolitan
area network (MAN) and wide area network (WAN)
Implementation
connections to businesses in metropolitan areas, elimi-
Ethernet can use virtually any physical networking topol-
nating the need for costly Ethernet-to-ATM/Synchro-
ogy and cabling system (medium). Although a star topol-
nous Optical Network (SONET) access devices and
ogy (stations that are wired in a star-like configuration
turning corporate WANs into large Ethernet local area
to a central hub) is often used from the physical point of
networks (LANs).
view, all Ethernet networks are logical bus-topology net-
works at heart. One station places a signal on the bus, and Another amazing development is that Ethernet is being
that signal travels to every other station along the bus. considered in some quarters as a bus technology to replace
PCI for computer system buses. One company involved in
Ethernet is available in three speeds and can be further
this development is Performance Technologies.
differentiated by media and other considerations, as
shown in the table. Where Ethernet will finally hit the wall and be replaced by
some other technology is anyone’s guess. In the past 20
Ethernet Speeds, Types, Standards, and Specs
years, Ethernet has delivered all but knockout blows to its
Type of IEEE IEEE competitors in the LAN arena, including Token Ring,
Speed Ethernet Standards Specs Fiber Distributed Data Interface (FDDI), and ATM.
10 Mbps Ethernet 10Base2 802.3 Whether it can do the same in the WAN arena reamins
10Base5 still in question, but it is bound to be an exciting fight.
10BaseF
10BaseT Notes
100 Mbps Fast 100BaseFX 802.3u The various Ethernet framing formats are incompati-
Ethernet 100BaseT ble, so if you have a heterogeneous Ethernet network,
100BaseT4 you must specify the correct frame type to allow
100BaseTX machines running Microsoft Windows NT to see your
1000 Mbps GbE 1000BaseCX 802.3z Novell NetWare servers. Windows NT allows you to
or 1 Gbps 1000BaseLX select Auto Detect from the Frame Type drop-down
1000BaseSX list on the NWLink IPX/SPX-Compatible Transport
1000BaseT protocol configuration property sheet if you do not
know what frame type your NetWare servers are
Ethernet media specifications such as 10BaseT may using. (In Windows 2000, Windows XP, and Windows
seem strange and obscure but can be easily interpreted. .NET Server, select the check box next to Auto Frame
443
Ethernet address Ethernet Industrial Protocol (Ethernet/IP)
444
Ethernet/IP Ethernet switch
445
Ethernet switch Ethernet switch
width available to any one station is still only 10 Mbps, Ethernet switch. Comparison between how a hub and an
no more than for the hub. The difference is that this 10 Ethernet switch work.
Mbps bandwidth is guaranteed to be always available
When an Ethernet frame arrives at a port, the destina-
for each station!
tion MAC address is read from the first 64 bits of the
Architecture frame. This destination address is then found in the
A basic Ethernet switch operates at Layer 2 (the data switch’s internal address table to determine the correct
link layer) of the Open Systems Interconnection (OSI) destination port for the frame. Once this is determined,
model. Like a bridge, an Ethernet switch is a smart the switching fabric (a mesh-like connection) inside the
device that can learn the media access control (MAC) switch establishes a temporary logical connection
address of each connected station by listening to net- between the incoming and destination ports, forwards
work traffic. The switch builds an internal table listing the frame, and then tears down the connection. Ethernet
the MAC address of each port and consults this table switches are also capable of establishing multiple inter-
when it needs to forward incoming packets. nal logical connections simultaneously between differ-
446
Ethernet switch Ethernet switch
ent pairs of ports. The result is that each port receives 3.x networks where Internetwork Packet Exchange/
the switch’s full dedicated bandwidth at all times, giv- Sequenced Packet Exchange (IPX/SPX) was less
ing Ethernet switches intrinsically much more band- tolerant to delay than Internet Protocol (IP). Limita-
width than shared hubs. tions in bridging electronics also made cut-through
switching appealing in the earliest implementa-
The actual mechanism by which switching (the for-
tions, but advances in electronics have made store-
warding of the packet between the ports) occurs divides
Ethernet switches into two general device classes:
and-forward switching more appealing. The first E
commercial Ethernet switches were cut-through
● Store-and-forward switches: This type waits until switches developed in 1990 by Kalpana, which is
the entire incoming frame arrives, buffers the now a subsidiary of Cisco Systems.
frame, reads the destination address from the buff-
Implementation
ered frame, performs cyclical redundancy check
Ethernet switching (or switched Ethernet) can be imple-
(CRC) error checking to verify that the frame is
mented in various ways depending on the OSI layers at
valid, and either forwards the frame to the destina-
which the switches operate. These include
tion port using the switching fabric or drops the
frame if it represents a runt, jabber, or some other ● Layer-2 switch: This basic Ethernet switch
invalid frame. Store-and-forward is the same operates at the OSI data-link layer (Layer 2) and
method by which most bridges work. The advan- is based on bridging technologies as explained
tages of this method are that bad frames are elimi- above. Layer-2 switches establish logical connec-
nated and collisions are handled well, while the tions between ports based on MAC addresses and
disadvantage is that it suffers from high latency are generally used for segmenting an existing
(delay) because the frame must be entirely read and network into smaller collision domains to improve
buffered before being processed. Nevertheless, performance.
most switches used today are of the store-and-for-
● Layer-3 switch: This type operates at the OSI net-
ward type, and Transmission Control Protocol/
work layer (or Layer 3) and is based on routing tech-
Internet Protocol (TCP/IP) is generally well able to
nologies. Layer-3 switches establish logical connec-
handle any additional latency that arises in net-
tions between ports based on network addresses such
works due to use of these switches.
as IP addresses. You can use Layer-3 switches instead
● Cut-through switches: This type reads the frame of routers for connecting different networks into an
as it comes into the receiving port, and after the internetwork, and they generally perform better than
source and destination addresses are read from the routers due to their enhanced electronics. Layer-3
first 64 bits, the switch then checks the internal switches are sometimes called routing switches,
address table and immediately forwards the frame multilayer switches, or sometimes simply routers.
to the correct destination port. Error checking is not
● Layer-4 switch: This is basically an enhanced
performed by cut-through switches, since to per-
Layer-3 switch that has the additional capability of
form this check the CRC byte would have to be read
examining the source and destination ports of
first, and this is located at the end of the frame. As a
Transmission Control Protocol (TCP) and User
result of not performing error checking, cut-through
Datagram Protocol (UDP) connections and making
switches reduce latency and accelerate performance
forwarding decisions based on this information.
over store-and-forward switches, but the result is
They are called Layer-4 switches because they
that collisions can affect overall communications
examine OSI transport layer (Layer 4) information
and bad frames are passed rather than dropped. The
within frames and determine how to forward the
earliest Ethernet switches were of the cut-through
frames based on this information.
type and found particular application in NetWare
447
Ethernet switch Ethernet switch
● Layer-7 switch: In this type of device the entire Main hub Secondary
frame is unpackaged to determine OSI application hub
layer (Layer 7) information such as what applica-
tion layer protocol is being used, such as Hypertext
Transfer Protocol (HTTP) or File Transfer Protocol
(FTP). Frames can then be forwarded or dropped Clients
E based on this information.
● Multilayer switch: This is simply a switch that Secondary
hub
uses unpackaged frame information from several
OSI layers to determine how to forward frames.
For example, most Layer-4 switches are actually Servers
Layer-3/4 switches since they operate at both layers.
Ethernet switches are also distinguished in other ways, A hub-based LAN is a single
such as by the number of ports they have, whether they collision domain, and
operate in half-duplex or full-duplex mode, their trans- clients have poor access
Clients to the servers.
mission speed (for example, 10 Mbps, 1/100 Mbps, or
100/1000 Mbps), ports for connectivity with high-speed
Fiber Distributed Data Interface (FDDI) backbones,
and so on. Advanced features can include Simple Net-
work Management Protocol (SNMP), out-of-band man- Ethernet switch Secondary
agement (OBM), and custom packet filtering. hub
Uses
Ethernet switches have two basic uses: segmenting net-
works to improve performance and interconnecting
networks of different speeds. The most common use Clients
is network segmentation, and introducing Ethernet
Secondary
switches will provide the most obvious benefit for parts
hub
of your network where the most contention occurs. For
example, if you have several heavily used servers on the
same hub-based local area network (LAN) as clients, Servers
the clients have to contend for use of the servers and the
result is poor performance. To improve things, segment
Replacing the main hub with
your LAN into several collision domains, one for each an Ethernet switch segments
hub and one for each group of clients, as shown in the the network into four collision
figure. Now several clients can connect to different Clients domains, and client access
servers simultaneously and receive the full throughput to servers is improved.
of those servers. A good rule of thumb for deciding G0EXX06 (new to 2E)
whether to use switches to segment your existing net- Ethernet switch. Improving performance of a hub-based
work is that switches can improve your network’s per- LAN by using an Ethernet switch.
formance if the current network utilization level is The second main use for switches is to connect fast
higher than 35 percent or if collisions are running at workgroup hubs to slower hubs on a network. Again,
more than 10 percent. the main hub is replaced by an Ethernet switch, typi-
cally 10/100 or 100/1000 Mbps, and the performance of
448
ETRN event
stations on the fast hub is no longer hindered by the Ethernet switches should generally be implemented
presence of the slower parts of the network. Another judiciously within Ethernet networks. Simply replacing
related use for Ethernet switches is to connect every hub with a switch is an unnecessary expense that
100-Mbps Ethernet “islands” to an existing 10-Mbps brings negligible performance enhancement over just
Ethernet LAN. Simply use a 10/100-Mbps Ethernet replacing a few key hubs with switches.
switch with two ports to connect them. You can also
connect two LANs several kilometers apart by using
See Also: Ethernet, hub E
two Ethernet switches, both having one 100BaseT port
and one 100BaseFX port. Connect the switches to the ETRN
LANs, and then connect a fiber-optic cable between the Stands for Extended Turn, an enhancement for Simple
FX ports. Mail Transfer Protocol (SMTP) to enable SMTP hosts
If users in a department have high bandwidth needs, to initiate mail transfers with one another.
such as those running computer-aided design (CAD) or See: Extended Turn (ETRN)
multimedia applications, consider replacing their work-
group hub with an Ethernet switch, or if the number of
users is small, connect their stations directly to the main
EULA
Ethernet switch. A type of contract between a computer software pub-
lisher and the purchaser of the software that outlines the
When purchasing Ethernet switches, make sure they various rights granted to the purchaser for the legal use
have Remote Monitoring (RMON) agents built into of the software.
each port, which will considerably ease remote network
troubleshooting. See: End-User License Agreement (EULA)
Marketplace
Ethernet switches are made all shapes and sizes from e-vaulting
dozens of different vendors. They vary from small Stands for electronic tape vaulting, the practice of back-
12-port 10/100 workgroup switches to modular 1 Gbps ing up data directly to a remote backup facility.
backbone switches supporting Asynchronous Trans-
See: electronic tape vaulting
fer Mode (ATM) and Synchronous Optical Network
(SONET) connectivity. Probably the most popular 10/
100 Ethernet switches are those of the Cisco Catalyst event
3500 Series XL, which by some counts are deployed Any operating system or software condition that is logged
twice as often as any other type of similar switch from by the Event Logging service of Microsoft Windows 2000,
other vendors. A popular enterprise switch used for col- Windows XP, and Windows .NET Server.
lapsed backbones is the Big Iron 4000 switch from
Overview
Foundry Networks. Another widely deployed backbone
You can view events by using the administrative tool
switch is the Hewlett-Packard 9304.
called Event Viewer. There are five basic types of
Issues events:
Although Ethernet switches relieve traffic congestion
● Errors: These events represent a significant prob-
by segmenting collision domains, they do have some
lem that can lead to loss of data or functionality in
disadvantages:
the operating system, such as failure of a service to
● They are generally several times more expensive start upon reboot. The corresponding symbol in the
than hubs of the same speed. system or application log is a red stop sign.
● Networks involving switches are more difficult to ● Warnings: These events indicate some impending
monitor and troubleshoot. problem such as low remaining disk space. The
449
Everyone group Exchange Server
corresponding symbol in the system or application this group and assign appropriate permissions to other
log is an exclamation point superimposed on a groups, such as Administrators and Users.
yellow circle.
Be careful about assigning additional permissions to the
● Information: These events indicate that a signifi- Everyone group. If you allow users who do not have
cant system operation has successfully occurred for valid user accounts to access the network using the
E example, a service has started. The corresponding
symbol in the system or application log is an infor-
Guest account, they will gain any permissions and
rights assigned to the Everyone group.
mation sign—that is, the letter i superimposed on a
See Also: built-in group, special identity
blue circle.
Successes: These events are recorded only in the
●
Exchange Server
security log and represent auditing information
Microsoft Exchange Server 2000 is Microsoft Corpora-
concerning the successful completion of attempts to
tion’s premier messaging and collaboration solutions-
access secured resources, such as when a user logs
building platform for Windows 2000. Exchange 2000 is
on to the network.
part of the Microsoft BackOffice suite of server applica-
● Failures: These events are recorded only in the tions. Exchange Server is designed for mission-critical
security log and represent auditing information enterprise-level messaging solutions and includes such
concerning failed attempts to access secured features as
resources, such as when a user attempts to access
● Intelligent message rerouting
a shared folder and fails.
● Transaction-based directory services
Everyone group ● Fault-tolerant message store
A system group existing on all Microsoft Windows NT,
● Built-in server and link monitoring tools
Windows 2000, Windows XP, and Windows .NET
Server servers and workstations. ● Connectors and gateways for connectivity with
foreign mail systems
Overview
The Everyone group is one of seven (additional new Exchange 2000 can coexist with most popular and leg-
groups exist on Windows XP and Windows .NET acy mail systems and can be used for messaging con-
Server) built-in system groups that are defined on net- nectivity with the following:
works based on the Windows 2000, Windows XP, and
● Microsoft Mail
Windows .NET Server operating system and includes
all local and remote users. This includes users from dis- ● Internet mail (Simple Mail Transfer Protocol
trusted domains and non-Windows networks. By [SMTP])
default, the Everyone system group has the sole preas-
● X.400
signed system right “Access this computer from net-
work.” You can grant additional rights to this group if ● Lotus cc:Mail
desired. You cannot modify the membership of system
● IBM PROFS and SNADS
groups such as the Everyone group directly.
Exchange 2000 supports all key industry messaging
Notes
standards, including:
When you share a folder on a server running Windows
2000 or Windows .NET Server, or on a workstation ● Internet messaging standards such as SMTP, Post
running Windows XP, full control permission is initially Office Protocol 3 (POP3), Internet Message Access
assigned to the Everyone group. It is advisable to remove Protocol 4 (IMAP4), Lightweight Directory Access
450
experience experience
Protocol (LDAP), Hypertext Transfer Protocol that incorporates Extensible Markup Language (XML)
(HTTP), Network News Transfer Protocol (NNTP), as part of its specification. Exchange 2000 also tightly
Secure Sockets Layers (SSL), Multipurpose Inter- integrates with Internet Information Services (IIS),
net Mail Extensions (MIME), and Secure/Multipur- Microsoft’s Web services platform and uses IIS as its
pose Internet Mail Extensions (S/MIME) Internet messaging protocol handler. Exchange 2000 is
available in several editions and can be deployed in var-
● X.400 messaging standards
ious ways, including as a messaging system for small E
● Microsoft’s Messaging Application Programming companies, a platform for building collaborative work-
Interface (MAPI) flow applications for large enterprises, Internet mail
servers for Internet service providers (ISPs), and hosted
The Microsoft Outlook 2000 client software, part of the
messaging and collaboration services offered by Appli-
Microsoft Office 2000 suite of business productivity
cation Service Providers (ASPs).
tools, complements Exchange Server by providing
users with a full desktop information-management For More Information
tool for managing messages, appointments, tasks, and Find our more about Exchange 2000 at
contacts. Although the preferred client for Exchange www.microsoft.com/exchange.
2000 is Outlook 2000, Exchange clients are available
See Also: BackOffice, e-mail
for all the popular operating systems, including MS-
DOS, Windows 3.x, Windows 95, Windows 98,
Windows NT, Windows 2000, Apple Macintosh, UNIX, experience
and OS/2. Note that the features supported by different A modern term used to describe applications that have
clients vary with the platform used. an interface designed for the user.
History Overview
Exchange 4 replaced Microsoft Mail 3.51 in 1996 as The term experience has recently come into common
Microsoft’s client/server messaging and collaboration use in programming parlance to describe any applica-
system. Exchange 4 employed an X.500-based direc- tion that has a customizable user interface. Developers
tory and natively supported the SMTP, MIME, MAPI, who work on client software are thus “developing expe-
and X.400 messaging standards, with X.400 being riences” for the users of their software.
the underlying message transport protocol. In 1997,
The term experience is also used in the discussion of
Exchange 5 was released, which supported additional
Microsoft Corporation’s .NET platform to mean the
Internet standards such as POP3 for mailbox access,
delivery of integrated functionality to users through
NNTP for Usenet newsgroups, LDAP for X.500 direc-
Web services. The .NET platform is designed to allow
tory access, HTTP and HTML for Web browser access,
developers to build compelling user experiences that
and SSL for secure authentication and encryption. Later
will provide sets of targeted functionality to bring about
in 1997 Exchange Server 5.5 added support for Micro-
the next phase of the Internet’s evolution. Some of the
soft Cluster Server, IMAP4 and S/MIME protocols,
pieces already in place to provide this experience
Key Management services, Virtual Organizations, and
include
unlimited message store size.
● bCentral, a resource for small businesses
Exchange 2000 was a radical departure from early ver-
sions because it eliminated the proprietary Exchange ● MSN (the Microsoft Network), targeted for
directory and instead tightly integrated Exchange with consumers
Windows 2000’s Active Directory directory service.
● Microsoft Office, aimed at knowledge works
Exchange 2000 includes the Web Storage System,
which provides a hierarchical data storage mechanism ● Visual Studio.NET, targeted for developers
451
extended partition extender
452
Extensible Authentication Protocol (EAP) Extensible Firmware Interface (EFI)
Remote station
allowing any kind of authentication to be used, including E
● Smart cards such as Fortezza, SecurID, and other
Extender token technologies.
● MD5-CHAP, which provides 128-bit encryption
during authentication.
● Kerberos authentication, the standard authentica-
tion method for Windows 2000, Windows XP, and
Extender
Windows .NET Server.
● Transport Layer Security (TLS), which is imple-
mented in Web browsers, smart cards, biometric
G0EXX07 (was G0Eui10 in 1E)
Extender. Using an extender to join a remote station to a authentication devices, and so on.
local area network (LAN).
In Microsoft Windows 2000 and Windows .NET
Extenders are also available for increasing the maxi- Server, EAP is supported by both the Routing and
mum connection distance for other data transmission Remote Access Service (RRAS) and Internet Security
technologies such as the Small Computer System Inter- and Acceleration (IAS) services and by dial-up net-
face (SCSI) bus. A normal SCSI bus is limited to about working (DUN). Each type of EAP authentication
20 feet (6 meters), but a fiber-optic SCSI extender can method allowed is implemented through specific
increase this distance to 0.6 mile (1 kilometer) or more plug-in modules designated dynamic-link libraries
using duplex fiber-optic cable. You can use parallel (DLLs) on both the client and the server. So if you pur-
extenders for directly connecting to printers located in a chase a smart card system from a vendor for use with
different building. You can use serial extenders to con- Windows 2000 or Windows .NET Server remote
nect computers to remote RS-232 serial test equipment access, you run the vendor’s Setup program on both
located in laboratories in different buildings. your DUN client and Remote Access Service (RAS)
server to install the necessary EAP DLLs.
Extensible Authentication See Also: Point-to-Point Protocol (PPP)
Protocol (EAP)
A security enhancement of Point-to-Point Protocol (PPP).
Extensible Firmware Interface
Overview (EFI)
Extensible Authentication Protocol (EAP) is an exten- A new firmware standard for 64-bit Intel processors.
sion to PPP specified in RFC 2284. EAP allows for an
Overview
arbitrary authentication method to be negotiated during
Extensible Firmware Interface (EFI) is a new standard
initialization of a PPP session. This is accomplished dur-
for the firmware that is used to boot PCs using Intel
ing the Link Control Protocol (LCP) negotiation portion
Corporation’s new 64-bit Itanium processor family. EFI
of the PPP session establishment sequence. EAP allows
is required for all Itanium-based systems that will run
third-party security products to be used to provide addi-
453
Extensible Markup Language (XML) exterior gateway protocol (EGP)
454
Exterior Gateway Protocol (EGP) Exterior Gateway Protocol (EGP)
confusing use of the term Exterior Gateway Proto- of dynamic routing was introduced and two kinds of
col (EGP) here—EGP stands both for the general dynamic routing protocols were developed:
category of inter-AS routing protocols and also for
● Interior gateway protocols (IGPs): These are
the first actual protocol developed within this cate-
used for routing within an AS and are thus intra-AS
gory. In other words, EGP is one of two examples
routing protocols. IGPs allow the routers within an
of an EGP! For more information, see the second
article titled “Exterior Gateway Protocol (EGP),”
AS to exchange routing table information with each
other dynamically. Examples of IGPs include Rout-
E
which is the next entry in this chapter.
ing Information Protocol (RIP) and Open Shortest
● Border Gateway Protocol (BGP): This is a newer Path First (OSPF).
EGP that has replaced the Exterior Gateway Proto-
● Exterior gateway protocols (EGPs). These are
col for inter-AS communication on the Internet.
used for routing between different ASs and are thus
See Also: autonomous system (AS), Border Gateway inter-AS or interdomain routing protocols. EGPs
Protocol (BGP), dynamic routing, Exterior Gateway allow routers on the borders between different ASs
Protocol (EGP), interior gateway protocol (IGP), to exchange routing table information with each
Internet, routing protocol dynamically. Examples of EGPs include Exterior
Routing Protocol (EGP), from which the more gen-
eral category EGP was later derived, and Border
Exterior Gateway Protocol
Gateway Protocol (BGP), the EGP commonly in
(EGP)
use on the Internet today.
The original exterior routing protocol used to connect
autonomous systems on the Internet. Implementation
Exterior Gateway Protocol, as defined in RFC 904, is
Overview
based on the distance vector routing algorithm, but has
Exterior Gateway Protocol (EGP) was the original
the limitation that it only maintains information about
interdomain routing protocol developed for communi-
a single route between two different ASs. EGP thus
cating routing information between autonomous sys-
assumes that only a single path exists between any two
tems on the Internet. In fact, the idea of autonomous
ASs within the Internet, a condition that was seen early
systems was developed in conjunction with EGP.
on as unrealistic. EGP also does not indicate the cost of
EGP was developed in 1982 for the ARPANET, the pre- the route between two ASs, only whether the route is
cursor to the Internet, and was conceived at a time when reachable or unreachable. Furthermore, EGP supported
the Internet was envisioned as a single core network only classless routing, and when it was implemented it
to which various other networks were connected. The was already obvious that the class A/B/C system of allo-
developers of the Internet saw early on that scaling prob- cating Internet addresses would soon exhaust available
lems would occur as the Internet grew in size and com- addresses. As the Internet grew it became more complex
plexity, and so the idea of apportioning the Internet into in its structure as multipath connections between ASs
separate sections called autonomous systems (ASs), each began to develop. EGP’s weakness was quickly realized
under someone else’s authority, was developed. Large and BGP was developed to replace it. BGP also supports
private internetworks connected to the Internet were Classless Interdomain Routing (CIDR), which super-
assigned autonomous system numbers (ASNs), and the seded the Internet’s earlier classful routing system.
core network itself was divided into several ASs.
Today EGP is considered a legacy routing protocol and
To facilitate exchange of routing information between is no longer used on the public Internet, although it is
routers connecting these different networks, the concept
455
exterior routing protocol extranet
456
extranet extranet
457
F
F
failback
In clustering technology, the action of moving Node A resources: Node B resources: F
resources back to a failed node or primary node (a FilePrint group 1
computer in a cluster) once it has been recovered. FilePrint group 2
This action can take place manually or automatically FilePrint group 3
failover
depending on how the cluster is configured.
Node B
Overview
Suppose you have a cluster that has two nodes, each
containing different resources. If Node A experiences FAILURE
failure, failover occurs and the workload of Node A (its Cluster
set of resources) is transferred to Node B. When Node
Node A
A reboots, it checks with Node B to see which resources
are running on Node B and discovers that some of these
cluster groups would “prefer” to reside on Node A. At
this point failback will occur if the cluster is configured
to failback automatically if the primary node recovers.
The preferred groups are then moved from Node B back
to Node A. Failback might be configured to occur
immediately or at a scheduled time if access to Clients
resources is low.
Notes
Failback is sometimes known as “rebalancing the
workload.” G0FXX01 (was G0Fui01 in 1E)
459
fallback switch fallback switch
Router
RS-232
Fallback
LAN switch
RS-232 CSU/DSU
Modem RS-232
Primary T1
Remote SNMP CSU/DSU
management
terminal Modem
Secondary T1
460
FAQ Fast Ethernet
Uses FAQ
Fallback switches can also be used to provide fault tol-
Stands for frequently asked questions, a list of
erance for a high-speed backbone for Fast Ethernet,
commonly asked questions and their answers.
Fiber Distributed Data Interface (FDDI), or Asynchro-
nous Transfer Mode (ATM) networking. For example, See: frequently asked questions (FAQ)
you can use fallback switches to run two multimode
fiber-optic cables between a pair of Ethernet switches,
Fast Ethernet
instead of having only one cable connecting them. If
one fiber-optic cable goes dark, the fallback switch
A set of Ethernet standards for 100-megabit-per-second
(Mbps) data transmission.
F
immediately detects the problem and switches over to
the backup cable. Overview
Ratified as the IEEE 802.3u specification in 1995, Fast
Fallback switches that can be managed using Simple
Ethernet is an evolution of regular 10 Mbps Ethernet
Network Management Protocol (SNMP) management
that transmits data at 10 times the speed of standard
consoles are very useful. For example, you could use a
Ethernet. Fast Ethernet uses the same contention-based
remote SNMP terminal to cause a fallback switch to
media access control method (Carrier Sense Multiple
change from a primary to a secondary line if you need
Access with Collision Detection, or CSMA/CD) and
to take the primary line down for maintenance. Ganged
the same framing format as standard Ethernet. It also
fallback switches can be used to control multiple serial
runs over the same structured wiring systems as well,
or local area network (LAN) devices simultaneously.
including twisted pair and fiber-optic cabling, with the
For example, you could schedule a ganged switch to
exception that there is no shared media (physical bus)
switch over from a set of primary Web servers to a
cabling option as in 10Base2 and 10Base5 Ethernet.
backup Web server every night during a period of low
traffic while maintenance or backups are performed on Fast Ethernet is actually a group of standards collec-
the primary servers. Be sure to use a fallback switch tively known as 100BaseT. Like the various 10 Mbps
with some form of password protection on its SNMP forms of Ethernet, Fast Ethernet also comes in full- and
management functions. half-duplex varieties and can be implemented as shared
media using hubs or in switched networks.
Examples
An example of a resource requiring high availability is a Uses
high-speed T1 line that is used by remote clients for Fast Ethernet is used mainly for switch uplinks and
accessing a corporate intranet. If the primary T1 line interconnects for high-speed backbones, switch con-
goes down, there must be a backup line that provides nections to high-speed servers in server farms, and
instant, transparent failover support for clients. The islands of high-performance workstations running
solution is to use two T1 lines connected to a fallback bandwidth-intensive software such as computer-aided
switch by a serial interface such as RS-232 or V.35. The design (CAD) or multimedia applications.
fallback switch detects a failure the moment the pri-
Fast Ethernet switches can also be used for segmenting
mary line goes down and can perform a remedial action
your network to reduce bottlenecks caused by users try-
such as
ing to access key servers on the network. Simply con-
● Automatically switching over to the backup line nect each 10/100 autosensing hub to a Fast Ethernet
switch, and connect the servers directly to the switch.
● Sounding an audible alarm to notify administrators
Architecture
● Generating an alert to an SNMP management
Fast Ethernet increases its speed tenfold over standard
console
Ethernet by decreasing the bit time (the time duration of
461
Fast Ethernet Fast Ethernet
each transmitted bit) by a factor of 10. This allows Fast Two-port 10/100
Ethernet to maintain all of the main characteristics of 10 Ethernet switch
Mbps Ethernet and be compatible with 10 Mbps Ether-
net to allow mixed networks of 10 and 100 Mbps seg- 10BaseT
ments to coexist. The Fast Ethernet specifications also stackable hubs
include a mechanism for autonegotiation of frame
speed called autosensing, which lets vendors build dual LAN
10/100-Mbps hubs, switches, and bridges for easily
F incorporating Fast Ethernet into legacy 10 Mbps Ether-
LAN
net networks.
Implementation 100BaseTX Legacy
hub network
Fast Ethernet can be implemented in four different media LAN
(systems with
(cabling) formats, which are collected under the umbrella
10-Mbps access)
designation of 100BaseT. These four formats are
● 100BaseTX: This is the most popular implementa-
tion of Fast Ethernet. 100BaseTX uses two pairs
of wires in Category 5 (Cat5) unshielded twisted-
pair (UTP) cabling (the same cabling as the popular
but lower-speed 10BaseT variety of Ethernet). Systems with
100BaseTX also supports w-pair shielded twisted- 100-Mbps access
pair (STP) cabling as well, but this is rarely used
and is available in both half-duplex and full-duplex
Fast Ethernet. Fast Ethernet island connected to legacy
G0FXX03 (was G0Fui03 in 1E)
signaling.
10BaseT network.
● 100BaseFX: This form can use duplex (two-strand)
Repeaters (hubs) for Fast Ethernet networks come in
50 or 62.5 micron multimode fiber-optic cable or 9
two varieties:
micron single mode cabling, typically terminated with
ST connectors. It is used mainly for backbone wiring ● Class I repeaters: Perform internal signal transla-
such as switch-switch connections and is available in tion that introduces slight propagation delays but
both half-duplex and full-duplex signaling. allows different types of Fast Ethernet media, such
as 100BaseTX and 100BaseFX, to be connected.
● 100BaseT4: This form uses all four pairs of wires
You can use only one Class I repeater per Fast
in twisted-pair cabling and enables Fast Ethernet to
Ethernet segment.
be used over inexpensive Category 3 (Cat3) UTP
cabling. 100BaseT4 supports half-duplex signaling ● Class II repeaters: Take incoming signals and
only. repeat them immediately (without translation) to all
outgoing ports, thus minimizing port latency. Class
● 100BaseT2: This form uses two pairs of wires in
II repeaters require that all ports connect to the
either Cat3, Category 4 (Cat4), or Cat5 UTP
same media, such as 100BaseTX. You can use up to
cabling and supports both half- and full-duplex sig-
two Class II repeaters per Fast Ethernet segment.
naling. This option was developed by the Institute
of Electrical and Electronics Engineers (IEEE) but For 100BaseTX, attached stations cannot be more than
was never implemented in commercial Fast Ether- 328 feet (100 meters) from a hub or repeater (same as
net equipment. 10BaseT) with the maximum network diameter being
690 feet (210 meters), compared to 1640 feet (500
462
FAT FAT
463
FAT32 FAT volume
FAT32 disk compression. The only time you’d use FAT32 with
An enhanced version of a file allocation table (FAT), Windows 2000, Windows XP, or Windows .NET Server
supported by Microsoft Windows 95 OSR2, Windows 98, is in a dual-boot situation, which Microsoft Corporation
Windows Millennium Edition (Me), Windows 2000, does not recommend. Note that in a dual-boot system,
Windows XP, and Windows .NET Server. FAT32 volumes cannot be accessed by any operating
systems other than Windows 95 OSR2, Windows 98,
Overview Windows 2000, Windows XP, or Windows .NET
FAT32 theoretically supports drives of up to 2 tera- Server. For dual-boot with Windows 95, Windows 98,
F bytes (2048 gigabytes [GB]) in size, although for
Windows 2000, Windows XP, and Windows .NET
or Windows NT, drive C must be a FAT partition.
Server the actual size limit is 32 GB. If the installation Remember, a client that connects over the network to
partition is smaller than 2 GB, it will automatically be a shared folder in Windows 2000, Windows XP, or
formatted using FAT. If the installation partition size is Windows .NET Server can access files in that folder
equal to or greater than 2 GB, it will automatically be regardless of whether the folder is stored on an NTFS,
formatted as FAT32. FAT, or FAT32 volume—provided the client has the
appropriate permissions to do so.
FAT32 uses a smaller cluster size than FAT so is more
efficient at utilizing disk space on large volumes (those See Also: file allocation table (FAT), NTFS file system
greater than 512 megabytes [MB] in size) than FAT. (NTFS)
The savings in disk space using FAT32 instead of FAT
for large volumes is typically 20 to 30 percent. The fol- FAT volume
lowing two tables show the difference in cluster sizes A partition on a physical disk formatted using the file
between the original FAT and FAT32. allocation table (FAT) file system.
FAT Cluster Sizes Overview
Drive Size FAT Cluster Size FAT volumes can be used to share folders for users to
0 MB–32 MB 512 bytes access over the network, but they lack the advanced secu-
33 MB–64 MB 1 kilobyte (KB) rity control and auditing features of NTFS file system
65 MB–128 MB 2 KB (NTFS) volumes. The maximum file partition size is 4
129 MB–256 MB 4 KB gigabytes (GB) in Microsoft Windows NT and 2 GB in
257 MB–512 MB 8 KB MS-DOS, Windows 3.x, Windows 95, and Windows 98.
513 MB–1024 MB 16 KB Windows 2000, Windows XP, and Windows .NET
1025 MB–2048 MB 32 KB Server will actually format a partition as FAT32 if the
partition is larger than 2 GB.
FAT32 Cluster Sizes Notes
Drive Size FAT32 Cluster Size Be sure to regularly defragment heavily used FAT vol-
260 MB–8 GB 4 KB umes because the FAT file system can easily become
9 GB–16 GB 8 KB fragmented when files are deleted and created. Use FAT
17 GB–32 GB 16 KB volumes instead of NTFS volumes when you want to
More than 32 GB 32 KB dual-boot Windows NT, Windows 2000, Windows XP,
or Windows .NET Server systems with earlier MS-
Notes DOS, Windows 3.x, Windows 95, or Windows 98
Using FAT32 (or FAT) with the Windows 2000, systems.
Windows XP, and Windows .NET Server operating
system platforms is not recommended because it does See Also: file allocation table (FAT), NTFS file system
not offer the security features that are provided by the (NTFS)
NTFS file system (NTFS). FAT32 also does not support
464
fault tolerance Federal Communications Commission (FCC)
FCC FDMA
Stands for Federal Communications Commission, a
Stands for Frequency Division Multiple Access, the
U.S. government agency regulating all aspects of
signal multiplexing technology used in the Advanced
telecommunications.
Mobile Phone Service (AMPS) analog version of cellu-
See: Federal Communications Commission (FCC) lar phone technology.
See: Frequency Division Multiple Access (FDMA)
FDDI
Stands for Fiber Distributed Data Interface, a Federal Communications
high-speed network technology used mainly for Commission (FCC)
campus backbones. A U.S. government agency regulating all aspects of
See: Fiber Distributed Data Interface (FDDI) telecommunications.
Overview
FDDI token passing The Federal Communications Commission (FCC) was
The token-passing access method for Fiber Distributed established under the Communications Act of 1934 as
Data Interface (FDDI) networking. an independent federal regulatory agency. Among other
465
Federal Information Processing Standard (FIPS) Fiber Distributed Data Interface (FDDI)
466
Fiber Distributed Data Interface (FDDI) Fiber Distributed Data Interface (FDDI)
a version of FDDI called Copper Distributed Data Inter- ● FDDI with LLC and SNAP: Default format for
face (CDDI) that is implemented using copper cabling encapsulating Internetwork Packet Exchange (IPX)
instead of fiber-optic cabling, but this is not as popular packets on FDDI
as the fiber version.
Implementation
FDDI is standardized by the X3T9 committee of the FDDI is usually implemented as a dual token-passing
American National Standards Institute (ANSI) and is an ring that uses a physical and logical ring topology for
International Organization for Standardization (ISO) campus-wide backbone networks or a physical ring but
standard. logical star topology for FDDI LANs within a building.
An FDDI dual ring consists of a primary and secondary
F
Architecture
ring operating in a counter-rotating fashion. While the
FDDI uses a token-passing technology similar to that of
primary ring always carries data, the secondary ring is
Institute of Electrical and Electronics Engineers (IEEE)
usually reserved as a backup in case the primary ring
802.5 Token Ring networks. FDDI stations generate a
goes down. This scheme provides FDDI with the degree
three-octet token that controls the sequence in which other
of fault tolerance valuable for mission-critical network
stations will gain access to the wire. The token passes
backbones. In the event of a failure on the primary ring,
around the ring, moving from one node to the next. When
FDDI automatically reconfigures itself to use the sec-
a station wants to transmit information, it captures the
ondary ring, as shown in the illustration. Faults can be
token, transmits as many frames of information as it
located and repaired using a fault isolation technique
wants within the specified access period and releases the
called beaconing.
token (this feature of transmitting multiple data frames
per token capture is known as a timed token or capacity FDDI can also be implemented in a form where the sec-
allocation scheme and differentiates it from the priority ondary ring also carries data, but in the opposite direction
mechanism used in IEEE 802.5 Token Ring). Each node from the primary ring. This configuration extends the
on the ring checks each and every frame to see if it is the maximum potential bandwidth of FDDI to 200 Mbps.
frame’s intended recipient, and the recipient node reads
Nodes (or stations) on an FDDI backbone can connect
the information from the frame. When a frame completes
to either one or both rings depending on the media
its travel around the ring and returns to its originating
interface connector (MIC) employed. These nodes may
node, the frame is stripped from the ring.
be directly attached computer systems, concentrators
FDDI is a connectionless networking architecture that (similar to Token Ring Multistation Access Units
supports both asynchronous and synchronous transmis- [MAUs]), or bridges and switches for connecting FDDI
sion. FDDI packages data in frames that use 48-bit to other LAN/WAN architectures. The two ways of
addressing similar to MAC addressing for Ethernet. attaching nodes to an FDDI backbone are
The frame size for an FDDI frame can range from 32
● Dual-Attached Stations (DAS): Also called Class A
to 4400 bytes. FDDI frames can encapsulate local area
stations, these devices connect to both rings using dual
network (LAN) traffic such as Internet Protocol (IP)
fiber-optic connectors. The A port is the point at which
packets for transmission over FDDI backbones. Differ-
the primary ring enters and the secondary ring leaves,
ent FDDI implementations use one of three possible
and the B port is the reverse. Dual-attached stations
framing formats:
use both rings, with the secondary ring serving as a
● FDDI-raw: Supported by Cisco routers running backup for the primary. Dual-attached FDDI is used
Internetwork Operating System (IOS) versions primarily for network backbones that require fault tol-
11.1.x and later, and by some third-party vendors erance. Single-attached stations can be connected to
dual-attached FDDI backbones using a dual-attached
● FDDI with LLC: Supported by IOS versions 10.0
device called a concentrator or multiplexer.
and earlier
467
Fiber Distributed Data Interface (FDDI) Fiber Distributed Data Interface (FDDI)
468
fiber exhaust fiber-optic cabling
Notes
(ADSL) technology becomes more and more widely
deployed, this creates stress on the capacity of the Inter-
F
When bridging between Ethernet LANs and FDDI net’s backbone for carrying all this additional traffic.
backbones, be aware that there are two types of bridges: Another factor contributing to fiber exhaust is the move
● Encapsulating bridges: Encapsulate Ethernet within the corporate arena toward new high-bandwidth
frames into FDDI frames services such as Internet Protocol (IP) telephony and
video multicasting technologies delivered over the
● Translating bridges: Translate source and disten- Internet. Some analysts foresee conditions arising
tion MAC addresses into FDDI addresses within the next few years that could cause significant
Deploying these two FDDI bridging technologies degradation in the performance of the Internet due to
together can result in incompatibilities. For example, the proliferation of these services.
although Cisco FDDI bridges can generally interoper- Strategies that telecommunications carriers can use to
ate with translating bridges from other vendors, their prevent fiber exhaust from occurring include
encapsulation method is proprietary and usually will
not work with encapsulating bridges from other ven- ● Creating additional high-speed, fiber-optic backbone
dors. Both types of bridging methods are commonly lines for the Internet by laying down more fiber
used in FDDI networks. ● Using dense wavelength division multiplexing
The following table shows some troubleshooting tips (DWDM) technologies to enable existing fiber
for FDDI networks. backbones to carry additional traffic
469
fiber-optic cabling fiber-optic cabling
(GbE) backbone networks, long cable runs between The bandwidth of a fiber-optic cable depends on the
buildings, and switched connections to high-speed distance (length of the cable) as well as the frequency
server farms and high-performance workstations. used for transmitting the signal. Fiber bandwidth is usu-
ally expressed in frequency-distance form—for exam-
ple, in megahertz-kilometers, or MHz-km. In other
words, a 500-MHz-km fiber-optic cable can transmit a
signal a distance of 5 kilometers at a frequency of 100
MHz (5 x 100 = 500), or a distance of 50 kilometers at
F a frequency of 10 MHz (50 x 10 = 500). In other words,
jacket there is an inverse relationship between frequency and
strengthening fibers distance for transmission over fiber-optic cables—the
coating higher the frequency, the shorter the distance supported.
cladding Uses
core Fiber-optic cabling is often used for campus-wide back-
G0FXX05 (was G0FUI05 in 1E)
bones, long cabling runs between buildings, and local
Fiber-optic cabling. Composition of fiber-optic cabling. area network (LAN) connections to heavily used serv-
As shown in the illustration, fiber-optic cabling consists ers or high-speed workstations. Fiber is still not used
of a glass core between 5 and 100 microns in diameter extensively at the LAN level because it is more expen-
(for comparison, a sheet of paper is about 25 microns sive and more difficult to install than copper cabling,
thick and a human hair about 75 microns thick). This but the gain in capacity to support future network
glass core is the signal-carrying medium of the cable, upgrades often compensates for the increased installa-
and its extreme purity and transparency allow light to tion costs.
travel along it for many miles before being attenuated.
The glass core is surrounded by a thin layer of pure sil-
ica called cladding, which prevents light from escaping
from the core by a process called total internal reflec- LAN
tion. Surrounding the cladding are protective layers Line driver
of acrylic plastic coating that give the cable stiffness
to prevent it from being excessively bent (bending a V.35
fiber-optic cable too much can cause the glass core to
fracture), Kevlar fibers for providing additional strength Fiber-optic cable
Bridge/router
to resist stretching during installation, and a waterproof
Bridge/router
protective polyvinyl chloride (PVC) jacket that is usu- Fiber-optic cable
ally colored a distinctive orange. V.35
470
fiber-optic cabling fiber-optic cabling
Multimode fiber of 62.5 micron diameter is the main ● Steel-reinforced cable: This type of cabling uses a
type of fiber used for GbE networking. This is because corrugated steel inner tube for protecting cable that
62.5 micron multimode fiber is also the standard for needs to be buried or run outdoors.
widely deployed 10BaseF Ethernet and 100BaseFX
Fiber-optic cabling is also available for purchase in bulk
Fast Ethernet (and also FDDI) networks. This type of
for those who want the challenge of terminating it them-
fiber supports distances up to 1800 feet (550 meters),
selves, but most customers buy standard or custom pre-
making it suitable for building GbE backbones within
terminated cables from suppliers. These cables can be
buildings. If gigabit transmission over longer distances
is required, 50 micron multimode fiber can be used
simplex or duplex; they can be single-mode or multimode
(multimode is most common); and they can be terminated
F
instead, but this reduces flexibility since this type can-
with ST-ST, ST-SC, SC-SC, or SMA connectors.
not be used for slower Ethernet networks. For really
long GbE fiber connections, such as between buildings Implementation
on a campus or across a metropolitan area network There are two basic types of fiber-optic cabling:
(MAN), single-mode fiber must be used.
● Single-mode fiber-optic cabling: Has a narrow
Fiber is used also in heavy industrial environments core (typically 7.1, 8.5, or 9 microns in diameter)
where machinery can cause high levels of electromag- that allows only one signal (light beam) to be sent
netic interference (EMI). Long-distance telecommuni- or received at a time. Single-mode fiber-optic
cations carriers such as Sprint Corporation, MCI cabling uses laser-emitting diodes operating at fre-
Worldcom, and AT&T also use fiber-optic cabling quencies between 1270 and 1355 nanometers (in
extensively for their long-haul (long-distance) telecom- the infrared range) to transmit signals over dis-
munications trunk lines. tances up to about 30 miles (50 kilometers) before
dispersion will distort signals. Single-mode fiber is
Different styles of fiber-optic cabling exist, depending
therefore ideal for long cable runs (up to 50 times
on the intended use. Examples include the following:
farther than for multimode fiber-optic cabling).
● Duplex multimode cable: With 62.5-micron core
● Multimode fiber-optic cabling: Has a thicker core
and 125-micron cladding, this is the most common
(50, 62.5, or 100 microns in diameter) with suffi-
general purpose cable type for most networking
cient width to allow multiple signals (light beams)
environments that require fiber-optic cabling. These
to be transmitted simultaneously with each signal
cables usually come already terminated with pairs
following a different path or mode through the fiber.
of connectors attached at each end, but you can also
Light-emitting diodes are used to transmit signals
buy the cabling in bulk form where you can sepa-
operating at frequencies between 770 and 860
rate the two cables for termination purposes just as
nanometers (the near infrared) over distances up to
you can with an appliance power cord.
about 3000 feet (900 meters) (longer cable runs can
● Breakout style cable: This style of cabling con- distort signals through modal dispersion). The
tains multiple individual simplex fibers that are thicker the glass core, the shorter the distance sig-
stranded around a central strengthening member. It nals can be carried over the cable before dispersion
is used for work-area connections and does not causes signals to be degraded.
require patch panels.
There are also two different types of multimode fiber:
● Distribution style cable: This style of cabling con-
● Step-index multimode fiber: The less costly vari-
tains multiple individual simplex color-coded fibers
ety of multimode fiber, it uses a wide core with a
that are stranded around a central strengthening
uniform index of refraction, causing the light beams
member. It is often used in backbone applications
to reflect in mirror fashion off the core’s inside sur-
that require multiple fiber connections.
face by the process of total internal reflection.
471
fiber-optic cabling fiber-optic cabling
Because light can take many different paths down ● Bit error rate (BER) for fiber is about 10-10 com-
the cable and each path takes a different amount of pared to 10-6 for copper, making fiber a much more
time, signal distortion can result when step-index reliable transmission media than copper.
fiber is used for long cable runs, so use this type
● Low attenuation, allowing signals to be sent over
only for short cable runs.
distances measured in miles instead of feet.
● Graded-index multimode fiber: The more expen-
● Less than 10 percent the weight of equivalent
sive type of multimode fiber, it uses a core made of
copper cabling.
F multiple concentric layers of glass, each having a
lower index of refraction than the layer it contains. ● Immunity to crosstalk and noise caused by electro-
In graded-index fiber, light beams follow curved magnetic interference (EMI).
paths and all rays reach the end of the fiber simulta-
● Prevention of ground loops by electronically isolat-
neously, reducing the signal distortion that occurs
ing transmitting and receiving stations.
in step-index fiber when long cable runs are used.
● Greater signal security because signals cannot be
Connectors for fiber-optic cabling come in several vari-
picked up by electromagnetic induction as they can
eties, including SC, ST, and SMA connectors. ST con-
from copper cabling. Fiber must be tapped (physically
nectors have a wider installed base, but SC connectors
opened) in order to eavesdrop on the transmission.
are more versatile and more popular and are used in
100BaseFX, GbE, and Fibre Channel deployments. Prospects
SMA connectors are sometimes used but do not con- Although copper has sufficed in many instances as
form to Electronic Industries Association/Telecommu- LAN speeds have increased from 10 Mbps standard
nication Industry Association (EIA/TIA) wiring stan- Ethernet to 1 Gbps GbE, it is not likely to be able to
dards. A newer type of connector is the MT-RJ, which support speeds beyond 4 to 5 Gbps. The impending 10
has a snap latch fastener similar to an RJ-45 plug to GbE specification will likely be a fiber-only specifica-
simplify reconfiguring fiber networks from patch pan- tion, and as a result, copper will probably be considered
els. Other connectors have appeared on the horizon for legacy technology in 5 to 10 years.
special purpose usage, but how popular these will
Although many have argued that fiber is prohibitively
become remains to be seen.
expensive for workgroup LAN deployments, recent case
All forms of networking components are available in studies have suggested that this is not the case. The cost
fiber-capable forms, including network cards, hubs, of laying fiber in a structured wiring scenario is only 10
bridges, switches, and routers. Also available are line to 20 percent higher than laying copper, and fiber net-
drivers, devices that enable you to extend or intercon- work interface cards (NICs) for PCs are nearing prices of
nect LANs in either point-to-point or multipoint con- equivalent RJ-45 NICs. In structured wiring, however,
figurations. Line drivers for fiber-optic cabling are laying fiber everywhere allows you to eliminate the tradi-
available for synchronous or asynchronous transmis- tional wiring closet on each floor and connect floors
sion as well as for single-mode or multimode fiber. directly through patch panels and vertical rises to the
main equipment room. This means you need far fewer
Advantages and Disadvantages
switches and routers in a fiber-based structured wiring
Fiber-optic cabling has many advantages over copper
deployment than in a copper one. For example, Comput-
cabling, including the following:
erWorld magazine reported that when George Washing-
● Data transmission rates of up to 100 gigabits per ton University wired their 80-building campus using
second (Gbps) and higher are supported (copper fiber, only 11 wiring closets were needed compared with
transmission currently maxes out around 5 Gbps). an estimated 160 that would have been required had cop-
per been used. The savings in equipment costs for new
472
fiber to the curb (FTTC) fiber to the curb (FTTC)
installations make fiber a logical choice over copper and fiber to the curb (FTTC)
also lay the groundwork for future upgrades when faster The laying of fiber-optic cabling by telcos to the
networking technologies become available. Enterprise customer premises.
network architects would do well to always seriously
consider using fiber for both new deployments and when Overview
networks are being upgraded. Fiber to the curb (FTTC) is viewed by telcos as the suc-
cessor to the copper local loop and will allow high speed
Another impetus toward the long-awaited goal of fiber to broadband voice, video, and data services to be delivered
the desktop is technological improvements in fiber-optic
cabling and connectors. Some new fiber-optic cabling is
directly to the subscriber on all-fiber lines without requir-
ing conversion to electrical signals for transmission over
F
so flexible that it can be tied in a knot without fracturing copper. FTTC is thus envisioned by telcos as the replace-
the core, making installation simpler and less worrisome. ment for the aging Plain Old Telephone System (POTS).
New and simpler connectors such as the LC connector
Other versions of the acronym include
from Lucent Technologies, Fiber Jack from Panduit Cor-
poration, and VF-45 from 3M Corporation, Corning, and ● FTTB: Fiber to the building, used to describe com-
Siemens make fiber installation and configuration a sim- mercial (as opposed to residential) upgrades of the
ple plug-and-play process, with some of these connectors copper local loop.
rivaling RJ-45 in size.
● FTTN: Fiber to the neighborhood, used to describe
Notes laying fiber from the telco central office (CO) to
Be careful not to stress fiber-optic cabling unduly dur- distribution boxes in neighborhoods.
ing installation. The maximum acceptable bend radius Prospects
is usually 10 times the diameter of the cable, or about FTTC has been talked about by telcos for years, but it
1.2 inches (3 centimeters). Use an optical time domain has not been deployed much for two reasons:
reflectometer (OTDR) to test for faults after installa-
tion. Loss of signal, or attenuation, in fiber-optic cables ● The cost of building an entirely new cabling system
can be caused by absorption (no medium is completely to replace the existing copper one is extremely high.
transparent to light), cable microbending (especially in ● Technologies such as Asymmetric Digital Subscriber
single-mode fiber if it is not installed correctly), con- Line (ADSL) have allowed telcos to deliver high-
nector loss because of poor splicing or poorly installed speed data services and Internet connections to sub-
or misaligned connectors, or coupling loss at the trans- scribers using existing copper local loop lines, and
mitter or receiver. demand for ADSL has not yet been saturated.
For safety, never look down a fiber-optic cable con- A recent change in this situation is Project Pronto, an
nected to your network because the invisible laser light FTTN deployment underway by SBC Communications
can injure your retinas. When splicing connectors onto (a Regional Bell Operating Company [RBOC]). Project
fiber, be careful to avoid getting shards of glass in your Pronto is designed to bring ADSL to areas that are cur-
eyes or on your hands—use double-sided tape to clean rently too far away from COs for this to be possible, and
the connection and remove loose shards and always it involves replacing copper subloops with fiber that
wear protective goggles. runs directly from COs to remote terminals in distant
neighborhoods. Some other RBOCs are also pursuing
For More Information
similar projects, so the era of FTTC may in fact be only
Find out what’s happening in the fiber market at
a few years away, at least in metropolitan areas of the
www.fiberopticsonline.com.
United States.
See Also: copper cabling, dark fiber, SC/ST
See Also: Asymmetric Digital Subscriber Line (ADSL),
connectors, time domain reflectometry (TDR)
fiber-optic cabling, local loop, telco
473
Fibre Channel Fibre Channel
474
Fibre Channel Fibre Channel
475
file file allocation table (FAT)
video traffic, connect computer systems and networks Fibre Channel links to transcontinental distances. Using
to network storage devices, and it can be used in high- FCOP, for example, a SAN in New York can be connected
performance clustering technology. to a corporate network in California over an ATM/
SONET wide area network (WAN) link. A similar stan-
The main disadvantages are that Fibre Channel equip-
dard called Fibre Channel Backbone has also been pro-
ment is generally expensive, the technology is complex
posed as a possible ANSI standard. We will have to wait
(compared to Ethernet), equipment from different ven-
until the dust clears on this one!
dors often suffers from interoperability problems, and
F native file sharing support is not provided. For More Information
Visit the Fibre Channel Industry Association at
Prospects
www.fibrechannel.com.
Interoperability issues between vendor implementa-
tions of Fibre Channel have been one factor slowing See Also: 10G Ethernet, Gigabit Ethernet (GbE),
general adoption of the technology, but new specifica- Small Computer System Interface (SCSI), storage
tions were released in 2000 to help make Fibre Channel over IP
equipment from different vendors work as simply as
plug and play. The two most important of these new
file
specifications are Direct Access File Specification
Information assigned a name and stored on a disk or
(DAFS) and Fabric Shortest Path First (FSPF).
some other media.
More seriously, Fibre Channel faces stiff competition
Overview
from emerging new storage-over-IP network technolo-
Files are the primary unit of information stored on disk
gies including Service Specific Connection Oriented
systems. Examples of files include
Protocol (SSCOP) from SAN Ltd., SCSI over TCP/IP
from IBM and Cisco Systems, EtherStorage from ● Executable files (programs)
Adaptec, and especially 10 GbE. This is somewhat
● Data files (documents, databases)
ironic as the underlying physical layer technologies of
GbE were in fact borrowed from the FC-0 and FC-1 ● Web pages (HTML files)
layers of the earlier Fibre Channel standard!
Files are generally stored in a file system, which pro-
These emerging storage-over-IP technologies promise vides a hierarchical way of saving, locating, and access-
several advantages over Fibre Channel, including more ing information.
familiar underlying technology (Ethernet), better laten-
See Also: file system
cy, lower packet loss, and transmission over longer dis-
tances. The industry debate is sometimes hot, from
Fibre Channel proponents envisioning Fibre Channel file allocation table (FAT)
being used for general local area network (LAN) trans- Specifically, a table maintained on a hard disk by MS-
port to 10 GbE proponents declaring Fibre Channel as DOS and Microsoft Windows operating systems that
dead as FDDI. acts as a table of contents, showing where directories
and files are stored on the disk. By extension, the acro-
But things are constantly changing in the networking nym FAT is also used to refer to the file system itself for
world, and Fibre Channel may be down but not out. A MS-DOS and Windows platforms.
new contender in the arena is Fibre Channel Over IP
(FCOP), a scheme proposed by Lucent Technologies and Overview
other vendors. FCOP encapsulates Fibre Channel frames On Microsoft operating system platforms, when we
in IP packets to allow them to be carried over GbE or even refer to the file allocation table (FAT) file system,
long-haul ATM/Synchronous Optical Network (SONET) we often simply call it the FAT. The FAT is widely
trunk lines, making FCOP a technology that could extend supported by all Windows platforms and can be
476
File and Printer Sharing for Microsoft Networks File and Printer Sharing for Microsoft Networks
installed on partitions of up to 2 gigabytes (GB) in size Different versions of Windows support different file sys-
on Windows 95 and Windows 98, and on partitions tems. The original release of Windows 95 supports only
of up to 4 GB on Windows NT. In Windows 2000, FAT, but Windows 95 OSR2 and Windows 98 support
Windows XP, and Windows .NET Server, if the parti- FAT and FAT32. FAT32 is a newer 32-bit version of FAT
tion size is greater that 2 GB, it will automatically be that was first included with the OSR2 release of Windows
formatted as FAT32. The FAT is often used in dual-boot 95. The original version of FAT is 16-bit and is sometimes
scenarios or when the security and reliability of the referred to as FAT16. Windows NT supports both FAT
NTFS file system (NTFS) is not required. and NTFS, but not FAT32. Windows 2000, Windows XP,
The FAT file system is based on the FAT, a structure that
and Windows .NET Server support FAT, FAT32, and F
NTFS. Possible advantages of using FAT volumes
maps the locations of the clusters in which files and fold-
with Windows NT, Windows 2000, Windows XP, and
ers are stored on the disk. The FAT records the location of
Windows .NET Server include the following:
each cluster that makes up a given file and the sequence
in which it is stored. This is necessary because files usu- ● Multiboot capability: If you need to dual boot
ally are not stored in a contiguous location on a hard disk between Windows 95 or Windows 98 and Windows
because of the presence of disk fragmentation caused by NT, use FAT instead of NTFS because Windows 95
the creation and deletion of files on the disk. For each file and Windows 98 cannot read or recognize NTFS
on a FAT volume, the FAT contains the entry point for the volumes.
allocation unit in which the first segment of the file is
● Efficiency on small partitions: FAT requires less
stored, followed by a series of links called the allocation
overhead than NTFS and is more efficient on
chain. The allocation chain indicates where succeeding
smaller volumes (those under 400 MB in size).
segments of the file are located and is then terminated by
an end-of-file (EOF) marker. Notes
The root directory on a FAT volume has a fixed size and
Two copies of the FAT are kept in fixed locations on the
can contain only a limited number of entries.
disk to provide redundancy. A disk formatted with the
FAT file system is said to be a FAT volume. The sizes See Also: FAT32, file system, NTFS file system (NTFS)
of the individual clusters in which file information is
stored on a FAT volume depend on the size of the parti-
File and Printer Sharing for
tion or logical drive formatted using FAT, as shown in
Microsoft Networks
the following table. For compatibility reasons, these
A Microsoft Windows networking component that
cluster sizes are the same whether the FAT volume is on
allows computers running Windows to share folders
an MS-DOS or Windows platform. In the table, you
and printers so that other clients can access them.
will see that on small FAT partitions (under 15 mega-
bytes [MB] in size) a special 12-bit FAT file system is Overview
used instead of the usual 16-bit FAT. File and Printer Sharing for Microsoft Networks uses
the Server Message Block (SMB) file sharing protocol
FAT Information for Different Volume Sizes
and is compatible with clients such as
FAT Sectors/
Drive Size Type Cluster Cluster Size ● Computers running Windows have Client for
Microsoft Networks installed
0 MB–15 MB 12-bit 8 4 kilobytes (KB)
16 MB–127 MB 16-bit 4 2 KB ● Windows NT, Windows 2000, Windows XP, and
128 MB–255 MB 16-bit 8 4 KB Windows .NET Server
256 MB–511 MB 16-bit 16 8 KB
512 MB–1023 MB 16-bit 32 16 KB ● Windows for Workgroups
1024 MB–2047 MB 16-bit 64 32 KB ● LAN Manager
2048 MB–4095 MB 16-bit 128 64 KB
477
File and Printer Sharing for NetWare Networks File and Print Services for NetWare (FPNW)
478
file extension file extension
● Allow legacy NetWare 3.x IPX client machines to Accounts Manager (SAM) database, instead of requir-
access resources on a server running Microsoft ing maintenance in a separate NetWare server. The
Windows NT FPNW server supports both the Server Message Block
(SMB) protocol for Windows client connections and
● Share directories and printers on a server running
the NetWare Core Protocol (NCP) for NetWare client
Windows NT so that NetWare 3.x clients can access
connections. FPNW requires that the NWLink IPX/
them
SPX-Compatible Transport protocol be installed on the
● Manage NetWare 3.x printers from a server running server.
Windows NT, making these printers also available
FPNW supports NetWare functions such as user-
F
to Microsoft clients
account creation, remote administration, secure logins,
and print queue management. However, it does not sup-
NetWare printer
port NetWare functions such as user disk volume
Windows NT restrictions or inherited rights masks.
server with Notes
FPNW
FPNW is not included with Windows NT or Windows
2000, but you can obtain it as a separate utility from
.NCP. your Microsoft value-added reseller (VAR). FPNW can
be installed only on server machines, not on worksta-
NetWare
clients tions. The directory that will be used as a NetWare
SYS volume should be on an NTFS file system (NTFS)
.SMB partition.
file extension
In Microsoft operating systems, a string appended to a
filename, consisting of a period followed by three
alphanumeric characters.
Windows
clients Overview
File extensions usually identify the application that can
G0FXX08 (was G0Fui08 in 1E)
open or run them. For example, text files end with the
File and Print Services for NetWare (FPNW). How FPNW
works. extension .txt and are opened with Microsoft Notepad.
Other common file extensions include the following:
Implementation
FPNW accomplishes these functions by mimicking the ● .doc for Microsoft Word documents
functionality of a NetWare 3.12 file and print server and ● .exe for executable files
providing file and print services directly to NetWare
and compatible client computers. A server running ● .htm for Web pages created in Hypertext Markup
Windows NT or Windows 2000 using FPNW appears to Language (HTML)
NetWare client machines as if it were really a NetWare ● .gif for GIF 87/89 format images, commonly used
server, and clients can access volumes, files, and print- on the Internet
ers just as they would on a NetWare server. Accounts
for NetWare client users are stored in the Security
479
file permissions file permissions
480
file system file system
Execute
Control
Read &
Modify
hidden and read-only. Some file systems allow you to
Write
Read
Full
compress files, and some allow you to specify file sys-
Special Permissions
tem quotas for users.
Execute File x x x
Read Data x x x x
Read Attributes x x x x root
Read Extended Attributes
Create Files/Write Data
x
x
x
x
x x
x F
Append Data x x x docs
Write Attributes x x x
Write Extended Attributes x x x management
Delete Subfolders and Files x
Delete x x
Read Permissions x x x x x sales
Change Permissions x
Take Ownership x
apps 1997.doc
Synchronize x x x x x
481
File-Transfer Access and Management (FTAM) File Transfer Protocol (FTP)
482
Find Find
has been established, the server opens port number 20 Find. Using Find in Active Directory Users And Computers.
to form a new connection with the client for transferring
To use the Find dialog box, open a console with the
the actual data during uploads and downloads.
snap-in for Active Directory Users And Computers
Notes installed, right-click on a container or organizational
Internet Information Services (IIS) supports virtual unit, and select Find from the shortcut menu. Then
servers and virtual directories using FTP. You can view specify what kinds of objects you want to search for
the status of open ports on IIS using the netstat com- within Active Directory, such as
mand. If an FTP client has trouble accessing informa-
● Users, contacts, and groups
tion on IIS, try changing the directory listing style for
the FTP service on IIS. FTP supports only Basic Authen- ● Computers
tication or anonymous access for authentication
● Printers
schemes and does not support the more secure Micro-
soft Windows NT Challenge/Response Authentication ● Shared folders
method.
● Directory folders
See Also: Internet Information Services (IIS), Trans-
● Routers
mission Control Protocol/Internet Protocol (TCP/IP)
● Custom search
Find Next, specify whether you want to search the entire
A dialog box in Microsoft Windows 2000, Windows XP, Active Directory, a particular domain, or a particular
and Windows .NET Server that lets you locate objects organizational unit (OU). Finally, specify the query
in Active Directory directory service. parameters associated with the type of object you are
Overview looking for. For example, if you are looking for users,
The Find dialog box allows you to query the global cat- contacts, or groups, you can specify the name of the
alog server for objects such as users, groups, comput- object, its description, or specific attributes of the
ers, shared folders, printers, and other objects in Active object, such as home phone or e-mail address.
Directory. Notes
If you are performing a search based on an attribute of
an object, you must specify a value for this attribute.
483
finger firewall
finger FIPS
A Transmission Control Protocol/Internet Protocol Stands for Federal Information Processing Standard,
(TCP/IP) protocol and service for viewing information any standard ratified by the National Institute of Stan-
about a user. dards and Technology (NIST)
Overview See: Federal Information Processing Standard (FIPS)
For a user on the client machine to be able to “finger”
someone using finger client software, the finger dae-
F mon (service) must be running on the remote system firewall
being queried. Then if you finger a user’s e-mail Any system or device that allows safe network traffic to
address, the result returned to you typically includes the pass while restricting or denying unsafe traffic.
user’s username, full name, whether and how long the Overview
user has been logged on, and other information depend- Firewalls are usually dedicated machines running at the
ing on the configuration of the finger service you are gateway point between your local network and the out-
querying. side world and are used to control who has access to
Microsoft Corporation’s implementation of TCP/IP on your private corporate network from the outside—for
Microsoft Windows 2000, Windows XP, and Windows example, over the Internet. More generally, a firewall is
.NET Server has finger client software but no finger any system that controls communication between two
service. In other words, you can run the finger client on networks. In today’s networking environment in which
a machine running Windows 2000, Windows XP, or corporate networks are connected to the Internet—
Windows .NET Server that is connected to the Internet inviting hackers to attempt unauthorized access to valu-
in order to obtain results from a UNIX server at an able business information—a corporate firewall is
Internet service provider (ISP) running the finger dae- essential.
mon. For example, typing the command finger jsmith@ A firewall is an essential component of a company’s
s12.microsoft.com displays information about user Jeff security policy and is one of the primary means for
Smith on a server called s12.microsoft.com. enforcing that policy. A firewall acts as a kind of police
If an ISP makes its finger daemon publicly available officer to monitor, control, arrest, and incarcerate mali-
on the Internet, it is commonly referred to as a finger cious traffic, logging all questionable traffic to allow the
gateway. administrator to determine the cause or source of the
attack.
Notes
Finger is more of a security risk than a useful service in Types
most cases and is not widely implemented anymore. A A corporate firewall can either be a dedicated machine
related service that also is not used much these days is such as a packet filtering router or a rack mountable
whois. firewall appliance or firewall software that the adminis-
trator must install on a dual-home hardened system.
For More Information Both approaches are popular and each has its advan-
Visit Finger Lookup, a popular Internet finger gateway, tages and disadvantages.
at alabanza.com/kabacoff/Inter-Links/cgi/finger.cgi.
A personal firewall is a firewall used to protect a single
See Also: Transmission Control Protocol/Internet machine, typically a home user connected to the Inter-
Protocol (TCP/IP) net using dial-up, Asymmetric Digital Subscriber Line
(ADSL), or cable modem connections. The personal
firewall marketplace has exploded in the last few years
as broadband Internet access services have become
484
firewall firewall
widely deployed. Personal firewalls are usually imple- configure, monitor, and maintain a firewall. Some ana-
mented as software to be installed on users’ machines, lysts expect this segment of the market to grow to $1.5
but the first personal firewall that was offered in appli- billion by the end of 2002.
ance form was Firebox from WatchGuard Technologies
Architecture
in 1997. Personal firewalls also come preinstalled on
In its simplest form, a firewall is a router (or dual-
some ADSL and cable modem routers to protect home
homed computer with two network interface cards) that
users and Small Office/Home Office (SOHO) networks.
filters incoming network packets. This configuration is
An offshoot of personal firewalls is the agent-based
firewall. Agent-based firewalls are installed on every
usually called a packet-filtering router. By comparing
the source addresses of these packets with an access list
F
machine on a network, but their configuration is man- specifying the firewall’s security policy, the router
aged remotely using policies configured on a central determines whether to forward the packets to their
policy server. At the enterprise level, this scenario is intended destinations or stop them. The firewall can
called a distributed firewall, and it is becoming a popu- simply examine the Internet Protocol (IP) address or
lar approach to secure servers on a network. The advan- domain name from which the packet was sent and
tage here is that servers can be protected not just from determine whether to allow or deny the traffic. To spec-
hackers on the Internet but also from malicious users ify a list of IP addresses which the router will permit or
inside the corporate network. The agent also serves as deny, an access control list (ACL) or access list (AL) is
an extra level of protection if the regular network fire- configured on the router. The router can filter both
wall has been compromised. Another name for this inbound and outbound packets.
approach is host-resident firewall, since it involves
A related form of firewall is the network-level firewall
moving firewall security from the network’s perimeter
because it operates at the network layer of the Open
to the hosts themselves, a process that scales much bet-
Systems Interconnection (OSI) reference model for net-
ter as perimeter traffic increases.
working. Network-level firewalls are transparent to
A new type of firewall is a combination of virtual pri- users and use routing technology to determine which
vate networking (VPN) and firewall software. This packets are allowed to pass and which will be denied
combination can be used for different purposes from access to the private network. Network-level routers can
enabling mobile users to connect securely to a corpo- be configured to block certain types of IP traffic while
rate intranet over the Internet (using VPN and firewall permitting others to pass. Usually this is done by dis-
software installed on their laptops) to enabling e-com- abling or enabling different Transmission Control Pro-
merce sites to provide their users with secure access to tocol (TCP) and User Datagram Protocol (UDP) ports
their services (using rack-mounted VPN/Firewall appli- on the firewall system. For example, TCP port 25 is
ances). In general, the firewall software is placed in usually left open to permit Simple Mail Transfer Proto-
front of (nearer the Internet) than the VPN software col (SMTP) mail to travel between the private corporate
to simplify configuration. The main problem with network and the Internet, while other ports (such as port
this combination is that the VPN slows down access 23 for Telnet) might be disabled to prevent Internet
through the firewall, so a method of implementing this users from accessing other services on corporate net-
combination that is growing more popular is using ded- work servers. The difficulty with this approach is that
icated high-performance VPN/Firewall appliances. the size of the access list for the firewall can become
huge if a large number of domains or ports are blocked
Finally, a different approach to implementing firewalls
and a large number of exceptions are configured, and a
is outsourcing your firewall services to a Managed Fire-
large access list can slow down the router. Another dif-
wall Service Provider (MFSP). This is becoming a
ficulty is that some ports are dynamically assigned at
popular alternative for small to mid-sized companies
random to certain services (such as remote procedure
that cannot afford to hire trained security experts to
485
firewall firewall
call services) on startup, so it is more difficult to config- virtual circuit between the remote user and the network
ure firewalls to control access to these ports using static resource. This is a safer configuration than a packet-
access lists. Network-level firewalls are sometimes filtering router because the external user never sees the
known as screening routers since they screen different IP address of the internal network in the packets he or
types of traffic, and they are usually combined with she receives, only the IP address of the firewall. A pop-
packet-filtering using access lists for better security. ular protocol for circuit-level gateways is the SOCKS
v5 protocol. Circuit-layer gateways are typically used
Routers that employ stateful filtering maintain an inter-
in conjunction with packet-filtering and network-layer
F nal table of allowed TCP connections and only allow
incoming connections to be established if they conform
protection.
to this table. Stateful filtering is an alternative to access Another more advanced type of firewall is the applica-
lists and is often used to control outbound traffic and tion gateway, which is also usually included in a proxy
reduce the size of access lists. server. Application gateways do not allow any packets
to pass directly between the two networks they connect.
Network-level firewall Instead, proxy applications running on the firewall
computer forward requests to services on the private
allow network and then forward responses to the originators
Insecure
Private public
on the unsecured public network. Application gateways
network network generally authenticate a user’s credentials before allow-
deny
ing access to the network, and they use auditing and
Screening router logging mechanisms as part of their security policy.
Application gateways generally require lots of con-
Application gateway figuration by users to enable their client machines to
function properly, but they are more granular in their
forwarded
configurability than network-level firewalls. For exam-
request request
ple, if a File Transfer Protocol (FTP) proxy is config-
Private forwarded Insecure
public ured on an application gateway, it can be configured to
network reply reply
network allow some FTP commands but deny others. You could
also configure an SMTP proxy on an application gate-
Proxy server way that would accept mail from the outside (without
G0FXX14 (was G0Fui15 in 1E) revealing internal e-mail addresses) and then forward
Firewall. Two basic types of firewalls. the mail to the internal mail server. However, because of
Another type of firewall is the circuit-level gateway, the additional processing overhead, application gate-
which is usually implemented as part of a proxy server. ways have greater hardware requirements and are gen-
Circuit-level gateways essentially operate at a higher erally slower than other types of firewalls.
level of the OSI model protocol stack than network- Other advanced features used by firewalls include
level firewalls do. With a circuit-level gateway, con-
nections with the private network are hidden from the ● Execution control lists (ECLs): These are like
remote user. The remote user connects with the firewall, access lists but instead control which applications
and the firewall forms a separate connection with the can be executed over the firewall.
network resource being accessed after changing the IP ● Intrusion Detection Systems (IDSs): Usually
address of the packets being transmitted in either direc- separate systems from firewalls but sometimes
tion through the firewall using a process called Network packaged with them, IDSs complement a regular
Address Translation (NAT). The result is a sort of firewall by allowing administrators not just to
486
firewall firewall
prevent intrusion into their private networks but also Still another configuration makes each bastion host
to detect and analyze the source of this intrusion. dual-homed, with one interface of each bastion host
connected to the perimeter network segment adjacent to
Implementation
the Internet and the other interface connected to the
Before looking at implementing firewalls, it is a good
perimeter network segment adjacent to the private net-
idea to first review some firewall terminology:
work. You can make the topology even more complex
● Host: Any computer attached to your network. by having separate perimeter networks for each bastion
host, and so on.
● Bastion host: A host directly exposed to the Inter-
net. Bastion hosts need to be “hardened” to make Advantages and Disadvantages
F
them more secure by removing nonessential ser- Although firewalls are essential for networks connected
vices and software. Web servers and mail servers to the Internet, a firewall is only as effective as its con-
are two examples of common types of bastion figuration. A misconfigured firewall is worse than no
hosts. firewall at all since it provides the user with a false
sense of security that the network is protected. In other
● Perimeter network: An extra network located
words, firewalls cannot configure themselves and are
between your corporate network and the Internet.
only as smart as the administrators configuring them.
Also called a DMZ, which stands for demilitarized
zone. Another misconception is that a carefully configured
firewall is all your network needs to be safe from attack.
The simplest way of implementing a firewall is to use a
This is hardly the case. Network security begins with
packet-filtering router with port screening at the junc-
the development of a comprehensive security policy on
tion between your private network and the Internet. All
paper and is implemented using a variety of systems
traffic flows through this point, and the router handles
and services including firewalls, perimeter networks,
the entire job of securing your network from attack.
antivirus software, an intrusion detection system (IDS),
For more extensive protection than a simple packet- and good network management practices. In addition,
filtering router, install circuit-level or application- administrators need to be on top of possible new threats
gateway firewall software on a dual-homed hardened by subscribing to security newsletters, watching for
system and use it in place of (or in addition to) the notices of bugs and fixes from operating system and
dedicated router. application vendors, reviewing firewall logs regularly,
and educating users about the practices of safe
A screened-host firewall allows a bastion host located
computing.
on the private network to be accessed from the Internet
while preventing other hosts from being compromised. Marketplace
This is perhaps less secure than locating the bastion For the corporate segment of the market, firewall prod-
host outside the private network, but it allows easier ucts range from dedicated routers to software to install
access to the bastion host for configuration and on hardened dual-homed hosts. A popular dedicated
maintenance. router firewall product is the PIX firewall service from
Cisco Systems, included with IOS 11.2 and higher as
A screened subnet architecture employs an intermediate
the Cisco Firewall Feature Set. PIX comes in different
network (the perimeter network) between the private
flavors depending on whether the need is enterprise or
and public networks, each of which are connected to the
Small Office/Home Office (SOHO) protection, and by
perimeter network using a separate screening router.
some analysts’ estimates is used by half of all large
One or more bastion hosts are then located on the
companies.
perimeter network. For greater protection, the perimeter
network may be split into two segments using another
router or a dual-homed host running firewall software.
487
firewall firewall
In the enterprise software firewall market, popular DES encryption for greater security (although using
products include Firewall-1 from CheckPoint Software 3DES slows down performance to about 600 megabits
Technologies, Microsoft Proxy Server from Microsoft per second [Mbps]).
Corporation, and many others. The new Microsoft
In the outsourced managed firewall services sector, two
Internet Security and Acceleration (ISA) Server inte-
popular providers include DefendNet Solutions, whose
grates firewall and Web caching functionality and sup-
DefendNet Enterprise solution uses CheckPoint Soft-
ports policy-based security.
ware’s Firewall-1 product and targets companies with
F In the personal firewall arena, some popular products
include BlackICE Defender from Network Ice Corpora-
more than 250 users, and RIPTech, whose sentry moni-
toring system works with several popular firewalls
tion, Norton Personal Firewall from Symantec Corpora- including PIX, Raptor, and Firewall-1. Another man-
tion, eSafe from Aladdin Networks, ZoneAlarm from aged firewall service provider is NetSolve.
Zone Labs, Secure Desktop from Sybergen Networks,
Notes
McAfee Personal Firewall from Network Associates,
TruSecure, in conjunction with ICSA Labs, acts as an
CyberArmor from InfoExpress, and PC Firewall from
independent standards body that certifies firewall prod-
ConSeal. In general, personal firewalls come with a
ucts and provides a number of resources on their Web
standardized default configuration that provides a basic
site relating to firewalls and network security. See
level of security, but remember that firewalls are only as
www.icsalabs.com for more information.
smart as the person who configures them. Personal fire-
walls are also not a substitute for antivirus software and The best way to begin configuring a packet-filtering
are usually ineffective in dealing with Trojan horses. firewall is to block all packets at first and then start
allowing access to the internal network on a case-by-
Distributed firewalls are popular in corporate environ-
case basis. Make sure that internal network addresses
ments and are typically used to protect critical servers
do not cross the firewall to the outside world and do not
using firewall agents that are remotely managed from a
store sensitive data on the machine running the firewall
central policy server. Examples in this market include
software itself. Treat your firewall machine as expend-
CyberArmor Enterprise Personal Firewall from Info
able—the worst possibility should be a hacker’s dam-
Express and McAfee Active Virus Defense Suite from
age to the firewall; this would simply leave your private
Network Associates.
network securely disconnected from the outside world.
Several vendors offer combinations of firewall and You can disable all unnecessary network services on
VPN software that can be used to provide secure remote your firewall machine to protect the firewall itself from
access to corporate networks. Examples include VPN-1 attack.
Gateway (a combination of Firewall-1 and VPN-1)
If you are concerned only about controlling outgoing
from CheckPoint Software, Raptor Firewall with
access from your network and your users do not need to
PowerVPN from Symantec, GuardianPro with Guardian
be able to remotely access your network over the Inter-
IPSec VPN from NetGuard, and eTrust Firewall with
net, a packet-filtering router or circuit-level gateway
eTrust VPN from Computer Associates.
type of firewall is probably sufficient. For users who
In the VPN/Firewall appliance arena, Cobalt Networks frequently need to remotely access your network, how-
and Axent Technologies have teamed up to provide a ever, an application gateway is generally best.
1U-high rack-mountable VPN/Firewall appliance
See Also: appliance, network security, proxy server,
called VelociRaptor that is based on the Linux operat-
router
ing system. Gigabit products in this market include
Cisco’s PIX 535 firewall and NetScreen-1000ES from
NetScreen Technologies, both of which support Triple
488
FireWire FireWire
FireWire printer
A name trademarked by Apple Computer for the IEEE
1394 High Performance Serial Bus.
Overview scanner
FireWire (or IEEE 1394 or simply 1394) is a serial
transmission specification originally proposed by
Apple for connecting high-speed peripherals to com- computer
puters at speeds of up to 393 megabits per second
(Mbps). FireWire supports hot-swapping of peripherals
F
with up to 63 peripherals connected to a single FireWire
bus. In addition, up to 1023 buses can be interconnected
bridge
to form a vast array of peripherals if needed.
FireWire features simple plug-in connectors using thin computer
serial cables that can be hot-plugged without interfering splitter
with your system’s operation. FireWire connectors are
based on the Nintendo Game Boy connector. scanner
printer
The main competitor for PC peripheral interconnection
is Universal Serial Bus (USB). Although USB is tar- video
geted mainly toward computer peripherals running at camera
speeds up to 12 Mbps, FireWire supports much higher repeater
speeds and can transport both asynchronous data and
video streams and isochronous streams.
printer
Other vendors have their own trademarked names for
IEE 1394, including Sony Corporation with its popular
i.Link technology.
Implementation G0FXX15 (was G0Fui16 in 1E)
FireWire as defined in IEEE 1394 uses 64-bit device FireWire. Connecting peripherals using FireWire.
addresses. FireWire cables use two twisted-pair wires
The topology of a typical FireWire implementation can
for data transmission and two wires for power. FireWire
be complex, but it is typically a hierarchical or tree
includes two different serial interfaces:
topology consisting of various IEEE 1394 components.
● Backplane interface: Runs at speeds between More complex topologies, including several computers
12.5, 25, and 50 Mbps for bus connections within a sharing portions of the peripheral network, are also pos-
computer system sible. The illustration shows how you can use FireWire.
The four types of components you can use in a FireWire
● Point-to-point interface: Runs at speeds of 98.304
implementation are
Mbps (S100 specification), 196.608 Mbps (S200),
and 393.216 Mbps (S400) for connecting devices to ● Devices: Typically have 3 ports but can have up to
computers using serial cables 27 ports and can be daisy-chained up to 16 devices
● Splitters: Provide extra IEEE 1394 ports if needed
to accommodate the number and arrangement of
devices used
489
flapping flooding
490
flow control folder permissions
XOFF
folder permissions
data stream A method for controlling access to folders and their files
modem modem stored on NTFS file system (NTFS) volumes in systems
G0FXX16 (was G0Fui17 in 1E)
running Microsoft Windows 2000, Windows XP, or
Flow control. Different types of flow control between Windows .NET Server.
modems.
491
foreign host foreign host
Overview
Special Folder Permissions
Folder permissions govern access to folders on an NTFS
Full Control
volume, and file permissions govern access to files on
List Folder
an NTFS volume. NTFS volumes for computers running
Execute
Read &
Modify
Windows 2000, Windows XP, or Windows .NET Server
Write
Read
have six standard folder permissions: Full Control, Special Permissions
Modify, Read & Execute, List Folder Contents, Read, Traverse Folder x x x x
and Write. List Folder x x x x x
F Read Attributes x x x x x
Read Extended Attributes x x x x x
Create Files x x x
Create Folders x x x
Write Attributes x x x
Write Extended Attributes x x x
Delete Subfolders And Files x
Delete x x
Read Permissions x x x x x
Change Permissions x
Take Ownership x
Notes
The List Folder Contents and the Read & Execute
Folder permissions have the same special permissions.
However, Read & Execute permission is inherited by
both files and folders, but List Folder Contents permis-
sion is inherited only by folders.
See Also: file permissions
G0FXX17 (was G0Fui18 in 1E)
492
foreign mail system forwarder
493
FORTEZZA fractional T1
F Forwarded
494
FRAD frame relay
495
frame relay frame relay
496
frame relay frame relay
● Full DS-3: This is the heavy hitter of frame relay Once frames are transmitted onto the FRBS, they are
services and involves deploying a T-3 circuit to relayed through the switching nodes that make up the
connect a “big iron” frame relay router at your FRBS. Instead of relaying each frame individually,
Customer Premises Equipment (CPE) to the carrier. frame relay uses virtual circuits (VCs) that act as logical
Only a few carriers provide full DS-3 frame relay paths through the carrier cloud. These virtual circuits
services. can be either switched virtual circuits (SVCs) that are
set up and torn down on a call-by-call basis or perma-
Architecture
nent virtual circuits (PVCs) that are established in
Frame relay is a connection-oriented service similar to
X.25 and Asynchronous Transfer Mode (ATM). Frame
advance. PVCs are generally preferred because they F
provide a more reliable grade of service for the cus-
relay differs from X.25 mainly in eliminating the com-
tomer. PVCs provide dedicated point-to-point connec-
plex layer-3 error detection and retransmission mecha-
tions between local and remote customer premises
nisms of X.25. Frame relay is thus a simple layer-2
through the cloud. The particular virtual circuit to
or data-link layer technology that is simple, fast, and
which a frame belongs is determined by the frame’s
independent of higher protocol layers. Although X.25
address information or Data Link Connection Identifier
defines explicit processes for error correction, acknowl-
(DLCI), a 10-bit binary value that identifies the frame
edgements, packet sequencing, and so forth, in frame
to the carrier switches within the FRBS. The DLCI is a
relay these functions are handled by the frame relay
logical value that uniquely identifies the two end points
devices themselves, giving frame relay connections a
of the virtual circuit.
much lower latency than X.25 connections. In fact, the
protocol overhead for frame relay is only about 2 per- Frame relay lets you establish multiple PVCs (and
cent compared to almost 50 percent for X.25. hence multiple logical WAN links) over one physical
frame relay connection using statistical time-division
Frame relay is sometimes classified as an “unreliable”
multiplexing (STDM). You manage frame relay PVCs
service because it performs no error checking or retrans-
using the Local Management Interface (LMI) protocol,
mission—if frames become corrupted or delayed by
which provides features for verifying link integrity and
network congestion, they are silently dropped. To make
managing the status of PVCs. Frame relay PVCs pro-
frame relay a reliable service is the responsibility of the
vide customers with services similar to those of dedi-
frame relay equipment at the ends of the connection,
cated leased lines such as T1 lines, but since frame relay
which performs error checking and retransmission and
PVCs are software-implemented instead of hardware-
provides flow control.
implemented on carrier switches, frame relay is faster
A carrier’s frame relay network is typically depicted as and easier to provision and costs less than leased lines.
a “cloud” of connections. This cloud is better known as
There are two ways of connecting to a frame relay
a Frame Relay Bearer Service (FRBS) and physically
network:
consists of the collection of ATM/ Synchronous Optical
Network (SONET) trunk lines and switches owned by ● UNI: Stands for User-Network Interface, this is a
the carrier. As in other packet-switching networks, signaling method for connecting data terminal
frame relay operates by packaging network data into equipment (DTE) to an FRBS.
“packets” and tagging each packet with address infor-
● NNI: Stands for Network-Network Interface, this is
mation (discussed below). In frame relay these packets
a signaling method for connecting trunk lines
are called frames and are variable length in nature with
together from two different FRBSs (clouds belong-
payload up to 4 kilobytes (KB), making them especially
ing to different carriers).
suitable for carrying network traffic such as Internet
Protocol (IP) traffic since entire IP packets can be pack- Frame relay provides customers with a predefined level
aged within individual frames without the need to frag- of service called the Committed Information Rate
ment the packets. (CIR) that is agreed upon by the carrier and customer in
497
frame relay frame relay
FRAD (Frame Relay Access Device) can be installed at Frame relay. A typical frame relay WAN link.
the customer premises to connect the customer’s net-
To set up WAN links between several of your com-
work to an Edge Switch (ES) on the carrier side. Most
pany’s locations using frame relay, you typically lease
frame relay–capable routers can be configured to oper-
the following services and equipment for each location:
ate either as customer-side or carrier-side equipment,
but carriers themselves use special “big iron” routers ● A FRAD or some other device, such as a Cisco
and switches for establishing their cloud of frame relay router, that is capable of supporting frame relay
circuits. connections. The FRAD at your customer premises
is the data terminal equipment (DTE) side of the
connection, and the frame relay/ATM switch at the
telco end represents the data circuit-terminating
equipment (DCE) end of the connection. Your CPE
FRAD is usually connected to your network’s back-
498
frame relay frame relay
bone switch or router using an RS232, V.35, or branch offices (spokes) are connected by point-
X.21 serial interface. to-point connections to the FRAD at the head office
(hub). There is no redundancy in this scenario, so
● A T1 circuit to connect the FRAD to the carrier net-
typically redundancy is added by providing backup
work. Even though you may only want to provision
dial-up ISDN links between branch offices and
a 256 Kbps frame relay link, most carriers require
headquarters in case a frame relay link goes down.
you to purchase a full 1.544 Mbps T1 circuit to do
This scenario must be carefully implemented to
this instead of a fractional T1 circuit.
avoid split-horizon problems (routing loops).
● The required number of virtual circuits to support
Advantages and Disadvantages
F
the number of WAN links you need and the speeds
Frame relay has several advantages over X.25 that has
they require. Although frame relay intrinsically
led to the almost complete demise of the earlier technol-
supports SVCs, few carriers offer this option
ogy and its being superseded in the 1990s by frame
because it is more expensive and complicated to
relay. These advantages include low protocol overhead,
implement and more complex for billing purposes
low latency, and easy integration with ATM. Originally,
than PVCs. A single frame relay physical port can
when frame relay was developed in 1992, some observ-
have multiple PVCs configured on it.
ers thought that it would soon be superseded by Switched
● The CIR required for each of your WAN links to Multimegabit Data Services (SMDS), a packet-switched
guarantee the necessary bandwidth for your appli- service that operates at faster speeds than frame relay
cations to function optimally over these links. and does not use PVCs. But apart from MCI Worldcom,
Choose a CIR that is just sufficient to handle your few other carriers decided to provision SMDS and
needs to minimize costs, because the higher the instead offer ATM as their top-speed WAN service. If
CIR, the greater the cost. we think of X.25 as the first generation of wide-area
packet-switching carrier services, then frame relay is
If you have more than two remote networks to connect
second generation (2G) and ATM is third generation
using frame relay WAN links, you have to decide on the
(3G). Although many industry observers expected frame
topology you want the carrier to provide for you. Frame
relay itself to be superseded by ATM for WAN con-
relay implementations usually follow one of two net-
nections, this has not occurred, mainly due to the com-
working topologies:
plexity of implementing ATM. Frame relay has also
● Fully meshed topology: In this implementation, superseded Digital Data Services (DDS), another early
each remote location with a FRAD is connected to WAN service provided by carriers in the early 1990s.
every other location with a FRAD using PVCs to
Frame relay also has advantages over dedicated leased
form a fully meshed multipoint WAN. When an
line services such as ISDN and T-carrier services. In
update is transmitted to one device, it is seen by
general, frame relay is less than half the cost of leased
every other device as well. The advantages of this
lines of equivalent throughput, and, unlike some leased
configuration are the redundancy provided within a
line services, frame relay’s cost is independent of dis-
multipoint mesh network and that the entire frame
tance. Frame relay PVCs are also easier to provision and
relay network can be treated as a single data-link
can be configured more quickly than ISDN or T1 lines.
connection. The disadvantage is that the number of
Because frame relay provides bandwidth-on-demand
PVCs needed grows exponentially with the number
and is charged the same way as regular long-distance
of locations, and frame relay carriers usually charge
services (that is, by usage), using it for WAN links can
per PVC. So this is not really a good solution for
result in considerable cost savings over leased lines,
more than three remote locations.
which rack up charges even when not in use. Finally,
● Partially meshed topology: This implementation frame relay only requires a single router or FRAD
uses a hub-and-spoke topology in which FRADs at at each remote site, even in a fully redundant mesh
499
frame relay frame relay
topology, but deploying multiple leased lines at a site carriers offer similar NxDS-1 frame relay services and
requires additional CPE for each line, incurring further fewer still offer full DS-3 frame relay. For the few cus-
cost and adding management headaches. tomers requiring speeds higher than DS-3 (45 Mbps)
for WAN connectivity, ATM can be used instead of
The many advantages of frame relay ensure its contin-
frame relay. If a company has a mix of frame relay and
ued survival in the jungle of today’s WAN marketplace.
ATM in its WAN, it must choose one of two methods
Frame relay is simple in concept and in implementa-
for making these technologies interoperate: FRF.5,
tion, has established itself as a reliable solution, has an
which tunnels frame relay over ATM, or FRF.8, which
F easy-to-understand pricing structure, is cheaper than
other comparable services, supports up to 1024 virtual
translates frame relay frames into ATM cells. An alter-
native to ATM for high-speed WAN connectivity that is
circuits per WAN to meet the needs of even the largest
just starting to emerge is Optical Ethernet, offered by
enterprise, is offered by carriers around the world, and
carriers such as Yipes, which can provide Gigabit
has the intrinsic security of point-to-point connections.
Ethernet (GbE) to the door WAN services. This is an
The only real challenge to its dominance in the WAN is
attractive development that may shake the market up
from upstart Digital Subscriber Line (DSL) coupled
considerably in the next few years, but frame relay and
with IP VPN (virtual private network) technology,
ATM still reign supreme in the international arena and
which is discussed later in this article.
for long-haul WAN links.
Marketplace
The prohibitive costs of building a fully meshed frame
The three largest providers of nationwide frame relay
relay topology for companies with multiple locations
services in the United States are the Big Three long dis-
has recently been surmounted by a new service offered
tance carriers—AT&T, Sprint Corporation, and MCI
from AT&T called IP-enabled Frame Relay (IPFR) and
Worldcom. Sprint, in fact, was the first carrier to offer
a similar service from MCI WorldCom called Business
CIR for its frame relay subscribers, something that is
Class IP. In these new scenarios, each branch office is
now universally available. AT&T and Sprint between
connected to the carrier’s frame relay cloud using a sin-
them have more than 1500 POPs nationwide, which
gle PVC as in a normal hub-and-spoke implementation.
provide good coverage for large enterprises using frame
However, each frame is tagged using Cisco Systems’
relay for their WAN service. Various RBOCs such as
proprietary Multi-Protocol Label Switching (MPLS)
BellSouth Corporation, Bell Atlantic/GTE, and Qwest/
technology, which allows traffic to be routed across the
US West also provide frame relay services, but with
cloud using destination IP addresses instead of virtual
fewer POPs and covering specific geographical regions.
circuit identifiers. The result is the equivalent of a VPN
Other providers of frame relay services include CLECs
in an IP network. In a hub-and-spoke network, each
such as Intermedia Communications and WinStar
frame is first sent to the head office FRAD and then for-
Communications.
warded to the appropriate branch office LAN; in the
Although most carriers offer DS-1 frame relay services MPLS scenario, however, frames can be routed directly
with CIR up to 1.544 Mbps, enterprises that need higher to their destination LAN. All the switching is done
speeds for frame relay WAN links are more limited in by the carrier’s core network (usually ATM), which
their choice of providers. BellSouth now offers an relieves the FRADs of the additional processing they
NxDS-1 frame relay service called Subrate T3 that lets would otherwise need to do in a normal full-mesh net-
customers choose various frame relay rates between work with multiple PVCs at each site.
2xT1 bonding (3 Mbps) and full T3 (45 Mbps). Instead
Although frame relay supports the capability of billing
of using a traditional conditioned copper T1 circuit at
customers according to usage, most providers bill at flat
the customer premises, customers implementing this
rates based on the number of frame relay ports, number
new service use a fiber T3 circuit, which allows them to
of virtual circuits, and CIR.
upgrade to full T3 if eventually required. A few other
500
frame relay frame relay
501
Frame Relay Access Device (FRAD) frame relay cloud
Frame Relay Access Device Some bridges and routers, such as many of those from
(FRAD) Cisco Systems, have built-in FRAD technology and need
A telecommunications device that enables a customer to be connected only to a CSU/DSU (Channel Service
site to be connected to a telco’s frame relay services. Unit/Data Service Unit) through a V.35 or other serial
transmission cable to provide customers with an all-in-
Overview one frame relay access solution for wide area network-
A Frame Relay Access Device (FRAD) is a device that ing. Use a bridge if you want an easy way to connect a
accepts data packets from the customer’s network and branch office using frame relay. Use a router if you want
F encapsulates them into a format acceptable for trans-
mission over a T-carrier circuit to a telco’s frame relay
to control traffic flow or reroute failed connections.
502
frame tagging Free Space Optics (FSO)
usually forming a fully connected mesh topology. In network and automatically configure itself to use the
frame relay services, each frame of information con- network frame type, which is usually
tains the routing information needed to enable the
● 802.3 for NetWare 2.2 through 3.11
frame to be routed to its destination through the cloud.
● 802.2 for NetWare 3.12 and later
See Also: frame relay
The following table shows the frame types supported by
NWLink.
frame tagging
A method developed by Cisco Systems for building Supported NWLink Frame Types F
multiswitch virtual local area networks (VLANs). Network
Overview Topology Frame Types Supported
A VLAN consists of a collection of ports on an Ethernet Ethernet II 802.2 802.3 SNAP 802.5
switch that acts as if it were a separate LAN from the Ethernet x x x x
remaining ports. In other words, you can segment a net- Token Ring x x
work into several VLANs using only one Ethernet FDDI x x
switch to create smaller broadcast domains.
Notes
Frame tagging is a mechanism developed by Cisco to NWLink on Windows 2000 Server and Windows .NET
identify which VLAN a packet belongs to. Frame tag- Server lets you configure multiple frame types if
ging encapsulates a packet into a frame containing the needed, but if multiple frame types are detected where
VLAN ID of the packet. When a tagged packet leaves the one of them is 802.2, then the 802.2 frame type will be
switch and arrives at another switch, the second switch selected by default. NWLink on Windows 2000 Profes-
can determine which VLAN the packet belongs to and sional and Windows XP Professional can be configured
switch it accordingly. The result is that frame tagging can for multiple frame types only by editing the registry.
be used to build VLANs that span more than one switch,
See Also: NWLink IPX/SPX-Compatible Transport
and the process is scalable to the enterprise level.
(NWLink)
Frame tagging is implemented in Cisco Catalyst switches
and is widely used for building enterprise VLANs.
Free Space Optics (FSO)
See Also: Ethernet switch, virtual LAN (VLAN) The transmission of data through free space using lasers.
Overview
frame type Free Space Optics (FSO) was conceived 20 years ago
Specifies the data format for frames when using the when fiber-optic technology was still in its infancy. The
NWLink IPX/SPX-Compatible Transport on machines promise of FSO has only begun to be commercially
running Microsoft Windows 2000, Windows XP, and realized, however, in the last couple of years.
Windows .NET Server.
FSO sends data using modulated laser beams through
Overview the air without wires or cables. It can be used to connect
Two machines on a network using NWLink must be networks together and to link networks to high-speed
using the same frame type to communicate. NWLink on wide area network (WAN) services provided by carri-
Windows 2000, Windows XP, and Windows .NET ers. It can work with any networking architecture but is
Server can listen to Internetwork Packet Exchange/ most commonly used to transport Internet Protocol (IP)
Sequenced Packet Exchange (IPX/SPX) traffic on the packets. It is fundamentally similar to microwave com-
munications but operates in the terahertz frequency
range of infrared and visible light.
503
Frequency Division Multiple Access (FDMA) Frequency Division Multiple Access (FDMA)
504
frequency-division multiplexing (FDM) frequency hopping
working technology.
Frequency Division Multiple Access (FDMA). How FDMA
works. FDM involves simultaneously transmitting multiple
In the AMPS cellular system that is based on FDMA, signals on different frequencies. These different fre-
each user is assigned a specific channel (frequency band) quencies, called channels, share nonoverlapping por-
in the allotted electromagnetic spectrum, and during a tions of the total frequency band being used. Signals
call that user is the only one who has the right to access from different data sources are fed into a multiplexer
the specific band. These frequency bands are allocated that modulates each signal and transmits them at differ-
from the electromagnetic spectrum as follows: ent frequencies. These signals are then transmitted over
the wire or through wireless communication and are
● Transmission by mobile station: 824 megahertz separated at the destination into individual data signals
(MHz) to 849 MHz using a demultiplexer.
● Transmission by base station: 869 MHz to 894 Uses
MHz FDM is used in a number of popular technologies
Two different frequency bands are used to allow including cable television (primarily within Hybrid
full-duplex communication between base and mobile Fiber Coaxial [HFC] cable systems), microwave and
stations. Both of these bands are then divided into satellite networking, and in the older Advanced Mobile
discrete channels that are 30 kilohertz (kHz) wide in Phone Service (AMPS) cellular phone system.
bandwidth. See Also: Frequency Hopping Spread Spectrum
Advantages and Disadvantages (FHSS), multiplexing, time-division multiplexing
One disadvantage of FDMA is that only one subscriber (TDM)
can be assigned at a time to a particular channel within
a cell. Once the channel is allocated, it remains the pos- frequency hopping
A spread-spectrum transmission technology for wireless
networking.
505
Frequency Hopping Spread Spectrum (FHSS) Frequency Hopping Spread Spectrum (FHSS)
902 MHz
Antenna
928 MHz
F Spread-spectrum
transmitter 1 bit
G0FXX21 (was G0Fui22 in 1E)
Overview Overview
Spread-spectrum wireless technologies trade through- Frequency Hopping Spread Spectrum (FHSS) is the
put for increased reliability and were originally devel- earliest secure transmission mechanism used for the
oped by the U.S. military to provide communication physical layer of wireless communications. FHSS was
that could not easily be jammed. Frequency hopping conceived as a technology by actress Hedy Lamarr and
transmitters take the incoming data stream and segment composer George Antheil during World War II and
it into multibit packets. These packets are then transmit- became popular as a secure communications system
ted sequentially in a pseudo-random manner over the that was resistant to eavesdropping.
various frequency channels within the spread-spectrum
Implementation
band being used. In other words, the frequency of the
FHSS employs a narrowband carrier and divides com-
carrier signal keeps hopping around. Synchronization
munications up into a number of discrete channels.
between the master transmitter and slave devices is
Information is transmitted in a series of short bursts that
achieved by modulating the center or carrier frequency
hop from one frequency to another. To a non-FHSS
of the communication band according to a preset algo-
receiver, the transmission seems to be random bursts
rithm. Both the mobile and the base station know the
of noise. To make FHSS work, both the transmitter
modulation algorithm, which enables them to keep in
and receiver are programmed with the same hopping
communication with each other. For increased security,
sequence and are synchronized with each other so that
the modulation algorithm can be dynamically modified.
the receiver always knows what frequency the transmit-
Frequency hopping is employed in cellular communica- ter is going to hop to next. If interference is encountered
tions systems and some wireless networking systems. It on a channel, the transmission for that channel is dis-
is also used in Bluetooth PAN (personal area network) carded and retransmitted on the next hop, making
technologies. FHSS an efficient means of communication in noisy
environments.
See Also: Bluetooth, direct sequencing, Frequency
Hopping Spread Spectrum (FHSS), spread spectrum Uses
FHSS is one of the three PHY layer technologies
defined by the 802.11 wireless networking standard, the
Frequency Hopping Spread
others being Direct Sequence Spread Spectrum (DSSS)
Spectrum (FHSS) and infrared. Although early 802.11 radio equipment
Any type of wireless communications system based on employed FHSS, the newer 802.11b standard does not
frequency hopping. support FHSS and uses DSSS instead.
506
frequently asked questions (FAQ) FTP service
507
FTTC full-duplex Ethernet
508
full-duplex Ethernet full-duplex Ethernet
Duplex single-
LAN mode fiber
15 km Hub F
Hub
Full-duplex Ethernet. Using full-duplex Ethernet to connect local area networks (LANs) using long-haul fiber.
Full-duplex Ethernet does not use the traditional Carrier
Ethernet Media Options Supporting Full-Duplex
Sense Multiple Access with Collision Detection (CSMA/
Signaling
CD) media access control method of traditional half-
duplex Ethernet since collisions cannot occur on a full- Media specification Full-Duplex Supported
duplex, point-to-point link between two stations. Instead, 10Base2
full-duplex Ethernet uses dedicated point-to-point con- 10Base5
nections between stations where collisions cannot occur. 10BaseT X
To implement these point-to-point connections, you must 10BaseFL X
use Ethernet switches instead of traditional hubs or repeat- 10BaseFB
ers since hubs are shared media devices and cannot pro- 10BaseFP
vide dedicated connections. 100BaseTX X
100BaseT2 X
Using switches means that full-duplex Ethernet avoids 100BaseT4
the collisions that can degrade the performance of stan- 100BaseFX X
dard half-duplex Ethernet. In theory, a full-duplex con- 1000BaseCX X
nection on a 100 megabits per second (Mbps) Fast 1000BaseLX X
Ethernet network has a maximum speed of 200 Mbps. 1000BaseSX X
In reality, however, full-duplex Ethernet tends to 1000BaseTX X
achieve only a 20 to 60 percent higher throughput than
regular half-duplex Ethernet. Uses
Because the distance limitations between two stations
The table below shows which varieties of Ethernet sup- in full-duplex Ethernet depend only on the strength of
port both half-duplex and full-duplex signaling and the transceivers with respect to the medium used,
which are restricted to half-duplexing only.
509
fully qualified domain name (FQDN) Fusion
510
G
G.703
vendors sell converters for connecting synchronous
A digital signaling specification from the International
V.35, RS-449, RS-232, or X.21 interfaces to G.703 in
Telecommunication Union (ITU).
Overview
order to sell their switching equipment in Europe.
G.703 converters are also used to interface digital
G
G.703 is an ITU recommendation for interfacing DCE microwave and satellite communication channels and
(data communications equipment) with digital high- for translating between 56 and 64 Kbps speeds for dif-
speed synchronous communication services. The G.703 ferent serial interfaces. G.703 optical converters can
interface covers signaling speeds from 64 kilobits per handle speeds of 45 Mbps (E3) and higher.
second (Kbps) to 2.048 megabits per second (Mbps)
See Also: data communications equipment (DCE),
over a four-wire physical interface. G.703 also supports
serial transmission
special data recover features that make it suitable for
high-speed serial communications.
gateway
Router A term used to describe a variety of networking tech-
nologies that enable communication between different
V.35 networking architectures and protocols.
Overview
Converter
Gateways generally operate at the higher levels of the
Open Systems Interconnection (OSI) reference model
G.703 for networking. They are commonly used to provide
connectivity between two different protocol stacks that
E1 line might be running on different systems. Examples
include the following:
511
Gateway Service for NetWare (GSNW) Gateway Service for NetWare (GSNW)
for Windows clients to bindery-based NetWare 2.x and Gateway Service for NetWare (GSNW). How GSNW
3.x servers and to NetWare 4.x servers running either provides Microsoft Windows clients with access to file
NDS (Novell Directory Services) or in bindery emulation and print resources on a Novell NetWare server.
mode. A Windows 2000 server that has GSNW installed GSNW will use this user account for creating a connec-
also must have the NWLink protocol loaded. This tion to the NetWare server. The connection will appear
protocol, which is an Internetwork Packet Exchange/ on the server running Windows 2000 as a redirected
Sequenced Packet Exchange (IPX/SPX)–Compatible drive that can be shared, as if it were a resource locat-
Transport, makes it possible for the Windows 2000 ed on the Windows 2000 server. Windows clients can
server to communicate with the NetWare server. If it is then connect to the shared resource by browsing My
not already installed, NWLink will install automatically Network Places, by mapping a drive using Windows
on the Windows 2000 server when you install GSNW.
512
GbE gender changer
513
General Packet Radio Service (GPRS) General Packet Radio Service (GPRS)
Some gender changers can also act as adapters for dif- existing GSM and TDMA systems. Possible uses for
ferent data interfaces. For example, a V.35 to RS-232 GPRS include wireless mobile Web browsing, discus-
male/male gender changer can be used to connect a sion groups, chat services, mobile commerce, and home
V.35 connection on a CSU/DSU to a router using an automation through wireless remote control.
RS-232 serial cable. Be sure that the pinning for such a
The GPRS standard 03.60 was developed by the Euro-
gender changer is suitable for the type of equipment
pean Telecommunications Standards Institute (ETSI).
you want to connect because different pinnings might
Trials of GPRS began in 1999, and the first commercial
exist when different serial interfaces are connected.
rollouts appeared in 2000. A number of European and
See Also: Channel Service Unit/Data Service Unit Asian countries and regions are piloting GPRS systems
G (CSU/DSU), RS-232, V.35 and thus have an edge over the United States in the
arena of wireless communication systems running at
more than 20 Kbps.
General Packet Radio Service
(GPRS) Uses
A 2.5G upgrade to existing Time Division Multiple Besides cellular phones, GPRS can be implemented in a
Access (TDMA) cellular communications systems. wide variety of devices, including PCMCIA modems
for laptops, expansion modules for Personal Digital
Overview
Assistants (PDAs) and handheld computers. Research
General Packet Radio Service (GPRS) was designed as an
in Motion (RIM), makers of the popular BlackBerry
upgrade for existing second-generation (2G) cellular sys-
handheld e-mail devices, is working with Microcell
tems such as Global System for Mobile Communications
Telecommunications, a GSM provider, to use GPRS as
(GSM) and other TDMA systems such as AT&T Wire-
a transport for its wireless messaging system.
less. GPRS is a packet-switching overlay that can support
Internet Protocol (IP) data transmission at speeds up to Architecture
171 kilobits per second (Kbps), which is more than 10 Most existing 2G cellular systems are circuit-switched
times faster than currently supported data rates for these services in which a dedicated connection must be estab-
systems (data transmission on current GSM systems is lished in order for communications to take place. As
typically 9.6 Kbps). In practice, however, the maximum long as the session lasts, the subscriber owns the chan-
data rates are usually more like 52 Kbps downstream and nel and is billed for its usage even if no data is being
13 Kbps upstream. This is because of the overhead of sent. By contrast, packet-switching is a more efficient
combining channels together, throttling of bandwidth by technology because it allows several users to share a
providers to enable more users to share channels, and the channel. No actual connection needs to be established
power limitations of handsets at the subscriber end. in order to send data—from the point of view of the
subscriber the system is “always on” and ready to trans-
GPRS will provide the first global high-speed mobile IP
mit. And instead of billing for connection time, sub-
communications system and is intended as an interim
scribers are billed according to the amount of data they
solution until broadband third-generation (3G) cellular
transmit and receive instead.
systems can be fully deployed. Using GPRS, a cellular
phone can access Internet services by means of Wireless GPRS uses the same underlying TDMA time slot archi-
Application Protocol (WAP). WAP provides a richer for- tecture as GSM, but instead of assigning only a single
mat for information exchange than the existing Short time slot to each user for transmission or reception, it
Message Service (SMS), which is limited to a maximum can multiplex up to eight slots (the maximum for a
of 160 characters per transmission. With its higher data TDMA frame) to give a maximum possible data trans-
rates, GPRS makes possible the kinds of wireless appli- mission rate of 171 Kbps. In most implementations,
cations and services that simply have not been feasible on however, three or four slots can are multiplexed for
514
General Packet Radio Service (GPRS) General Packet Radio Service (GPRS)
downstream transmission and only one for upstream, smart card containing the subscriber’s ID, billing
which makes practical transmission speeds much address, private key, and other information. GPRS sup-
slower (but still better than GSM alone). ports several security schemes including Password
Authentication Protocol (PAP), Challenge Handshake
When a GPRS user wants to send data, the handset
Authentication Protocol (CHAP), Secure Sockets Layer
finds the first available time slot and sends the first
(SSL), and IPsec.
chunk of data, sending more chunks as further slots
become available. In this respect, GPRS operates like It is probable that GPRS upgrades will be easiest for
an Ethernet network—the more users sharing the sys- carriers whose networks operate in the 1800-megahertz
tem, the less bandwidth available for each user to trans- (MHz) or 1900-MHz frequency bands, because they
mit or receive data. Collisions do not occur, however,
since time-division multiplexing (TDM) prevents con-
usually have sufficient unused capacity to implement
channel aggregation without having to upgrade their
G
tention from occurring. bearer equipment. Upgrading to GPRS is more expen-
sive for carriers operating in the 800-MHz or 900-MHz
GPRS was designed to transport both IP and X.25
bands because of the near-full capacity of those bands.
packet data, but all current implementations use IP
to provide connectivity with the Internet. To provide Another cost involved in the GPRS upgrade process is
this connectivity, a GPRS mobile phone needs an IP that of replacing the circuit-switched core network con-
address, which can be either statically or dynamically necting existing base stations with an IP-based back-
assigned. All existing application-layer Internet proto- bone network for interfacing between the wireless
cols can run over GPRS, including Hypertext Transfer system and the Internet. You can create an interface
Protocol (HTTP), File Transfer Protocol (FTP), Simple between a GPRS network and an IP network by using a
Mail Transfer Protocol (SMTP), and so on. Most GPRS GGSN. You can also use GGSNs to connect GPRS net-
systems use WAP as their application layer protocol, works with legacy X.25 packet-switching networks.
however, because it is more efficient for devices with
Prospects
limited memory and small displays.
GPRS is viewed as an interim solution to give mobile
Implementation users a measure of access to the Internet. The GSM
Implementation of GPRS requires that existing TDMA Alliance, representing 400 GSM providers and their
hardware be upgraded, including handsets and base 250 million subscribers worldwide, is a driving force
stations. In addition to the base stations and mobile behind the move toward upgrading existing GSM sys-
switching centers of existing TDMA networks, GPRS tems to GPRS. As an example, AT&T Wireless plans
adds two additional components: to migrate its existing TDMA system (a 2G system
based on IS-136) in several stages over the next few
● Serving GPRS Support Node (SGSN): This
years, starting first with GPRS, a 2.5G upgrade, then
transmits and receives IP packets to mobile stations
Enhanced Data Rates for Global Evolution (EDGE),
through the existing base stations, and exchanges
an IMT-2000 3G upgrade to GPRS, and finally to Uni-
these packets with the Gateway GPRS Support
versal Mobile Telecommunications System (UMTS)
Node (GGSN) using a special tunneling protocol
which will support 3G speeds of 2 megabits per second
called GPRS Tunneling Protocol (GTP).
(Mbps).
● Gateway GPRS Support Node (GGSN): This acts
In late 2000, a large cellular operator in Hong Kong
as a gateway between the SGSN and the Internet,
SAR called Pacific Century CyberWorks (PCCW)
forwarding packets between them.
launched a 20 kilobits per second (Kbps) GSM-based
GPRS handsets are similar to GSM handsets, and they GPRS overlay, which, in order to access, subscribers
require a Subscriber Identity Module (SID), a form of need to upgrade their handsets to Motorola P7389i.
515
Gigabit Ethernet (GbE) Gigabit Ethernet (GbE)
Other GSM operators around the world are involved in per second (Mbps) over both fiber-optic cabling and
similar upgrades, with GPRS handsets becoming avail- copper twisted-pair cabling. GbE was developed to
able from Nokia and other vendors. Lucent Technolo- solve the problem of increasing congestion on local
gies and Sun Microsystems are also working together to area network (LAN) backbones currently running Fast
provide a platform for GSM upgrades to GPRS. Ethernet, Fiber Distributed Data Interface (FDDI), and
Asynchronous Transfer Mode (ATM). Because of its
Notes
simplicity and throughput, GbE has become the domi-
EDGE is almost identical to GPRS, the main difference
nant LAN backbone technology, relegating the slower
being that EDGE uses a more efficient encoding
FDDI to the legacy arena and pushing the complicated
scheme (8-bit phase shift keying or 8-PSK) which
ATM back into the wide area network (WAN) environ-
G encodes three bits per symbol instead of the Gaussian
phase shift keying (GMSK) mechanism of GSM (and
ment where it originated. Because of its close similari-
ties to other forms of Ethernet, GbE provides a smooth
also GPRS) that encodes only one bit per symbol. The
upgrade path from 10 megabits per second (Mbps)
result is that EDGE theoretically supports data trans-
Ethernet and 100 Mbps Fast Ethernet.
mission rates up to 513 Kbps, three times the maximum
possible for GPRS. Real speeds for EDGE systems will The Gigabit Ethernet Alliance is an open forum that
be much lower, however, due to protocol overhead, promotes cooperation and industry standards for GbE.
error correction, and bandwidth throttling by providers. The Alliance includes a number of prominent compa-
Although EDGE speeds are lower than the 2 Mbps limit nies, including Cisco Systems, Intel Corporation, Sun
intended for 3G systems by the IMT-2000 recommen- Microsystems, Nortel Networks, and 3Com Corpora-
dations from the International Telecommunication tion. GbE is standardized by the IEEE specifications
Union (ITU), EDGE is still classified under IMT-2000 802.3z in 1998 and 802.3ab in 1999.
as a 3G system.
Uses
GPRS cannot be used to easily upgrade existing Code GbE’s main application is for building high-speed
Division Multiple Access (CDMA) cellular systems, backbones for LANs and campus networks. An exam-
which are widely in use throughout North America ple would be for high-speed switch-switch connections
and some other parts of the world. These systems are where you might connect two 100 Mbps switches with
expected to migrate to Wideband CDMA (W-CDMA) 1 Gbps uplinks to create Fast Ethernet islands joined by
instead, a 3G recommendation from the ITU that offers a GbE backbone. Alternatively, you could connect sev-
speeds up to 2 Mbps. eral 10/100 switches to one 100/1000 switch. For col-
lapsed backbones, 1000BaseT copper interconnects are
See Also: 2G, 2.5G, 3G, cellular communications,
sufficient to join switches together, but for campus-
Code Division Multiple Access (CDMA), Enhanced
wide distributed backbones, 1000BaseLX running over
Data Rates for Global Evolution (EDGE), Global
single-mode fiber supports the long distances needed to
System for Mobile Communications (GSM), Time
build such infrastructure. The problem is that many
Division Multiple Access (TDMA), Wideband Code
existing FDDI campus backbones use multimode fiber,
Division Multiple Access (W-CDMA)
and GbE does not operate over long distances on this
type of fiber. This usually necessitates pulling new fiber
Gigabit Ethernet (GbE) to replace existing multimode fiber campus backbones
A form of Ethernet that operates at 1 gigabit per second with single-mode fiber to enable GbE to run over these
(Gbps). backbones. Single-mode fiber is more expensive than
the multimode type, and pulling fiber is an expensive
Overview
process itself, so these costs generally add a significant
Gigabit Ethernet (GbE) is an evolution of standard
amount to the process of converting legacy FDDI cam-
Ethernet technologies that supports the transmission of
pus backbones to newer GbE ones. On the other hand,
data at 1 gigabit per second (Gbps) or 1000 megabits
516
Gigabit Ethernet (GbE) Gigabit Ethernet (GbE)
upgrading switched Fast Ethernet backbones in small improvement over Fast Ethernet in applications perfor-
and mid-sized companies to GbE may simply be over- mance and greatly complicates the already difficult task
kill. Overprovisioning of GbE is common by system of troubleshooting high-speed switched networks. In
integrators, and it provides small gains over existing the old days of shared Ethernet networks, a “sniffer”
Fast Ethernet networks with considerable added cost. could be connected to the main hub and traffic on the
entire LAN could be analyzed—capturing and analyz-
GbE is also finding an increasing place in server-switch
ing traffic on a switched LAN is much more compli-
connections for joining server farms to high-speed
cated, and protocol analyzers operating at gigabit
backbones. This configuration can theoretically provide
speeds are expensive. In any case, gigabit-to-the-desk-
users with 1-Gbps access to application or file servers,
top is still several years from everyday reality, and most
but there are limitations at present. The problem is that
even with newer 1 Gbps network interface cards, most
desktop applications can achieve sufficient bandwidth G
using only Fast Ethernet.
servers still cannot make full use of a gigabit link to a
GbE switch. Various factors are at work here, including Another hindrance to completely migrating a network’s
the existing 64-bit Peripheral Component Interconnect infrastructure from Fast Ethernet to GbE over copper
(PCI) bus being too slow to pump data out at gigabit (1000BaseTX) is cabling. Although GbE can theoreti-
speeds (the upcoming PCI-X standard may help here), cally run over existing Category 5 (Cat5) cabling, such
hard disk subsystems being unable to keep up with the cabling usually has not been installed with the care and
flow of data to and from the server (even 10,000 RPM precision needed to support gigabit signaling speeds.
hard disks cannot read/write at gigabit speeds), and the Also, GbE over copper requires the use of all four pairs
Transmission Control Protocol/Internet Protocol (TCP/ of wires, whereas some flavors of Fast Ethernet only
IP) stacks of operating systems being unable to handle needed two pairs of wires. As a result, corporate net-
gigabit data transfer rates (though Microsoft Windows works often need considerable rewiring to support GbE,
2000 is a considerable improvement in this area over and even new deployments using enhanced Category 5
Windows NT). The bottom line is that aggregating two (Cat5e) or Category 6 (Cat6) wiring require exceptional
or three Fast Ethernet links is currently sufficient for care in how they are installed to ensure that GbE will
handling data transfer to most Wintel servers and is a perform as expected.
cheaper solution than adding a Gigabit network inter-
Architecture
face card (NIC) and connecting it to a Gigabit switch.
Like earlier forms of Ethernet, the GbE standards spec-
This will probably change around 2002 as 64-bit Win-
ify only the physical (PHY) layer and data-link layer of
dows running on Itanium chips may finally perform to
network operation and support any protocols running at
the point of needing a second Gigabit NIC to handle
higher levels. This means that upgrading from Ethernet
throughput, but keep your eyes on developments in hard
or Fast Ethernet to GbE is relatively straightforward and
disk technologies as their performance is usually the
only involves insuring that GbE supports the cabling
limiting factor or bottleneck in keeping file servers
media, cable lengths, and cabling topology. No changes
from pumping data at gigabit speeds.
need to be made to higher-layer protocols such as TCP/
Gigabit-to-the-desktop is a vision of deploying GbE IP during such an upgrade (although sometimes such
end-to-end across a network, and involves installing 1 network layer protocols can be “tuned” to provide bet-
Gbps NICs into high-performance workstations to pro- ter performance in a GbE environment).
vide them with incredibly fast access to network serv-
GbE uses the same connectionless datagram delivery
ers. This is still more a dream than a reality, though,
services as earlier forms of Ethernet. It uses the same
because such workstations suffer from the same limita-
frame format as other forms of Ethernet and likewise
tions that were described for servers above, and even
supports both unicast, multicast, and broadcast frames.
more so. The result is that deploying GbE end-to-end
It can operate in both shared (half-duplex) and switched
across a network generally results in only a marginal
517
Gigabit Ethernet (GbE) Gigabit Ethernet (GbE)
(full-duplex) modes. GbE employs a line coding Fast Ethernet network segment, for example, the frame
scheme called 8B/10B that packs 8 bits (1 byte) of data remains 64 bytes in length on the Fast Ethernet segment,
into 10 baud (symbols) for transmission, a system instead of 512 bytes if the frame were merely padded.
known as 1000BaseX. This means that in order to Another MAC layer modification in GbE is support for
achieve a data transmission rate of 1 Gbps, a signaling frame bursting, which allows multiple short frames to be
frequency of 1.25 GHz is required. The 8B/10B encod- grouped in a way that it allows a station to take temporary
ing scheme for GbE was borrowed from Fibre Channel control of the wire to send out a number of small packets
technologies. GbE actually borrows most of the charac- in succession, arbitrating the signal for the channel only
teristics of its PHY and data-link layers from the Fibre once. This second feature is optional but results in better
Channel’s FC-0 and FC-1 sublayers, with the exception performance in many situations.
G of using a signaling rate of 1.250 Gbaud instead of
Both of these modifications are done to enable shared
Fibre Channel’s 1.0625 Gbaud.
half-duplex implementations of GbE to support a net-
GbE uses the same standard 802.3 framing structure as work diameter of up to 655 feet (200 meters), instead of
standard Ethernet, with frames between 64 and 1514 the inadequately small 65.5-foot (20-meter) wide net-
bytes in length and using the same 48-bit MAC addresses work that would result if CSMA/CD were implemented
(jumbo frames up to 9000 bytes are also supported). It without these modifications. When implementing
also supports the same Carrier Sense Multiple Access switched full-duplex GbE, CSMA/CD is not used and
with Collision Detection (CSMA/CD) media access these issues are irrelevant because no collisions can
method supported by earlier versions of half-duplex occur.
Ethernet. To achieve the tenfold speed increase of GbE
GbE also supports several schemes for autonegotiation,
over Fast Ethernet while maintaining support for reason-
allowing hubs, switches, routers, and NICs capable of
ably large networks, GbE makes some changes to the
supporting 100/1000 Mbps or even 10/100/1000 Mbps
Ethernet MAC algorithm and how CSMA/CD operates.
speeds.
These changes are necessary because reducing the trans-
mission time for a frame by a factor of 10 on an Ethernet Implementation
network normally means that the size of the network GbE can be implemented in four different PHY layer
(maximum distance between stations) would also options, all of which support both half-duplex and
decrease by the same factor. full-duplex operation:
One of the media access control (MAC) layer modifica- ● 1000BaseCX: Uses 150-ohm balanced twinax
tions introduced by GbE is called carrier extension, cabling or shielded twisted-pair (STP) cabling with
which involves extending the length of the carrier and a maximum link length of 82 feet (25 meters). This
slot times to pack out all frames to a minimum carrier version is designed primarily for device clustering
length of 512 bytes to ensure that collisions can be and is not much used.
properly detected and recovered from. In other words,
● 1000BaseLX: Uses both long wavelength transmis-
the smallest possible frame (64 bytes) would have its
sions over single-mode fiber-optic cabling support-
carrier signal extended until it appears to the physical
ing distances of 3 miles (5000 meters) over 10
layer as 512 bytes in length. This is different from
micron fiber and also short wavelength transmis-
merely padding a 64-byte frame with an additional 448
sions over multimode fiber supporting distances of
bytes of junk to produce a 512-byte frame—instead, the
1640 feet (550 meters) over both 62.5 and 50
carrier signal is extended for a time equivalent to 448
micron fiber. The single-mode version is used
additional bytes, but the frame still appears to be 64 bytes
mainly for long cable runs; for example, to connect
in length from the point of view of layers above the MAC
LANs across a campus.
layer. As a result, if the frame is bridged from a GbE to a
518
Gigabit Ethernet (GbE) Gigabit Ethernet (GbE)
Ethernet
100/1000 switch 10/100
Ethernet switch
10/100
Ethernet switch Workstations
10/100
Ethernet switch
G
Workstations
Servers with
2-Gbps NICs
Workstations
519
Gigabit Ethernet (GbE) Gigabit Ethernet (GbE)
obvious advantage over FDDI is the superior speed GbE hubs (repeaters) are not common, but GbE
offered by GbE. The result is that GbE has pushed switches and routers are made by a wide variety of ven-
FDDI from the corporate mainstay it was in the mid- dors. A popular example is the Catalyst 3500 series of
1990s to being legacy technology today that most enter- switches from Cisco, which have a 10 Gbps backplane
prises are phasing out. Most corporate FDDI network that provides high performance, come in 12 and 24 GbE
backbones have now migrated to GbE, and the remain- port configurations, and support both full-duplex and
ing ones are not likely to last beyond a couple of years half-duplex operation even over copper. 3Com’s Super-
as chip manufacturers for FDDI equipment stopped Stack 3 switches are another good choice, with the 4900
producing as of 2001. series providing 12 copper or fiber gigabit ports for
aggregation of Fast Ethernet workgroups. A typical sce-
G GbE also has several advantages over ATM that make it
the current favorite for enterprise network backbones.
nario might be to connect a dozen 3300 series 10/100
switches using gigabit fiber uplinks to a core 4900
Most ATM backbones operate at 155 or 625 Mbps and
switch. Enterasys has GbE through its entire product
fall short of the 1 Gbps for shared half-duplex GbE and
line of switches and routers, and Foundry gigabit prod-
2 Gbps of switched full-duplex GbE. ATM is also more
ucts are also popular in the enterprise.
expensive and difficult to deploy and maintain than
GbE. Most network architects can transition from Fast GbE switches come in two basic types:
Ethernet to GbE technologies as easily as they previ-
● Backbone switches: These generally have 8 or 12
ously moved from 10BaseT to Fast Ethernet, since the
copper or fiber GbE ports and one or two GbE
technologies are so similar. On the other hand, ATM
uplinks and are used for building collapsed back-
still holds the superior hand in the WAN where it can
bones for high-speed networks. A popular example
run over Synchronous Optical Network (SONET) for
is the 12-port AT-9006LX switch from Allied Tele-
thousands of miles and for delay-sensitive applications
syn International, which has a lower per-port price
such as voice and multimedia where GbE still falls
than many comparable switches. Other popular
short, although new quality of service (QoS) mecha-
backbone switches for mid-sized networks include
nisms for Ethernet, such as DiffServ and 802.1p VLAN
the Intel 480T, the Catalyst 4908 from Cisco, and
tagging, may help narrow the gap.
the Summit5i from Extreme Networks.
Upgrading a Fast Ethernet backbone switch to a GbE
● Workgroup switches: These can have 8, 2, 24, or
100/1000-Mbps switch is straightforward and will
even 48 Fast Ethernet 10/100 ports and up to four
enable you to connect high-speed server farms using
GbE uplinks, and they are used for building Fast
GbE NICs. Benefits include increased throughput and
Ethernet islands by uplinking many Fast Ethernet
performance, more network segments, more bandwidth
switches to a single workgroup switch. Galileo
per segment, and more nodes per segment.
Technologies has managed to cram 48 autosens-
Marketplace ing 10/100 ports and two GbE uplinks into a 1U
The growth of GbE market in the last few years has rack-mountable device, which is quite an engineer-
been impressive, with GbE port module shipments ing feat.
reaching 4 million in 2000, a quarter of which were
In the distributed backbone market, the 1805-foot
1000BaseTX copper ports. For comparison, however,
(550-meter) limitation for GbE over multimode fiber
these port figures only represent 3 percent of the total
can be overcome by a GbE extender such as Allied
market for all forms of Ethernet, but the figures for GbE
Telesyn’s AT-EX1001SC/GM1, which allows GbE to
are more than doubling each year.
run over multimode fiber to a distance of 1.25 miles (2
kilometers). Campuses needing to upgrade their old
FDDI-based distributed backbones to GbE can save
520
Gigabit Interface Converter (GBIC) Gigabit Interface Converter (GBIC)
money by using extenders like these instead of replac- generally be improved significantly, provided the hard
ing existing multimode fiber with single-mode fiber. disk bottleneck has not been reached.
Finally, network analyzers for troubleshooting GbE net- For More Information
works are available from Agilent Technologies (a You can visit the Gigabit Ethernet Alliance at
spinoff from Hewlett-Packard), Network Associates, www.gigabit-ethernet.org.
and Fluke Networks.
See Also: 1000BaseCX, 1000BaseLX, 1000BaseSX,
Prospects 1000BaseTX, Carrier Sense Multiple Access with Colli-
GbE is here to stay. Most new enterprise networks sion Detection (CSMA/CD), Ethernet, Ethernet switch,
being deployed these days are implemented with GbE Fast Ethernet, Fibre Channel, jumbo frames, MAC
backbones instead of FDDI or ATM (Fast Ethernet is address, metropolitan Ethernet G
still used for backbones in small to mid-sized compa-
nies). The only thing that can probably dethrone GbE is
Gigabit Interface Converter
the emerging 10 GbE standard, an even faster version of
Ethernet that finally discards the inefficient CSMA/CD
(GBIC)
media access method, operates instead only in switched A modular transceiver for Fibre Channel switches and
full-duplex mode, and supports up to 40 kilometers (25 other devices.
miles) using single-mode fiber. Meanwhile, prices per Overview
1 Gbps port for GbE switches continue to fall, and even Gigabit Interface Converters (GBICs) provide network
though the industry average was around $1,000 per port architects with flexibility in choosing different media
at the end of 2000, there were some vendors offering options for gigabit-speed switches. They support a vari-
switches with prices as low as $300 per port. It will not ety of different cabling options, including unshielded
be long until the price per port drops to the point where twisted-pair (UTP) and single-mode or multimode
network architects may as well buy GbE switches fiber-optic and copper Fibre Channel cabling. By sim-
instead of Fast Ethernet ones even if they achieve no ply plugging the appropriate GBIC module into a port
immediate performance gains. on a Fibre Channel or Gigabit Ethernet (GbE) switch, a
Another emerging use for GbE is as a transport for different media option can be easily configured for that
moving data between servers and storage area networks port, providing flexibility for configuring switches
(SANs). GbE SANs encapsulate Small Computer Sys- according to need. This is accomplished by having the
tem Interface (SCSI) traffic within Internet Protocol GBIC convert the signals in the connected media (for
(IP) packets, making it possible to greatly extend the example, light signals on a fiber-optic cable) into elec-
165-foot (50-meter) limitation of SCSI and to locate trical signals compatible with the 1000BaseX port on
SANs at remote data centers. the switch. GBICs can also regenerate signals, allowing
transmission to occur over distances of 62 miles (100
Gigabit in the metropolitan area network (MAN) is the kilometers) or greater over long-haul single-mode fiber.
latest development and provides an attractive alterna-
tive to telco T-carrier services to enterprises needing Marketplace
high-speed WAN connections. For more information on An example is 1000BaseT GBIC from Cisco Systems,
this exciting new technology, see the article “metropoli- which can be used to provide flexibility in cabling
tan Ethernet” elsewhere in this book. options for Cisco Catalyst 2900 and 3500 Series XL GbE
switches. Cisco 1000BaseT GBICs come in a wide vari-
Notes ety of transceiver configurations that support copper,
By employing jumbo frames up to 9000 bytes in length, long-haul and short-haul fiber, and backplane intercon-
performance of gigabit server-switch connections can nects for stacking switches. They are also hot-swappable,
521
G.Lite Global.asa
allowing cabling to be switched to different types on the ADSL, which uses a splitter to separate the baseband
fly in a simple plug-and-play fashion. analog Plain Old Telephone Service (POTS) voice
channel from the upstream and downstream DSL sim-
See Also: Ethernet switch, Fibre Channel, Gigabit
plex bearer signals. The splitter protects the ADSL sig-
Ethernet (GbE)
nal from variations in impedance of the POTS signal
and from dial tones and other forms of interference.
G.Lite Likewise, the splitter protects the POTS signal from
A splitterless version of Asymmetric Digital Subscriber interference due to intermodulation of the ADSL tones.
Line (ADSL). In ordinary ADSL, a splitter must be installed at both
the customer premises and the telco’s central office
G Overview
G.Lite is a form of ADSL that is targeted mainly for
(CO). G.Lite gets around the need for a splitter at the
customer premises by incorporating a number of
the residential Internet access market. G.Lite is easy
advanced signal processing techniques that help keep
to install—so easy that a home user can perform the
the bit error rate (BER) within reasonable tolerances.
installation, eliminating the need for a “truck roll”
These advanced techniques include forward error cor-
(technician visit) from the telco to the subscriber.
rection, trellis encoding, and interleaving.
This saves the telco considerable costs and allows
them to pass this saving on to the subscriber. G.Lite To use G.Lite, the customer obtains a G.Lite modem
was partly developed as a response to the challenge from the DSL provider and simply connects it to her
presented by cable modem technology, where subscrib- computer and phone line. No second phone line or other
ers can usually perform the installations themselves. form of rewiring of the customer premises is required,
G.Lite is intended to be a “plug and play” version of since G.Lite uses the existing local loop connection to
Digital Subscriber Line (DSL). the customer premises. Customers can make phone
calls or send faxes while connected to the Internet over
Like other forms of DSL, G.Lite connections are
their G.Lite connection.
“always on”—once you turn your computer on, the
connection is active and you can send or receive e-mail Notes
or browse the Web without having to dial up a connec- The quality of a G.Lite connection to your home can
tion. G.Lite is slower than regular ADSL and supports suffer if you have a large number of RJ-11 phone jacks
maximum downstream transmission of 1.536 megabits installed. This is because each phone jack acts as a
per second (Mbps) and upstream 384 kilobits per sec- bridged tap that is run off the main phone line as a par-
ond (Kbps), depending on the implementation. allel connection. Signals traveling along your phone
line can reflect off these jacks and affect the overall reli-
G.Lite is sometimes called DSL Lite or Universal
ability of your G.Lite connection. Also, the farther your
ADSL, but the International Telecommunication Union
home is from the telco CO, the less bandwidth might be
(ITU) has endorsed the term G.Lite as official nomen-
available for your G.Lite connection.
clature for this technology under the G.992.2 standard.
Commercial rollouts of G.Lite began in 1999, and the See Also: Asymmetric Digital Subscriber Line (ADSL),
service is gaining popularity among DSL Digital Subscriber Line (DSL)
providers.
Implementation Global.asa
G.Lite is sometimes referred to as splitterless ADSL A file that contains global information for Active Server
because a splitter is not required at the customer pre- Pages (ASP) applications.
mises to separate the voice and data signals being car-
ried over the phone line. This is different from ordinary
522
global catalog global catalog
523
global catalog server global load balancer
no global catalog server is in the local site, a global cat- global group
alog server in a remote site may be used. If all global A type of security group in Microsoft Windows NT,
catalog servers are down in a native mode domain, users Windows 2000, and Windows .NET Server.
can only log on using their cached user credentials. An
exception to this is that members of the Domain Overview
Admins group can log on to native domains even when In Windows NT, global groups are used to simplify
no global catalog server is available. administration of user accounts by organizing them into
groups. For example, you can use them to group users by
See Also: Active Directory, domain (DNS), domain function (such as the Accountants global group), by loca-
controller, global catalog server tion (such as the Third-Floor global group), or by some
G other criteria. By contrast, local groups are designed to
global catalog server provide users with permissions for accessing network
A Microsoft Windows 2000 or Windows .NET Server resources and rights for performing system tasks.
domain controller that contains a copy of the global Global groups can contain only global user accounts
catalog. from their own domain. They cannot contain global
Overview user accounts from other domains, nor can they contain
Global catalog servers let users search for objects other groups. Global groups are created on domain con-
located anywhere in a forest and enable users to log on trollers and are stored within the Security Accounts
to the domain in native-mode networks. Information Manager (SAM) database.
stored on global catalog servers is updated each time In Windows 2000 and Windows .NET Server mixed-
Active Directory directory service performs its direc- mode domains, global groups operate much the same as
tory replication process. in Windows NT, and they can be granted permissions
Global catalog servers should be located appropriately on resources in any domain in the current forest. In
so that queries on Active Directory can be performed native mode, however, global groups can contain both
effectively. Ideally, you should have at least one global user accounts and global groups from the same domain.
catalog server in each site within the enterprise. How- See Also: AGLP, group, local group
ever, in a multidomain environment, the replication
traffic generated by maintaining these servers can be a
burden on overall network traffic, especially if slow global load balancer
wide area network (WAN) links are involved. In this A hardware-based or software-based solution that can
case, consider placing your global catalog servers as direct requests for Web content to multiple geographi-
follows: cal locations where the content is stored.
524
global load balancer global load balancer
525
globally unique identifier (GUID) Global System for Mobile Communications (GSM)
Other mechanisms can be used to perform global load of objects already existing in the information store. This
balancing, including cookie-based and proprietary could cause inconsistencies in the information store
schemes. Windows NT 4, Enterprise Edition, provides a database.
load-balancing service called Windows NT Load Bal-
Notes
ancing Service (WLBS). This IP load-balancing service
You can also manually generate GUIDs for components
employs a fully distributed clustering design that is
using the console-based Uuidgen utility or the Microsoft
ideal for creating highly available and scalable IP-based
Windows–based Guidgen utility in Microsoft Visual
services such as Web, virtual private networking
C++.
(VPN), streaming media, and proxy services.
See Also: Active Directory, Component Object Model
G See Also: Domain Name System (DNS), Hypertext
Transfer Protocol (HTTP), Uniform Resource Locator
(COM)
(URL)
Global System for Mobile
globally unique identifier Communications (GSM)
(GUID) A second-generation (2G) digital cellular communica-
tions technology popular in Europe, Asia, and other
In Microsoft Corporation operating system platforms
parts of the world.
and programming, a 128-bit value based on time and
space that can be used to uniquely identify a component. Overview
Global System for Mobile Communications (GSM) is
Overview
the only truly worldwide cellular communications sys-
Globally unique identifiers (GUIDs) are employed by
tem. More than 400 different GSM carriers have imple-
the Component Object Model (COM) to uniquely iden-
mented GSM systems in more than 200 countries and
tify classes and interfaces so that naming conflicts will
regions, and there are more than 250 million subscrib-
not occur. A GUID is virtually guaranteed to be unique
ers worldwide (all other cellular systems combined
across all systems at any time. For example, every
account for only 150 million subscribers worldwide).
object, class, and attribute in Active Directory directory
service is assigned a unique GUID when it is created. GSM cellular supports voice communications rivaling
The GUID of an entity in Active Directory never the analog Advanced Mobile Phone Service (AMPS)
changes, even if the entity itself is renamed or moved to system in speech quality. GSM also supports other ser-
another location. The GUID acts as a kind of permanent vices, including
name for the entity within the directory to ensure that it
● Group 3 fax (ITU recommendation T.30)
can be positively identified when needed.
● Circuit-switched and packet data communications
Microsoft BackOffice products such as Exchange
at speeds up to 14.4 kilobits per second (Kbps)
Server and SQL Server also use GUIDs to uniquely tag
objects. For example, the information store in Exchange ● Short Message Service (SMS), a two-way paging
Server has a base GUID that is used to generate individ- service that supports store-and-forward delivery of
ual GUIDs for all messages, attachments, and folder short text messages up to 160 characters in length.
contents kept in the store. If you restore the informa-
GSM also supports other services including caller ID,
tion store from a backup, you need to run the command
call waiting, call forwarding, and conference calling.
isinteg-patch before restarting the information store to
change the base GUID. Running this patch ensures that GSM operates in different frequency bands and is
new objects created in the information store do not acci- described by different names depending on the band
dentally end up with GUIDs that are identical to those used, including the following:
526
Global System for Mobile Communications (GSM) Global System for Mobile Communications (GSM)
● GSM 900 or simply GSM: This is the original (WARC) portion of the electromagnetic spectrum,
GSM system that began operation in 1992. GSM communicates using two separate frequency
bands:
● GSM 1800 or PCN (Personal Communications
Network): This is a high-frequency version of ● The 890- to 915-MHz band for mobile-to-base
GSM found in parts of Europe and gradually (uplink) communication
becoming the standard there.
● The 935- to 960-MHz band for base-to-mobile
● GSM 1900 or PCS (Personal Communications (downlink) communication
System): This is the counterpart of GSM 1800 in
Carrier signals are spaced 200 kilohertz (kHz) apart
the United States and Canada.
History
within these bands based on frequency-division
multiplexing (FDM) to provide 124 pairs of superchan-
G
GSM began as an initiative of the Conference of Euro- nels (carriers). Each superchannel is then subdivided
pean Posts and Telegraphs (CEPT) to develop a pan- using time-division multiplexing (TDM) into eight traf-
European digital communications system that would fic channels (time slots), some of which are used as
allow users to roam between different countries and communications channels and others as control chan-
regions with no interruption in service. Work on the new nels. Each communications channel carries either digi-
standard was begun in 1982 by a body called Groupe tized voice at 13 Kbps or data at either 9.6 or 14.4 Kbps.
Spéciale Mobile, which gave the technology its acronym, Altogether GSM provides 992 full-duplex channels for
GSM (later on GSM was changed to mean Global Sys- voice communication. By comparison AMPS cellular
tem for Mobile Telecommunications). GSM standards systems, which also use TDMA, employ three time
development was turned over to the European Telecom- slots instead of eight.
munications Standards Institute (TESI) in 1989.
A single GSM time slot can carry a payload of 156 bits
GSM was deployed in several phases, starting with and is 0.577 microseconds in duration, a time interval
GSM Phase 1, which was first commercially deployed called the burst period. This suggests that the total data
in 1991 and which supported call forwarding, global carrying capacity of GSM could theoretically be 33.8
roaming, call barring, and similar features. These initial Kbps, but much of this is used for protocol and error
900-megahertz (MHz) GSM systems spread rapidly to correction overhead, reducing the maximum possible
22 different countries and regions by 1993. GSM Phase data transmission rate to only 14.4 Kbps. The short
2 added additional features such as short message ser- duration of a GSM time slot also restricts the maximum
vice, call holding, call waiting, caller ID, multiparty distance at which a GSM phone can communicate with
calling supporting up to five parties per call, and mobile its base station to about 22 miles (35 kilometers)
fax and data services. GSM Phase 2+ deployments cur- regardless of the power used.
rently underway include support for data transmission
Power classes for GSM mobile units range from 0.8
at 64 Kbps and higher, packet radio, virtual private net-
through 2.0 watts transmission power for handsets to 8
works, enhancements to the Subscriber Identity Module
through 20 watts for vehicle-mounted units. Approxi-
(SIM) card, higher spectral efficiency, integration with
mately half of a GSM transmission consists of overhead
satellite links, and even GSM services in the local loop.
for signaling, such as synchronization and error han-
Architecture dling. Such high overhead is typical in cellular phone
GSM uses a combination of Frequency Division Mul- systems and is necessary—not so much because of
tiple Access (FDMA) and Time Division Multiple external interference of buildings and other structures,
Access (TDMA) media access control methods to pro- but because of internal interference due to crosstalk
vide full-duplex communication. In the 862-to-960- between channels and across cell boundaries.
MHz World Association of Radio Communications
527
Global System for Mobile Communications (GSM) Global System for Mobile Communications (GSM)
A3 algorithm A3 algorithm
G Result
Result
Yes Do
Logon results 2 Result
match?
Global System for Mobile Communications (GSM). The authentication process for GSM.
528
global user account global user account
system. Encryption of message traffic is similar to same way as GSM, except at a higher 1.8-gigahertz
encrypted authentication, except that each transmitted (GHz) frequency band. DCS provides a total of 2992
frame is encrypted using a different random number. channels for voice communication. One advantage
This makes encrypted GSM messages extremely diffi- DCS has over GSM is that it uses much lower power
cult to crack, so much so that some countries and regions levels for mobile units, ranging from 0.25 to 1.0 watts
prohibit GSM providers from encrypting user messages! transmission power.
Marketplace For More Information
Although GSM is the dominant cellular communications Visit the GSM Association at www.gsmworld.com.
system in Europe and a major player in other parts of the
See Also: 2G, 2.5G, 3G, Advanced Mobile Phone
world, such as Asia and the Pacific Rim, it ranks a distant
third in North America behind the popular Code Division
Service (AMPS), cellular communications, Code G
Division Multiple Access (CDMA), General Packet
Multiple Access (CDMA) digital cellular systems such
Radio Service (GPRS), High-Speed Circuit Switched
as Sprint PCS and behind Time Division Multiple Access
Data (HSCSD), Time Division Multiple Access
(TDMA) systems best represented by AT&T Wireless
(TDMA)
Services and SBC Communications. This is changing,
however, as U.S. GSM carriers such as VoiceStream
Wireless Corporation (now owned by Deutsche global user account
Telekom) expand their coverage across areas connecting A Microsoft Windows NT account that has a
urban centers, especially in California, the Eastern domain-wide scope.
seaboard states, Florida and the South, and the Texas-
Overview
Minneapolis corridor.
In Windows NT, global user accounts are stored in the
With interoperability between these competing systems Security Accounts Manager (SAM) database on
being a major issue for U.S. subscribers needing to domain controllers. You can create them using User
travel abroad, QUALCOMM, the company behind Manager for Domains, a Windows NT administrative
CDMA cellular systems, has announced it plans to tool. Global accounts allow users to take full advantage
develop a chip that will enable cellular phones to work of the Windows NT Directory Services (NTDS). Users
with both CDMA and GSM systems. who have global accounts can access resources any-
where in the domain, provided they have permissions
Prospects for those resources.
GSM has fared well as a global standard communica-
tions technology apart from garnering little support in The other type of user account in Windows, the local
the United States. Initiatives are underway to enhance user account, exists only within the directory database
this 2G system into one capable of carrying data at of the machine on which it is created. Use only global
speeds of 64 Kbps and higher. Two such upgrades are accounts for users when implementing Windows NT
the General Packet Radio Service (GPRS) and High domains as your security model. User Manager for
Speed Circuit Switched Data (HSCSD), both of which Domains creates global accounts by default.
operate by multiplexing GSM’s existing TDM slots.
Notes
These 2.5G initiatives are stepping stones toward the
In Windows 2000 and Windows .NET Server, global
next generation high-speed third-generation (3G)
user accounts are instead called domain user accounts
broadband cellular systems that are just beginning to
and they are managed using the Active Directory Users
appear in parts of the world.
and Computers snap-in for the Microsoft Management
Notes Console (MMC).
GSM has a counterpart service called Digital Commu-
See Also: local user account, user account
nication Service (DCS) that works in essentially the
529
GNOME Gopher
530
GPL grep
GPL
Stands for GNU General Public License, the open
source licensing scheme of the Free Software
Foundation.
See: GNU General Public License (GPL)
GPRS
Stands for General Packet Radio Service, a 2.5G
upgrade to second-generation (2G) Time Division
Multiple Access (TDMA) cellular communications
G
systems.
See: General Packet Radio Service (GPRS)
G0GXX06 (was G0Gui06 in 1E)
531
ground loop group
ground loop mance of hubs, switches, and cables. Noise can result in
A condition created when two or more parts of a net- corrupted packets leading to retransmissions that eat up
work are grounded at separate points, causing a voltage network bandwidth, and grounding equipment properly
difference between connected networking components. can reduce such noise and boost throughput.
Overview Notes
Voltage differences between different parts of a com- Ground loops are especially problematic with serial
puter network typically occur because of nonuniformi- connections such as RS-232 because cables using this
ties in the electrical characteristics of the grounding at interface have a second signal ground path between the
different locations. For example, consider two com- devices. Ground loops can also be a problem with
G puters that are located some distance apart and are
connected by coaxial cabling. Each device is also con-
shielded cabling such as shielded twisted-pair (STP)
cabling or coaxial cabling. These loops will occur if the
nected to the earth by the ground wire of its AC power cable’s shielding is grounded by a direct connection to
cable, but the two devices are plugged into different the chassis of the devices, because this provides a sec-
power outlets. These power outlets are connected to ond ground path between the devices in addition to that
different parts of your building’s electrical distribution produced by the ground portion of the AC power con-
system, and these different parts are under different nection. The resulting current loops can build up until
loads (have different currents being drawn from them they are potentially damaging to the connected equip-
by different configurations of devices). Thus they ment. To prevent such damage, the shielding in a
provide slightly different voltages. shielded cable should be grounded only at one end of its
connection. Finally, when grounding a metal rack or
You might also find slight differences in the ground cabinet that houses networking equipment, you should
potential at the two locations. These voltage differences ground it using the same AC power cable ground con-
can cause currents to be induced through the shielding nection that you used for the equipment itself. Note
of the network cabling, and these currents can be large that ground loops are not a significant problem with
because of the cable’s low resistance. Large pulses of unshielded twisted-pair (UTP) cabling because the wir-
current can occur when other devices on the power cir- ing is transformer-isolated in the hub and network inter-
cuits are switched on or off abruptly. This situation can face card (NIC) connections.
be potentially damaging to sensitive networking com-
ponents and might cause them to reset or lock up. See Also: opto isolator
Implementation
You can prevent ground loops in two main ways: group
A collection of user accounts.
● By using nonconducting fiber-optic cabling instead
of copper cabling, especially for longer cable runs Overview
Groups simplify the task of network administration by
● By employing opto isolators or isolation transform- allowing administrators to group similar user accounts
ers to break electrical connections between net- together in order to grant them similar rights and per-
working components missions. In Microsoft Windows 2000 and Windows
One might think that you could eliminate ground loops .NET Server, there are two types of groups:
entirely by not grounding networking equipment, but ● Security groups: Can contain members and can be
this is wrong for several reasons. Ground connections granted permissions in order to control user access
are essential for electrical equipment to ensure their to network resources. Security groups can contain
safety in the case of a short, and all electrical equipment users, other groups, and even computers.
should be properly grounded to ensure against shock
hazard. Grounding also reduces noise due to electro- ● Distribution groups: Used for nonsecurity func-
magnetic interference (EMI) that can affect the perfor- tions, such as grouping users together to send mass
532
group group
e-mail. Unlike security groups, these groups cannot can be granted permissions to resources on all servers
be used to control user access to network resources. (both the domain controllers and member servers) in
its domain. When the domain is in mixed mode,
In Windows NT there is only one type of group, which
domain local groups can contain user accounts and
is equivalent to security groups in Windows 2000 and
global groups from any domain in the forest. When
Windows .NET Server.
the domain is in native mode, they can also contain
Implementation domain local groups from their own domain and uni-
In Windows 2000 and Windows .NET Server, you create versal groups from any domain in the forest.
groups using the Active Directory Users and Computers
On Windows 2000 and Windows .NET Server member
console, and these are stored as group objects within
Active Directory directory service. In Windows NT, you
servers and client computers and Windows XP machines,
you can also create a fourth scope of group called a
G
create groups using User Manager for Domains, and they
local group, one that exists only within the local secur-
are stored in the Security Accounts Manager (SAM)
ity database of the machine on which it is created.
database. Users can belong to multiple groups at the
Local groups in Windows 2000, Windows .NET
same time. A group does not actually contain its member
Server, and Windows XP are similar to local groups
user accounts; it is merely a list of user accounts.
in Windows NT. They can contain user accounts that
The scope of a group is the portion of the network are local to the machine and user accounts and global
where the group can be granted rights and permissions. groups from their own domain. A local group can be
For example, a group whose scope is global can be granted permissions only to resources on the machine
granted permissions to resources in its own domain and where it was created. You use Local Users and Groups,
to resources in trusting domains. On the other hand, a a snap-in for Microsoft Management Console (MMC),
group whose scope is local can be granted permissions to create local groups on a machine.
to resources only on the machine where it was created.
Windows NT groups have only two levels of scope:
In Windows 2000 and Windows .NET Server, there are
three levels of scope for security groups: ● Global groups: A global group can be granted per-
missions to resources in its own domain and to
● Universal groups: Can contain members from any
resources in trusting domains. A global group can
domain and can be granted permissions to resources
contain user accounts only from its own domain. Glo-
in any domain in the current domain forest. Univer-
bal groups are created on Windows NT domain con-
sal groups can contain user accounts, global groups,
trollers and exist in the domain directory database.
and universal groups from any domain in the cur-
rent forest. Note that you can create universal ● Local groups: A local group created with Windows
groups only when the domain is in native mode and NT Workstation can be granted permissions only to
not in mixed mode. resources on the machine where it was created. A
local group created with Windows NT Server (on a
● Global groups: Can contain members only from
domain controller) can be granted permissions only
their own domain but can be granted permissions to
to resources on the domain controllers of its own
resources in any trusting domain. When the domain
domain. A local group can contain user accounts
is in native mode, global groups can contain user
and global groups both from its own domain and
accounts and global groups from the same domain.
from trusted domains. Network administrators of
When the domain is in mixed mode, these groups
enterprise-level Windows NT networks can use a
can contain only user accounts.
resource-access strategy called AGLP (Accounts are
● Domain local groups: Can contain members from organized by placing them in Global groups, which
any domain but can be granted permissions only to are then placed in Local groups that have appropriate
resources in their own domain. However, unlike the Permissions and rights assigned to them) to plan and
local groups of Windows NT, a domain local group implement local groups in their network.
533
group group
534
group account Group Policy
group account use the Group Policy snap-in for the Microsoft Manage-
ment Console (MMC) to create a Group Policy object
Another name for a group, a collection of user accounts.
(GPO) and configure its settings, and then assign the
See: group GPO to the appropriate container. An object may have
several GPOs influencing it (for example, one GPO
assigned to the OU containing the object and another to
Group Policy
the domain containing the OU). If this is the case, a con-
A feature of Microsoft Windows 2000, Windows XP,
flict may occur, and then the last setting applied wins.
and Windows .NET Server that simplifies management
Group policies are applied to users when they log on
of user and computer settings.
and to computers when they boot up. Users are subject
Overview to both GPO settings that apply to them as users and to G
Group Policy enables administrators of Windows 2000 GPO settings that apply to the computer at which they
and Windows .NET Server networks to define policies are working.
that manage the environment of users and computers. A
typical use for group policies is to enforce a written
company policy across all users in a specific site or
domain. Group policies can used to simultaneously
configure the desktop working environments for differ-
ent groups of users, but they have many other uses as
well. For example, group policies can be used to do the
following:
● Manage applications—for example, by configuring
policies to allow users to install applications pub-
lished in Active Directory directory service or to
automatically install or upgrade applications on
their machines G0GXX08 (was G0Gui08 in 1E)
535
GSM GUID
have the GPO of their new domain applied to them. The disabled by default and can be enabled using User Man-
default GPO for a domain is the only GPO on which ager for Domains. The Guest user account is a member
you can configure password restrictions, lockout of the Domain Guests global group and is assigned a
restrictions, Kerberos, the Encrypting File System null password during installation.
(EFS), and Internet Protocol (IP) security settings.
The Guest account is a domain user account on a
Notes domain controller. On a member server or workstation,
You cannot use Group Policy for Windows 2000 or however, there’s a separate Guest local user account.
Windows .NET Server to configure group policies for
You should not enable the Guest account unless you are
downlevel Windows NT, Windows 95, or Windows 98
sure you will need it. You should also make sure that all
G clients. Instead, use System Policy Editor, a Windows
NT tool that stores policy settings in a file called
your shared resources have correct permissions
assigned to them because enabling the Guest account
ntconfig.pol that modifies a portion of the Windows NT
otherwise could pose a security risk.
registry.
See Also: Guests group
FullArmor offers a tool called FAZAM 2000 that simpli-
fies the planning, deployment, and management of group
policies. You can find more info at www.fullarmor.com. Guests group
A built-in group in the Microsoft Windows 2000,
See Also: Active Directory, domain controller
Windows XP, and Windows .NET Server operating
systems whose members can be assigned guest access
GSM to network access.
Stands for Global System for Mobile Communications, Overview
a second-generation (2G) digital cellular communica- The Guests group is a domain local group whose initial
tions technology popular in Europe, Asia, and other membership is the built-in Guest domain user account.
parts of the world. If a member server or workstation joins a domain, the
See: Global System for Mobile Communications global group called Domain Guests is added to the local
(GSM) Guests group.
The Guests group has no preassigned rights or permis-
GSNW sions. You can assign any network resource permissions
to this group in order to grant temporary or guest users
Stands for Gateway Services for NetWare, a feature of
the access they require. Members of the Guests group
Windows 2000 Server that allows Windows clients
do not have the right to make permanent changes to
access to NetWare file, print, and directory services.
their desktop settings.
See: Gateway Service for NetWare (GSNW)
See Also: built-in group, Guest account
536
H
H.323 ●
537
H.323 gateway H.323 gateway
ViewStation MP, a popular system in many enterprise designed with videoconferencing strictly in mind and
environments. Other vendors include Sony Corporation is not flexible enough to support a full range of VoIP
with its Contact system (which also works over ISDN) features.
and VCON’s MC6000 that is multicast-capable.
A newer protocol proposed by the Internet Engineering
Task Force (IETF) is Session Initiation Protocol (SIP),
Terminal
which is seen in some quarters as preferable for newer
VoIP deployments. SIP is designed from the ground up
to support IP and is slimmer and more flexible than
H.323, a protocol known to have excessive overhead.
Gatekeeper Notes
The OpenH323 Project is an initiative of Equivalence Pty
H Ltd. to develop an open-source version of the H.323 pro-
Terminal tocol suite licensed under Mozilla Public License (MPL).
See Also: session initiation protocol (SIP), T.120,
Voice over IP (VoIP)
IP
internetwork
H.323 gateway
A service that allows you to connect an H.323-based
communication system on the Internet to a telephony
system.
Gateway
PSTN
LAN
H.323
servers
H.323
server
Telephone Firewall
G0HXX01 (new to 2E)
and
H.323. Components of an H.323 network. H.323 Internet
gateway
PC-based H.323 collaboration software products H.323
include PictureTel Corporation’s 900 Series appliances, gateway
which support both H.323 and H.320 communications;
VCOM’s MC8000; Intel Corporation’s TeamStation;
and VTEL Corporation’s SmartStation.
Prospects Telephony
H.323 was extolled by industry in the 1990s but is now
beginning to be considered legacy technology, suitable
mainly for migrating legacy telephony systems to VoIP
G0HXX02 (was G0Hui01 in 1E)
and for interoperating with legacy Private Branch H.323 gateway. Making a phone call using an H.323
Exchanges (PBXs). The problem is that H.323 was gateway.
538
hacking hacking
539
Hailstorm Hailstorm
● Elevation of privileges: The goal is to enable the Hailstorm provides users with a standard set of Web ser-
attacker to elevate his privilege level for accessing vices that enables users to collaborate and participate in
system resources from anonymous user to root business transactions seamlessly and transparently. Hail-
(administrator), if possible. storm places control squarely in the user’s court—data is
not shared unless users explicitly grant their consent to
● Buffer overflow: Flaws in software may cause
do so. This makes Hailstorm a secure platform for 21st-
systems to crash when invalid data is submitted
century business communications in the Internet economy.
through Uniform Resource Locators (URLs), Web
forms, and other user interfaces. Besides crashing Initial support for Hailstorm is included in Microsoft’s
systems, buffer overflows can sometimes give Windows XP, Office XP, and Xbox platforms. Hail-
hackers the ability to execute arbitrary code on the storm transforms MSN Messenger into an enterprise
systems affected. and consumer development platform for building
advanced user experiences that leverage the power of
● Spoofing: Assuming the identity of a trusted user or
Internet-based instant messaging.
of another system in order to gain access to a resource.
Architecture
● Session hijacking: This involves taking the place
Hailstorm services are designed to allow users to access
of the client in an existing client/server connection
their data from a variety of platforms, including tradi-
such as a TCP connection. Session hijacking is a
tional PCs, Tablet PCs, handheld Personal Digital
form of the man-in-the-middle attack.
Assistants (PDAs), mobile phones, and other Web
Notes appliances. User data is stored in a distributed fashion
The Openhack Project was developed by eWeek Labs to and can be securely accessed from any device and any
help publicize the issues around hacking of business location with the user’s consent.
540
HAL half-duplex
541
HAN Handheld Device Markup Language (HDML)
542
handshaking handshaking
* Prospects
WAP is currently gaining popularity at the expense of
HDML and may eventually replace it. One indication of
Cell phone UP.Link Gateway Web server this is Nokia and Ericsson, which are two major players
with HDML server at cellular with HDML
browser service provider content
in the world cellular market and which provide WAP-
G0HXX03 (new to 2E)
enabled phones. Nokia is even giving away the source
Handheld Device Markup Language (HDML). How an code for its WAP browser to promote this standard.
HDML communications system works.
When a user with an HDML-enabled client device (a
Meanwhile, enterprises that want to deploy mobile cli-
ents with Internet access have to support two interoper-
H
device running an HDML browser) wants to access able solutions, HDML and WAP.
HDML-formatted content on a Web server, the client See Also: Hypertext Markup Language (HTML),
device communicates over the provider’s cellular net- Hypertext Transfer Protocol (HTTP), Wireless Applica-
work with a special gateway server called an UP.Link tion Protocol (WAP), Wireless Markup Language
Gateway. This gateway server then “gates” the user’s (WML)
request over a Transmission Control Protocol/Internet
Protocol (TCP/IP) wireline connection to the Web
server. The Web server responds with the requested handshaking
content that is then “gated” back to the client over the The process that establishes communication between
cellular network. two telecommunications devices.
543
hardware abstraction layer (HAL) hardware abstraction layer (HAL)
control” because the process establishes the ground particularly those regarding processor commands, sys-
rules for managing the flow of data between the two tem interrupts, and input/output (I/O) interfaces.
devices. Some of the parameters that the modems need
Implementation
to negotiate are
The HAL is implemented in Windows 2000, Windows XP,
● The maximum transmission speed, taking into con- and Windows .NET Server as a loadable kernel mode
sideration the speed of both modems and the quality module called hal.dll that is located in the System32
of the transmission directory. If a hardware vendor needs to protect propri-
etary technology, the company can develop a custom
● The length of the line delay to apply echo
implementation of the HAL. This means, for example,
cancellation
that different processor configurations such as multipro-
● The communication protocol cessor machines might use different HAL drivers.
544
hardware address hardware profile
halmps.dll
and APIC
Used for multiprocessor PCs
HCL devices, contact the device’s manufacturer to see
whether a supported driver exists for the particular
H
halmacpi.dll Used for multiprocessor PCs that Windows operating system you are using. If you contact
support ACPI Microsoft Product Support Services (PSS) about a
halsp.dll Used for Compaq SystemPro servers problem and the support engineer determines that a
hardware device in your system is not on the HCL, you
For More Information will likely incur a charge for the call even if the problem
Find out about the HAL Development Kit at cannot be resolved.
www.microsoft.com/DDK/halkit.
Notes
See Also: Windows 2000, Windows .NET Server, You can usually find the HCL for a particular Windows
Windows XP operating system on its distribution CD. (The file might
be called hcl.txt.) A more up-to-date version of the
hardware address HCL for all Windows operating system platforms is
Also called a MAC address, a unique 6-byte (48-bit) available on the Web at the HCL site listed in the “For
address that is usually permanently burned into a net- More Information” section of this entry.
work interface card (NIC) or other physical-layer net- For More Information
working device and uniquely identifies the device on an You can visit Microsoft Product Support Services at
Ethernet-based network. www.microsoft.com/support. You can look at the
See: MAC address Microsoft HCL site at www.microsoft.com/hwtest/hcl.
Overview Overview
The Hardware Compatibility List (HCL) for a A hardware profile tells the operating system which
Microsoft Windows platform defines all supported devices are present when the computer boots.
hardware, including computer systems as well as indi- You can create several different hardware profiles on
vidual hardware components such as video cards, moth- Microsoft Windows operating systems and select the
erboards, and sound cards. When in doubt, you should one you want to use at boot time. For example, if
consult the HCL before installing an operating system
545
hashing algorithm HCL
Windows 2000 is installed on a laptop computer, you for each database record, creating a hash table that you
can create two hardware profiles for that computer: can use for quick searches for records.
● One profile for when the computer is docked and See Also: cryptography, encryption
connected to the network. (The profile will contain
configuration information for the network adapter.)
HBA
● Another profile for when the computer is undocked Stands for host bus adapter, a device that converts
and used in the field. (The profile will contain no Peripheral Component Interconnect (PCI) bus signals
configuration information about networking.) into Small Computer System Interface (SCSI) or Fibre
When the laptop is booted, you select the appropriate Channel format.
hardware profile from a menu generated by the operat- See: host bus adapter (HBA)
H ing system.
Notes H channel
Hardware profiles are usually not necessary for plug-and- A designation for groups of channels on Basic Rate
play laptops running Windows 2000, Windows XP, or Interface ISDN (BRI-ISDN) services.
Windows .NET Server. These computers can recognize
when new hardware becomes available (for example, by Overview
H channel standards are defined by the International
docking) and automatically configure themselves.
Telecommunication Union (ITU) and are composed of
different combinations of Integrated Services Digital
hashing algorithm Network (ISDN) B channels. The most common con-
A mathematical procedure for randomizing (hashing) figurations are as follows:
information to make it more secure in transmission.
● H0 channel: This consists of six B channels multi-
Overview plexed to provide a data transmission speed of 384
Hasting algorithms take information and scramble it kilobits per second (Kbps). This service is some-
repeatedly to create a fixed-length string of numbers times called ISDN H0 or switched 384.
and characters called a hash. A good hashing algorithm
has the following characteristic: if you apply a hash- ● H11 channel: This consists of 24 B channels to
ing algorithm to some data and then change only a few provide 1536 kilobits per second (Kbps) of band-
bits in the data and apply the algorithm again, the two width. This is sometimes called ISDN H11 or
resulting hashes will differ in almost every bit. switched 1536.
Hashing algorithms are used extensively in cryptogra- ● H12 channel: This consists of 30 B channels to
phy for encrypting keys or messages. Examples of pop- provide 1920 Kbps of bandwidth. This is some-
ular cryptographic hashing algorithms include MD2, times called ISDN H12 or switched 1920.
MD4, MD5, and SHA-1. Message Digest 5 (MD5) uses See Also: B channel, Integrated Services Digital
a 128-bit hash, and Secure Hash Algorithm (SHA) uses Network (ISDN)
a 60-bit hash. The more bits in a hash, the greater the
security of the encryption process.
HCL
Hashing is also used in some database technology for Stands for Hardware Compatibility List, a list of hard-
creating indexes of items in a database. Hashes of data- ware that is compatible with a Microsoft Windows
base objects are generally smaller than the objects operating system product.
themselves, so they can be indexed and searched more
quickly. You can generate unique hashes of fixed length See: Hardware Compatibility List (HCL)
546
HDLC Help
HDLC heartbeat
Stands for High-level Data Link Control, an encapsula- A polling feature of cluster servers.
tion protocol for point-to-point serial wide area network Overview
(WAN) links. An internal communications interface in Microsoft
See: High-level Data Link Control (HDLC) Cluster Server (MSCS) in Microsoft Windows NT
Server, Enterprise Edition, and in the Cluster service in
Windows 2000 Advanced Server and Windows .NET
HDML Enterprise Server, the heartbeat continuously provides
Stands for Handheld Device Markup Language, a interserver communication between cluster nodes in a
markup language loosely modeled on Hypertext Markup cluster. One function of the heartbeat is to generate a
Language (HTML) and optimized for providing Internet message that the Cluster service running on one node
access to cell phones and other handheld devices. regularly sends to the Cluster service on the other
node to detect a failure within the cluster. Nodes in a
H
See: Handheld Device Markup Language (HDML)
cluster communicate status information with each other
through the heartbeat using MSCS or the Cluster ser-
HDSL vice. These messages appear as network traffic between
Stands for High-bit-rate Digital Subscriber Line, a form the two nodes in the cluster on the dedicated network
of Digital Subscriber Line (DSL) technology that pro- connection between the nodes, which is called the pri-
vides T-1 speeds in both directions. vate network of the cluster. The primary heartbeat net-
work interface is usually a crossover network cable
See: High-bit-rate Digital Subscriber Line (HDSL)
directly attached between cluster nodes or in a private
network. If the heartbeat is lost over the private connec-
header tion, Cluster Server reverts to a public network or alter-
The initial portion of a packet or a frame. nate connection for its heartbeat and other Cluster
service traffic. You can configure the polling interval
Overview
for the heartbeat using Cluster Administrator.
The header typically contains control information such
as addressing, routing, and protocol version. The format See Also: clustering
of this information depends on the protocol being used.
For example, an Internet Protocol (IP) header contains
Help
information about the version of the IP protocol, the
Any of several systems of online help for Microsoft
length of the header, the type of service used, the packet’s
Corporation products.
Time to Live (TTL), the source and destination address,
and other data. Headers are used to control the flow of Overview
packets through the network or over the communication The type of help features available depends on the
link. nature of the product, the date of release, and the
context in which it is invoked. Examples of help func-
The end of a frame sometimes has a smaller structure
tions include the following:
called a footer or trailer, but this usually contains only
error-checking information. Control information is ● Help: Choose Help from the Start menu in
always placed in the header because this is the first por- Microsoft Windows 95, Windows 98, Windows NT,
tion of the packet or frame that is read by a networking Windows 2000, Windows XP, and Windows .NET
device such as a switch or a router. Server to open a Help Topics window (in Windows
XP and Windows .NET Server, the window is called
See Also: frame, packet
“Help And Support Center”). The window has three
tabs: Contents (to browse the help database using a
547
heterogeneous network hidden share
hierarchical set of book icons), Index (to type the are running Novell NetWare. An example at the appli-
topic you want help on and then display the appro- cation level is a messaging system that includes Micro-
priate entry), and Find (named Search in Windows soft Exchange Server, Novell GroupWise, UNIX Send-
98 and Windows 2000, to conduct a full-text key- mail, and IBM PROFS mail systems.
word search of the help database). Windows 2000
Heterogeneous networks are generally more complex
includes a fourth tab, Favorites, that lets you save
to administer than homogeneous networks. Most net-
links to Help topics.
works are heterogeneous because they evolve over time.
In Windows XP and Windows .NET Server, Help Most startup companies cannot afford to buy a com-
has an entirely new look and setup. It now resem- pletely homogeneous, state-of-the-art network plat-
bles Internet Explorer and offers many new features form, and even if they could, it would soon become out
and customized user options. For example, the of date. One advantage of deliberately maintaining a
mechanism to search Microsoft Online has been
H integrated into the main search engine.
heterogeneous network is that customers can use any
product they choose instead of being locked into a sin-
● What’s This?: To find information about a setting gle vendor’s system. Networking and operating system
in a dialog box or property sheet, right-click the choices can be made on a “best-served” basis instead of
item and choose What’s This? from the context an “only buy from us” approach.
menu, or click the question mark button at the top See Also: homogeneous network
right of the dialog box.
● F1 key: To get context-sensitive help at any point, hidden share
press the F1 function key. A share not visible when users browse the network for
● Browser-based help: In Windows 2000, online resources.
help is provided through a new interface called Overview
Online Support and Information, which is accessi- In Microsoft Windows operating systems, a share with
ble in Windows 2000 Help by selecting Web Help. a dollar sign ($) appended to the share name. Hidden
The interface displays a new page within Windows shares are accessible on the network using Universal
2000 Help that provides links to various Windows Naming Convention (UNC) paths or mapped network
2000 online support Web pages, including a new drives, but only if the user knows that they are present
Windows 2000 Resource Kits Web page. and knows their exact name. These shares do not show
● Books Online: Many Microsoft products have up in My Network Places or Windows Explorer or when
additional user manuals in an online format that you you use the net view command. Users are unaware of
can access from the Start menu. their presence unless they are specifically informed.
It is a good idea not to acquaint ordinary users with hid-
heterogeneous network den shares, because they might create such shares on
A network that uses multiple network architectures and their workstations if appropriate file and print services
operating systems. are installed. This can lead to secret, uncontrolled pub-
lishing of information within the company, which is
Overview usually against company policy.
An example of a heterogeneous network at the hard-
ware level is a combination of Ethernet and Token Ring Windows 2000, Windows XP, and Windows .NET
local area networks (LANs) connected with a Fiber Dis- Server also create certain hidden shares during the instal-
tributed Data Interface (FDDI) backbone. An example lation process that the operating system uses for specific
at the network operating system (NOS) level is a server purposes. These hidden shares are called administrative
room in which some machines are running Microsoft shares; permissions on them should not be modified.
Windows NT, others are running UNIX, and still others See Also: share
548
Hierarchical Storage Management (HSM) Hierarchical Storage Management (HSM)
549
High-bit-rate Digital Subscriber Line (HDSL) High-bit-rate Digital Subscriber Line (HDSL)
550
High-bit-rate Digital Subscriber Line (HDSL) High-bit-rate Digital Subscriber Line (HDSL)
HDSL implementation carry data at 784 Kbps over costs associated with this repeaterless technology. An
unconditioned lines without the need of repeaters. Two enterprise customer wanting to run a public Web server
pairs of copper wires thus provide a throughput of 1.536 at her company site might use HDSL to provide a high-
Mbps, which is the same as regular T1. bandwidth connection between the server and the
Internet.
In a typical scenario, a line driver called an HTU-R ter-
minates the lines at the customer premises end through HDSL can also be used for connecting bridges, rout-
a serial connection to a router that provides connectivity ers, and telephone equipment such as Private Branch
for the customer’s local area network (LAN). At the Exchanges (PBXs) over a campus using HDSL line
telco end, a similar line driver called an HTU-C termi- drivers with built-in Channel Service Unit/Data Service
nates the other end and provides a connection to the dig- Unit (CSU/DSU) functionality. It can also be used to
ital cross connect (DCC) that routes signals to trunk build private data telecommunications networks, con-
lines between central offices (COs). A group of HTU-
Cs are typically combined in a rack to service more
nections between points of presence (POPs), and other
telecommunications services. You can use HDSL to
H
customers. connect campus networks and phone equipment at T1
speeds without the need for costly fiber-optic cabling.
HDSL line drivers or line terminals generally support a
variety of data interfaces, including V.35, G.703, and
LAN
10BaseT connections. They are configurable for Nx64
Bridge Kbps transmission speeds and sometimes include
bridge or router functionality for framing of High-level
HDSL Data Link Control (HDLC), Point-to-Point Protocol
line driver (PPP), Internet Protocol (IP), and other protocols. They
V.35
can be used for LAN-LAN connections and for con-
4-wire twisted-pair
unconditioned phone line Line necting LANs to frame relay networks or the Internet.
sharer
HDSL HDSL can also be used for other purposes such as vid-
line driver eoconferencing, telecommuting, and shared Internet
PBX access for connecting business networks to the Inter-
LAN
net. HDSL is not used for residential Internet access—
Asymmetric Digital Subscriber Line (ADSL) is com-
V.35 monly used there instead. ADSL is able to provide line
sharing (combined voice/data services over a single
Bridge Public Telephones pair of copper lines), but HDSL carries only data and
Switched requires two pairs of lines.
Telephone
Network Prospects
(PSTN) A newer form of HDSL called HDSL2 works similarly
to HDSL but requires only one pair of copper lines in
G0HXX06 (was G0Hui02.bmp in 1E)
551
High-level Data Link Control (HDLC) High-level Data Link Control (HDLC)
High-level Data Link Control layer because the local and remote stations are connected
directly. In this configuration, either one station is the pri-
(HDLC)
mary and the other the secondary (unbalanced point-to-
An encapsulation protocol for point-to-point wide area
point link) or both stations function in a primary/secondary
network (WAN) links.
capacity (balanced point-to-point link). You can also use
Overview HDLC in a more complex configuration in which one pri-
High-level Data Link Control (HDLC) is a data-link mary links to several secondaries (unbalanced multipoint
layer protocol for synchronous communication over configuration), but this is not common.
serial links. HDLC was developed in the 1970s by IBM
as an offshoot of the Synchronous Data Link Control
(SDLC) protocol for their Systems Network Architec-
LAN
ture (SNA) mainframe computing environment. It was
H later standardized by the International Organization for Router
Standardization (ISO) as a standard Open Systems
Interconnection (OSI) Layer-2 protocol. CSU/DSU or
HDSL line driver
Architecture V.35
HDLC is called an encapsulation protocol because it
encapsulates bit stream data into fixed-length frames
for transmission over synchronous serial lines. HDLC CSU/DSU or
HDSL line driver
is a bit-stream protocol (bit streams are streams of data Leased line
not broken into individual characters) that uses a 32-bit
LAN
checksum for error correction and supports full-duplex
communication. HDLC frames consist of a special flag
byte (01111110) followed by address and control infor- V.35
mation, data bits, and a cyclic redundancy check (CRC)
byte. A control field at the start of a frame is used for Router
establishing and terminating data link connections. As a G0HXX07 (was G0Hui03 in 1E)
552
High Performance File System (HPFS) High-Performance Parallel Interface (HIPPI)
operate with each other. This was the driving force ● It uses large file cache sizes and lazy-writes.
behind the development by the Internet Engineering
Other features of HPFS that were considered advanced
Task Force (IETF) of Point-to-Point Protocol (PPP), a
at the time of its development included the following:
newer encapsulation protocol that has largely replaced
HDLC in WAN environments. PPP supports both syn- ● Long filenames—up to 256 characters in length.
chronous and asynchronous communications and has These long filenames are case preserving but not
a standard implementation by every vendor to ensure case sensitive. MS-DOS applications can still access
interoperability between networking equipment from HPFS volumes either over the network to an OS/2
different vendors. Both PPP and Link Access Protocol, LAN Manager server or from inside an MS-DOS
Balanced (LAPB), the data-link protocol for X.25, compatibility box on an OS/2 workstation.
evolved from HDLC and were built upon its foundation.
● Extended attributes—a series of name/value pairs
Notes
A version of HDLC known as Normal Response Mode
associated with each directory or file. These extended
attributes can be 64 kilobytes (KB) in size and sup-
H
(NRM) HDLC is basically the same thing as Synchro- port advanced kinds of search queries, such as by file
nous Data Link Control (SDLC), a protocol developed type, version number, subject, or comments.
by IBM as a replacement for its BiSync protocol.
● Support for extended character sets.
See Also: Channel Service Unit/Data Service Unit
● Maximum 64-gigabyte (GB) drive size. (The prac-
(CSU/DSU), leased line, Open Systems Interconnection
tical limit is 16 GB, however.)
(OSI) reference model, Point-to-Point Protocol (PPP),
Synchronous Data Link Control (SDLC), wide area net- Notes
work (WAN), X.25 HPFS is supported by Microsoft Windows NT version
3.51 but not by the Windows NT 4, Windows 2000,
Windows XP, or Windows .NET Server operating sys-
High Performance File System
tems, which use the more advanced NTFS file system
(HPFS) (NTFS). HPFS was designed to function as an Install-
A file system designed for version 1.2 of the Microsoft/ able File System (IFS), which is implemented as a
IBM OS/2 operating system as a successor to the file dynamic-link library (DLL) that hooks into the file sys-
allocation table (FAT) file system used by MS-DOS. tem component of the operating system kernel. In
Overview Windows NT 3.51, you configured HPFS through an
High-Performance File System (HPFS) improves on IFS= line in the config.sys file. The CD file system
the performance of the FAT file system for MS-DOS in (CDFS) was also designed to support IFS.
the following ways: See Also: file allocation table (FAT), file system, NTFS
● It locates file directory and allocation information file system (NTFS)
in close physical proximity to the files themselves
on the hard disk. (The FAT file system locates the High-Performance Parallel
root directory and allocation information on the Interface (HIPPI)
outermost cylinders of the drive.)
A gigabit networking technology for point-to-point
● It has a more robust and efficient file system tree communications.
structure than FAT, so you can locate directories
Overview
more quickly.
High-Performance Parallel Interface (HIPPI) is an
● It has multiple asynchronous read/write threads. American National Standards Institute (ANSI) stand-
ard for point-to-point networking at gigabit speeds.
● It uses sector-based allocation instead of the more
HIPPI was developed in the 1980s as a technology for
space-wasting, cluster-based allocation used by FAT.
553
High-Speed Circuit Switched Data (HSCSD) High-Speed Circuit Switched Data (HSCSD)
554
High-Speed Serial Interface (HSSI) HiperLAN/2
Mode (ATM) technology to the wireless networking arena Sense Multiple Access with Collision Avoidance (CSMA/
and is expected to be ratified as a standard sometime in CA) MAC employed by 802.11a. This makes HiperLAN/2
2002. HiperLAN/2 is an alternative to the existing 802.11a more like ATM than Ethernet in its operation, and, in fact,
high-speed wireless networking standard developed by the HiperLAN/2 supports Quality of Service (QoS) features
Institute of Electrical and Electronics Engineers (IEEE) similar to those found in ATM, something 802.11 does not.
and is intended as a worldwide wireless networking plat-
Prospects
form that is interoperable with ATM, third-generation
HiperLAN/2’s QoS features make it an attractive solution
(3G) cellular systems, and 1394 (Firewire) systems.
for wireless transport of multimedia and video. The main
Adoption of HiperLAN/2 standards is being driven by issue with the technology, however, is its use of the 5 GHz
the HiperLAN2 Global Forum (H2GF), an open indus- frequency spectrum, which conflicts with the Federal
try forum launched in 1999 and whose founding mem- Communication Commission’s (FCC) spectrum alloca-
556
hive H-node
Overview
Windows NT Hives
The History folder makes it simple to return to sites that
you have recently visited but have not been designated as Hive Key Function
Favorites. By clicking the History button on the Internet Default HKEY_USERS\ Contains the default
Explorer toolbar, you can view the contents of the History DEFAULT system profile used
folder and revisit any of the links. You can configure how when the logon
many days items should be kept in the folder, and you can screen is displayed.
delete the files manually if desired. Using the offline brows- SAM HKEY_ Contains information
ing feature of Internet Explorer, you can browse the History LOCAL_ for the Security
folder while you are disconnected from the Internet. MACHINE Account Manager
\SAM (SAM). This hive
cannot be viewed with
hive
A physical file containing part of the registry in
the registry editor and
must be accessed using H
Microsoft Windows. specific application
programming
Overview interfaces (APIs).
Hives are opposed to subtrees, which are logical sec- Security HKEY_ Contains the computer’s
tions of the registry. The term hive is loosely connected LOCAL_ security policy informa-
with the idea of the cellular structure of a beehive. MACHINE tion. This hive also
Hives consist of a discrete collection of keys and sub- \SECURITY cannot be viewed with
keys that have a root at the top of the registry. Five of the registry editor and
these hives are located in the folder %SystemRoot%\ must be accessed using
system32\config; the sixth hive (Ntuser.dat), which specific APIs.
Software HKEY_ Contains global
contains user profile information, is stored on machines
LOCAL_ configuration
running Windows NT in the folder %SystemRoot%\
MACHINE information for
Profiles\username. On machines running Windows
\SOFTWARE installed software.
2000, Windows XP, or Windows .NET Server, it is
System HKEY_ Contains configuration
stored in the folder LOCAL_ information for
● %SystemRoot%\Documents and Settings\ MACHINE installed hardware
username if this is a new Windows 2000, \SYSTEM and devices and services.
Windows XP, or Windows .NET Server installation HKEY_CURRENT
or an upgrade from Windows 95 or Windows 98 _CONFIG
Ntuser.dat HKEY_ Contains user-specific
● %SystemRoot%\Profiles\username if this is an CURRENT_ configuration settings
upgrade from Windows NT to Windows 2000, USER for the user who is
Windows XP, or Windows .NET Server currently logged on
interactively.
Each hive has an associated transactional .log file that
logs all modifications made to the registry and provides See Also: registry
fault tolerance. Each hive file also has a .sav file, which
is a backup copy of the hive file. The functions of the
hives and the logical key they map to are indicated in H-node
the following table. A NetBIOS name resolution method used for name
registration and resolution.
557
home area network (HAN) home area network (HAN)
558
home folder HomeRF
559
homogeneous network homogeneous network
Working Group aims at releasing a HomeRF 3 standard nels. Proponents of HomeRF often respond by saying
in 2002 that will push data rates up to 22 Mbps. that their product is targeted to a different market, the
home networking market, than is 802.11, which is
In contrast to the competing 802.11 wireless network-
aimed mainly at the enterprise. They also point out that
ing technologies that use direct sequence spread spec-
HomeRF fills a niche for combined data-voice wireless
trum (DSSS) radio transmission, HomeRF instead
networking that 802.11, which is strictly data-oriented,
employs frequency hopping spread spectrum (FHSS)
has not filled. The Federal Communications Commis-
transmission. FHSS employs a signal that “hops” over a
sion (FCC) has tried to resolve these concerns by limit-
number of different frequencies to find one that is clear
ing HomeRF hardware to power transmission under
for transmission and provides better resistance to elec-
125 milliwatts. This limits the range of HomeRF trans-
tromagnetic interference (EMI) than DSSS. Voice
mission to about 150 feet (45 meters) and makes it less
transmission is supported using time division multiple
likely to interfere with a neighboring 802.11 network.
H access (TDMA), but data uses Carrier Sense Multiple
Access with Collision Avoidance (CSMA/CA). Market prospects for HomeRF look good, but it has to
play catch up to 802.11, which already has a large
HomeRF is deployed by using a central device called a
installed base worldwide. Intel is one company that
home gateway, which enables communications between
already has home network products available in the
various types of devices including PCs, display pads,
consumer market that are based on the HomeRF
Web appliances, PDAs, stereos, home automation
standard.
devices, and cordless phones. HomeRF uses a new pro-
tocol called Shared Wireless Access Protocol (SWAP) For More Information
to enable its home networking features. Using SWAP, a Visit the HomeRF Working Group at www.homerf.org.
user can do such things as
See Also: 802.11, Bluetooth, wireless networking
● Network a variety of different devices together into
an integrated home networking environment
homogeneous network
● Share files, printers, and Internet connections A network that uses a single network architecture and
among devices on a home network operating system.
560
honey pot honey pot
not be as appropriate as replacing it entirely with Another example would be an enterprise-level messag-
something newer. ing system based solely on Microsoft Exchange Server
with no other mail systems used.
● Decision making involves politics, and different
groups might press for purchasing software that See Also: heterogeneous network
they are more comfortable with instead of making
prudent long-term decisions.
honey pot
A simple example of a homogenous network would be A dummy server used to distract hackers from real
an Ethernet local area network (LAN) in which all targets.
machines are running Microsoft Windows 2000.
Honey pot
Hacker Firewall
Internet
Switch Server
198.16.5.21
Server
198.16.5.22
Honey pot
198.16.5.23
LAN
Server
198.16.5.24
Perimeter
network
(DMZ)
Honey pot. Two ways of setting up honey pots to attract and catch hackers.
561
hood hop count
Overview hood
A honey pot emulates a real server, with the goal of draw- Sometimes called a boot, the protective enclosure at the
ing hackers away from your actual production servers. ends of cabling that houses the pins.
For example, you could set up a dummy Web server, mail
server, or authentication server as a honey pot. Honey Overview
pots should include The hood protects the contacts between the cable’s
wires and the pins in the enclosed connector. The term
● Data that makes them attractive to a hacker. Typi- hood is usually applied to serial cables for serial trans-
cally, this could be a small sampling of real data, mission interfaces such as RS-232 and V.35. The RJ-45
such as authentic Web pages or a few real user termination of unshielded twisted-pair (UTP) cabling
accounts (without their passwords, of course!). and the SC termination of fiber-optic cabling are simply
● Intrusion detection software that logs all suspicious called connectors or jacks. Hoods are generally made of
H activity with the server and alerts administrators metal or plastic. Metal hoods are used on shielded
cabling to provide shielding against electromagnetic
to it.
interference (EMI) at the cable ends. Removable metal
Implementation hoods are also used for running cable through tight
There are several ways to deploy honey pots on the spaces, such as conduits, or for repinning connections.
perimeter of your corporate network: Plastic hoods, which are less expensive, are used prima-
● You could use a router or firewall with port redirec- rily on unshielded cabling. Molded plastic hoods are
tion configured to make it look as though services also used to provide durable, tamper-proof housings for
running on a honey pot are running on a real server pins.
instead. For example, you could set up a honey pot
for a Web server, leaving only Transmission Control
Protocol (TCP) port 80 (HTTP) open on the Web
server and opening port 23 (Telnet) on the honey pot.
Using port redirection, it looks to the attacker like
port 23 is open on the Web server, but this actually
redirects the attacker to the honey pot instead.
● Alternatively, to deal with attackers who sweep RS-232 cable with Open hood
removable metal hoods showing pinning
entire ranges of Internet Protocol (IP) addresses for
G0HXX09 (was G0Hui05 in 1E)
vulnerabilities, you could set up a honey pot among a Hood. An example of a hood.
group of real servers having sequential IP addresses.
When the attacker scans the network, the honey pot
detects the scan and warns an administrator that a hop count
possible attack is underway. The logical distance between two networks based on
the number of routers that must be traversed by packets
Honey pots require resources to be dedicated to them sent between them.
and are essentially useless unless you have the time and
personnel to analyze their intrusion logs and respond to Overview
their alerts. In other words, a honey pot that is set up and In Transmission Control Protocol/Internet Protocol
then ignored is worse than no honey pot at all. Honey (TCP/IP) internetworking, the number of hops between
pots are designed to provide administrators with infor- two hosts would be the number of routers that an Inter-
mation not just for detecting attacks, but also for track- net Protocol (IP) packet would have to pass through in
ing down those performing the attacks, but this requires order to reach its destination.
skill and time to accomplish.
See Also: firewall, router, security
562
horizontal cabling horizontal cabling
Source host
Destination host
G0HXX10 (was G0Hui06 in 1E)
Hop count. Two hosts that are three hops apart on an internetwork.
The illustration shows a network path that is three hops packets dropped (discarded) once they reach a certain
long. As the packet travels from source to destination, maximum hop count (that is, once the TTL decrements
the packet’s header maintains information about the to zero).
“hop count” (the number of hops traversed). This infor-
Notes
mation is stored as a Time to Live (TTL) parameter
In Microsoft Windows 2000, you can use the tracert
within each packet that typically starts with a value of
command to watch the hop count decrease as an IP
128 and is decremented by 1 at each router (that is, after
packet traverses an internetwork toward its destination.
each hop). If router congestion delays the packet at a
router, the TTL might be decremented by more than 1 to See Also: routing
indicate this. If the TTL is decremented to 0 before the
packet reaches its ultimate destination, the next router
horizontal cabling
drops the packet and retransmission is required from the
In premise cabling, any cabling that is used to connect a
source host.
floor’s wiring closet to wall plates in the work areas to
Uses provide local area network (LAN) drops for connecting
Hop counts are used by dynamic routers to determine users’ computers to the network.
the best route for forwarding data across a large inter-
Overview
network. The route that has the smallest total number of
Horizontal cabling is usually installed in a star topology
hops is generally the best route for sending the data.
that connects each work area to the wiring closet, as
Hop counts are also used to prevent packets from end-
shown in the illustration. Four-pair 100-ohm unshielded
lessly circulating around an internetwork by having
twisted-pair (UTP) cabling (Category 5 [Cat5] cabling
563
horizontal cabling horizontal cabling
or enhanced Category 5 [Cat5e] cabling) is usually rec- Patch cords for connecting the patch panel to hubs and
ommended for new installations because it supports switches in the wiring closet should be no longer than
both voice and high-speed data transmission. To com- 23 feet (7 meters) total, with a maximum of two patch
ply with Electronic Industries Association/Telecommu- cords per line, neither of which can exceed 19.7 feet
nications Industries Association (EIA/TIA) wiring (6 meters) in length. Cables connecting users’ computers
standards, individual cables should be limited to 295 to wall plates should be limited to 9.8 feet (3 meters) in
feet (90 meters) in length between the wall plate in the length.
work area and the patch panels in the wiring closet.
Wall plate
Work area
H
≤ 9.8 feet/3 meters
Wiring closet
Workstation
Patch panel
Patch cord Horizontal cable run
Hub (≤ 19.7 feet/6 meters) (≤ 295 feet/90 meters)
Rack
Horizontal cabling. Deploying horizontal cabling to connect a work area to a wiring closet on the same floor.
564
host Host Data Replicator
Horizontal cabling is most easily installed during con- host bus adapter (HBA)
struction or renovation of the building because proper A device that converts Peripheral Component Intercon-
installation might require opening false ceilings or nect (PCI) bus signals into Small Computer System
walls. If this is not feasible, installing external cable Interface (SCSI) or Fibre Channel format.
trays and conduits might be the best solution because
loose cables on the floor pose a hazard and should be Overview
avoided at all costs. Host bus adapters (HBAs) have traditionally been
SCSI-based devices used in Storage Area Networks
Notes (SANs). They are also used in Fibre Channel SANs to
Avoid installing cables near motors, generators, trans- provide connectivity with Gigabit Ethernet (GbE) net-
formers, or power lines in order to minimize electro- works. The Storage Network Industry Association is
magnetic interference (EMI). Keep cables away from developing a proposed set of standard application
photocopying machines and elevators because these
machines generate a lot of EMI. If you anticipate
programming interfaces (APIs) for HBAs to ensure
interoperability between products from different ven-
H
increased bandwidth needs in the near future, use mul- dors. With the emergence of the new Infiniband bus
timode fiber-optic cabling instead of unshielded twisted standard, things are likely to change and host bus adapt-
pair (UTP) cabling for horizontal cabling. You probably ers may decline in importance.
want to install two four-pair UTP cables in each work
area, one for voice and the other for data transmission. Marketplace
Be sure to use the right kind of wall plates (RJ-11 for A number of vendors produce host bus adapters for
voice and RJ-45 for data). storage networking, including Emulex Corporation,
whose LightPulse and Giganet Fibre Channel PCI host
See Also: cabling, premise cabling, structured wiring bus adapter is a popular choice for enterprise SANs.
One new development in this market is the recent mar-
host riage of high-speed switching technology with host bus
Any device on a Transmission Control Protocol/Inter- adapters, represented by companies such as Qlogic
net Protocol (TCP/IP) network that has an Internet Corporation.
Protocol (IP) address. See Also: Fibre Channel, Infiniband (IB), storage
Overview area network (SAN)
Examples of hosts include servers, workstations, net-
work-interface print devices, and routers. The terms Host Data Replicator
node and host are often used interchangeably in this A Microsoft Corporation database replication tool that
regard. Sometimes the term host specifically means a copies data from legacy DB2 database tables on an IBM
device on a TCP/IP network that can both receive data mainframe to Microsoft SQL Server database tables.
and initiate contact with other devices. For example, a
computer configured as a Simple Mail Transfer Proto- Overview
col (SMTP) host receives e-mail messages and for- The Host Data Replicator consists of a data replicator
wards them to their destination. service implemented as a service in Microsoft
Windows NT and Windows 2000 plus an administrative
Notes tool called the Data Replication Manager. The Host
In mainframe computing environments, a host is a Data Replicator performs the replication by taking a
mainframe computer that is accessed by users through snapshot of the entire source table. It then either copies
remote terminals. the entire snapshot to the target database table, over-
See Also: IP address, Transmission Control Protocol/ writing any records in the existing target table, or
Internet Protocol (TCP/IP) appends the information to the target table, depending
on how it is configured. The Host Data Replicator can
565
host header names Host Integration Server
also replicate SQL Server tables back to a DB2 data- ports host header names, such as Internet Explorer 4 and
base. The Host Data Replicator can copy data either on later, can use these names to access different virtual serv-
demand or according to a predefined schedule. ers that have the same IP address and port number and are
located on the same machine running IIS. The browser
The Host Data Replicator is supported by Microsoft
makes an HTTP 1.1–compliant GET request, which con-
SNA Server version 3 and later and Microsoft SQL
tains in its header the host header name being requested.
Server version 6.5 and later.
Notes
IIS 4 and later also support host header names for older
host header names
noncompliant browsers through the mechanism of
A feature of Hypertext Transfer Protocol version 1
cookies. For very old browsers that do not support
(HTTP/1.1) that enables multiple Web sites to be hosted
cookies, a tool in the IIS Resource Kit called the Cookie
on the same Web server.
H Overview
Munger enables these browsers to access such sites on
IIS 4 as well.
Host headers are supported by Microsoft Internet Infor-
Do not create host header names for the Default Web
mation Services (IIS) and allow multiple Web sites hav-
Site because this might affect other services installed on
ing the same Internet Protocol (IP) address and HTTP
the server that expect the Default Web Site to have no
port number to be hosted on the same Web server. Web
host header names.
browsers such as Microsoft Internet Explorer also sup-
port host header names and can access such IIS Web See Also: Hypertext Transfer Protocol (HTTP), IP
sites seamlessly. Web browsers that support host header address, Web server
names include Internet Explorer 3 and later or Netscape
Navigator 3 and later.
host ID
Implementation The portion of an Internet Protocol (IP) address that
To configure multiple Web sites on an IIS server to share uniquely identifies a host on a given Transmission
one IP address and use host header names for client Control Protocol/Internet Protocol (TCP/IP) network.
access to them, perform the following steps:
Overview
1 Open the property sheet for each virtual server in You can determine the host ID from a host’s IP address by
Internet Services Manager. logically NANDing the binary form of the IP address with
the binary form of the subnet mask for the network. The
2 Select the Web Site tab and specify the IP address and
remaining part of an IP address is the network ID, which
port number (usually port 80), or select All Unas-
specifies the network to which the host belongs.
signed if your server has only one IP address.
For example, if a host has an IP address of 172.16.8.55
3 Click the Advanced button, select the identity you
on a network with a subnet mask of 255.255.0.0 (the
want to use from the Multiple Identities For This Web
default subnet mask), the host ID is 0.0.8.55 or simply
Site list, and add a host header name. Note that each
8.55. The host ID uniquely identifies the host but only
identity can have only one host header name, but each
within the boundary of the network ID for the network
virtual server can have multiple identities.
on which the host is installed.
4 Register the host header name with your Domain
See Also: IP address, network ID
Name System (DNS) server or Internet service
provider (ISP).
Host Integration Server
Once the IIS server and DNS name resolution environ-
Microsoft Corporation’s gateway and application
ments are configured properly, a Web browser that sup-
integration platform.
566
host name host name resolution
567
host routing host routing
Notes
Host Name Resolution Methods in the Order
There is a separate series of steps for attempting to
Applied
resolve NetBIOS names on a network that uses WINS.
Host Name For more information, see the entry “NetBIOS name
Resolution resolution” elsewhere in this book.
Methods Comments
Check whether the The local host knows its own host See Also: Domain Name System (DNS), host name
target host is the name!
local host. host routing
Check local hosts This check is performed only if a The routing process that occurs when a host (computer)
file. hosts file has been configured. on a network forwards a packet to a destination host on
the network.
H Contact DNS
server.
This check is performed only if
the DNS tab of the TCP/IP prop- Overview
erty sheet has a DNS server speci- Host routing is different from router routing, which is
fied on it. The local host tries what happens when a router receives a packet that needs
again at intervals of 5, 10, 20, and to be forwarded to a destination host. Host routing
40 seconds. essentially involves a simple decision: should the
packet be forwarded directly to its destination host, or
Check local Net- The cache contains recently
should it be forwarded to a router? The host makes this
BIOS name cache. resolved NetBIOS names. (On
decision by comparing the packet’s destination address
(Unique to Microsoft networks, NetBIOS
Microsoft net- names and host names are usually with entries in its internal routing table.
works.) the same.) To perform host routing, the host must first obtain the
Contact NBNS. This check is performed if NBNS internetwork address of the destination host using some
(Unique to has been configured by creating a form of name resolution. For example, in order for a
Microsoft net- Windows Internet Name Service host to forward a packet to a remote host called north-
works.) (WINS) record within the DNS wind.microsoft.com, it could first use the Domain
database. On a Microsoft net- Name System (DNS) to obtain the Internet Protocol
work, this is usually a WINS (IP) address of the remote host. The host then compares
server. The local host tries three this address with entries in its internal routing table to
times to contact the WINS server determine whether the destination has a local or remote
and then tries the secondary network address. If the address is a local network
WINS server three times. address, the host forwards the packet directly to its des-
Perform local Local host broadcasts a NetBIOS tination using the physical layer or physical address of
broadcast. (Unique name query request packet three the remote host. This process is known as direct deliv-
to Microsoft net- times. ery. On Transmission Control Protocol/Internet Proto-
works.) col (TCP/IP) networks, the physical address of a host
is its MAC address, which is obtained by using the
Check local This check is performed if a Address Resolution Protocol (ARP).
lmhosts file. lmhosts file has been configured.
(Unique to If, however, the host determines that the destination
Microsoft net- host has a remote network address (that is, the destina-
works.) tion host is on a different network than the sending
host), the host forwards the packet to a nearby router
If all methods fail, an error message states that the com- after first obtaining the physical address of the near-side
puter could not be found on the network. interface of the router. This process is known as indirect
568
hosts file hosts file
delivery. It is the router’s responsibility to ensure that poorly, had no automated process for registering new
the packet is forwarded toward its destination, although hosts, and had no way of pushing out updates from the
in a typical internetwork the destination might be sev- master hosts file server. The result was the development
eral hops away, in which case the router’s responsibility of DNS, a distributed name resolution service that is
extends only to the next hop on the path. still in use and forms the backbone of communications
on the Internet.
See Also: Address Resolution Protocol (ARP), Domain
Name System (DNS), hop count, IP address, router, Implementation
routing Hosts files consist of a series of FQDN-to-IP address
mappings, one per line. Each line in the hosts file con-
tains the IP address of a host followed by the FQDN of
hosts file
the host, followed by an optional comment prefixed with
A text file that provides a local method for name resolu-
tion of Internet Protocol (IP) hosts.
a pound sign (#). Hosts files should contain mappings
for hosts on both local and remote networks. Mappings
H
Overview can consist of an IP address and one or more host names
A hosts file can be used to resolve a host name or fully (aliases). If you are using hosts files to resolve host
qualified domain name (FQDN) into its associated IP names on a network, each computer on the network
address. Hosts files are a local alternative to using dis- should have a hosts file.
tributed Domain Name System (DNS) name servers for
On a UNIX system, the hosts table is found in /etc/
performing name resolution on Transmission Control
hosts, and on Microsoft Windows 2000, Windows XP,
Protocol/Internet Protocol (TCP/IP) networks. Hosts
and Windows .NET Server systems, it is located in the
files are used mainly on small networks where main-
%SystemRoot%\system32\ drivers\etc\Hosts directory.
taining a DNS server is impractical or as a backup in
case no name servers are available to perform name Notes
lookups. Although DNS has largely eliminated the need for
maintaining hosts files, they are still useful in two
History
scenarios:
Hosts files predated the DNS as a name resolution
method. During the 1970s, when the ARPANET, the ● On small TCP/IP networks not connected to the
Internet’s precursor, consisted of only a few hundred Internet, it may be easier to maintain a hosts file
different hosts, using hosts files was a relatively pain- than to run a DNS server.
less way of enabling name resolution to be performed.
● Hosts files can be used as a backup in case DNS
When someone added a new host to the network, they
goes down. Typically, you would keep the hosts file
would e-mail the Network Information Center (NIC),
small in this case, adding only entries for your serv-
which would update the information in their master
ers and for gateways to remote networks, plus a line
hosts file stored on a server called SRI-NIC. Users
for localhost, which maps to 127.0.0.1, the loop-
around the ARPANET typically checked this server a
back address for testing IP communications.
few times each week to see if an updated hosts file was
updated and if so would download it to their own hosts Notes
using File Transfer Protocol (FTP). Place the host names that need to be most frequently
resolved near the top of the hosts file because the file is
When the ARPANET migrated to TCP/IP in the early
parsed linearly from the beginning.
1980s, the number of hosts exploded and a new method
of name resolution had to be found. This new method See Also: lmhosts file, Networks file, protocol file,
had to overcome the problems with hosts: it scaled services file
569
hot Hot Standby Router Protocol (HSRP)
570
HPFS HSCSD
Implementation HPFS
HSRP works by creating virtual groups that consist of two
Stands for High Performance File System, a file system
routers, an active router and a standby router. HSRP cre-
designed for version 1.2 of the Microsoft/IBM OS/2
ates one virtual router in place of each pair of actual rout-
operating system as a successor to the file allocation
ers, and hosts need only to have their gateway address
table (FAT) file system used by MS-DOS.
pointed to the virtual router. When a host forwards an
Internet Protocol (IP) packet to its default gateway (the See: High Performance File System (HPFS)
virtual router), it is actually handled by the active router.
Should the active router go down, the standby router
HP-UX
steps in and continues to forward packets it receives. To
Hewlett-Packard’s version of the UNIX operating sys-
IP hosts on the network, the virtual router acts as a real
tem platform.
router and everything works transparently whether the
active or standby router actually does the forwarding. Overview H
HP-UX is the only version of UNIX that supports appli-
cation development on UNIX, Linux, and Microsoft
Windows platforms. The most recent version HP-UX
11i includes such features as
Host ● Support for 4 gigabytes (GB) of addressable RAM
● Integrated Apache Web server software
● Lightweight Directory Access Protocol (LDAP)–
compliant Internet directory services
IP subnet
● Inktomi Internet caching software
Standby router
● Ultraseek search engine from Infoseek
198.164.72.3
● Linux application programming interfaces (APIs)
and GNU’s Not UNIX (GNU) tools
Active router
198.164.72.2 ● Nokia Wireless Application Protocol (WAP) server
software
● Internet load balancing software from Resonate
Virtual router
198.164.72.1 For More Information
G0HXX12 (new to 2E)
Visit Hewlett-Packard online at www.hp.com.
Hot Standby Router Protocol (HSRP). How HSRP works.
See Also: Linux, UNIX
HSRP allows for complex arrangements of virtual rout-
ers. For example, actual routers can belong to more than
one virtual group, and there can be up to 255 virtual
HSCSD
groups on the network. HSRP can also be used to provide Stands for High-Speed Circuit Switched Data, an
backup default gateways for hosts capable of addressing interim upgrade for Global System for Mobile Commu-
only a single default gateway. nications (GSM) cellular communications systems.
See Also: default gateway, router, routing See: High-Speed Circuit Switched Data (HSCSD)
571
HSM HTML Extension (HTX)
HSM Overview
HTML-based administration (HTMLA) allows adminis-
Stands for Hierarchical Storage Management, a data
trators to manage IIS Web servers using a standard Web
storage system for archiving infrequently needed data
browser such as Microsoft Internet Explorer as the cli-
while still making it easily available.
ent-side interface. IIS supports administration using
See: Hierarchical Storage Management (HSM) HTMLA from any Web browser that supports the use of
frames and JScript.
HSRP HTMLA is based on Microsoft Corporation’s Component
Stands for Hot Standby Router Protocol, a proprietary Object Model (COM) and Distributed Component Object
Cisco protocol for implementing fault-tolerant routing. Model (DCOM) programming architectures. The purpose
of HTMLA is to simplify remote management of network
See: Hot Standby Router Protocol (HSRP)
H resources and services by requiring that client machines
used for remote administration of Web servers need only
HSSI be running a standard Web browser. Most of today’s net-
Stands for High-Speed Serial Interface, a serial inter- working products are moving toward one form or another
face that supports speeds up to 52 megabits per second of Web-based administration, and Microsoft’s HTMLA
(Mbps). feature of IIS was a pioneer in this area.
See: High-Speed Serial Interface (HSSI) See Also: Component Object Model (COM), Distrib-
uted Component Object Model (DCOM), Web server
HSTR
HTML Extension (HTX)
Stands for High-Speed Token Ring, a 100 megabits per
A text file with the extension .htx that is used by Indexing
second (Mbps) version of Token Ring that never got off
Service in Microsoft Windows 2000, Windows XP, and
the ground.
Windows .NET Server.
See: High-Speed Token Ring (HSTR)
Overview
HTML Extension (HTX) files are used to format the
HTML result set issued by Index Server in response to a catalog
Stands for Hypertext Markup Language, a formatting or search query. These catalog search queries are issued
markup language used to create documents for the using an Internet Data Query (IDQ) file. HTX files are
World Wide Web (WWW). also used by the Internet Database Connector (IDC) to
format the result set of a database query.
See: Hypertext Markup Language (HTML)
The .htx file formats the result set of a query into a
HTMLA Hypertext Markup Language (HTML) page that the
user who issued the query can read and understand. The
Stands for HTML-based administration, a method for
.htx file acts as a template for formatting the result set
remotely administering Microsoft Internet Information
and consists of HTML statements with additional tags
Services (IIS) Web servers.
and specific read-only variables such as
See: HTML-based administration (HTMLA)
● CiMatchedRecordCount, which contains the num-
ber of records that match the query
HTML-based administration
(HTMLA) ● CiRecordsPerPage, which indicates the number of
A method for remotely administering Microsoft Inter- records on the next page
net Information Services (IIS) Web servers.
572
HTTP HTTP status codes
● CiContainsFirstRecord, which is 1 if the page from the combination of the words HTTP and secure.
contains the first record of query results and 0 HTTPS was originally developed by Netscape to enable
otherwise the secure transmission of Web content over the Internet.
HTTPS is based on a public key cryptography system
HTTP and allows information transmitted over the Internet to be
Stands for Hypertext Transfer Protocol, a protocol that encrypted for greater security. To run HTTPS on a Web
defines how Web browsers communicate and download server, you must first install a digital certificate on the
information from Web servers. server. Web browsers then connect to the server by pro-
viding a Uniform Resource Locator (URL) that begins
See: Hypertext Transfer Protocol (HTTP) with the prefix https:// rather than http://, which is usually
used. HTTPS uses the TCP well-known port number 443
HTTP Keep-Alives instead of port 80, which is used by standard HTTP.
H
An enhanced version of Hypertext Transfer Protocol
Notes
(HTTP)–persistent connections supported by Microsoft
Note that HTTPS is not the same as Secure Hypertext
Internet Information Services (IIS).
Transfer Protocol (S-HTTP), another protocol for
Overview secure HTTP transmission.
HTTP Keep-Alives allow a client Web browser to keep
See Also: Hypertext Transfer Protocol (HTTP), Secure
connections open with the Web server instead of closing
Sockets Layer (SSL)
them after the request has been answered and reopening
them for each new Hypertext Transfer Protocol (HTTP)
request, which consumes system resources. For this fea- HTTP status codes
ture to work, however, both the client Web browser and Codes that Hypertext Transfer Protocol (HTTP) servers
the Web server must support HTTP Keep-Alives. Web return in response to requests from HTTP clients.
browsers that support this feature include Microsoft Overview
Internet Explorer version 2 and later and Netscape Navi- HTTP status codes are three-digit codes that Web serv-
gator 2 and later. ers return in response to HTTP requests from clients.
Notes They are also known as HTTP error codes because most
HTTP Keep-Alives are enabled by default in IIS. They of them signify that some sort of error has occurred. An
are not the same as Transmission Control Protocol HTTP status code is one of the first pieces of informa-
(TCP) Keep-Alives, which are periodic packets sent tion returned by a Web server in response to a request
between machines to determine whether an idle con- from a Web browser, and it informs the browser of the
nection is still active. status of the request—whether the request was success-
ful or not, and if not, why. When the server cannot sat-
isfy the client’s request for some reason, a status code is
HTTPS returned to the client, which displays it for purposes of
A secure version of Hypertext Transfer Protocol
troubleshooting the problem. The client typically dis-
(HTTP).
plays a message along with the status code to help the
Overview user understand the nature of the problem.
Hypertext Transfer Protocol Secure (HTTPS) is essen-
HTTP status codes are grouped into different categories
tially a combination of HTTP and the Secure Sockets
by their first digit, as shown in the table on the follow-
Layer (SSL) protocol, and the designation HTTPS comes
ing page.
573
HTX hub
574
hub hub
Stackable Hubs
Back
Front
RJ-45 ports
Using Hubs
10/100 dual-speed 10-Mbps 10BaseT LAN
stackable hubs stackable hubs
100-Mbps
fast hub
Mixture of
10-Mbps and
100-Mbps
stations
100-Mbps
servers
100BaseT
LAN
575
hub hub
● Workgroup hubs: These are the basic building Dual-speed hubs are typically stackable hubs with 8
blocks for creating workgroup LANs. Workgroup or 16 ports that can be stacked to support a total of 32
hubs typically have 8 or 16 ports on them, plus a or 48 ports. They are useful in situations in which you
BNC or an AUI port to provide more connectivity are gradually migrating from 10BaseT to 100BaseT.
options within existing 10Base2 or 10Base5 net-
● Fast Ethernet hubs: These have 100-Mbps ports
works. A hub is generally termed a workgroup hub if
only for creating 100BaseT LANs. They are usually
it supports up to 50 stations, a departmental hub if it
stackable hubs with advanced SNMP management
supports up to 250 stations, and an enterprise hub if it
functions, and they may also have built-in Ethernet
supports more than 250 stations. Stackable hubs can
switching functions. Often you can mix 100BaseTX
also be used to provide these various capabilities.
and 100BaseT4 hubs in a stack that supports up to
● Stackable hubs: These hubs are modular in design 144 stations, including fiber-optic ports for connect-
576
HybridAuth Hypertext Markup Language (HTML)
HybridAuth Overview
An authentication protocol proposed by the Internet Hypertext Markup Language (HTML) is the standard
Engineering Task Force (IETF) for Virtual Private formatting language used to publish information on
Networking (VPN). Web servers for delivery to Web browsers over the
Internet. HTML allows linked sets of documents (that
Overview is, hypertext) to be created, stored, and accessed from
To deploy a secure VPN, companies must implement a Web servers using Uniform Resource Locators (URLs).
public key infrastructure (PKI) for issuing and man-
aging digital certificates. But deploying a PKI is com-
HTML is simple to learn and was a key enabler in the H
explosion of the Internet in the 1990s.
plex, and the IETF has proposed a new protocol called
HybridAuth to simplify the process. History
HTML was created together with Hypertext Transfer
The HybridAuth protocol is an extension to the Internet Protocol (HTTP) in 1991 by Tim Berners-Lee as a means
Key Exchange (IKE) protocol that defines how a user’s of disseminating information more easily among phy-
credentials are exchanged over secure IPsec tunnels. sicists and other scientists at CERN, the European Lab-
IKE supports tunneling of two forms of authentication: oratory for Particle Physics. HTML was designed as a
digital certificates and preshared keys. HybridAuth simplified version of Standardized Generalized Markup
enables digital certificates to be used asymmetrically Language (SGML), a much more complicated format-
between users and authentication servers and is simpler ting language that was developed previously but never
to deploy than a full-scale PKI solution. widely implemented. HTML was created by combining
See Also: digital certificate, public key infrastructure the concept of hypertext, a concept created in the 1940s
(PKI), virtual private network (VPN) for linking documents together, with URLs, a method of
uniquely naming hypertext documents so they could be
HyperTerminal easily accessed regardless of which servers they reside
A communication utility included with Microsoft on. HTTP provides the additional protocol for communi-
Windows that provides terminal access to remote cations between clients (called HTTP clients or Web
computers using a modem. browsers) and the servers (called Web servers or HTTP
servers) on which HTML documents are stored.
Overview
HyperTerminal can be used to send and receive files In 1993, Marc Andreesen developed Mosaic at the
between a local and remote computer over a modem National Center for Supercomputing Applications
and to connect to remote computer bulletin board sys- (NCSA). Mosaic was the first Web browser that sup-
tems. Network administrators can also use HyperTermi- ported documents containing both text and graphics (pre-
nal to remotely connect to routers, switches, and other vious Web browsers supported only text documents).
devices that support VT100 terminal emulation, and to Andreesen left the NCSA to cofound Netscape Commu-
enter text commands for configuring the device. nications (now just Netscape), which produced the popu-
lar Netscape Navigator browser. Meanwhile, Microsoft
If you want to access files and printers on a remote
Corporation licensed code from Mosaic through the com-
computer running Windows 2000, Windows XP, or
mercial outlet Spyglass and developed its own popular
Windows .NET Server using a modem, use Network
browser, Microsoft Internet Explorer. Both Netscape and
and Dial-Up Connections instead of HyperTerminal.
Microsoft pushed the evolution of HTML by introducing
See Also: router their own proprietary extension tags, the first being the
577
Hypertext Markup Language (HTML) Hypertext Markup Language (HTML)
<font> tag from Netscape. The result was that HTML rap- should be displayed as boldface, italic, bulleted, hyper-
idly developed through several versions, including linked, and centered. HTML tags usually come in pairs,
can be nested, can contain additional attributes, and are
● HTML 2: This was defined by RFC 1866 in 1995
used to “mark up” the text. For example, the text “Save
and included various additional tags developed by
50%” can be displayed on Web browsers in boldface by
Netscape and Microsoft.
marking it up using the <STRONG> tag (which means
● HTTP 3.2: Developed in 1996, this included sup- “turn on the bold style”) and the </STRONG> tag
port for tables, text flow around images, and other (which means “turn off the bold style”). The resulting
features. HTML would look like this:
● HTTP 4: Developed in 1997, this included support <STRONG>Save 50%</STRONG>
for style sheets that made <font> and other tags
HTML pages can be created using a broad range of tools
H unnecessary (although they are still supported for
backward compatibility).
from simple text editors such as Notepad to advanced
publishing tools such as Microsoft FrontPage. HTML
To steer the evolution of HTML and prevent different pages are saved as files with the extension .htm or .html
vendor-specific versions from emerging, Berners-Lee to indicate they contain HTML text. Once created, HTML
formed the World Wide Web Consortium (W3C) in pages can be stored on Web servers such as Microsoft
1994. HTML 3.2 was the first version of HTML stan- Windows 2000 servers running Microsoft Internet Infor-
dardized by the W3C. Current work on HTML by the mation Services (IIS). When a Web browser such as Inter-
W3C involves development of the XHTML standard, a net Explorer downloads an HTML page from a Web
version of HTML written as an Extensible Markup Lan- server, it interprets the tags and displays the document
guage (XML) application instead of an SGML one. The with the appropriate formatting.
complementary HTTP protocol is standardized by a dif-
Advantages and Disadvantages
ferent group from the W3C, namely the Internet Engi-
The main advantage of HTML is its simplicity—a child
neering Task Force (IETF).
can learn enough HTML to create a simple Web page.
HTML has gone through several versions since it was Because HTML was originally intended for exchanging
created. At the time of this writing, the current version information between scientists, support for formatting
is HTML 4. The original HTML did not provide much documents was initially limited. As the Web became
control over how documents were formatted—that is, more popular, new tags were introduced which made
how objects such as text and graphics were laid out on snazzy-looking documents possible. Together with
a page. Its original set of tags was quite limited and was style sheets, HTML documents can now be as complex
intended primarily for linking documents using hyper- in their formatting as documents produced for desktop
links to form hypertext. As the Web grew in popularity, publishing.
however, first Netscape and then Microsoft introduced
The main disadvantages of HTML are that it cannot
their own proprietary HTML tags to provide Web devel-
easily create data hierarchies or structures, has a fixed
opers with more control over document formatting, thus
set of tags, and cannot communicate information about
increasing the pace at which the W3C developed the
the document’s content, only its format. As a result, a
HTML standard. HTML 4 includes standards for creat-
richer language called XML has been created to allow
ing cascading style sheets, which provides powerful for-
self-describing structured documents to be created.
matting capabilities for precise placement of objects on
While HTML is designed for document presentation,
a Web page.
XML is primarily designed to facilitate the exchange of
Implementation hierarchically structured information, such as between
HTML in its simplest form uses tags to format ASCII businesses in a supply chain.
text documents. These tags then indicate text that
578
Hypertext Transfer Protocol (HTTP) Hypertext Transfer Protocol (HTTP)
579
Hypertext Transfer Protocol (HTTP) Hypertext Transfer Protocol (HTTP)
● POST: Sends data to the server for processing, ● Pipelining of multiple Internet Protocol (IP) pack-
typically used with Hypertext Markup Language ets to the server without waiting for the server to
(HTML) forms respond to each packet
● PUT: Uploads a file to the server ● Support for caching of HTTP requests, proxies, and
virtual hosts
● TRACE: Requests a loopback of the request
message ● Host headers, a feature that enables a single Web
server to host multiple Web sites using a single IP
An HTTP response may be either
address
● The information requested, encoded as a series of
Notes
headers and an optional message body
IIS supports the HTTP/1.1 version of HTTP.
H or
HTTP’s stateless nature makes it difficult to build Web
● An error code indicating why the requested action applications that remember client requests across ses-
could not be performed (see the article HTTP Status sions. A common way of working around this issue is
Codes elsewhere in this chapter) to use cookies, small files placed on the client by the
server to store information across multiple sessions.
The simplest example of an HTTP session is a client
requesting a Web page from the server. The client sends Do not confuse HTTP with HTML! HTTP is the proto-
an HTTP GET request over port 80 to the server. Other col through which Web servers communicate with Web
ports may be used, but port 80 is the default TCP port browsers. It is a control language for passing com-
for HTTP requests, and Web servers typically listen to mands between clients and servers. HTML is Hypertext
port 80 for such requests in order to fill them. When the Markup Language, the language for constructing Web
server receives the request, it parses the headers and pages (the actual content passed from Web servers to
determines which file to return to the client. The file Web clients in an HTTP request).
is then encoded using the appropriate Multipurpose
For More Information
Internet Mail Extensions (MIME) format and gets
Find out more about HTTP at the World Wide Web
returned as a message body with a series of headers
Consortium (W3C) Web site (www.w3.org).
attached. The client receives the message, parses the
headers, extracts the file from the message body, and See Also: browser (Web browser), cookie, HTTP
displays the downloaded Web page. Keep-Alives, HTTP status codes, Web server
In the HTTP/1 protocol, each request requires a sepa-
rate TCP connection to be initiated and torn down after-
ward. This is slow—a Web page that has five images in
it would need to be accessed using six requests, one for
the text and one for each embedded image. As a result,
a newer version, HTTP/1.1, was developed that allows a
persistent TCP connection to be maintained so that
many HTTP requests can be issued using it. This new
feature is called HTTP Keep-Alives. Other features of
HTTP/1.1 include
● Buffering of multiple HTTP GET requests into a
single HTTP GET request
580
I
IBGP
I
I2O
Stands for Intelligent Input/Output (I2O), a hardware Stands for Interior Border Gateway Protocol, the
architecture developed by a consortium led by Intel that version of Border Gateway Protocol (BGP) used for
improves the input/output (I/O) performance of systems exchanging routing information within the same auton-
by relieving the CPU of interrupt-intensive I/O tasks. omous system (AS).
See: Intelligent Input/Output (I2O) See: Interior Border Gateway Protocol (IBGP)
I
IAB ICA
Stands for Internet Architecture Board (IAB), a techni- Stands for Independent Computing Architecture, a gen-
cal advisory group for the Internet Society (ISOC). eral-purpose presentation services protocol developed
by Citrix Systems.
See: Internet Architecture Board (IAB)
See: Independent Computing Architecture (ICA)
IAD
Stands for Integrated Access Device, a wide area net-
iCal
An Internet Engineering Task Force (IETF) standard for
work (WAN) access device for consolidating voice and
exchange of calendaring information.
data, usually over Asynchronous Transfer Mode (ATM)
circuits. Overview
The iCal standard defines a uniform data format for
See: Integrated Access Device (IAD)
exchanging scheduling information. The intention is for
iCal to be used by Internet-based applications so users
IANA can exchange information about meetings, appoint-
Stands for Internet Assigned Numbers Authority, the ments, and other events. The iCal standard replaces an
organization that coordinates the assignment of unique earlier initiative called vCal or vCalendar.
Internet Protocol (IP) parameters such as the IP address
The iCal standard is supported by Microsoft Outlook,
space and the Domain Name System (DNS).
the premier messaging and collaboration client from
See: Internet Assigned Numbers Authority (IANA) Microsoft. Specifically, Outlook uses a portion of iCal
called iCalendar, together with an Outlook feature called
Internet Free/Busy (IFB), to allow Outlook clients to
IB exchange scheduling information over the Internet.
Stands for Infiniband, an emerging high-performance
input/output (I/O) architecture. See Also: vCard
581
ICANN ICMP Traceback Messages
Compromises
ICF and controls
Stands for Internet Connection Firewall, a new inte-
grated firewall application featured in Windows XP and Zombies
Windows .NET Server.
I See: Internet Connection Firewall (ICF)
Router at ISP
(itrace
ICMP enabled)
Stands for Internet Control Message Protocol, a Trans-
mission Control Protocol/Internet Protocol (TCP/IP) Flood
of ICMP
network layer protocol used for various purposes.
packets
See: Internet Control Message Protocol (ICMP)
Internet
ICMP Traceback Messages
An emerging standard from the Internet Engineering
Task Force (IETF) for combating distributed denial of Target Web ICMP
service (DDoS) attacks. server packets
tagged
Overview with itrace
One of the Internet’s greatest vulnerabilities is its expo-
sure to DDoS, a form of attack in which hackers com- Administrator uses
tagged packets to
mandeer a large number of machines and turn them into track down zombies
“zombies” that are then used to attack Web servers with G0IXX01 (new to 2E)
a flood of Internet Control Message Protocol (ICMP) ICMP Traceback Messages. How ICMP Traceback Mes-
packets. The source of these packets is difficult to track sages can be used to track down the source of a DDoS
down because the packets contain spoofed Internet Pro- attack.
tocol (IP) source addresses, making it difficult for admin- When a DDoS attack is underway, a flood of ICMP
istrators whose machines are under attack to trace the packets arrives at the target host. A small number
origin of these attacks. ICMP Traceback Messages, also (0.002 percent) of these packets will have itrace mes-
known by the nickname itrace, is a protocol being devel- sages attached, and these messages can be used with a
oped by the IETF to make such tracking down possible. little ingenuity to trace the ICMP packets back to their
Implementation sources on zombie machines, regardless of whether the
The itrace protocol is implemented on border and back- source IP address of the packets is spoofed or not. Once
bone routers deployed at Internet service providers the zombies can be identified, the administrator of the
network on which they are located can be contacted to
582
ICP (integrated communications provider) IE
stop the attack and try to determine how their network online. You can use ICQ to send real-time messages to
was originally compromised. Note that itrace by itself other users, have group chat sessions, send e-mail, trans-
can be used only to identify the zombies, not the hacker fer files and URLs, play games, and perform other func-
who originally compromised these machines. tions. ICQ can even function as a universal platform for
launching any peer-to-peer application, such as Microsoft
To prevent hackers from spoofing the itrace messages
NetMeeting.
themselves, a public key infrastructure (PKI) must
guarantee the identity of the messages. This require- When you install ICQ and begin the registration pro-
ment, together with the cost of upgrading ISP routers, cess, you are connected to an ICQ server that belongs to
makes it probable that it may take a year or so after the a network of such servers distributed across the Inter-
ICMP Traceback Messages standard is ratified before it net. During registration, you are given a unique number
is widely deployed on key routers around the Internet. called an ICQ#, which identifies you to all other users
And for itrace to be effective in defeating DDoS attacks, on the ICQ network. You use your ICQ# to register your
it must be implemented on edge and backbone routers presence with the ICQ network when you go online and
all over the Internet. start ICQ and to allow other ICQ users to recognize
when you are online so that they can contact you. You
I
See Also: Distributed Denial of Service (DDoS), hack-
can specify a list of ICQ friends, and an ICQ server will
ing, Internet Control Message Protocol (ICMP), Inter-
alert you when any of these friends go online.
net service provider (ISP), router
For More Information
Visit ICQ Inc. at www.icq.com.
ICP (integrated
communications provider) See Also: instant messaging (IM), Internet Relay Chat
Stands for integrated communications provider, a tele- (IRC)
communications service provider that offers one-stop
shopping for voice and data telecommunications IDS
through a single integrated architecture.
Stands for intrusion detection system, any system used
See: integrated communications provider (ICP) to detect attacks on a host or network.
See: intrusion detection system (IDS)
ICP (Internet Cache Protocol)
Stands for Internet Cache Protocol, a protocol that IDSL
enables arrays of proxy servers to work together over a
Stands for ISDN Digital Subscriber Line, a hybrid of
network.
Integrated Services Digital Network (ISDN) and Digi-
See: Internet Cache Protocol (ICP) tal Subscriber Line (DSL) technologies.
See: ISDN Digital Subscriber Line (IDSL)
ICQ
A popular Internet conferencing (chat) protocol.
IE
Overview Stands for Internet Explorer, Microsoft Corporation’s
ICQ is a proprietary protocol developed by Mirabilis and integrated suite of client-side Internet software, which
is similar to IRC (Internet Relay Chat). It enables users to is included with all current versions of Microsoft
locate other ICQ users on the Internet and communicate Windows.
with them in real time. ICQ, which homophonically
stands for “I seek you,” lets you search for users currently See: Internet Explorer
online on ICQ networks and alerts you when friends go
583
IEAK IEEE 1284
IEAK can transmit data over the bus at any given time, while
the other devices are placed in standby mode. Only one
Stands for Internet Explorer Administration Kit, a tool
device can transmit signals on the bus at any given time,
for customizing and deploying Microsoft Internet
but multiple devices can receive those signals.
Explorer throughout an enterprise.
Notes
See: Internet Explorer Administration Kit (IEAK)
If your industrial environment is dusty or has high lev-
els of electromagnetic interference (EMI) from motors,
IEEE generators, or other heavy equipment, you can obtain
Stands for Institute of Electrical and Electronics Engi- special shielding covers to protect your IEEE 488 con-
neers, a worldwide nonprofit association of technical nectors. You can also use switchboxes to alternate sev-
professionals. eral industrial sensors on a single IEEE 488 cable.
584
IEEE 1394 IGP
585
IGRP ILS
586
IM impersonation
587
IMT-2000 in-band signaling
Impersonation involves temporarily altering the server’s Union (ITU) to create a global standard for third-
security context so that it matches that of the client. generation (3G) wireless data networks.
When the client attempts a connection to a resource on
See: International Mobile Telecommunications-2000
the server, it tells the server the impersonation level that
(IMT-2000)
the server can use to service the client’s request. The
client can offer four impersonation levels:
IMUX
● Anonymous: The server does not receive any infor-
mation about the client’s security context. Stands for inverse multiplexer, a device that can per-
form inverse multiplexing of digital telecommunication
● Identification: The server can authenticate the cli- channels.
ent but cannot use the client’s security context for
performing access checks. See: inverse multiplexer (IMUX)
588
incremental backup incremental zone transfer
589
Incumbent Local Exchange Carrier (ILEC) Incumbent Local Exchange Carrier (ILEC)
makes an IXFR request to a primary or master DNS which provide long-distance services from coast
server, the master server compares the zone version to coast.
number of the secondary server’s zone to its own cur-
● Exchange: They provide telephone exchange
rent version number. The zone version number is the
services through their central office (CO) switch-
serial number stored in the start of authority (SOA)
ing facilities, enabling customers to dial and make
record of the DNS server. If the master server has a
calls.
newer version number and incremental zone transfers
are supported, the master server sends to the secondary ● Carriers: They “carry” phone line signals and gen-
server only those changes to resource records that have erally provide a wide range of telecommunication
occurred in the time interval between the two version services as well.
numbers. If the version numbers of the master and sec-
In contrast, Competitive Local Exchange Carriers
ondary servers match, no zone transfer takes place. And
(CLECs) are companies that either
if incremental zone transfer is not supported, the normal
full zone transfer takes place instead. ● Lease local loop services from ILECs to provide
I Notes
customers with such services as Digital Subscriber
Line (DSL), T-carrier, and frame relay (DSL is the
Incremental zone transfers are supported as part of the
most popular CLEC offering), or
dynamic update features of Microsoft Windows 2000
and Windows .NET Server. ● Provide their own connection to customers, typi-
cally fiber-optic connections for businesses in
See Also: Domain Name System (DNS), zone transfer
dense urban areas to provide such services as Voice
over IP (VoIP) and Metropolitan Ethernet. Cable
Incumbent Local Exchange TV (CATV) operators generally are not referred to
Carrier (ILEC) as CLECs even though they may provide services
Another name for local telephone companies or telcos. such as Internet access that “compete” with other
Local Exchange Carriers (LECs).
Overview
Incumbent Local Exchange Carriers (ILECs) include Prospects
Despite the Telecommunications Act of 1996, which
● Regional Bell Operating Companies (RBOCs),
was intended to open up the telecom market by giving
holding companies for about two dozen telephone
IXCs and CLECs access to ILEC’s local loop wiring,
companies that were created by the divestiture of
the process has been far from smooth. Analysts have
AT&T in 1984.
often seen ILECs as reactionary dinosaurs compared
● Other smaller independent telephone companies, to the cutting-edge technologies offered by CLECs.
especially in rural areas For example, ILECs have not followed through on
decades-old promises of replacing the existing copper
The name Incumbent Local Exchange Carrier basically
loop wiring infrastructure with fiber-optic cabling to
means that ILECs are
provide “fiber to the curb” services for business and res-
● Incumbent: They are the ones who own and con- idential customers. In addition, since the Telecommuni-
trol the local loop wiring infrastructure that pro- cations Act some ILECs have been slow in opening up
vides telephone services to customers in their their local loop networks to competitors, resulting in
particular area. legal challenges that have led in some cases to Federal
Communications Commission (FCC) rulings and
● Local: They service specific regions of the United
penalties.
States, in contrast to inter-exchange carriers (IXCs),
590
Independent Computing Architecture (ICA) Independent Computing Architecture (ICA)
With the collapse of the dot-com bubble in 2001, however, Independent Computing
investment in CLECs has declined precipitously, driving
Architecture (ICA)
many out of the market and forcing others to merge or to
An architecture for server-based computing from Citrix
be acquired by ILECs and IXCs. The result after five years
Systems.
is that the ILECs have had time to consolidate their posi-
tions as regulated monopolies and have begun moderniz- Overview
ing their networks to provide high-demand services such Independent Computing Architecture (ICA) is similar
as Asymmetric Digital Subscriber Line (ADSL) services to Microsoft Corporation’s RDP (Remote Desktop Pro-
for Internet access and High-bit-rate Digital Subscriber tocol) and the X Windows System from Sun Microsys-
Line (HDSL) for enterprise wide area network (WAN) tems and X/Open in that it provides
connectivity. ILECs are now offering broadband telecom-
● A centralized multiuser operating system that
munication services through Digital Subscriber Line
allows remote users to log on and run applications
(DSL) over the copper local loop.
on the server from thin clients such as terminals and
Notes
Enterprise network architects looking for telecommu-
appliances.
I
● A presentation services protocol that displays a
nication carriers they can use to build reliable, fault-
desktop generated by the server on the client.
tolerant WANs should carefully investigate the current
offerings before jumping in and making commitments. Implementation
Wherever possible, each branch of a large enterprise ICA enables the user interface of an application to run
should employ two LECs instead of one to provide with minimal consumption of resources on a client
redundancy for its WAN connection, but make sure that device while the actual application logic executes on an
each LEC uses a different point of presence (POP). For ICA-enabled server (sometimes called a terminal
example, if you use the services of an ILEC and a server). The only data transferred over the network
CLEC, make sure the CLEC is not simply reselling ser- between the server and the client device are the user
vices from the same ILEC using the same POP, which interface, keystrokes, and mouse movements. This
would nullify the redundancy of the arrangement. If results in minimal resource requirements for the client,
buying WAN services, such as frame relay, from an allowing the use of a “thin client.” An ICA presentation
IXC, be sure to also consider incorporating a redundant only requires about 5 Kbps throughput each direction,
arrangement from another IXC or RBOC to protect so ICA clients can access ICA servers over a wide vari-
your investment. ety of connections, including 14.4 Kbps and higher
modems, ISDN terminal adapters, wireless 802.11b
If you want to provision your company with DSL ser-
LANs, and traditional Ethernet local area networks
vices, you typically have to go through a CLEC because
(LANs).
ILECs are effectively regulated monopolies and usually
are not allowed to act as Internet service providers ICA provides location independence because it runs the
(ISPs). This double provisioning makes DSL services server operating system and application programs at a
more complex to deploy and troubleshoot because centralized location while displaying the user interface
you have to deal with two companies instead of one on supporting clients anywhere on the network. The
(although the CLEC will usually be your front-end ICA presentation services protocol also runs over most
contact in the matter). industry-standard networking protocols including
Transmission Control Protocol/Internet Protocol (TCP/
See Also: Competitive Local Exchange Carrier
IP), NetBEUI, and Internetwork Packet Exchange/
(CLEC), inter-exchange carrier (IXC), local exchange
Sequenced Packet Exchange (IPX/SPX). ICA also runs
carrier (LEC), Regional Bell Operating Company
over encapsulation transports such as Point-to-Point
(RBOC)
Protocol (PPP) on top of wide area network (WAN)
591
index Infiniband (IB)
transport protocols such as Integrated Services Digital ● Columns that are often retrieved in a sorted order or
Network (ISDN), frame relay, and Asynchronous are used in joins
Transfer Mode (ATM).
See Also: database, join, key (database)
ICA also supports browser-based access, enabling
applications to be launched from Web pages and mak-
Infiniband (IB)
ing ICA a platform-independent solution. ICA also sup-
An emerging high-performance input/output (I/O)
ports shadowing, which enables administrators to
architecture.
remotely take over control of thin clients for trouble-
shooting or instructional purposes. Overview
Infiniband (IB) is a new I/O architecture designed for
Marketplace connecting high-performance servers with distribut-
Citrix makes a product called Metaframe that can be
ed storage systems such as Storage Area Networks
installed on different Microsoft Windows server plat-
(SANs). IB is designed to overcome the limitations of
forms to allow ICA clients to access these servers. In
the standard Peripheral Component Interconnect (PCI)
I the arena of thin clients, the first ICA appliance to reach
system bus, which is often a bottleneck in enterprise
the market was the Winterm 1200LE from Wyse Tech-
computing systems as far as storage is concerned. The
nology, which uses embedded BSD UNIX.
32-bit 33 megahertz (MHz) PCI bus and its faster 64-bit
See Also: Remote Desktop Protocol (RDP), terminal, 133 MHz PCI-X bus are system buses that are capable
terminal server of transporting data at speeds up to 1 gigabit per sec-
ond (Gbps). Unfortunately, this means that for high-
performance servers using Gigabit Ethernet (GbE) net-
index work interface cards (NICs), the entire throughput
In relational database terminology, a database object
of the bus could be eaten up by the NIC alone, leav-
that enables efficient and rapid access to data in the
ing insufficient bandwidth for moving data between
rows of a table using key values.
disk storage and RAM. In contrast, IB will offer bus
Overview speeds of 10 Gbps or more, sufficient for most current
Indexes are created on columns in a database table and situations.
provide a way to logically order rows in a database
Another limitation of PCI and PCI-X is that they are
table. Because databases without indexes take much
shared-bus architectures in which attached devices con-
longer to query, planning and implementing indexes
tend for use of the bus (similar to half-duplex Ethernet).
comprise an essential part of database design. Indexes
In contrast, IB is a switched architecture that provides
can also be used to enforce the uniqueness of rows in a
each attached device the maximum possible bandwidth
database table by building the index on a key value.
and high scalability. IB is not intended to replace PCI/
Notes PCI-X but rather to complement these architectures in
Although using indexes generally speeds queries, it high-end servers and network storage systems.
is not a good idea to have an index for every column
History
because building the index takes time and requires addi-
IB emerged from two earlier competing architectures:
tional disk space, plus modifying the contents of the
Next Generation I/O (NGIO) and Future I/O. These
database causes modifications to the index. You should
technologies were similar but were supported by differ-
only create indexes for the following:
ent industry coalitions. In 1999, these coalitions joined
● Primary and foreign keys forces to forge a new System I/O standard, which was
renamed IB or Infiniband Architecture (IBA). The IB
● Data on which you frequently issue search queries
592
Infiniband (IB) Infiniband (IB)
standards are steered by the Infiniband Trade Associa- ● Target channel adapter (TCA): This is used to
tion, whose members include Compaq Computer connect devices that provide a network service,
Corporation, Dell Computer Corporation, Hewlett- such as a JBOD (just a bunch of disks) storage farm,
Packard, IBM, Intel Corporation, Microsoft Corpora- a Small Computer System Interface (SCSI) drive
tion, and Sun Microsystems. array, a Fibre Channel Storage Area Network
(SAN), or a local area network (LAN) connection.
Implementation
IB employs a switched point-to-point architecture. Vir- IB currently runs only over fiber-optic cabling,
tual channels are used for establishing communications although proposals have been made for running it over
between different IB-capable devices connected to an specialized copper cabling (not standard Category 5
IB switch, and multiple channels can be established cabling).
between two devices to provide fault tolerance in com-
Marketplace
munications. Devices are connected to switches using
The first company to release a commercial product
channel adapters, of which there are two types:
based on the IB 1 standard was the startup Mellanox
● Host channel adapter (HCA): This is used within Technologies, which produced switches and adapters in I
hosts (servers) to connect processors and memory its InfiniBridge line of products. Since then a number of
with external storage systems and network connec- vendors have started to release similar products, and a
tions. The HCA connects to the server’s memory flood of Infiniband products is expected to hit the mar-
controller, which controls access to the PCI/PCI-X ket sometime in 2002.
system bus, the processors, and memory.
Host
IAD
Memory
WAN
HCA
Switch
Memory
controller
Ethernet
CPUs LAN
TCA
Storage
593
Infrared Data Association (IrDA) infrared transmission
594
infrastructure inheritance
595
INI files instant messaging (IM)
or directory hierarchy. Inheritance simplifies the admin- ● WINFILE.INI, which stores status information for
istration of hierarchical file systems and directories by File Manager
allowing administrators to configure ACEs globally and
In addition, individual applications often created their
then modify them on an exception basis, rather than con-
own INI files during installation to store application-
figure ACEs individually for each object in the system.
specific settings.
In Windows NT, inheritance is used in the NTFS file sys-
In later versions of Windows, including Windows 95,
tem for propagating the permissions assigned to a folder
Windows 98, Windows Millennium Edition (Me),
to the files and folders within that folder. In Windows
Windows NT, and Windows 2000, INI files are replaced
2000, inheritance also applies to the Active Directory
by the registry, a hierarchical structure used to store all
directory service and allows permissions assigned to a
system and application configuration settings. Never-
container or an organizational unit (OU) within Active
theless, INI files are still included in these operating
Directory to be propagated further down the directory
systems to provide backward compatibility for running
tree. Inheritance also appears in other directory-based
16-bit Windows programs because such programs were
I systems such as Microsoft Exchange Server, in which
Exchange administrative permissions assigned to a con-
designed to save their settings in INI files and cannot
access the registry.
tainer in the Exchange directory that is based on the
Lightweight Directory Access Protocol (LDAP) can be See Also: Microsoft Windows, registry
applied to leaf objects and other containers within that
container.
instance
See Also: delegation, discretionary access control list A particular occurrence of a System Monitor counter
(DACL), permissions in Microsoft Windows 2000, Windows XP, and the
Windows .NET Server family.
INI files Overview
Text files used in legacy versions of Microsoft As an example, if the %Privileged Time counter is
Windows. being monitored for the Processor object on a symmet-
ric multiprocessing (SMP) machine with four proces-
Overview
sors, individual instances of that counter are instances
Windows 3.1 and Windows for Workgroups stored con-
0, 1, 2, and 3. By using instances, you can monitor the
figuration information about hardware, devices, and
performance of processes, threads, and devices on a
services in text files called INI (initialization) files.
per-instance basis for detailed understanding of their
These files, which have the extension .ini, included
resource use on a machine. Individual instances of a
● WIN.INI, which stores information about the desk- given counter can be displayed in the usual way using
top environment, fonts, and printers, as well as charts and graphs.
other settings
● SYSTEM.INI, which stores boot settings and infor- instant messaging (IM)
mation specific to running in Standard and 386 A service that supports real-time, call-based communi-
Enhanced modes cations over the Internet.
596
instant messaging (IM) instant messaging (IM)
determine who else was logged on and to send them Advantages and Disadvantages
short text messages. However, IM now generally refers IM exploded in popularity as a consumer-oriented ser-
to a set of technologies popularized by America Online vice that allowed people to keep in touch with each
(AOL), Microsoft Corporation, and other companies. other while surfing the Internet. The advantages of IM
are similar to those of the telephone: simplicity and
Types
immediacy. IM is even more immediate than e-mail and
The two most widely used IM services today are AOL
include a wider range of communication methods,
Instant Messenger (AIM), developed by AOL, and ICQ
including voice, text, and file sharing. Since it uses the
(“I seek you”), developed by Mirabilis and now owned
Internet as its carrier service, IM is effectively free for
by AOL. Together, both services are used by more than
people already subscribed to an Internet service pro-
100 million people worldwide, and they support text-
vider (ISP).
based messaging, voice, and file sharing/transfer. Other
systems include Yahoo Messenger from Yahoo!, MSN From a corporate perspective, though, some analysts
Messenger from MSN (Microsoft Network), and see some disadvantages of IM, whose constant requests
Odigo from Odigo. for communications can interfere with work even more
than the telephone. Furthermore, as IM moves toward
I
Implementation
multimedia services, such communications can quickly
Using AOL’s AIM system as an example, AOL users
swallow up network bandwidth in the enterprise. Poli-
can send instant messages to other AOL users online by
cies also need to be in place and enforced to ensure that
using AIM client software. To use AIM messaging, an
IM solutions are not misused, especially if they are out-
AOL user first signs on at an AIM central server, indi-
sourced to public service providers such as AOL or
cating that he or she is online and can receive instant
MSN. Another big concern about IM by corporate cus-
messages from other users. The central server records
tomers is security, as sensitive business information
the user’s Internet Protocol (IP) address for that session.
may be sent over the Internet through IM. Some ven-
(The user’s IP address is assigned by Dynamic Host
dors, however, are working to address this issue by
Configuration Protocol [DHCP] and can vary from ses-
encrypting IM communications. Finally, the main prob-
sion to session.) Other users can then send instant mes-
lem with all current IM systems is lack of interoperabil-
sages to that user through the server. The user’s AIM
ity between systems from different vendors. While
client sends the server a copy of the user’s “buddy list”
AIM is the most widely used system, it is a proprietary
(a list of other users that he or she frequently exchanges
system that AOL has not opened up to competing sys-
messages with), and the server responds by telling the
tems. This lack of ubiquity has hindered IM from being
user which buddies are currently online and can receive
as widely useful as the telephone system, and attempts
messages. The user can select a buddy from the list and
to develop vendor-independent standards for IM have so
submit a message to the server, which forwards the
far been unsuccessful (see Prospects, later in this article).
message to the buddy.
Server records
xxx.xxx.xxx.xxx
1 .Login.. 2 IP address
3 .Buddy list..
Server looks up
4 .Message sent.. 5 buddys IP address
to buddy..
AIM user AIM buddy
6 Server forwards
AIM server message to buddy
G0IXX04 (was G0Iui02 in 1E)
597
Institute of Electrical and Electronics Engineers (IEEE) Institute of Electrical and Electronics Engineers (IEEE)
The lack of a universal open standard for IM has A major contribution of the IEEE in the field of com-
resulted in a balkanization of the IM landscape and has puter networking is Project 802, a collection of stan-
prevented it from becoming as universal as the tele- dards for local area network (LAN) architectures,
phone. In 2000 the Internet Engineering Task Force protocols, and technologies. These standards continue
(IETF) attempted to develop such a standard, called to evolve under the auspices of various IEEE working
Instant Messaging and Presence Protocol (IMPP), and groups and committees.
narrowed it down to three candidates: Instant Messag-
For More Information
ing Extensible Protocol (IMXP), Simple Instant Mes-
Visit the IEEE at www.ieee.org.
saging Protocol (SIMP), and Instant Messaging and
Presence using SIP (IMPSIP). This effort failed to pro- See Also: Project 802
duce an agreement, but other efforts toward a universal
598
Integrated Access Device (IAD) integrated communications provider (ICP)
Integrated Access Device (IAD) and many other features. High-end IADs are mainly
A wide area network (WAN) access device for consoli- ATM-based and support voice packetization for
dating voice and data, usually over Asynchronous dynamic bandwidth allocation.
Transfer Mode (ATM) circuits. Marketplace
Overview IADs first appeared on the market in 1998 and were
Integrated Access Devices (IADs) are a type of WAN expensive and aimed mainly at high-end enterprise cus-
access device used for connecting corporate networks tomers. Since then, prices have fallen so that units under
and voice telephone systems into wide area networks. A $2,000 are now available for small and mid-sized busi-
typical IAD can consolidate voice traffic, both analog nesses. Some popular vendors of IADs include Cabletron
and ISDN (Integrated Services Digital Network, together Systems with its SmartSwitch 15000, Mariposa with its
with Ethernet local area network (LAN) traffic, for trans- ATX series of ATM IADs, and offerings from Acceler-
mission over frame relay or T1 links onto carrier ATM ated Networks, Lucent Technologies, Memotec Commu-
backbone networks. These different types of traffic are nications, Sonoma Systems, and many others.
aggregated by the IAD into a single traffic flow for trans-
mission over a single WAN link (access circuit). The
See Also: Asynchronous Transfer Mode (ATM), Com- I
petitive Local Exchange Carrier (CLEC), Integrated
advantages of IADs are that by integrating multiple Services Digital Network (ISDN), Regional Bell Oper-
WAN functions into a single box, costs are reduced ating Company (RBOC), wide area network (WAN)
through the elimination of redundant equipment and the
traditional truck roll for carrier installation. Also, pre-
cious rack space in telecommunications closets can be integrated communications
saved by replacing multiple devices with a single inte- provider (ICP)
grated device. IADs provide a simple, cost-effective A telecommunications service provider that offers
alternative to other WAN access devices, such as enter- one-stop shopping for voice and data telecommunica-
prise switches and WAN edge switches. They do not rep- tions through a single integrated architecture.
resent new WAN technology but rather an integration of
Overview
existing technology into a single, easily managed device.
The main difference between an integrated communica-
Implementation tions provider (ICP) and a traditional carrier such as a
IADs combine voice and LAN data traffic into a sin- Regional Bell Operating Company (RBOC), Competi-
gle data stream through Time Division Multiplexing tive Local Exchange Carrier (CLEC), or Incumbent
(TDM) or some other scheme. IADs usually reside at Local Exchange Carrier (ILEC) is that the ICP gener-
the customer premises and can easily be connected to ally installs a single, all-in-one integrated access device
Private Branch Exchanges (PBXs) and Ethernet back- (IAD) at the customer premises that enables voice and
bone switches. IADs are often supplied preconfigured data traffic to be serviced over a single line. This pro-
by telecommunications carriers such as Competitive vides for easier management than using multiple lines
Local Exchange Carriers (CLECs) and Regional Bell with different technologies and devices. The IAD typi-
Operating Companies (RBOCs). cally connects to the provider by using Asynchronous
Transfer Mode (ATM) over a single T1 line or Digital
The simplest form of IAD is essentially just a traffic
Subscriber Line (DSL) circuit at the local loop. (About
aggregator, combining several data streams into one for
80 percent of the customer cost for ICP services is for
transmission over frame relay, T-carrier, or Digital Sub-
the ICP’s rental of local loop access from an RBOC). At
scriber Line (DSL) carrier services. Enhanced IADs
the provider end, ICPs often build their own integrated
include such features as Dynamic Host Configuration
ATM backbone networks so that they can better control
Protocol (DHCP), network address translation (NAT),
the services they offer.
integrated firewall, voice mail, multiprotocol routing,
599
Integrated Services Digital Network (ISDN) Integrated Services Digital Network (ISDN)
600
Integrated Services Digital Network (ISDN) Integrated Services Digital Network (ISDN)
601
Integrated Services Digital Network (ISDN) Integrated Services Digital Network (ISDN)
● Q-series: These protocols describe how ISDN calls separate connection, but you can also use a protocol
are set up and torn down and how switching occurs called BONDING to dynamically combine the two
in an ISDN system. B channels of BRI by using inverse multiplexing to
produce a single 128-Kbps data channel.
ISDN uses a layered protocol architecture similar to the
Open Systems Interconnection (OSI) model. The phys- ● D (delta) channels: These are full-duplex 16 Kbps
ical layer signaling is specific to ISDN and is the same control channels for setting up connections and for
for both B and D channels. For data transmission, ISDN other signaling purposes. For example, ISDN voice
uses a framing (encapsulation) format called V.120, communication uses D channels to implement spe-
which is the international standard for synchronous cial services such as call forwarding and call dis-
ISDN data stream framing. ISDN frames are 48 bits play. The D channel uses a completely separate
long and are transmitted at 4,000 frames per second. telco communication network called the Signaling
Each ISDN frame contains two 8-bit slots for the B1 System 7 (SS7). This out-of-band telco network is
channel and two 8-bit slots for the B2 channel, which used exclusively for system overhead signaling for
602
Integrated Services Digital Network (ISDN) Integrated Services Digital Network (ISDN)
Two ways to connect to ISDN such as an ISDN phone, which is referred to as Termi-
customer premises equipment nal Equipment type 1 (TE1), to your ISDN line. A bit
more complicated is connecting non-ISDN equipment
1 Using ISDN data terminal equipment (known as Terminal Equipment type 2, or TE2) such as
and phones/faxes computers or routers—here you need to use an interme-
CO
diary device called a Terminal Adapter (TA). The termi-
nal adapter is usually connected to the TE2 using a
S/T serial interface such as RS-232 or V.35. ISDN terminal
interface adapters can be external boxes, cards you plug into a
ISDN line
computer’s motherboard, or modules you drop into the
chassis of a router or integrated access device (IAD).
U interface
NTU ISDN terminal adapters are sometimes called ISDN
modems, but they are not really modems because ISDN
ISDN phone is an end-to-end digital communication service and no
analog-to-digital signal modulation occurs within an I
ISDN fax ISDN setup.
The function of Terminal Equipment such as TE1 and
ISDN NIC in computer TE2 described above is to convert signals received from
CPE into BRI or PRI framing format. But to transmit
2 Using serial cable and POTS phones/faxes these frames over the ISDN line, they need to be trans-
lated into electric signals that can be physically carried
CO over the line. This translation is accomplished by means
of a Network Termination Unit (NTU), which again
RS-232 comes in two types: NT1 devices that provide basic
ISDN line ISDN connectivity and NT2 devices used mainly for
RJ-11 digital Private Branch Exchange (PBX) connections.
U interface
ISDN terminal adapter How all these different types of equipment are con-
nected is determined by what are called ISDN
interfaces, specifically:
POTS phone
● R interface: Specifies how non-ISDN CPE (TE2),
such as standard analog telephones, are connected
to an ISDN terminal adapter (TA).
Computer
● S interface: Specifies how ISDN CPE (TE1), such
G0IXX06 (was G0IUI04 in 1E)
as an ISDN phone, ISDN PBX, or ISDN TA, is con-
Integrated Services Digital Network (ISDN). Some exam- nected to ISDN network termination equipment
ples of how to implement ISDN. (NTU).
The method of connecting CPE to the termination point ● T interface: Specifies how NT1 connects with NT2
of an ISDN line at the customer premises depends on (this sometimes combined together as NT1/NT2
the type of equipment you want to connect and which equipment, supporting what is called the S/T
part of the world in which you are located (we will interface).
focus here on North American ISDN). The simplest
case is if you are connecting “native” ISDN equipment
603
Integrated Services Digital Network (ISDN) Integrated Services Digital Network (ISDN)
604
Integrated Windows Authentication Intelligent Input/Output (I2O)
605
IntelliMirror interactive logon
● Operating System Service Module (OSM): This desktop working environment, including which soft-
component interfaces with the operating system on ware applications the user is allowed to use.
the machine.
● Software installation and maintenance: Allows
In addition, an intermediate layer between the HDM software applications to be installed either by
and OSM provides independence between them by pro- assigning them (the first time the user clicks on the
viding standard communication mechanisms that allow application shortcut in the Start menu, the applica-
any HDM for any peripheral to interoperate with any tion is downloaded and installed on his machine)
OSM for any operating system. or publishing them in Active Directory (the user
employs Add/Remove Programs in Control Panel
Notes
to install the software).
The Microsoft Windows 2000, Windows XP, and
Windows .NET operating systems support I2O. IntelliMirror can also use Remote Installation Services
(RIS) to enable authorized clients to download fully
configured operating systems, applications, and data
IntelliMirror
I A set of management technologies native to Microsoft
from remote servers, thus performing unattended
installations on the clients.
Windows 2000, Windows XP, and the Windows .NET
Server family that simplifies the task of configuring and IntelliMirror technologies significantly reduce the total
maintaining applications, settings, and data at the client cost of ownership (TCO) of PC-based networks.
and server level.
See Also: Active Directory, Group Policy
Overview
IntelliMirror provides a distributed replication service
that lets clients and servers “intelligently mirror” and
Interactive
A built-in identity in Microsoft Windows 2000,
share information stored on local and distributed file sys-
Windows XP, and Windows .NET Server.
tems. IntelliMirror mirrors the workstation environment
on the network server so that the environment can be eas- Overview
ily managed. IntelliMirror also offers full roaming sup- The Interactive built-in identity includes any user who
port by allowing a user to log on to any client machine and has successfully logged on to the console of the local
access his or her software, settings, and data. IntelliMirror machine. The operating system uses this identity to
is designed to simplify network administration and elimi- enable the user to access resources on the machine. The
nate the need for administrators to “visit” desktop clients name Interactive stems from the idea that the user who
to upgrade operating systems and applications. belongs to this group is “interacting” with the local
computer through the console.
IntelliMirror is a combination of several features of
Windows 2000 and depends on various aspects of the As with all built-in identities, administrators cannot
operating system’s architecture, including Active Direc- directly modify the membership or assigned rights of
tory directory service, Group Policy, and various ser- the Interactive identity.
vices. IntelliMirror’s Change and Configuration
See Also: built-in identities
Management (CCM) features are provided in three ways:
User data management: Data can follow users
●
interactive logon
wherever they roam on the network and even be
Logging on to a network through a local machine.
available when the user is offline.
Overview
● User settings management: Enables administrators
Interactive logon is a process whereby a user gains
to use Group Policy to restrict and customize a user’s
access to a network by entering credentials in response
606
inter-exchange carrier (IXC) inter-exchange carrier (IXC)
to a dialog box displayed on the local machine. This is percent of the U.S. long-distance communication
in contrast to a remote logon, which occurs when a user market is controlled by the Big Three IXCs: AT&T,
who is already logged on locally tries to make a net- MCI/WorldCom, and Sprint Corporation. These com-
work connection to a remote computer—for example, panies provide services such as long-distance telephone
using the Net Use command at the command prompt. services, frame relay, virtual private networking (VPN),
Interactive logons are supported by all versions of T-1 and T-3 lines, ATM (Asynchronous Transfer Mode)
Microsoft Windows. backbone services, and even Internet access.
In a Windows 2000 or Windows .NET network, the
information that the user must specify during an interac-
tive logon depends on the network’s security model, as
ILEC IXC ILEC
described in the following table. After successfully log-
ging on interactively, the user is granted an access token
that is assigned to the initial process created for her.
LATA LATA
Required Logon Information for Security Models G0IXX07 (new to 1E)
I
Security Model What the User Must Specify Inter-exchange carrier (IXC). Traditional relationship
between IXCs and Incumbent Local Exchange Carriers
Workgroup Username and password
(ILECs). This landscape is evolving as a result of the Tele-
Domain Username and password communications Act of 1996.
Domain with a trust Username, password, and
relationship trusting domain While IXCs dominate the long-distance market, the local
other domains telephone companies (telcos) provide subscribers in their
particular geographical service areas, called Local Access
Notes and Transport Areas (LATAs), with the actual local loop
When trust relationships are configured between wiring that makes all telephony-based services possible.
Windows 2000 or Windows .NET Server domains, the In other words, the telcos are dependent upon the IXCs
interactive logon dialog box for Windows 2000 and for long-distance services, but the IXCs need the telcos’
Windows XP clients allows the user to select a logon local loop in order to provide their services to custom-
domain—that is, the domain in which the user’s user ers. Each telco offers services only in their own specific
account is located. In contrast, the earlier Windows 98 LATA, but IXCs provide services connecting different
and Windows Millennium Edition (Me) logon domains LATAs. Telcos themselves are properly known as Local
are hard-coded using Client for Microsoft Networks Exchange Carriers (LECs) and come in two varieties:
and offer only one domain to choose from at logon
● ILECs (Incumbent Local Exchange Carriers):
time.
These include the Regional Bell Operating Compa-
See Also: logon nies (RBOCs) and rural telcos.
● CLECs (Competitive Local Exchange Carriers):
inter-exchange carrier (IXC) These include Digital Subscriber Line (DSL) pro-
A telecommunications carrier that provides long- viders, Metropolitan Ethernet providers, and other
distance services. kinds of carriers.
Overview IXCs provide their own services through one of two
IXCs own or share the various high-bandwidth, fiber- methods:
optic trunk lines that cross different geographic areas
and provide high-speed switched digital services ● Colocating their equipment and sharing point of pres-
for voice, data, and video communication. About 90 ence (POP) facilities at telco central offices (COs)
607
interface interface
● Building their own POP facilities interface is one that transfers data one bit at a time
between two devices. Serial interfaces are commonly
Either way, IXCs need to share access with the local
used for connecting data terminal equipment (DTE),
loop wiring owned by ILECs. This is facilitated by the
such as computers or routers, to data communications
government overseeing ILECs as regulated monopolies
equipment (DCE), such as modems or Channel Service
in their service areas.
Unit/Data Service Units (CSU/DSUs). The most com-
Prospects mon type of serial interface is the RS-232 interface
The Telecommunications Act of 1996 has opened up found on the back of most computers and used to con-
the market so that LECs can compete in long-distance nect modems. The following table shows other com-
markets by leasing services from IXCs, and IXCs can mon examples of serial interfaces.
compete in local markets by leasing local loop connec-
Types of Serial Interfaces
tions from LECs. Some companies have also gained
access to each other’s services by merging. Other Serial
emerging competitors for IXCs are cable television Interface Description
I companies, who have customer premises installations RS-232 A common interface for communica-
tion over unbalanced lines. Uses
in most U.S. residences and who are upgrading their
networks for bidirectional communication. DB-9 or DB-25 connectors.
RS-422/485 For communication over balanced
See Also: Competitive Local Exchange Carrier lines. More suitable than RS-232 for
(CLEC), Incumbent Local Exchange Carrier (ILEC), environments with significant electro-
Local Access and Transport Area (LATA), local magnetic interference (EMI) or with
exchange carrier (LEC), Regional Bell Operating Com- DB-9 or DB-37 connectors.
pany (RBOC) V.35 A high-speed serial interface for data
transmission at 48 Kbps. Combines
balanced lines with unbalanced lines
interface and is used in Integrated Services
In networking and telecommunication, a mechanism
Digital Network (ISDN) and frame
for communicating between two devices.
relay connections. Uses a 24-pin
Overview block connector.
An interface specifies the nature of the boundary X.21 A high-speed serial interface that uses
between two devices and determines the procedures and the International Telecommunication
protocols that make it possible for the devices to Union (ITU) standard for connecting
exchange data. DCE and DTE for synchronous com-
munication. Uses a DB-15 connector.
608
interface card interface converter
interface, but it is incorrect to say that you use an RS- Many different kinds of interface cards are available,
232 connector or an RS-232 cable to connect to that including the following:
device. RS-232 specifies the interface, but several
● RS-232 high-speed serial input/output (I/O) cards
cabling options can support it, such as a cable termi-
with 16550 universal asynchronous receiver-
nated with a DB-9 or a DB-25 male connector.
transmitter (UART) chips for connecting to high-
Notes speed modems and Integrated Services Digital Net-
The term interface is also used in routing terminology, work (ISDN) terminal adapters. These cards can be
in which it describes the connection between a router either Industry Standard Architecture (ISA) or
and an attached network. In routing terminology, an Peripheral Component Interconnect (PCI) bus cards
interface is a remote network that can be reached from and can support transfer speeds of up to 460.8
the local network. A router interface is said to be active Kbps—much higher than the 115.2-Kbps rate sup-
if it provides connectivity with the remove network or ported by standard RS-232 interfaces.
inactive if connectivity is not possible at the time.
● Enhanced Capabilities Port (ECP)/Enhanced Parallel
The term interface is also used in Microsoft Component Port (EPP) high-speed parallel I/O cards that support I
Object Model (COM) programming to represent point- up to 2.5-megabit-per-second (Mbps) transfer speeds.
ers through which clients invoke methods of COM
● RS-422/485 interface cards for connecting to indus-
objects. From the perspective of a client application, a
trial sensor and measuring equipment. These cards
COM object appears as a set of interfaces.
can support up to 31 separate devices that can be
See Also: connector (device), routing, RS-232, serial located up to 4000 feet (1220 meters) from the com-
transmission, V.35 puter. Data transfer speeds are up to 460.8 Kbps.
See Also: interface, RS-232, serial transmission
interface card
A card you plug into a computer’s motherboard to pro-
vide connectivity between the main system bus and an
interface converter
Any device that converts one interface to another.
external serial or parallel bus.
Overview
Overview
Interface converters are generally stand-alone, powered
Computers usually come with installed serial/parallel
devices for midline use or rack-mounted devices for use
interface cards for connecting modems, printers, and
in wiring closets. There are interface converters for
other devices to your system, but in certain situations you
serial and parallel interfaces, asynchronous and syn-
might want to purchase a separate interface card. These
chronous communication, half-duplex and full-duplex
situations include
communication, single-node and host converters,
● When you have an older computer whose serial inter- copper and fiber-optic converters, AC-powered or
face card cannot support the newer fast 56-kilobit- interface-powered devices, and other devices. Exam-
per-second (Kbps) V.90 modems or whose parallel ples of interface converters include the following:
interface card cannot support IEEE 1284 bidirec-
● RS-232 to RS-422 serial interface converters for
tional print devices such as the newer Hewlett Pack-
directly connecting the RS-232 serial interface of a
ard LaserJet print devices
computer to an RS-422 programmable logic con-
● When you need a different serial interface such as troller for synchronous data transmission. If hand-
RS-422/485 to connect your machine to special net- shaking is required, you should use an RS-232 to
working or industrial measurement equipment RS-422/449 serial interface converter instead.
609
interference Interim Interswitch Signaling Protocol (IISP)
Workstation interference
Also called electromagnetic interference (EMI), electri-
cal noise induced in cabling by nearby electrical equip-
ment, such as motors, air conditioners, fluorescent
RS-232 lights, and power lines.
Converter
See: electromagnetic interference (EMI)
V.35
Interim Interswitch Signaling
Host Protocol (IISP)
An Asynchronous Transfer Mode (ATM) protocol that
enables cells to be routed over a switched virtual circuit
CSU/DSU
(SVC).
CSU/DSU
I Overview
RS-232 The Interim Interswitch Signaling Protocol (IISP) is
V.35 essentially a form of static routing for ATM networks.
Normally, ATM is a connection-oriented architecture
in which a switched connection is first established
between the transmitting and receiving node, after
Converter
which cells are delivered across that connection. When
G0IXX09 (was G0Iui06 in 1E)
Interface converter. Using an interface converter to con- IISP is used, the result is more like Internet Protocol
vert between an RS-232 interface and a V.35 interface. (IP) internetworks, where packets can be routed to their
destination addresses by various paths.
● RS-232 to RS-422/485 serial interface converters
that allow RS-422/485 data collection equipment or IISP was created in 1994 and is an extension to the
industrial measurement devices to be connected to a ATM UNI (user-to-network interface) specification.
computer using its built-in RS-232 serial interface.
Architecture
Alternatively, you can install an interface card in the
To use IISP, the ATM carrier network must employ
computer to allow it to connect directly with the
switched virtual circuits (SVCs). Unfortunately most
RS-422/485 device.
ATM carriers currently support only permanent virtual
● RS-232 to V.35 serial interface converters for con- circuits (PVCs), as they are cheaper and easier to imple-
necting RS-232 devices to V.35 lines. ment, which means that IISP is not a widely available
solution for enterprises needing to route data over ATM
● V.35 to G.703 or X.21 serial interface connectors
carrier backbone networks.
for use in Europe.
IISP routes cells based on their 20-octet network service
● Small Computer System Interface (SCSI) to paral-
access point (NSAP) address. IISP employs channels 32
lel converter for connecting SCSI peripherals to an
to 255 of virtual path identifier (VPI) zero. These chan-
Enhanced Capabilities Port (ECP)/Enhanced Paral-
nels function as trunk lines for routed transport of cells
lel Port (EPP) parallel port.
over ATM networks.
See Also: interface, RS-232, Small Computer System
Notes
Interface (SCSI), V.35
An alternative to IISP for routing cells over ATM back-
bone networks is to use Private Network-to-Network
Interface (PNNI) protocol. You can combine both IISP
610
Interior Border Gateway Protocol (IBGP) Interior Gateway Routing Protocol (IGRP)
autonomous system (AS). Interior gateway protocol (IGP). A network using IGP to
route information within an autonomous system and exte-
Overview
rior gateway protocol (EGP) to route information between
There are two versions of BGP, the classless dynamic autonomous systems.
routing protocol used on the Internet. These versions are
Examples of IGPs include
● Exterior Border Gateway Protocol (EBGP): This
exterior routing protocol is used for exchanging rout- ● Routing Information Protocol (RIP): This is a
I
ing information dynamically between border routers popular protocol for small to medium-sized inter-
connecting different ASs on the Internet or in a large networks and is based on the distance-vector rout-
private Transmission Control Protocol/Internet Proto- ing algorithm.
col (TCP/IP) internetwork. When referring simply to ● Open Shortest Path First (OSPF) Protocol: This
BGP, the variant EBGP is always implied. In other is used mainly on medium-sized to large-sized
words, EBGP is usually just called BGP. internetworks and is based on the link-state routing
● Interior Border Gateway Protocol (IBGP): This algorithm.
interior routing protocol is used for exchanging rout- ● Interior Gateway Routing Protocol (IGRP): This
ing information between routers within an AS. IBGP is a proprietary distance-vector routing protocol
is less “chatty” than EBGP and does not communi- developed by Cisco Systems.
cate route information as frequently. Unlike EBGP,
all IBGP routers within a particular AS must be con- See Also: autonomous system (AS), dynamic routing
figured as peers. protocol, exterior gateway protocol (EGP), Internet,
routing protocol
See Also: autonomous system (AS), Border Gateway
Protocol (BGP), classless routing protocol, dynamic
routing Interior Gateway Routing
Protocol (IGRP)
An interior gateway protocol (IGP) developed by Cisco
interior gateway protocol (IGP) Systems.
Any routing protocol used to distribute routing informa-
tion within an autonomous system (AS). Overview
Interior Gateway Routing Protocol (IGRP) is a propri-
Overview etary classful interior routing protocol that was devel-
Also known as interior routing protocols, interior gate- oped by Cisco for two reasons:
way protocols (IGPs) specify how routers within an AS
exchange routing information with other routers within ● Routing Information Protocol (RIP) was widely
the same AS. This is in contrast to exterior gateway pro- deployed but had several deficiencies, including a
tocols (EGPs), which facilitate the exchange of routing simplistic metric that did not mirror real-world net-
information between routers in different ASs. work topologies and a limitation in maximum hop
count to 15 hops.
611
interior routing protocol intermediary device
● Open Shortest Path First (OSPF) was being devel- ● Split horizon: Prevents routing loops from occur-
oped by the Internet Engineering Task Force (IETF) ring between two routers
as a successor to RIP and as a routing protocol for
● Poison reverse update: Reduces the chance of rout-
larger internetworks, but development of OSPF was
ing loops occurring between three or more routers
slow and the market needed a replacement for RIP.
Notes
As a result, Cisco developed IGRP as a proprietary pro-
Enhanced IGRP (EIGRP) is another proprietary interior
tocol for exchange of routing information within an
routing protocol developed by Cisco. Despite the simi-
autonomous system (AS). IGRP was tuned to provide
larity in their names, EIGRP is a very different protocol
optimal routes to ensure that communications within a
from IGRP.
network would be minimally disrupted should a router
go down. IGMP is a stable protocol capable of support- See Also: dynamic routing protocol, Enhanced Interior
ing very large networks, supports up to 255 hops (100 Gateway Routing Protocol (EIGRP), interior gateway
by default), has fast convergence, provides rudimentary protocol (IGP), interior routing protocol, Routing
612
Intermediate Language (IL) International Mobile Telecommunications-2000 (IMT-2000)
Modem Overview
pool The International Mobile Telecommunications-2000
(IMT-2000) initiative has its roots in 3G wireless research
LAN undertaken by the ITU in 1986. The goal of the initiative
is to establish global mobile communication standards
Modem that support voice messaging services integrated with
existing Public Switched Telephone Network (PSTN) ser-
G0IXX11 (was G0Iui08 in 1E)
vices, integrated multipoint paging and dispatch services,
and high speed data transmission at rates of up to 2 mega-
I
Intermediary device. A security host as an intermediary
device between an RAS server and a client. bits per second (Mbps) for both packet-switched and cir-
cuit-switched communications (see table).
Notes
Microsoft Windows 2000 and the Windows .NET Proposed Data Rates for IMT-2000
Server family support intermediary devices for its Communications Systems
Routing and Remote Access Services (RRAS). Mobility Minimum Data Rate
See Also: remote access Fixed 2 Mbps
Pedestrian 384 kilobits per second (Kbps)
Vehicular 144 Kbps
Intermediate Language (IL)
An intermediate byte code used by the Windows .NET Because of differences in how the spectrum is regulated
platform. in different countries and regions and because of the
fundamental inoperability between the two major types
Overview
of cellular communication technologies—Time Divi-
Microsoft Corporation’s new .NET platform is a
sion Multiple Access (TDMA) and Code Division
language-independent programming framework for
Multiple Access (CDMA)—the ITU realizes that the
developing secure, scalable Web services. Applications
initiative probably will not be able to unify worldwide
and services can be developed for the .NET platform
mobile communication into a single global standard. As
using a variety of programming languages, including
a result, the original IMT-2000 initiative has evolved
Visual Basic (VB), C++, and Microsoft’s new C#
somewhat to support several proposed standards,
language. When compiled on the .NET platform, these
including the following:
languages all produce an architecture-independent
intermediate byte code called Intermediate Language ● Universal Mobile Telecommunications System
(IL). Code written in different languages can be mixed (UMTS): A standard for 3G wireless networks pro-
easily since they share the same architecture and data posed by the European Telecommunications Stan-
types—all compiled code is in the form of .NET dards Institute (ETSI)
objects.
● Universal Wireless Communications (UWC-
See Also: .NET platform 136): A standard for 3G wireless networks pro-
posed by the Telecommunications Industry Associ-
ation (TIA)
613
International Organization for Standardization (ISO) International Organization for Standardization (ISO)
614
International Telecommunication Union (ITU) Internet
desire and assign object identifiers to your new classes The section of the ITU that is concerned with develop-
and attributes. ing international standards for telecommunications is
called the ITU Telecommunications Standardization
For More Information
Sector, or ITU-T.
Visit the ISO at www.iso.ch.
For More Information
See Also: Active Directory, Novell Directory Services
Visit the ITU at www.itu.int.
(NDS), Simple Network Management Protocol
(SNMP), X.500 See Also: American National Standards Institute
(ANSI), V.35, V.90, X.25, X.400, X.500
International Telecommunication
Union (ITU) Internet
An international organization headquartered in Geneva, The global public Transmission Control Protocol/
Switzerland, that coordinates global telecommunica- Internet Protocol (TCP/IP) internetwork.
tions networks and services with governments and the
private sector.
Overview I
The Internet has evolved in a single decade from an aca-
Overview demic network to the backbone of today’s economy.
Known until 1993 as the International Telegraph and The Internet is synonymous in most people’s minds
Telephone Consultative Committee, also known by its with the World Wide Web (WWW) and has displaced
French name, Comité Consultatif International Télé- most other early Internet protocols apart from Simple
graphique et Téléphonique (CCITT), the International Mail Transfer Protocol (SMTP) and File Transfer Pro-
Telecommunication Union (ITU) is responsible for a tocol (FTP).
number of important international networking and
The Internet is not owned by any one government, orga-
communication standards, including the following X
nization, or company. Nevertheless, various administra-
series and V series standards:
tive bodies oversee different aspects of the Internet’s
● V.35 serial interface standard operation. These groups include the following:
● V.90 56-Kbps modem standard ● Internet Society (ISOC), which coordinates a num-
ber of other bodies and gives them advice and
● X.25 packet-switching network standard
direction.
● X.400 message-handling system (MHS) standard
● Internet Architecture Board (IAB), which is respon-
● X.435 standard for electronic data interchange sible to the ISOC and oversees the Internet’s
(EDI) over X.400 architecture.
● X.500 directory service recommendations ● Internet Engineering Task Force (IETF), which is
responsible to the IAB and develops Internet proto-
● X.509 digital certificate and authentication standard
cols that define such applications as the TCP/IP
● Standards for Standardized Generalized Markup protocol suite and the Domain Name System
Language (SGML), the precursor to Extensible (DNS).
Markup Language (XML)
● Internet Assigned Numbers Authority (IANA),
The ITU also hosts important study groups, meetings, which is responsible for coordinating the registra-
and conferences and is a leading publisher of informa- tion of DNS names and assigning Internet Protocol
tion on telecommunications technology and standards. (IP) addresses. Many of the functions of IANA have
615
Internet Internet
been replaced recently by a new body called the Then a company called MFS began to set up fiber-optic
Internet Corporation for Assigned Names and ring networks called Metropolitan Area Ethernets
Numbers (ICANN). (MAEs). These MAEs were connected to the Internet
backbone in metropolitan areas. These soon became
History
obvious places for companies to connect their corporate
The Internet originated with the ARPANET project of
networks to the Internet, and MAE soon stood for
the U.S. Department of Defense in the early 1970s. The
Metropolitan Area Exchange instead. The first such
original purpose of ARPANET was to create a wide
exchange was called MAE-East, which is still opera-
area network (WAN) that would allow researchers at
tional and is located in Washington, D.C. Other MAEs
various defense and civilian research agencies to com-
include MAE-West in San Jose, California, and
municate with each other and to collaborate on projects.
MAE-LA in Los Angeles.
ARPANET originally consisted of a few hundred IP
hosts joined together at several locations across the By 1993 the NSF had decided to stop funding and man-
country. aging the Internet backbone and to turn this job over to
616
Internet2 Internet access
themselves. A typical request for a Web page from also provide researchers with a test bed for developing
somewhere else in the world might result in your new networking technologies, such as the following:
request making 15 or more hops across routers on the
● Broadband networking
Internet.
● Quality of service (QoS) networking technologies
For More Information
You can find interesting and useful information about ● IPv6, the new 128-bit version of the Internet
the Internet at the following sites: www.netsizer.com, protocol
www.isc.org, and www.cyberatlas.internet.com.
● Multicasting technologies
See Also: autonomous system (AS), autonomous sys-
Notes
tem number (ASN), Border Gateway Protocol (BGP),
Other groups are working toward similar goals in coop-
Internet2, Internet access, Internet Architecture Board
eration with Internet2. Examples include the federally
(IAB), Internet Assigned Numbers Authority (IANA),
led Next Generation Internet (NGI) initiative, the
Internet Corporation for Assigned Names and Numbers
(ICANN), Internet Engineering Task Force (IETF),
National Science Foundation’s High Performance Con-
nections program, and the MCI/WorldCom vBNS net-
I
Internet service provider (ISP), Internet Society (ISOC)
work service.
Europe’s version of the Internet2 is called GEANT and
Internet2
is intended as a backbone network joining 30 countries
A project of the University Corporation for Advanced
and regions together using 2.5-gigabit-per-second
Internet Development (UCAID) to develop a high-
(Gbps) links for the purposes of academic research and
speed network for research and collaboration and for
industry collaboration.
developing innovative applications for education.
Overview For More Information
Visit the Internet2 site at www.internet2.edu.
The Internet2 project is supported by more than 150
universities in the United States and is designed to cre-
ate a leading-edge network for developing and testing Internet access
new Internet applications for researchers. Its members The process of connecting subscribers to Internet ser-
consist of a collection of national, regional, and campus vice providers (ISPs).
organizations whose networks are linked by new tech-
Overview
nologies and common research goals. Internet2 is not a
In the early 1990s, the ways in which businesses and
successor to the present Internet, but rather new tech-
consumers could connect to the Internet were limited,
nologies to be used as part of the Internet. Internet2
slow, and costly. These technologies included dial-up
is being developed by a consortium of institutions
modems, Integrated Services Digital Network (ISDN)
working to improve on existing Internet technologies.
connections, and expensive leased lines such as T1
The knowledge and new technologies developed using
lines. By the end of the decade, the landscape had
Internet2 will be made available to the broader Internet
changed, however, and broadband Internet access tech-
community as they emerge.
nologies had become widespread, at least in dense
Some of the potential benefits of new Internet technolo- urban areas. These new methods for providing Internet
gies include advances in areas such as telemedicine, access to subscribers include:
digital libraries, and virtual laboratories. Internet2 will
● Asymmetric Digital Subscriber Line (ADSL):
Provides downstream speeds up to about 10 mega-
bits per second (Mbps)—upstream speeds are less—
617
Internet Architecture Board (IAB) Internet Assigned Numbers Authority (IANA)
over dedicated connections at about $50 a month. ● Providing guidance to the ISOC on technical and
The main disadvantage is that it is available only procedural matters relating to the Internet.
within a few miles from the telco central office (CO).
● Selecting and appointing the chair of the IETF and
● Cable modem: Provides symmetric speeds of up to candidates for the Internet Engineering Steering
10 Mbps in theory, but because the system is a Group (IESG), which is responsible for the day-
shared network, typical speeds are more like 1 to-day operation of the IETF, and the Internet
Mbps. Cable modem access is widely available in Assigned Numbers Authority (IANA), most of
residential areas but difficult to obtain in business whose functions are now replaced by the Internet
and industrial parks. Corporation for Assigned Names and Numbers
(ICANN).
● Fixed wireless: Provides downstream speeds typi-
cally of only a few hundred kilobits per second and For More Information
has limited availability but can be deployed in loca- Visit the IAB at www.iab.org.
tions too distant for ADSL or cable modems to
I function.
See Also: Internet Assigned Numbers Authority
(IANA), Internet Corporation for Assigned Names and
See Also: Asymmetric Digital Subscriber Line (ADSL), Numbers (ICANN), Internet Engineering Task Force
cable modem, Integrated Services Digital Network (IETF), Internet Society (ISOC)
(ISDN), T-carrier, wireless networking
Internet Assigned Numbers
Internet Architecture Board Authority (IANA)
(IAB) The organization that coordinates the assignment of
A technical advisory group for the Internet Society unique Internet protocol parameters such as the Internet
(ISOC). Protocol (IP) address space and the Domain Name Sys-
Overview tem (DNS).
The Internet Architecture Board (IAB) was established Overview
in 1983 for the purpose of providing oversight for the The Internet Assigned Numbers Authority (IANA)
development of Internet protocols and standards. It con- operates under the auspices of the Internet Society
sists of 13 volunteer members, 6 of whom are nomi- (ISOC) and is considered part of the Internet Architec-
nated by the Internet Engineering Task Force (IETF) ture Board (IAB). IANA is the ultimate authority for
and approved by the ISOC. IAB members are part-time managing the root name servers that maintain the cen-
volunteers who provide the IETF community with tral database of information for the DNS. IANA also
advice and support. The IAB’s functions include the controls the assignment of Transmission Control Proto-
following: col/Internet Protocol (TCP/IP) protocol identifiers such
● Overseeing the evolution of the Internet’s architec- as IP addresses and the numbers for autonomous sys-
ture and protocols from a long-term, strategic level. tems (ASs) on the Internet.
The most important of these issues is to ensure the IANA delegates authority to other organizations and
continued scaling of the Internet’s core services and companies to grant users unique IP address blocks and
protocols. register DNS domain names. IANA delegates these
● Overseeing the process for developing Internet responsibilities to three regional bodies:
standards and for managing and publishing the ● The American Registry for Internet Numbers
Request for Comments (RFC) series of standards (ARIN), which manages North America, South
documents. America, and sub-Saharan Africa
618
Internet Cache Protocol (ICP) Internet Connection Firewall (ICF)
● Réseaux IP Européens (RIPE), which manages proxy servers to try to locate cached copies of requested
Europe and North Africa objects. If these queries fail, the object is requested
from the Internet. ICP has some inherent drawbacks:
● The Asia Pacific Network Information Center
(APNIC), which manages Asia and Australia ● ICP arrays use queries to determine the location of
cached information, a process that generates addi-
IANA is funded by the U.S. government. A new inter-
tional network traffic.
national nonprofit organization called the Internet Cor-
poration for Assigned Names and Numbers (ICANN) ● ICP arrays have negative scalability—the more
has taken over the responsibilities of IANA because of proxy servers in the array, the more query traffic is
the Internet’s increasingly international and commer- generated.
cial nature.
● ICP arrays tend to become highly redundant, with
Notes each cache containing similar information (the
Actual registration of IP addresses and DNS names is URLs of the most frequently visited sites).
performed by network information centers, which in the
United States include:
Microsoft Corporation’s solution to these problems is I
the Caching Array Routing Protocol (CARP), which it
● Various accredited domain name registrars, which developed for its Microsoft Proxy Server version 2.
have replaced Internet Network Information Center
See Also: Caching Array Routing Protocol (CARP),
(InterNIC) as the authorities for registering the
proxy server
.com, .org, .net, .gov, and .edu top-level domains
The U.S. Domain Registration Service, which
●
Internet Connection Firewall
administers the .us top-level domain
(ICF)
● The U.S. Department of Defense Network Informa- A new firewall feature of Windows XP and the
tion Center, which manages the .mil top-level Windows .NET Server family.
domain
Overview
● The .int top-level domain registry in Marina del Internet Connection Firewall (ICF) is a software-based
Rey, California firewall application that is used to set restrictions on
what type of network traffic or information is allowed
For More Information to communicate between your home or small office net-
Visit IANA at www.iana.org.
work and the Internet. ICF is similar to a “stateful”
See Also: American Registry for Internet Numbers firewall in that it monitors all aspects of the communi-
(ARIN), Asia Pacific Network Information Center cations that cross its path and inspects the source and
(APNIC), Domain Name System (DNS), Internet Archi- destination address of each message that it handles.
tecture Board (IAB), Internet Society (ISOC), RIPE Communications that originate from a source outside
the ICF computer are dropped by the firewall unless an
entry for the type of traffic being received is designated
Internet Cache Protocol (ICP) to allow passage. No notifications are created; ICF sim-
A protocol that enables arrays of proxy servers to work
ply discards unsolicited communications, which pre-
together over a network.
vents common hacking attempts such as port scanning.
Overview A security log can be created to allow viewing of the
The Internet Cache Protocol (ICP) was developed to activity that ICF tracks.
allow individual proxy servers to query neighboring
See Also: firewall, network security
619
Internet Control Message Protocol (ICMP) Internet Control Message Protocol (ICMP)
Internet Control Message ● Source Quench (ICMP type 4): Routers send this
Protocol (ICMP) packet type when they cannot process IP traffic as
A Transmission Control Protocol/Internet Protocol fast as it is sent. A Source Quench message essen-
(TCP/IP) network layer protocol used for various tially means “Slow down!” A Microsoft Windows
purposes. NT or Windows 2000 host can respond to a Source
Quench message by slowing down its rate of data
Overview transmission.
The Internet Control Message Protocol (ICMP) is a
simple TCP/IP protocol that operates at the network ● Redirect Message (ICMP type 5): Used to redi-
layer, the same layer at which Internet Protocol (IP) rect the host to a different network path. This mes-
functions. Unlike IP, whose main function is to enable sage essentially tells the router to override the entry
datagrams to be sent and received, ICMP has more in its internal routing table for this packet.
restricted functions, including ● Echo Request (ICMP type 8): The Ping command
● Testing of TCP/IP connectivity with remote hosts to uses this packet type to test TCP/IP connectivity.
I make sure they are alive (using ping) ● Router Advertisement (ICMP type 9): Sent at
● Issuing simple control requests to routers and other random intervals in response to an ICMP Router
hosts Solicitation request.
● Reporting error conditions from routers and other ● Router Solicitation (ICMP type 10): Sent by rout-
hosts ers to request router advertisement updates.
In effect, ICMP complements IP by providing control ● Time Exceeded (ICMP type 11): Indicates that the
messages and reporting errors on behalf of IP. ICMP is Time to Live (TTL) has been exceeded because of
defined in RFCs 792 and 1700. too many hops. The Tracert command uses this
message to test a series of routers between the local
Architecture and remote hosts.
ICMP messages are encapsulated in IP datagrams for
transmission over a network. ICMP packets are thus ● Parameter Problem (ICMP type 12): Indicates an
connectionless and do not provide for guaranteed error processing the header of an IP packet.
message delivery. ICMP supports broadcast traffic, Issues
but unlike both Transmission Control Protocol (TCP) Because of its broadcast nature, ICMP has been open to
and User Datagram Protocol (UDP), which operate exploitation as a means of network attack. Many types
at the higher Internet layer, ICMP does not use port of denial of service (DoS) attacks are based upon ICMP,
numbers. including the Smurf attack, Tribe Flood Network (TFN)
The function of an ICMP message is determined by the attack, Loki, and WinFreeze. For example, ICMP redi-
first 2 bytes of its message header. Some of the more rects can modify a router’s routing table, so sometimes
common types of ICMP packets are hackers try to subvert routers by issuing forged ICMP
redirects in order to perform a DoS attack. ICMP redi-
● Echo Reply (ICMP type 0): The Ping command rects are usually sent by routers only if all the following
uses this packet type to test TCP/IP connectivity. conditions occur:
● Destination Unreachable (ICMP type 3): Indi- ● The router is configured to generate ICMP redirects.
cates that the destination network, host, or port can-
not be reached. ● The incoming router interface for the packet is the
same as the outgoing router interface.
620
Internet Corporation for Assigned Names and Numbers (ICANN) Internet Engineering Task Force (IETF)
621
Internet Explorer Internet Explorer Administration Kit (IEAK)
which they must be deleted, updated, or established as a ● Authenticode 2 code-signing technology that enables
Request for Comments (RFC) document. users to check the digital certificate of downloaded
code before installing it on their system
For More Information
Visit the IETF at www.ietf.org. ● Offline browsing, which enables users to access
Web content in their History or Subscribed Content
See Also: Internet Architecture Board (IAB), Internet
folders when they are not connected to the Internet
Society (ISOC), Request for Comments (RFC)
● Scheduled, unattended dial-up for obtaining Web
content from subscribed sites to view offline later
Internet Explorer
Microsoft Corporation’s integrated suite of client-side ● Autocompletion of Uniform Resource Locators
Internet software, which is included with all current (URLs) typed into the address bar using Microsoft
versions of Microsoft Windows. IntelliSense technology
Overview ● Dynamic HTML behaviors that allow Dynamic
I Microsoft Internet Explorer has evolved from a simple
Web browser to a full-featured suite of Internet tools. It
HTML functionality to be extended through hosted
components
provides access not only to information on Web sites on
● Development enhancements that allow users to set
corporate intranets and the Internet but also to file sys-
the properties of items based on the value of an
tem resources on the local machine and to shared fold-
expression
ers on the network. When deployed using the Internet
Explorer Administration Kit (IEAK), the following ● Enhancements to tables that allow users to create
optional components can be installed or upgraded in fixed-layout tables and collapsible borders
addition to the basic Web browser:
● Accessibility enhancements
● Microsoft Outlook Express
For More Information
● Microsoft NetMeeting You can visit the Internet Explorer home page at
www.microsoft.com/windows/ie.
● Microsoft FrontPage Express
See Also: Internet Explorer Administration Kit (IEAK),
● Microsoft Chat
Web browser
● Web Publishing Wizard
● Connection Wizard Internet Explorer
Features of Internet Explorer 5 and later include Administration Kit (IEAK)
A tool for customizing and deploying Microsoft Inter-
● Support for the latest Internet standards and script- net Explorer throughout an enterprise.
ing languages, including Hypertext Markup Lan-
guage (HTML) version 4; Microsoft Visual Basic, Overview
Scripting Edition (VBScript); JScript; ActiveX; Some of the features of the Internet Explorer Adminis-
Java; and Dynamic HTML tration Kit (IEAK) include
● Split-screen Search, History, Channel, and Favor- ● IEAK Configuration Wizard, which is used to
ites Explorer bars that can be toggled on and off download, configure, and package Internet
Explorer components for distribution to users in
● Security zones for dividing intranets and the Inter- the enterprise.
net into safe and unsafe regions with their own
security settings
622
Internet File System (iFS) Internet Group Management Protocol (IGMP)
● Automatic Version Synchronization (AVS) for noti- Internet File System (iFS)
fying administrators when software updates for A technology developed by Oracle Corporation for
Internet Explorer 4 are available. Administrators can sharing data over the Internet.
download these updates and distribute them to users.
Overview
● Profile Manager for centrally managing user desk- Oracle’s Internet File System (iFS) leverages Extensi-
top settings after deployment of Internet Explorer 4. ble Markup Language (XML) to enable applications,
● Wizard-based configuration for determining which services, and users to share data easily using standard
portions of Internet Explorer 4 will be deployed and Internet protocols. The iFS is included in the Oracle 9i
how they will be configured. database platform and provides a repository for all
types of information including Web documents, e-mail
The IEAK also supports deployment methods such as messages, and other files. Using iFS, you can easily
Microsoft Systems Management Server (SMS), e-mail, move data between Web applications and Oracle
Web sites, floppy disks, and CDs. databases.
Implementation The iFS supports a number of standard Internet proto- I
You first decide how you want to distribute your custom cols, including
package for Internet Explorer: CD, floppy disks, or an
Internet Uniform Resource Locator (URL) for users to ● Hypertext Transfer Protocol (HTTP)
download the package. You use the IEAK Configura- ● Web-based Distributed Authoring and Versioning
tion Wizard to build custom packages that include Inter- (WebDAV)
net Explorer, its related components, and up to 10 other
custom components. ● File Transfer Protocol (FTP)
Once you create your package, you can distribute it ● Simple Mail Transfer Protocol (SMTP)
using the appropriate method for the type of package: The iFS also supports Server Message Block (SMB)
locate it on an Internet or file server or give users copies protocol, the native file sharing protocol of the
of CDs or floppy disks. Users can then run the Setup Microsoft Windows platform.
program to install Internet Explorer and the additional
components on their systems. You can also use the See Also: File Transfer Protocol (FTP), Hypertext
IEAK Configuration Wizard to do the following: Transfer Protocol (HTTP), Simple Mail Transfer
Protocol (SMTP), XML
● Create silent installation packages that do not allow
users to change the configuration settings you have
specified Internet Group Management
Protocol (IGMP)
● Create branded packages that customize users’
A Transmission Control Protocol/Internet Protocol
browsers using a company-specific logo, title bar
(TCP/IP) network layer protocol used for informing
text, toolbar background bitmap image, or channel
routers of the availability of multicast groups on the
title bar for Internet Explorer
network.
● Create packages with preconfigured browser set-
Overview
tings such as a Start page, Search page, Support
The Internet Group Management Protocol (IGMP) is
page, default favorites, Welcome page, desktop
used in a multicasting environment to exchange infor-
wallpaper, Active Channels, and proxy settings
mation on the status of membership in multicast groups
See Also: Internet Explorer between routers on the network. Once a router becomes
aware that there are hosts on a locally attached network
623
Internet guest account Internet guest account
that are members of a particular multicast group, it IGMP Host Membership Report to the multicast
advertises this information using IGMP to other routers address 244.0.0.1. The message contains the multicast
on the internetwork so that multicast messages are for- address that identifies the group it wants to join. Rout-
warded to the appropriate routers. IGMP is thus used to ers connected to that host’s local network then advertise
maintain the group membership on a local subnet for an to other routers throughout the internetwork that the
Internet Protocol (IP) multicast. particular network has hosts belonging to that multicast
group. The routers poll the hosts regularly by sending
Architecture
IGMP Host Membership Query messages to determine
There are two versions of IGMP: IGMPv1 and the
whether any of them are still members of that group. If
newer IGMPv2. IGMPv1 is defined in RFC 1112 and
no hosts on the network belong to that group any longer,
supports only two types of IGMP messages:
the router stops advertising the information to other
● Host membership report: Hosts send this type of routers on the internetwork so that multicast messages
message to inform local routers that the host wishes directed to that group are no longer forwarded to it.
to receive multicast IP traffic addressed to a specific
I group address.
Notes
IGMP is used by the Routing and Remote Access Ser-
● Host membership query: Routers send this mes- vice (RRAS) of Microsoft Windows 2000 for IP mul-
sage to poll a local area network (LAN) segment in ticasting. IGMP is also used in Windows NT by the
order to determine if any hosts on the segment are Windows Internet Naming Service (WINS)—at startup
listening for multicast traffic. a WINS server sends IGMP packets to the multicast
address 224.0.1.24 to seek out possible WINS replica-
IGMPv2 is defined in RFC 2236 and includes several
tion partners on the network.
new message types, including
See Also: Internet Protocol (IP), multicasting, Trans-
● Leave group: Used by a host to inform a router that
mission Control Protocol/Internet Protocol (TCP/IP)
it is the last member to leave a multicast group (so
that the router knows it no longer needs to forward
IP multicasts to that subnet). Internet guest account
A user account in Microsoft Windows 2000,
● Group-specific query: Similar to the IGMP Host
Windows XP, and the Windows .NET Server family
membership query, except that it checks for mem-
used by Microsoft Internet Information Services (IIS).
bership in a specific multicast group.
Overview
● Multicast querier election: This allows a single
The Internet guest account on Windows 2000 is usually
router to be selected for issuing IGMP Host mem-
an account named IUSR_ComputerName, where Com-
bership query messages to a particular network
puterName is the name of the Windows 2000 server on
segment.
which IIS is installed. The account is used to allow
IGMPv2 is fully backward-compatible with IGMPv1. anonymous access to World Wide Web (WWW) and
File Transfer Protocol (FTP) sites on IIS. The IUSR_
Implementation ComputerName account is given a randomly assigned
Operation of IGMP is best illustrated with a simple
password and is made a member of the Guests local
example. To join a multicast group, a host must report
group. The account is also granted the sole system right
its request for membership to nearby routers. These
“log on locally” so that when users on the Internet try to
routers periodically poll the hosts in their locally
anonymously access a WWW or FTP site on IIS, they
attached networks to check on their membership status.
are authenticated as if they had logged on locally to the
When a host first joins a multicast group, it sends an
624
Internet Information Services (IIS) Internet Information Services (IIS)
system console (instead of being authenticated as nor- ● Support for File Transfer Protocol (FTP)
mal network users). This secures the computer against
● Limited support for Simple Mail Transfer Protocol
unauthorized network access. Once a user is authenti-
(SMTP)
cated as an anonymous user, he or she transparently
uses the IUSR_ComputerName account to gain access ● Support for Network News Transfer Protocol
to files on the WWW or FTP sites of interest. (NNTP)
The IUSR_ComputerName account is automatically ● Support for advanced security using the Secure
included in the built-in Guests local group on the server Sockets Layer (SSL) and related protocols
on which IIS is installed, so be sure to review the per-
● Provides a platform for deploying scalable Web
missions and rights that you have granted to the Guests
server applications using Active Server Pages
group.
(ASP); Internet Server API (ISAPI); Common
See Also: Internet Information Services (IIS) Gateway Interface (CGI); Microsoft Visual Basic,
Scripting Edition (VBScript); JScript; and other
Internet Information Services installable scripting languages, such as Perl I
(IIS) ● Allows Web applications to be run as isolated pro-
A Microsoft Windows service that provides support for cesses in separate memory spaces to prevent one
application-layer Internet protocols. application crash from affecting other applications
Overview ● Integrates with Microsoft Transaction Server
Internet Information Services (IIS) enables Windows (MTS) and Microsoft Message Queue (MSMQ)
2000 servers to function in the roles of Web servers, Server for deploying transaction-based Web
File Transfer Protocol (FTP) servers, Network News applications
Transfer Protocol (NNTP) servers, and similar Internet
● Can be managed using the Microsoft Management
and intranet servers. IIS is also a foundational compo-
Console (MMC), through a standard Web browser
nent for a wide variety of other Microsoft server plat-
such as Microsoft Internet Explorer, or by running
forms, including Microsoft Exchange Server 2000,
administrative scripts using the Windows Scripting
Microsoft Sharepoint Server, and other Microsoft .NET
Host (WSH)
Enterprise Servers.
● Includes domain blocking for granting/denying
IIS was first released for Windows NT 3.51 as version
access on the basis of IP address or domain
1. The highest version available for the Windows NT
platform is version 4.01, which was included as part of ● Allows IIS activity to be logged in various formats,
the Windows NT Option Pack. On Windows 2000, the including IIS, World Wide Web Consortium
version of IIS is 5, but on Windows XP, it is 5.1 and on (W3C), National Computer Security Association
Windows .NET Server, it is 6. (NCSA), and open database connectivity (ODBC)
logging
All current versions of IIS support the following
features: ● Allows Web site operators to be assigned for lim-
ited administration of each Web site
● Fully integrated with Windows NT security and
the version of NTFS file system (NTFS) used in ● Bandwidth throttling to prevent one Web site from
Windows NT monopolizing a server’s available bandwidth
● Full support for version 1.1 of Hypertext Transfer
Protocol (HTTP)
625
Internet Inter-Orb Protocol (IIOP) Internet Locator Service (ILS)
626
Internet Mail Access Protocol version 4 (IMAP4) Internet Mail Access Protocol version 4 (IMAP4)
NetMeeting. Clients periodically refresh the information ● Leave messages on the server after reading them
in the ILS database. Users can access the ILS using LDAP so that they can access the messages again from
to place a call to other NetMeeting users and to determine another location
which NetMeeting users are currently logged on to the
● Search a mailbox for a specific message to download
ILS. Using Active Server Pages (ASP), you can design a
customizable Web interface that displays who is currently ● Flag messages as read
online and allows users to search for other users and ini-
● Selectively download portions of messages or
tiate NetMeeting sessions with them.
attachments only
Notes
● Review the headers of messages before download-
ILS replaces the earlier User Locator Service (ULS)
ing them
technology.
Implementation
See Also: Lightweight Directory Access Protocol
To retrieve a message from an IMAP4 server, an
(LDAP)
IMAP4 client first establishes a Transmission Control
Protocol (TCP) session using TCP port 143. The client
I
Internet Mail Access Protocol then identifies itself to the server and issues a series of
version 4 (IMAP4) IMAP4 commands:
A standard protocol for storage and retrieval of e-mail
● LIST: Retrieves a list of folders in the client’s
messages.
mailbox
Overview
● SELECT: Selects a particular folder to access its
Simple Mail Transport Protocol (SMTP) provides the
messages
underlying message transport mechanism for sending
e-mail messages over the Internet, but it does not pro- ● FETCH: Retrieves individual messages
vide any facility for storing and retrieving those mes-
● LOGOUT: Ends the IMAP4 session
sages. In order to communicate, SMTP hosts must be
continuously connected to one another, but for ordinary To troubleshoot problems with remote IMAP4 servers,
users this is not always the case. use Telnet to connect to port 143. Then try issuing vari-
ous IMAP4 commands such as the ones described in
Internet Mail Access Protocol version 4 (IMAP4) com-
this entry and examine the results.
plements SMTP by providing a mechanism for holding
received messages in receptacles called mailboxes. An Advantages and Disadvantages
IMAP4 server stores messages received by each user in Because IMAP4 clients can allow read messages to
a personal mailbox until the user can connect to the remain on the IMAP4 server, IMAP4 is especially use-
server to download and read them. To do this, the user ful for mobile users who dial up and access their mail
requires an IMAP4-capable mail client such as Micro- from multiple locations. The downside is that IMAP4
soft Outlook or Microsoft Outlook Express. servers require more resources than POP3 servers
because users tend to leave large numbers of messages
IMAP4 provides functions similar to an earlier protocol
on the server. IMAP4 also is not as widely supported by
called Post Office Protocol version 3 (POP3), but it
Internet service providers (ISPs) as POP3.
includes a number of features that were not supported
by POP3. Specifically, IMAP4 allows users to Notes
IMAP4 is supported by Microsoft Exchange Server.
● Access multiple folders, including public folders
See Also: e-mail, Post Office Protocol version 3
● Create hierarchies of folders for storing messages
(POP3), Simple Mail Transfer Protocol (SMTP)
627
Internet Printing Protocol (IPP) Internet Protocol (IP)
628
Internet protocols Internet protocols
(continued)
629
Internet Protocol Security (IPsec) Internet Protocol Security (IPsec)
Standard Internet Protocols continued IPsec implements encryption and data integrity through
Protocol two additional security protocols, which can be used
Protocol Name Description either separately or together. These protocols are
tn3270 TN3270 Starts a TN3270 terminal ● Authentication Header (AH) protocol: Provides
protocol emulation program user authentication and protection from replay
pnm RealAudio Plays RealAudio stream- attacks and supports data authentication and integ-
protocol ing audio from a Real- rity functions. AH enables the recipient to be sure
Audio server of the sender’s identity and that the data has not
mms Microsoft Plays .asf streams from a been modified during transmission. AH does not
Media Server Microsoft Streaming provide any encryption of the data itself. AH infor-
(MMS) Media server
mation is embedded in the IP packet’s header and
protocol
can be used alone or with the Encapsulating Secu-
rity Payload (ESP) protocol. AH is defined in RFC
630
Internet Relay Chat (IRC) Internet Relay Chat (IRC)
Console (MMC). IPsec policies consist of rules that Internet. IRC is a client/server technology in which
specify the security requirements for different forms of users employ IRC client software to connect to an IRC
communication. These rules are used to initiate and server or hub. Clients can then connect to an existing
control secure communication based on the nature of chat group (also called chat room or channel) and type
the IP traffic, the source of the traffic, and its destina- messages to other users currently in that group. Chat
tion. These rules specify authentication and negotiation groups are identified using a pound sign (#) prefix.
methods, tunneling attributes, and connection types. Messages are transmitted in real time and can appear
character by character on the recipients’ client software
Advantages and Disadvantages
if the person sending the message types slowly enough.
IPsec implements security differently from such tunnel-
Depending on how the chat server is configured, users
ing protocols as Point-to-Point Tunneling Protocol
might be able to create their own chat rooms and hold
(PPTP) and Layer 2 Tunneling Protocol (L2TP), which
private discussions. Some chat servers require that you
create secure tunnels and operate at the OSI data-link
register once to obtain a unique nickname, but others
layer (Layer 2). Instead, IPsec secures information at
allow you to select a nickname for the current session
the packet level and operates at the OSI network layer
(Layer 3). IPsec also supports only IP traffic, which
only. Some Web sites also offer Web-based interfaces to I
their chat servers.
limits its use in some enterprise environments. PPTP
and L2TP, by contrast, support any network protocol The network of IRC servers on the Internet is known as
including TCP/IP, Internetwork Packet Exchange/ Undernet. These servers are generally owned and oper-
Sequenced Packet Exchange (IPX/SPX), or NetBEUI. ated by Internet service providers (ISPs) that provide a
free IRC environment to online users. The IRC protocol
Although the restriction to IP traffic is somewhat of a
is defined in RFC 1459.
disadvantage, IPsec does have two significant advan-
tages over tunneling protocols: Prospects
In late 2000, the Undernet network was crippled by a
● Application-layer TCP/IP protocols such as Hyper-
lengthy Distributed Denial of Service (DDoS) attack
text Transfer Protocol (HTTP) that reside above
that prevented IRC users from using the network and
IPsec can take full advantage of the security offered
created havoc for ISPs hosting Undernet servers. The
by IPsec.
attack graphically illustrated the Internet’s current vul-
● Security policies for configuring IPsec make the nerability to DDoS attacks and has called into question
protocol more powerful and flexible than tunneling the long-term viability of Undernet and IRC unless
protocols. changes are made to the Internet’s basic architecture to
protect it from such attacks.
See Also: data-link layer, Internet Protocol (IP),
Layer 2 Tunneling Protocol (L2TP), network layer, Notes
Point-to-Point Tunneling Protocol (PPTP), Transmis- Microsoft Exchange Server includes an IRC-based chat
sion Control Protocol/Internet Protocol (TCP/IP) service that you can use to set up public or private IRC
sites.
Internet Relay Chat (IRC) For More Information
A text-based Internet conferencing protocol. Find out more about IRC at www.irc.net.
Overview See Also: Distributed Denial of Service (DDoS), ICQ,
Internet Relay Chat (IRC) is a technology that can be instant messaging (IM)
used to send real-time, text-based messages over the
631
Internet Research Task Force (IRTF) Internet Server API (ISAPI)
Internet Research Task Force Proxy Server 2 platform that was part of the BackOffice
(IRTF) suite of server applications. ISA Server belongs to
An umbrella organization for a number of long-term Microsoft’s new .NET Enterprise Server platform and
research groups that focus on standards for Internet pro- is designed to meet the security needs of Internet-based
tocols, architecture, applications, and technologies. businesses. ISA Server provides
● The End-to-End (E2E) group, which is concerned ● Web caching technology to speed the retrieval of
with end-to-end services and protocols imple- frequently used Web content, saving valuable net-
mented in hosts work bandwidth.
632
Internet service provider (ISP) Internet service provider (ISP)
● ISAPI extensions: Run-time DLLs that can run services across the country. Examples include
either in process or out of process on IIS. ISAPI AT&T WorldNet, EarthLink, Genuity, MSN, PSI-
extensions provide extended functionality to IIS. net, Sprint, UUNET, and Verizon.
● ISAPI filters: Used to preprocess packets of data ● Regional: These offer services in specific regions
before they enter or leave the IIS main process. An of the country and are often owned by or partnered
example of an ISAPI filter is the Secure Sockets with Regional Bell Operating Companies (RBOCs)
Layer (SSL) protocol component on IIS 4. or Incumbent Local Exchange Carriers (ILECs).
Examples are Ameritech and BellSouth.
Notes
You can create ISAPI extensions easily using the ISAPI ● B2B: These focus exclusively on the business-
Extension Wizard in Microsoft Visual C++. to-business market. Examples include GNS from
AT&T and Gridnet from UUNET.
See Also: Active Server Pages (ASP), Common Gate-
way Interface (CGI), dynamic-link library (DLL), Inter- Implementation
net Information Services (IIS), ISAPI extension, ISAPI
filter
Choosing an ISP for your enterprise or business is a
process you should approach carefully. If your enter-
I
prise spans several locations, you need to consider your
ISP as part of your network infrastructure, especially if
Internet service provider (ISP)
you are using VPN. Be sure to ask potential ISPs ques-
A company that provides Internet access to consumers,
tions about
businesses, or both.
● The capacity their backbone can handle and who
Overview
owns it. OC-12 and OC-48 backbones are com-
Internet service providers (ISPs) come in various
mon, and OC-192 backbones are beginning to be
shapes and sizes, from volunteer-run freenets to local,
deployed by large national carriers (the first ISP to
regional, and national service providers such as AT&T
deploy OC-192 was AT&T).
WorldNet. ISPs can provide a wide range of services,
including ● Whether they employ redundant backbone connec-
tions to upstream providers and what sort of peering
● Dial-up Internet access
arrangements (public or private) they have with
● Broadband Internet access—Digital Subscriber these providers. Most large ISPs use private peering
Line (DSL) or cable modem arrangements to connect to similar ISPs, but small
ISPs generally have to lease wholesale services
● Leased lines and other wide area network (WAN)
from upstream ISPs.
services.
● Whether they offer colocation for running your own
● Web hosting services
Web servers at their point of presence (POP).
● E-mail services
● Which advanced features (such as VPN and VoIP)
● Virtual private networking (VPN) they offer.
Types ● What level of reliability or SLA (service level
ISPs can be classified into different types according to agreement) they offer.
their size, service area, and particular business orienta-
tion. For example, Examples
One example of a national (Tier 1) ISP is UUNET
● National: These are often owned by or partnered (www.uu.net), which merged with MCI/WorldCom, an
with inter-exchange carriers (IXCs) to offer IXC. UUNET offers a wide range of services, including
633
Internet Society (ISOC) Internetwork Operating System (IOS)
634
Internetwork Operating System (IOS) Internetwork Operating System (IOS)
router configuration and management functions instead command-line console (for example, using a Telnet
of file system management and input/output (I/O). connection). Using EXEC, the IOS system com-
While IOS was originally designed as a monolithic, mand interpreter, you can type commands using a
“router-centric” operating system, it has evolved into a command-line interface. User EXEC mode sup-
modular operating system composed of different sub- ports a subset of IOS commands for performing
systems that can easily be upgraded and that support basic actions such as configuring terminal settings,
more complex distributed networking functions. The running tests, and displaying configuration
most recent release of Cisco IOS at the time of writing information.
is IOS 12.2, which has support for IPv6 built into it
● Privileged EXEC mode: This mode lets you do
across the board.
everything you can do in User EXEC mode and
Note that the operating system used on Cisco Catalyst more, including running the Setup command to
switches is somewhat different from the version used on enter configuration information, running the con-
routers and is referred to either as Catalyst IOS or Cat- figure command to modify configuration informa-
alyst Operating System (COS) in various literature. tion, and running the debug command to display
event messages. Enter Privileged EXEC mode by
I
Implementation
typing the enable command.
IOS is typically stored as a system image within a
router’s flash memory. The startup configuration file ● Configuration mode: This mode lets you config-
called Startup-config is stored in nonvolatile RAM, and ure your router’s settings. You enter this mode by
the router’s actual operating configuration (its routing typing the configure terminal command.
tables, queues, and other elements) is stored in ordinary
● Setup mode: This mode is used to create new con-
RAM. Cisco routers can typically run in three different
figuration files that enable features such as address-
operating environments:
ing, routing, and security.
● ROM monitor: Also called the bootstrap program,
Notes
this environment is accessed through the console
You can quickly tell which command mode of IOS you
port. The ROM monitor initiates the bootstrap pro-
are running by looking at your command prompt. The
cess and can be used to run diagnostics, recover lost
table shows the various IOS command modes and their
passwords, and recover from system failures.
prompts.
● Boot ROM: This environment is used mainly to
IOS Command Modes
upgrade to new versions of IOS by loading a new
image of IOS into flash memory. Prompt IOS Mode
Router> User EXEC
● Cisco IOS: This is the normal operating environ- Router# Privileged EXEC
ment, in which you can enter commands to config- Router(config)# Configuration
ure and troubleshoot your router’s operation. For (A series of dialog box prompts) Setup
example, you can enter the Show Version command
to determine which version of IOS your router is You access most router functions by using EXEC mode,
running. either User to view information in read-only format or
Privileged to modify and configure router settings. User
The normal IOS operating environment itself can run in
and Privileged modes also support different subsets of
four different modes:
the IOS command set. Note that Privileged EXEC mode
● User EXEC mode: This mode is enabled by should always be password-protected because it lets
default when you connect to a router using a you reconfigure key operating system parameters.
635
Internetwork Packet Exchange (IPX) Internetwork Packet Exchange (IPX)
Do not run the debug command when you are con- an IPX internetwork. The administrator of each net-
nected to the network unless it is absolutely necessary work assigns these network numbers, which must be
because this increases the load on the processor. Type a unique for each connected network; all nodes on a con-
question mark (?) at a prompt to determine which com- nected network must have the same network number.
mands are available in the currently enabled IOS mode. Nodes discover their network number by communicat-
ing with routers attached to the local network. Routers
There are typically three ways you can connect to a
use these network numbers to route IPX packets from
router and issue IOS commands:
one network to another within an internetwork. IPX is
● Console: By connecting the serial port of a nearby PC thus a routable protocol. The structure of an IPX packet
to the router using a Cisco console cable, you can run is shown in the diagram.
IOS commands on the router using a terminal pro-
gram such as Microsoft HyperTerminal on the PC.
IPX Packet Structure Bytes
● Modem: For routers in remote locations, you can use
Checksum 2
I a modem to connect the router to the telephone sys-
tem, allowing administrators to remotely dial-in and Length 2
run IOS commands using a PC similarly equipped Transport control (hop count) 1
with a modem.
Packet type 1
● Telnet: If the router has connectivity with a network, Destination network 4
a user anywhere in the network can connect to the
router and run IOS commands using Telnet. Destination node 6
Destination socket 2
For More Information
Find out more about Cisco IOS at www.cisco.com/ Source network 4
warp/public/732. Source node 6
See Also: command line, router Source socket 2
Data varies
Internetwork Packet Exchange
(IPX) G0IXX13 (was G0Iui12 in 1E)
636
interprocess communication (IPC) interprocess communication (IPC)
Get Nearest Server (GSN) request message to its locally interprocess communication
connected network in order to locate the nearest Net- (IPC)
Ware server. If a NetWare server cannot be located on A mechanism for establishing a connection between
the connected network, the router informs the client of processes running on two computers or on a single multi-
the nearest available server based on the cost of the con- tasking computer to allow data to flow between those
nection. The router is familiar with this information processes.
because NetWare servers using IPX periodically notify
the network of their presence using SAP, which allows Overview
IPX routers to construct server tables based on SAP Interprocess communication (IPC) mechanisms are
numbers. commonly used in client/server environments and are
supported to various degrees by the different Microsoft
IPX is a connectionless protocol that works at the net- Windows operating systems. An IPC generally consists
work layer of the Open Systems Interconnection (OSI) of two components:
reference model, and IPX packets are connectionless
● An application programming interface (API) that
datagrams. To function within connected networks,
IPX works with a transport layer protocol called the defines the standard set of functions that can be I
Sequenced Packet Exchange (SPX) protocol. SPX is called when software tries to use an IPC.
responsible for generating acknowledgments for IPX ● A protocol that specifies the format in which the
packets received over the network to ensure that no information is transmitted using the IPC. When
packets were lost during transport. IPCs are passed over the network, the format speci-
Notes fied is the format of the packet or frame transmitted
On Ethernet networks, NetWare clients and servers can between the computers.
communicate with each other using IPX only if they use The following table lists some IPC mechanisms and the
compatible frame types (encapsulation formats). The platforms that support them.
terminology used to describe these frame types depends
on whether you are discussing Novell NetWare clients Built-in Support for IPC Mechanisms on Various
and servers or IPX-enabled routers from Cisco Sys- Windows Platforms
Windows 2000
tems. The following table illustrates these differences.
Windows NT
Windows 95
Windows 98
Frame Type Terminology
Common Novell Cisco
Terminology Terminology Terminology Process
Ethernet Ethernet_II arpa Named pipes x x x x
raw Ethernet_802.3 novell-ether Mailslots x x x x
802.3 Ethernet_802.2 sap NetBIOS x x x x
snap Ethernet_SNAP snap Windows Sockets x x x x
Remote procedure call (RPC) x x x x
Ethernet_II is the default frame type for NetWare
Network Dynamic Data Exchange x x x x
version 3.x and earlier, but NetWare 4.x uses the
(NetDDE)
Ethernet_802.2 frame type.
Distributed Component Object Model x x x
See Also: NetWare protocols (DCOM)
637
Inter-Switch Link (ISL) intrusion detection system (IDS)
638
intrusion detection system (IDS) intrusion detection system (IDS)
Intrusion detection system. An example of how a network from Enterasys Networks, Kane Security Enterprise
intrusion detection system might be implemented. from Intrusion.com, and RealSecure OS Sensor from
Internet Security Systems. Popular network IDSs
● Host-based IDS: These are applications installed
include NetProwler from Axent Technologies, Cisco
on critical hosts such as Web servers that monitor
Secure IDS from Cisco Systems (available as both a
such things as Transmission Control Protocol
stand-alone appliance and as a module for Cisco Cata-
(TCP) sessions, port activity, file integrity, and log
lyst 6000 series switches), eTrust Intrusion Detection
files. Host-based IDSs are platform-specific solu-
from Computer Associates, Armor from nCircle Net-
tions that must be installed on any servers consid-
work Security, BlackICE Sentry from Network Ice Cor-
ered in danger of attack.
poration, and NFR from Network Flight Recorder.
This distinction between the two types of IDS is begin- Some popular free UNIX-based IDS tools include
ning to be blurred as vendors combine aspects of both Shadow, Snort, and Pakemon.
types into newer IDS applications and appliances. Ven-
Issues
dors are also beginning to add “intelligent” pattern-
One of the main difficulties in deploying NIDS is that
recognition functionality into their IDSs to enable them
most enterprise networks are now switch-based instead
to detect attacks for which no signatures currently exist.
of hub-based. All stations connected to a hub share the
The use of artificial intelligence (AI) in IDS systems is
same broadcast and collision domain, and by connect-
probably the big goal in the network security field for
ing a NIDS sensor to a hub, traffic to and from every
the next decade.
station can be easily monitored. Ethernet switches are
Implementation different, however—each attached station forms its own
This example deals with the implementation of a NIDS. private segment and to monitor traffic effectively
A typical NIDS consists of two components: would, in theory, require a NIDS sensor for each port.
639
inverse multiplexer (IMUX) inverse multiplexing
One workaround for this problem is to use port mirror- that if one ISDN or T1 line goes down, no delays occur.
ing (spanning) to copy portions of traffic from each port IMUXes usually include diagnostic and loopback func-
on the switch to a mirror port to which the sensor can tions for both local and remote troubleshooting.
then be attached. The problem with doing this, however,
See Also: Channel Service Unit/Data Service Unit
is that it adds an extra processing load to the switch and
(CSU/DSU), Integrated Services Digital Network
is difficult to implement in full-duplex configurations.
(ISDN), inverse multiplexing, T-carrier
Cisco solves this problem in its Catalyst 6000 series of
enterprise switches by providing its Cisco Secure IDS
product as a blade that can be installed in the switch to inverse multiplexing
monitor traffic directly on the backplane. By configur- A way of combining the bandwidths of a number of
ing access control lists (ACLs), administrators can then digital network or telecommunication lines into a single
pull up different kinds of traffic such as Hypertext virtual pathway for high-speed communication.
Transfer Protocol (HTTP) to get more targeted informa-
Overview
tion about possible intrusions. Another solution is pro-
Inverse multiplexing can be used to aggregate the band-
I vided by Shomiti Systems, which sells “taps” that let
width of digital data service (DDS), switched 56, Inte-
you unobtrusively listen in to traffic on any 10/100
grated Services Digital Network (ISDN), or T1 and
Mbps Ethernet link and copy traffic to a second switch
higher T-carrier services into a single high-bandwidth
to which IDS sensors are attached. This way, no extra
data terminal equipment (DTE) interface. You can then
processing burden is placed on the network’s backbone
connect this DTE interface to customer premises equip-
switches.
ment such as routers or Channel Service Unit/Data Ser-
See Also: firewall, network security vice Units (CSU/DSUs), which are connected to the
customer’s network.
inverse multiplexer (IMUX) Inverse multiplexing is the opposite of multiplexing,
A device that can perform inverse multiplexing of which combines data transmissions from multiple
digital telecommunication channels. pieces of DTE into a single digital communication
channel.
Overview
A typical inverse multiplexer (IMUX) might be capable Implementation
of inverse multiplexing together four Basic Rate Inter- By connecting a device called an inverse multiplexer, or
face ISDN (BRI-ISDN) lines, two T1 lines, or four T1 IMUX, to the termination points of several leased digi-
lines to provide a throughput of 512 kilobits per second tal lines, you can use inverse multiplexing to create
(Kbps), 3.088 megabits per second (Mbps), or 6.176 a single virtual connection with a bandwidth equal to
Mbps, respectively. This saves the expense of having to the sum of the bandwidths of the individual lines. To
purchase or lease equipment to individually terminate implement this, for example, with ISDN, an IMUX is
each Integrated Services Digital Network (ISDN) or T1 required at both the customer premises and the telco
line, and it provides an efficient way to increase wide central office (CO). When several ISDN subchannels
area network (WAN) speed for high-bandwidth uses are multiplexed into a single high-speed channel, a con-
such as videoconferencing, T1 backup, or large file nection is initiated when the customer’s IMUX dials a
transfers. IMUXes can include built-in Channel Service number to establish a connection with the CO IMUX.
Unit/Data Service Unit (CSU/DSU) functionality, they Once a single ISDN subchannel is established, the cus-
have a 34-pin built-in V.35 LAN (data) interface, and tomer IMUX dials the remaining numbers and estab-
they have an RJ-45 or DB25 connector for the line lishes the additional ISDN subchannels. Once all the
interface. They often feature load-sharing functions so subchannels are up, a protocol called BONDING
640
Inverse Multiplexing over ATM (IMA) inverse query
establishes synchronization between the two stations Inverse Multiplexing over ATM
using a handshaking mechanism to resolve any delays (IMA)
between the subchannels. These delays are primarily A high-speed Asynchronous Transfer Mode (ATM)
the result of the different circuit-switched communica- technology.
tion subchannels having physical paths of different
lengths, even though they have the same two endpoints. Overview
The bonding protocols also ensure that data sent over Enterprises that need to connect their ATM backbones
each subchannel arrives at its destination in the correct by means of wide area network (WAN) links to inter-
order. exchange carriers (IXCs) such as AT&T, Sprint, and
MCI/Worldcom have traditionally been limited to two
main options:
● T1 lines: These operate at 1.544 megabits per sec-
ond (Mbps), well below the speed of even a tradi-
LAN Telco CO tional 10 Mbps Ethernet LAN.
T3 lines: These offer higher speeds of 44.736
I
IMUX ●
641
IOS IP address
reverse name lookups. The nodes in this domain are address of the source host that transmitted the packet
named after the IP addresses of hosts but with the octets and the destination host to which the packet is being
in reverse order to facilitate searching. However, inverse sent. IP addresses can be one of three types:
queries can take place only on the name server que-
● Unicast: This type forwards the packet to a single
ried and cannot be forwarded to another name server.
target host (one-to-one forwarding).
Because individual name servers manage only a small
portion of the entire DNS namespace, there is no guaran- ● Multicast: This type forwards the packet to all hosts
tee that a given inverse query issued against a specific that have joined a multicast group (one-to-many
name server will meet with a successful response. forwarding).
Notes ● Broadcast: This type forwards the packet to all hosts
Most names used on Internet servers are configured on a subnet or network (one-to-all forwarding).
for reverse name lookups to avoid the extra overhead
In order for communication to take place reliably on an
required. However, if you need to use the DNS trouble-
IP network, each host on the network needs a unique IP
I shooting utility Nslookup, you should configure the
in-addr.arpa domain on name servers to support inverse
address assigned to it. IP addresses can be assigned
either
queries. Otherwise, there is no need to configure this
inverse domain. ● Manually: By using static IP addressing, or
See Also: in-addr.arpa, iterative query, recursive query ● Dynamically: By using Dynamic Host Configura-
tion Protocol (DHCP)
IOS Architecture
Stands for Internetwork Operating System, the operat- IP addresses are usually expressed in four-octet, dotted-
ing system developed by Cisco Systems for its line of decimal form—w.x.y.z—in which each octet ranges in
routers and access servers to provide a standard way to value from 0 to 255 (with some restrictions). The IP
configure and administer these devices. address of a host is partitioned by the network’s subnet
mask into two parts, a network ID and a host ID.
See: Internetwork Operating System (IOS)
IP addresses belong to certain classes according to their
first octet, as defined in the following table. The actual
IP distinguishing feature of each class is the pattern of
Stands for Internet Protocol, the network layer protocol high-order bits in the first octet, but it is easier to
used by Transmission Control Protocol/Internet Proto- remember these classes by their first octet decimal
col (TCP/IP) for addressing and routing packets of data numbers. IP addresses whose first octet is 127 represent
between hosts. the loopback address and are used for troubleshooting
See: Internet Protocol (IP) purposes only, and cannot be assigned to hosts.
IP Address Classes
IP address IP Address Possible
In IPv4, a 32-bit logical address for a host on an Internet Class First Octet Used For
Protocol (IP) network; in IPv6, IP addresses are 64 bits Class A 1–126 Very large networks
in length. Class B 128–191 Medium to large networks
Class C 192–223 Small networks
Overview
Class D 224–239 Multicasting
IP addresses allow packets to be routed over an IP net-
Class E 240–255 Reserved (experimental)
work. Each IP packet has a header that contains the IP
642
IP/ATM Ipconfig
● The network ID and host ID cannot both be 255. See: interprocess communication (IPC)
643
IP Fax IP over ATM
644
IPP IP storage
645
IP telephony IPv6
646
IPX IRC
647
IrDA IrDA Data
648
Irix ISAPI filter
649
ISA Server ISDN
Custom ISAPI filters can be designed by third-party a local SCSI drive. The operating system or dedicated
developers for such tasks as iSCSI card then packages these SCSI commands into a
stream of bytes separated by iSCSI headers. The byte
● Custom authentication
stream is broken up into IP packets and transmitted over
● Data encryption the network to the remote storage array. Once received by
the array, the packets are reassembled into the byte
● Data compression
stream and the iSCSI headers are parsed to produce a
● Filtering series of SCSI commands, which are then issued to the
local SCSI storage system. The data is then retrieved
● Traffic analysis
from the storage system and returned to the client.
See Also: Common Gateway Interface (CGI),
dynamic-link library (DLL), Internet Information Client
iSCSI card
Services (IIS), Internet Server API (ISAPI), ISAPI
extension
I Server
ISA Server SCSI IP SCSI
commands packets commands
Stands for Internet Security and Acceleration Server,
Microsoft Corporation’s firewall, proxy, and Web-
caching platform.
SCSI
See: Internet Security and Acceleration Server (ISA iSCSI card
storage
Server)
G0IXX17 (new to 2E)
The iSCSI standard is expected to be a popular IP stor- See Also: IP storage, Small Computer System Interface
age technology in the next few years, propelled on the (SCSI), storage
backs of Gigabit Ethernet (GbE) and the emerging 10
GbE standard. ISDN
Implementation Stands for Integrated Services Digital Network, a digi-
Consider the example of a client trying to remotely tal communication service provided by telephone com-
access data from a remote storage system such as a SCSI panies (telcos).
array over a network. With iSCSI, the client simply
See: Integrated Services Digital Network (ISDN)
issues the request in the form of SCSI commands as if to
650
ISDN Digital Subscriber Line (IDSL) ISDN router
IDSL has not been widely deployed by telecommunica- ISDN fallback adapter. Using an ISDN fallback adapter to
provide a backup for a DDS line.
tion carriers to date, but a recent development called
IDSL bonding may change this. Using IDSL bonding, Overview
up to four 144 Kbps IDSL links can be aggregated ISDN fallback adapters typically have built-in ISDN
together using Multilink Point-to-Point Protocol terminal adapter functionality and can sometimes pro-
(MPPP) into a respectable fat pipe of 576 Kbps. And vide backup support for multiple DDS lines. The fall-
because it supports distances up to 6.8 miles (11 kilo- back and restore settings are configurable using a
meters) from a CO, IDSL provides an important option built-in or serial-connected terminal interface.
for customers too far from telco COs for Asymmetric
To use a fallback adapter, you connect it to the ISDN
Digital Subscriber Line (ADSL) or High-bit-rate Digi-
line with the RJ-45 connector and to the local area net-
tal Subscriber Line (HDSL) to be deployed for wide
work (LAN) bridge or router and the DDS CSU/DSUs
area network (WAN) or Internet access. Netopia was
(Channel Service Unit/Data Service Units) using the
the first DSL provider to commercially offer bonded
V.35 or RS-232 serial interfaces. When the DDS line
IDSL services to its customers.
fails, the ISDN fallback adapter automatically kicks in
See Also: Asymmetric Digital Subscriber Line (ADSL), the ISDN line to maintain wide area network (WAN)
Digital Subscriber Line (DSL), High-bit-rate Digital connectivity.
Subscriber Line (HDSL), Integrated Services Digital
See Also: Channel Service Unit/Data Service Unit
Network (ISDN)
(CSU/DSU), digital data service (DDS), Integrated
Services Digital Network (ISDN), RS-232, V.35
ISDN fallback adapter
A device that allows you to use an Integrated Services
Digital Network (ISDN) line as a back up for a digital
ISDN router
A router with built-in hardware for connecting directly
data service (DDS) line.
to Integrated Services Digital Network (ISDN) lines.
651
ISDN terminal adapter ISDN terminal adapter
Overview
You must employ ISDN terminal adapters when you do Fax
not have telephone, computing, or networking equip- G0IXX19 (was G0Iui16 in 1E)
652
ISL isoEthernet
653
ISP IXC
654
J
jabber
head and 1500 bytes of payload). A frame longer than
Random, malformed frames of data that are sent contin-
1518 bytes is often called a jabber frame. Another name
uously by failed circuitry in a networking component.
for jabber is long packet error.
Overview
A network interface card (NIC) or other device that is Notes
A frame shorter than 64 bytes on an Ethernet network is
jabbering generates a continuous stream of unwanted
called a runt frame.
signals that can disrupt communication between other
devices on the network. This is especially common on See Also: Carrier Sense Multiple Access with Collision
Ethernet networks, in which each device must compete
for use of the line using the Carrier Sense Multiple
Detection (CSMA/CD), Ethernet, Fast Ethernet, frame
J
Access with Collision Detection (CSMA/CD) conten-
tion protocol. When a NIC jabbers on an Ethernet net-
jack
A receptacle into which you can insert a connector or
work, all network communication might cease until the
plug to form a connection.
offending NIC is replaced. Other causes of jabbering on
a network include loose cabling or a poorly grounded Overview
cable (for shielded cabling). The best example of a jack in computer networking is
the standard RJ-45 jack in which a connector (plug) on
Jabbering can also occur in Fast Ethernet networks, in
the end of a Category 5 (Cat5) cable can be inserted.
which a combination of 100BaseT4 and 100BaseTX
RJ-45 jacks are typically built into Ethernet networking
cabling schemes are employed in one network. The
devices such as hubs, switches, and routers, but some
continuously generated idle stream signal of the TX
devices also allow modular jacks to be inserted and
network can appear to the T4 network as jabber and can
removed in order to support other kinds of connectors.
bring down the entire network. This should not be a
Patch panels and wall plates are other examples of items
problem if all network devices implement autonegotia-
that may either be hardwired with RJ-45 jacks or allow
tion in an IEEE-compliant fashion. In addition, Fast
modular jacks to be inserted into them for greater
Ethernet repeaters generally implement jabber control
flexibility.
by automatically disconnecting any port that transmits
information in streams longer than 40 kilobits (Kb).
The term jabber is also used in the Institute of Electrical
and Electronic Engineers (IEEE) 802.3 specification for
any frame of data that exceeds the maximum frame
length for that specification. For Ethernet networks, the
655
jacket jam signal
Jack
Insert
Connector Insert
Chassis (modular)
656
Java Java
657
Java Java
658
Java Database Connectivity (JDBC) Java Database Connectivity (JDBC)
Some other key Java terminology includes the following: the process of upgrading Java applications on client
machines, lowering the costs of deploying and managing
● Enterprise JavaBeans (EJB): A component archi-
Java desktop applications across an enterprise.
tecture for developing transactional server-side Java
applications. EJBs can be either self-contained pro- Prospects
grams or small portions of programs and can be Java has established itself in the enterprise market and
used as building blocks for building more complex is widely used for developing server-side applications
Java applications. EJB is currently in version 1.1 for e-business. The Java community includes more than
(the EJB 2 specification is being developed) and is 2.5 million developers, a tribute to the platform’s ease
the Java counterpart of the Microsoft technology of use and reliability. On the client side, however, the
called Component Object Model (COM). original expectation of Java transforming the Internet
through dynamic interactive content has faded some-
● Java Foundation Classes (JFC): Also known as
what. The biggest prospect for Java’s future is likely to
Swing, these classes are building blocks for creat-
be in the embedded device field, where it competes with
ing interfaces for Java applications.
platforms such as Wireless Markup Language, QUAL-
● Java Database Connectivity (JDBC): This com- COMM’s Binary Runtime Environment for Wireless
ponent provides standard APIs for connecting (BREW), and Microsoft Corporation’s Windows CE. In
Structured Query Language (SQL) databases to the near future, Java is likely to find its main competi- J
Java applications. JDBC is currently in version 2 tion to be Microsoft’s new .NET platform with its pow-
and is the counterpart of the Microsoft technology erful C# programming language.
known as Open Database Connectivity (ODBC).
For More Information
Marketplace Visit Sun Microsystems Java site at java.sun.com.
Java2 Micro Edition (J2ME) is emerging as a popular plat-
See Also: C#, Java Database Connectivity (JDBC),
form for developing distributed applications for the next
Java Server Pages (JSP), .NET platform
generation of third-generation (3G) cellular communica-
tion systems. A consortium of over 20 industry partners,
including Sun, Ericsson, Motorola, Nokia, and Siemens, Java Database Connectivity
has developed the Mobile Internet Device (MID) profile, a (JDBC)
platform for developing interactive mobile services that is A data access interface developed by Sun Microsystems
based on J2ME. The J2ME platform complements the that allows Java applications to access information
existing Wireless Application Protocol (WAP) platform stored in databases.
and uses WAP as its underlying transport mechanism.
Overview
Motorola’s iDEN handset was the first commercially
The Java Database Connectivity (JDBC) application
available mobile device compliant with the J2ME specifi-
programming interface (API) is a standard component
cation. A popular platform for creating J2EE applications
of Java 2 Enterprise Edition (J2EE) development plat-
is Code Warrior from Metrowerks.
form. The JDBC API specifies a set of Java classes that
Java in the enterprise has recently been furthered by Sun’s represent database connections, Structured Query Lan-
new Java Web Start (JWS) platform. JWS simplifies guage (SQL) queries and their result sets, and other
the deployment of applications developed with Java 2 objects associated with accessing databases. Multiple
Enterprise Edition (J2EE) to network clients. This is drivers for JDBC exist that allow access to different
done packaging all the various components of a Java database formats, and the JDBC drivers themselves
application into a Java Archive (JAR) file, which can be can be implemented either within applets or as native
downloaded and installed on client machines through a methods on the operating system. JDBC also supports
simple click of a link on a Web page. JWS also automates drivers that act as a bridge between Open Database
Connectivity (ODBC) and JDBC. This type of driver
659
Java Online Analytical Processing (JOLAP) JavaScript
translates JDBC function calls into native ODBC calls, JavaScript was developed by Netscape Communications
but this bridge cannot be run by distrusted applets (now just Netscape) and built into the Netscape Naviga-
within a Web browser environment. tor Web browser version 2 and later. JavaScript enables
Web developers to produce Web pages with dynamic
Notes
functionality such as animated graphics, browser detec-
JDBC is to the Java platform what ODBC is to
tion, cookies, scrolling text, form handlers, and authen-
Microsoft Windows.
tication without needing to write or invoke Common
See Also: application programming interface (API), Gateway Interface (CGI) applications. JavaScript can be
Java, open database connectivity (ODBC), Structured used to develop both client and server applications, but it
Query Language (SQL) is usually run on the client Web browser.
The European Computer Manufacturers Association
Java Online Analytical (ECMA) based its ECMA-262 standard upon both
Processing (JOLAP) Netscape’s JavaScript 1.1 and Microsoft’s JScript 2
A Java-based interface for online analytical processing scripting languages. This ECMA-standardized script-
(OLAP) databases. ing language is known as ECMAScript, and JavaScript
1.5 fully complies with the ECMA 262 standard.
J Overview
Java Online Analytical Processing (JOLAP) provides Examples
an interface for accessing, storing, and managing meta- JavaScript scripts are placed in standard Hypertext
data stored in OLAP databases. JOLAP is intended to Markup Language (HTML) files using special tags.
provide a uniform, platform-independent method for Here is a simple example:
allowing clients to interact with OLAP servers. Just as <HTML>
the Java Database Connectivity (JDBC) specification <HEAD><TITLE>Javascript Test</TITLE></HEAD>
allows data stored in relational databases to be accessed <BODY>
using Java, JOLAP provides similar functionality for <H1>Knock Knock</H1>
accessing metadata stored in OLAP systems. <SCRIPT LANGUAGE="JavaScript">
alert("Who's there?");
The JOLAP specification is an initiative of a company </SCRIPT>
called Hyperion and is backed by an industry consor- </BODY>
tium that includes IBM, Oracle Corporation, and Sun </HTML>
Microsystems.
The <SCRIPT> and </SCRIPT> tags identify and con-
Notes tain the actual JavaScript script. When this page is
Microsoft Corporation’s own specification for access- loaded into a Web browser such as Netscape Navigator
ing OLAP systems is known as OLE DB. version 3, the browser reads the script and interprets it,
causing an alert dialog box to be displayed with the
See Also: OLE DB, online analytical processing
message “JavaScript Alert: Who’s there?” and an OK
(OLAP)
button that closes the dialog box when clicked.
JavaScript Notes
A scripting language developed for the Web by JavaScript is not the same as Java, which is an object-
Netscape. oriented programming language. A syntactically simi-
lar scripting language called JScript is supported on
Overview Microsoft Internet Explorer.
JavaScript is a cross-platform, object-based scripting lan-
guage that is similar to C but much simpler in syntax. See Also: Java, JScript, scripting
660
Java Server Pages (JSP) JBOD
Java Server Pages (JSP) In this example, a form on a Web page could request the
A technology from Sun Microsystems for creating user to input his or her name, which would then be
dynamic Web applications. passed as a parameter to the JSP application on the Web
server. For example, if the user’s name is Mary and the
Overview form uses the GET method, the Name parameter would
Java Server Pages (JSP) is a Java-based technology that be passed to the JSP application (which might be called
is part of the Java 2 Enterprise Edition (J2EE) specifica- Hello.jsp) by appending it to the URL, for example:
tion from Sun Microsystems. JSP can be used to write
server-side Web applications that dynamically gener- http://www.microsoft.com/JSPtest/
Hello.jsp?name=Mary
ate Hypertext Markup Language (HTML) pages when
accessed through a Web browser. Like the underlying The client-side browser would then display a simple
Java programming environment on which it is based, JSP dynamically generated Web page that says “Hello
is a platform-independent, vendor-neutral development Mary.” If the user instead submitted the form without
architecture that provides full access to Java’s features, specifying a name, the browser would display simply
including standard Java APIs, Java servlets, and Java “Hello World.”
Database Connectivity (JDBC).
Marketplace
JSP also complements another Java server-side Web pro- JSP has established itself as a popular platform for devel- J
gramming architecture called Java Servlets. Using JSP, oping dynamic Web applications. As a server-side devel-
you can include portions of Java code within an HTML opment platform, JSP competes in the commercial and
page to call external Java components from the page. enterprise environments with many similar platforms,
Java supports both tag-based programming similar to that including Macromedia’s Cold Fusion, Personal Home
used by Macromedia’s Cold Fusion platform and embed- Pages (PHP), the CGI/PERL combination popular in the
ded script blocks such as those used by Microsoft Corpo- UNIX world, and Microsoft Corporation’s ASP platform.
ration’s Active Server Pages (ASP) platform.
For developers who want to create JSP applications, a
Architecture variety of integrated development environments (IDEs)
JSP separates the presentation (the display of HTML is available, including JRun and DreamWeaver UltraDev
pages) layer from the business logic layer, simplifying from Macromedia, and WebGain Studio from WebGain.
the process of creating portable, scalable Web-based
applications. JSP has a simple syntax that can be used to See Also: Active Server Pages (ASP), Hypertext
write applications that run on Web servers and dynami- Markup Language (HTML), Java
cally generate Web content in response to requests from
Web browsers. An example of a simple “Hello World” JBOD
application written in JSP might be as follows: Stands for “just a bunch of disks” and refers to an
<HTML>
unstructured high-capacity disk-storage system.
<HEAD><TITLE>Sample JSP Application</TITLE> Overview
</HEAD> A JBOD is essentially just an array of disks connected
<BODY>
to a common backplane and arranged within an enclo-
<%
sure. The disks within the JBOD are usually controlled
String guest = request.getParameter("name");
if (guest == null) guest = "World";
by an attached server called the host server, which may
%>
manage them as independent volumes or combine them
Hello <%= guest %> into logical volumes in any way desired. JBODs are
</BODY> used anywhere a large amount of storage capacity is
</HTML> required but do not provide the fault tolerance of redun-
dant array of independent disks (RAID) systems.
661
JDBC Jini
662
jitter join
form spontaneous communities without the need to transmission of packets from the FTP server to the cli-
have a central PC controlling them. For example, a ent is typically several hundred milliseconds, but, due
Jini-enabled PDA and cell phone could communicate to jitter in the connection, the first half of the file may
with each other when the user accesses the cell phone to download much more quickly than the last half.
dial a phone number. The cell phone could automati-
Jitter is particularly annoying in multimedia communi-
cally network with the PDA using Jini to look up the
cations involving audio or video streaming. Jitter can
phone number.
render a communication unintelligible, and it can cause
For More Information dropouts unless buffering is used to prevent them. Buff-
Find out more about Jini at www.sun.com/jini. ering introduces delay, however, and although this may
be acceptable in one-way streaming transmission, it is
See Also: Java
unacceptable in two-way communications.
See Also: noise, latency, signal
jitter
Distortion in transmission that occurs when a signal
drifts from its reference position. join
A database operation that allows you to retrieve and mod-
Overview
Jitter is inherent in all forms of communication because
ify data from more than one table at a time using a single J
Structured Query Language (SQL) SELECT statement.
of the finite response time of electrical circuitry to the
rise and fall of signal voltages. An ideal digital signal Overview
would have instantaneous rises and falls in voltages and You can use the Microsoft Query Analyzer tool for
would appear as a square wave on an oscilloscope. The Microsoft SQL Server to graphically create joins for
actual output of a digital signaling device has finite rise transact-SQL queries that join two or more tables or
and fall times and appears rounded when displayed on join a table to itself. Joins are a necessity because a sin-
the oscilloscope, which can result in phase variation gle table might not provide all the information you want
that causes loss of synchronization between communi- to retrieve about a specific database entity. By connect-
cating devices. ing tables using joins, you can retrieve information that
resides in more than one table in a single operation.
Jitter can also be caused by variations in the timing or
the phase of the signal in an analog or digital transmis- You can create three kinds of joins:
sion line. In this instance, jitter can be caused by poor
● Inner joins: Connect two tables to form a result set
connectors, malfunctioning repeaters, transient prob-
that contains only the matching rows that satisfy the
lems in switches, and variations in transmission charac-
join condition. Inner joins can be equijoins or natu-
teristics of cabling. Jitter typically results in a loss of
ral joins.
data because of synchronization problems between the
transmitting stations, especially in high-speed transmis- ● Cross or unrestricted joins: Produce a result set
sions. The goal in designing a transmission device is to that contains all combinations of all rows from the
ensure that the jitter remains within a range that is too tables that are joined. A cross join between a table
small to cause appreciable data loss. of 5 rows and another table of 4 rows creates a
result set of 20 rows.
Jitter is different from a related concept called delay.
Delay is the amount of time for a signal to reach its des- ● Outer joins: Maintain information that does not
tination, but jitter represents unevenness in delay. For match the join condition. For example, a left outer
example, when you download a file from the Internet join contains at least all rows from the first table.
using File Transfer Protocol (FTP), the delay between
663
Joint Engine Technology (Jet) JScript
Notes JScript
There are two kinds of syntax for creating joins, ANSI Microsoft Corporation’s implementation of the ECMA-
join syntax and SQL Server join syntax. You can use Script standard.
only one of these types of syntax in a given SELECT
statement. Overview
JScript is an interpreted object-based Web scripting lan-
See Also: database, Structured Query Language (SQL) guage originally developed as Microsoft’s counterpart
to Netscape’s JavaScript scripting language. JScript
Joint Engine Technology (Jet) was designed to allow Web developers to easily add
A database engine technology used in various dynamic, interactive content to static Hypertext Markup
Microsoft products. Language (HTML) pages.
See Also: Component Object Model (COM), Data You can execute scripts written in JScript in several
Access Objects (DAO), Exchange Server, open database ways:
connectivity (ODBC) ● By double-clicking on a shortcut to a .js file and
executing them directly using the WSH
JOLAP ● By running them from the command line using the
Stands for Java Online Analytical Processing or Java WSH
OLAP, a Java-based interface for OLAP databases.
● By embedding them into HTML pages using
See: Java Online Analytical Processing (JOLAP) <SCRIPT> tags
664
JSP jumbo frames
<HTML>
See: Java Server Pages (JSP)
J
<BODY>
<H1>Welcome to our restaurant!</H1> jumbo frames
<HR>
A feature of Gigabit Ethernet (GbE) that allows frames
<SCRIPT>
up to 9 kilobytes (KB) in size.
var testing=window.confirm("Click OK for food,
Cancel for drink."); Overview
if (testing) { Standard 10Base5 Ethernet, created in the early 1980s,
window.alert("Hot dog"); supports frames up to 1.5 KB in length. This standard has
} else window.alert("Beer");
been supported by all subsequent versions of Ethernet,
</SCRIPT>
including 10BaseT Ethernet, Fast Ethernet, and GbE.
<H1>Thanks for coming!</H1>
</BODY>
Unfortunately, for the speeds of 1 gigabit per second
</HTML>
(Gbps) supported by GbE, these standard frames become
inefficient, and better performance can be achieved at
these speeds by using larger frames. Consequently, the
designers of the 802.3z GbE standard included support
for jumbo frames as an option for gigabit networking.
Implementation
Jumbo frames can have payloads up to 9 KB in length
and can result in much higher network utilizations for
activities such as file transfers, where utilization of over
80 percent is achievable when using jumbo frames
compared to typically under 20 percent when using
standard Ethernet frames. Unfortunately, using jumbo
frames adds issues of interoperability for enterprise net-
works, as these frames are not supported by slower
G0JXX02 (was G0Jui02 in 1E)
10 and 100 megabits per second (Mbps) versions of
JScript. A dialog box created using JScript. Ethernet. Since performing Layer-2 fragmentation and
665
JXTA JXTA
reassembly of jumbo frames is not a desirable solution, designed to support heterogeneous systems and plat-
two standard methods are generally employed to incor- forms from all levels, from enterprise servers to hand-
porate GbE jumbo frames into typical enterprise held personal devices. JXTA is designed to simplify
networks: P2P networking by providing a set of general, open pro-
tocols for communications between different kinds of
● Dedicating all downstream traffic on specific ports
devices including PCs, Personal Digital Assistants
of core GbE switches to devices supporting jumbo
(PDAs), cell phones, and other devices. The aim of
frames, such as GbE workgroup switches or server-
Project JXTA is to explore and advance the new para-
switch interconnects
digm of distributed computing popularized by the P2P
● Employing 802.1q virtual LANs (VLANs) to logi- movement.
cally segregate those portions of the network that
JXTA is part of the Sun Open Network Environment
use jumbo and standard Ethernet frames
(Sun ONE) initiative that includes the companion tech-
While Internet Protocol (IP) can intrinsically support nologies Java and Jini. JXTA technology is licensed
frames of even larger size up to 64 KB (and IPv6 can from Sun under the Sun Project JXTA Software
support frames up to 4 gigabytes [GB] in length!) and License, which is based on version 1.1 of the open-
using such monster frames could make gigabit network- source Apache Software License.
J ing even more efficient, there is an inherent obstacle to
For More Information
using such large frames. Ethernet uses a 32-bit cyclical
Find out more about JXTA at www.jxta.org.
redundancy check (CRC) at the end of each frame, and
this error correction method is only efficient for frames See Also: Java, Jini
up to about 12,000 bytes in length. The reason for
choosing 9 KB as the maximum length for jumbo
frames is to ensure the efficiency of such error correc-
tion while making possible the transmission of 8-KB
Network File System (NFS) datagrams without the
need of fragmentation.
Marketplace
The use of jumbo frames is increasing in enterprise
networking environments. Vendors such as Nortel
Networks offer autonegotiating 10/100/1000BaseT
network interface cards (NICs) that feature support for
jumbo frames to make implementing this feature in the
enterprise easier.
See Also: 802.3z, Ethernet, Fast Ethernet, frame,
Gigabit Ethernet (GbE)
JXTA
A peer-to-peer (P2P) networking initiative from Sun
Microsystems.
Overview
Project JXTA (pronounced “juxta”) is an outgrowth of
work by Sun to extend and standardize P2P technology
in computer networking. The JXTA architecture is
666
K
KCC
70 percent of the Linux market, and the KDE League
Stands for Knowledge Consistency Checker, a feature is an industry consortium dedicated to promoting KDE
of the Active Directory directory service that ensures on the Linux desktop.
that directory replication properly takes place.
For More Information
See: Knowledge Consistency Checker (KCC) Find out more about KDE at www.kde.org.
See Also: GNU Object Modeling Environment
KDE (GNOME), Linux
Stands for K Desktop Environment, a graphical user
interface for Linux.
keepalives
See: K Desktop Environment (KDE) A feature of Hypertext Transfer Protocol (HTTP) version
1.1 that minimizes the number of connections that Web
K
K Desktop Environment (KDE) browsers need to make to access content on Web servers.
A graphical user interface (GUI) for Linux. Overview
Overview When a Web browser that supports keepalives (such as
K Desktop Environment (KDE) provides users with an Microsoft Internet Explorer 4 or higher) makes an HTTP
integrated, graphical, open-source working environment GET request to a Web server that supports keepalives
suitable for Linux workstations. KDE is comparable in (such as Microsoft Internet Information Services [IIS]),
many ways to the power and functionality of the Micro- the Web browser includes a new “Connection: Keep-
soft Windows and Mac OS user interfaces. The latest Alive” header in the list of HTTP headers that it sends to
version, KDE2, incorporates a number of applications the Web server in the request. The Web server responds
and utilities that include by giving the client the file it requested (usually a Hyper-
text Markup Language [HTML] page or an image file).
● Konqueror: A combination file manager and Web After the server sends the file to the client, instead of clos-
browser that features a two-pane tree-and-view simi- ing the Transmission Control Protocol/Internet Protocol
lar to Windows Explorer on the Windows platform. (TCP/IP) socket, it keeps the socket open for a period of
● Koffice: A suite of office productivity tools that time in case the client wants to download additional files.
includes word processing, spreadsheet, presenta- A typical Web page might include a dozen images, and
tion, and drawing applications. normally up to four sockets are kept open for transferring
files between the client and the server.
Prospects
Although Linux has established itself in the server side Keepalives, which are also known as persistent connec-
of the enterprise market, it has made little headway until tions, are supported by both Microsoft Internet Infor-
now on the desktop. The KDE Project’s aim is to pro- mation Services (IIS) and Internet Explorer. Note that
mote the use of Linux in the desktop environment in keepalives do not work unless both the Web browser
particular. KDE is one of two main GUI environments and the Web server support them.
for Linux, the other being Gnu Object Modeling
667
Kerberos Kerberos
Notes Architecture
The term keepalives also refers to special packets used to Kerberos is named after the mythical three-headed dog
keep a TCP connection open on a TCP/IP internetwork. (Kerberos in Greek mythology, Cerberus in Roman
mythology) that guarded the gates of Hades. This name
See Also: Hypertext Transfer Protocol (HTTP), Inter-
was chosen because Kerberos requires three different
net Explorer, Internet Information Services (IIS)
entities to be present in order to operate:
Kerberos clients: These are users, applications, or
Kerberos ●
668
kernel kernel
6
Access is
authorized
Ticket for the
service Network Kerberos
service/resource AS/TGS
5
Client
1 .Username..
.Session key and ticket.. 2
3 .Service request and ticket..
.Ticket for the service.. 4
Kerberos. The Kerberos v5 protocol defines the steps a client must take to be authenticated for gaining access to network
services or resources.
669
kernel mode kernel mode
that is exposed to the user and provides a user inter- ● Dispatcher objects, which manage thread dispatch-
face for entering commands and receiving output. In ing and synchronization and include events,
Microsoft Windows operating systems, the shell is threads, timers, semaphores, mutants, and mutexes
known as the desktop.
The kernel communicates with the hardware abstraction
Architecture layer (HAL) to interact with hardware and communicates
The Windows 2000 kernel uses a microkernel architec- with the Executive and its components for higher-level
ture. This means that the kernel is a small component operating system functions. The kernel loads when the
with limited functionality that loads other components screen turns blue during the boot process.
such as drivers and services into memory only as
Another example of a microkernel architecture is found
required to complete requested system tasks. By con-
in the Linux operating system, which uses device driv-
trast, a kernel constructed using a monolithic architec-
ers that can be loaded into memory and unloaded from
ture has device drivers and services built right into it
memory as required.
(Berkeley Software Distribution [BSD] UNIX follows
this architecture). Notes
In Windows 95 and Windows 98, the kernel file is
The kernel for Windows 2000, Windows XP, and
Kernel32.dll, and it’s located in the \Windows\System
Windows .NET Server, called Ntoskrnl.exe, is located
directory. If the kernel is corrupt or missing, you can
in the \Winnt\System32 directory in Windows 2000 and
expand the file from the distribution CD and replace the
K the \Windows\System32 directory in Windows XP and
Windows .NET Server. It runs in nonpageable memory,
damaged or missing file on your hard disk (as long as
you can access that drive in a way that does not involve
which means that it’s always resident in memory. The
this file, such as through MS-DOS).
kernel is responsible for thread scheduling and dis-
patching threads to processors on a symmetric multi- See Also: desktop, hardware abstraction layer (HAL),
processing (SMP) platform. The kernel code itself is kernel mode, shell
not preemptive—that is, no other thread or process can
preempt the kernel’s operations. Each thread is assigned
kernel mode
a priority level from 0 to 31 by the kernel, as follows:
A privileged mode of operation in which processes can
● Levels 0 through 15 indicate dynamic priority and execute within the Microsoft Windows 2000 operating
are assigned to application and user threads. system.
670
keyboard emulator Keyboard Video Mouse (KVM) switch
DOS/Win16
application
Windows NT executive
Executive services
System services
Hardware
G0KXX02 (was G0Kui02 in 1E)
Kernel mode. Kernel mode of the Windows 2000 operating system architecture.
671
Keyboard Video Mouse (KVM) switch Keyboard Video Mouse (KVM) switch
Using a KVM switch to control multiple computers has to the computer using a cable that’s 500 feet (150 meters)
several advantages over using a separate keyboard, mouse, or longer. You actually need two video extenders, one at
and monitor for each machine, specifically: the server end and one at the remote monitor station.
Video extenders can often be connected using a single
● Savings on the cost of additional keyboards, mice, and
interconnect line of Category 5 (Cat5) cabling.
monitors. This includes both purchase costs and the
cost of electricity to operate the monitors.
● Lessening the chance of equipment failure by reduc-
ing the amount of heat generated through elimination Servers
of unnecessary monitors (and thus also lowering air
conditioning costs in equipment rooms).
● Preventing equipment clutter in already crowded
server rooms. KVM Monitor
KVMs typically support two, four, eight, or more com-
puters and can often be daisy-chained to support hun-
dreds—or even thousands—of computers.
Keyboard
Types
K The simplest KVMs are manual switches that employ
push buttons for switching between different comput- Mouse
ers. These analog switches are cheap, but the peripher-
Servers
als tend to become unsynchronized with the computers,
often requiring a reboot to correct things.
More commonly, commercial KVMs employ electronics
to switch between different machines, typically by using KVM with
keyboard shortcuts or through an on-screen menu. The video extender
menu may also include some form of password protec-
tion for each computer and a master password that grants
access to all computers attached to the switch. The switch Interconnect cable (UTP)
is typically connected to the keyboard, mouse, and video
ports on the computers using proprietary cables pur- KVM with
chased with the switch. A single keyboard, mouse, and video extender
500 feet Monitor
monitor are then connected to the switch to control the
(150 meters)
various machines. KVM switches generally send analog
signals all the time to all connected computers in order to
give each computer the illusion that it has a directly con-
nected keyboard, monitor, and mouse. Keyboard signals Keyboard
are most important, for Intel PCs in particular require a
keyboard signal in order to reboot. Mouse
Sometimes the computers that need to be controlled are
located in another part of the building in a special “clean G0KXX03 (was G0Kui04 in 1E)
672
key (cryptography) key (database)
674
KM KVM switch
675
L
Overview
L
L2CAP
Lambda switching is an emerging technology that rep-
Stands for Logical Link Control and Adaptation Layer resents the next stage in the development of high-speed
Protocol, the data-link layer protocol for Bluetooth switched optical networks. Lambda switching uses a
wireless networking. combination of dense wavelength division multiplexing
See: Logical Link Control and Adaptation Layer (DWDM), multiprotocol label switching (MPLS), and
Protocol (L2CAP) Resource Reservation Protocol (RSVP) to automati-
cally connect the endpoints of an optical networking
system without the setup and configuration required by
L2F DWDM by itself. Light paths between endpoints can be
Stands for Layer 2 Forwarding, a media-independent established on an ad hoc basis, providing better mecha-
tunneling protocol developed by Cisco Systems. nisms for managing traffic flows through fiber-optic
See: Layer 2 Forwarding (L2F) networks.
Like DWDM, lambda switching is likely to find its L
L2TP place of deployment mainly in long-haul fiber managed
by inter-exchange carriers (IXCs). Several vendors are
Stands for Layer 2 Tunneling Protocol, a wide area net-
developing lambda switching equipment called optical
work (WAN) protocol used for virtual private network-
cross connects (OCXs), with AT&T being one major
ing (VPN).
player in this arena. Deployment of lambda switching
See: Layer 2 Tunneling Protocol (L2TP) technologies should eventually provide bandwidth on
demand for the enterprise wide area network (WAN)
and should speed up the provisioning process of OC-48
L2TP/IPsec
and higher WAN links.
Stands for Layer 2 Tunneling Protocol (L2TP) over
Internet Protocol Security (IPsec), which is the normal See Also: dense wavelength division multiplexing
way of using L2TP for creating secure virtual private (DWDM), inter-exchange carrier (IXC), Multiprotocol
networks (VPNs). Label Switching (MPLS), Resource Reservation Proto-
col (RSVP)
See: Layer 2 Tunneling Protocol (L2TP)
LAN
LADC Stands for local area network, typically a group of com-
Stands for Local Area Data Channel, a telco service for puters located in the same room, on the same floor, or in
transmitting data using line drivers. the same building, that are connected to form a single
See: Local Area Data Channel (LADC) network.
See: local area network (LAN)
lambda switching
An emerging optical switching technology.
677
LANE LAN Emulation (LANE)
LANE
Stands for LAN Emulation, a technology that enables BUS
local area network (LAN) traffic such as Ethernet
frames to be carried over an Asynchronous Transfer
LES
Mode (ATM) network.
See: LAN Emulation (LANE) ELAN #1
LEC
LAN Emulation (LANE) LEC
A technology that enables local area network (LAN)
traffic such as Ethernet frames to be carried over an
Asynchronous Transfer Mode (ATM) network.
ATM cloud
Overview
LAN Emulation (LANE) was designed to allow con-
nectionless traffic on Ethernet networks to be trans-
ported over connection-oriented ATM backbones.
LECS
LANE accomplishes this by fragmenting and encapsu-
LEC
lating variable-length Ethernet frames into fixed-length
ATM cells and by configuring mappings between ATM LEC
L and Ethernet addresses. Using LANE, you can use
ATM as a backbone transport for connecting widely
LES
ELAN #2
separated Ethernet LANs. Since LANE operates at the
data-link layer, it can use ATM to connect LANs using BUS
any network-layer protocol, such as Internet Protocol
(IP) and Internetwork Packet Exchange (IPX). LANE
can also be used for connecting Token Ring networks
using an ATM backbone. G0LXX01 (new to 2E)
678
LAN-host integration LAN-host integration
679
LAN security switch LAN security switch
to share the same network, but networking engineers Two Uses for LAN Security Switches
soon found that mixing SNA and TCP/IP was like mix-
ing oil and water, especially with regard to WAN con-
nections, in which Data Link Control (DLC) timeouts
and other difficulties made network management
complex. LAN
One solution is to install a TCP/IP protocol stack on the
mainframe host, but this often results in degradation of
host performance and additional challenges in terms of Switch
IP address administration. A more workable solution is Users Servers
the LAN-to-SNA gateway. The gateway computer lets
desktop PCs access applications and data on the main-
frame host using traditional LAN protocols. TCP/IP is
used to connect the desktop PC and the SNA gateway,
and SNA is used to connect the SNA gateway and the LAN
Workstation
mainframe host. This LAN-to-SNA gateway solution
has become the de facto standard for providing host
access to LAN-based PCs. An example of an SNA gate-
way application is Microsoft Host Integration Server,
which provides LAN-to-SNA gateway services over a Switch
L variety of network protocols that include NetBIOS
Enhanced User Interface (NetBEUI), TCP/IP, IPX/
SPX, Banyan VINES, and AppleTalk.
See Also: Host Integration Server, Systems Network Server A
Architecture (SNA)
Server B
LAN security switch G0LXX02 (was G0Lui01 in 1E)
A manual switch that can be used to physically discon- LAN security switch. Two ways of using a LAN security
nect two or more local area network (LAN) segments. switch.
680
LAN segment late collision
LATA
Stands for Local Access and Transport Area, service
boundaries for local exchange carriers (LECs).
LAN
See: Local Access and Transport Area (LATA)
segment
681
latency latency
Overview Overview
Signals on a network cable do not travel instantaneously Latency is the amount of time it takes for information to
from point to point; they travel at a fixed speed, which is travel between two stations on a network. A network
near the speed of light on copper cabling. If segments of with high latency causes users to experience unpredict-
an Ethernet network are too long, collisions can occur able delays in transmission of voice, data, and video
that are not properly detected by the stations on the net- signals. This can lead to awkward conversations and
work. This can result in lost or corrupted data, and it can time-outs in data transmissions that can cripple network
degrade network performance. performance. Latency is usually measured in millisec-
onds (msec) for computer networking and telecommu-
Collisions themselves are natural and inevitable on an
nications systems.
Ethernet network and occur when two stations transmit
their signals simultaneously or almost simultaneously. Latency can be a serious issue, especially in voice com-
When two transmitting stations detect a collision (the munications where delays of more than about 250 msec
concurrent signal from the other transmitting station), make conversations awkward by creating pauses that
they both stop their transmission and wait a random cause parties to interrupt one another when speaking
time interval before attempting retransmission. The (The G.114 recommendation from the International
Ethernet standard, however, specifies that if a station on Telecommunication Union [ITU] specifies that round-
the network is able to transmit 64 bytes or more before trip latency in a voice communications system should
another signal is detected, the first station is considered be less than 300 msec). Similar latency in multimedia
to be “in control” of the wire and can continue to trans- transmission can be compensated for by buffering.
mit the remainder of its frame, while the second station Latency in data transmission is less serious, although
L must stop transmitting and wait. If the distance between excessive latency can result in Transmission Control
two transmitting stations exceeds Ethernet specifica- Protocol (TCP) connections being closed and retrans-
tions, the stations might not become aware soon enough missions occurring, which slows down overall network
that another station already has control of the wire. The performance.
resulting collision is called a late collision, and results
Types
in a data packet that is more than 64 bytes in length
Latency is an inevitable aspect of any communications
(which in itself is allowable) but which contains cycli-
system and generally has several possible causes:
cal redundancy check (CRC) errors. Transmission
errors and unreliable communication between the sta- ● Intrinsic latency in a transmission is caused by the
tions are the result. finite transmission speed of electrical signals
through wires (or of light signals through fiber-
Late collisions can result from defective Ethernet trans-
optic cabling). Intrinsic latency cannot be elimi-
ceivers, having too many repeaters between stations, or
nated but is usually quite small in a local area net-
exceeding Ethernet specifications for maximum node-
work (LAN) and usually less than a microsecond.
to-node distances.
In a wide area network (WAN), intrinsic latency is
See Also: collision, Ethernet also generally small when transcontinental trunk
lines or undersea cables are used and is usually
between 10 and 100 msec. For satellite WAN links,
latency
however, latency can be 500 msec or even higher,
The delay that occurs when a packet or signal is trans-
and such high latency can sometimes be frustrating
mitted over a communications system.
for users of satellite-based Internet access systems.
● Latency is also introduced into a communications
path by devices used to switch or modulate signals.
682
Layer 2 Forwarding (L2F) Layer 2 Forwarding (L2F)
The amount of latency varies greatly with the type ● Bit-forwarding devices: Latency here is measured
of device. For example, the latency for a bridge (the from the moment the first bit of an incoming frame
time delay between the moment when the packet arrives at one port to the moment the first bit of an
enters one port of the bridge and the moment when outgoing frame departs at another port.
it leaves another port) is usually between 5 and 50
● Store and forward devices: Latency for these
microseconds (a microsecond is one-thousandth of
devices is measured from the moment the last bit
a millisecond). By contrast, the latency that is usu-
of an incoming frame arrives at one port to the
ally introduced into a network by routers and gate-
moment the first bit of an outgoing port departs at
ways that process packets and perform protocol
another port.
conversion is usually an order of magnitude higher.
Latency for signals passing through analog modems For more information on these types of latency, see
is typically about 150 msec due to signal modula- RFC 1242 (www.faqs.org/rfcs/rfcs1242.html).
tion, compression, and error correction processes.
See Also: bridge, Ethernet switch, jitter, local area net-
See the table below for a comparison of latency
work (LAN), noise, router, signal, wide area network
introduced into communications paths by different
(WAN)
kinds of networking and communications devices.
Devices that establish a connection can introduce
●
Layer 2 Forwarding (L2F)
even greater amounts of latency into a communica-
A media-independent tunneling protocol developed by
tions channel. Integrated Services Digital Network
Cisco Systems.
(ISDN) terminal adapters typically take 1 to 2 sec-
onds to establish a connection, but it can take as Overview L
much as 15 to 30 seconds to establish an analog Layer 2 Forwarding (L2F) can be used to create virtual
modem connection. The term latency, however, is private networks (VPNs) that tunnel information securely
sometimes restricted to delay over a preestablished over public networks such as the Internet using wide area
communications channel, in which case these sce- network (WAN) data-link protocols such as Point-to-
narios would not normally be identified as latency. Point Protocol (PPP) or Serial Line Internet Protocol
(SLIP). L2F supports such features as Remote Authenti-
Typical Latency Introduced into Signal Paths by
cation Dial-In User Service (RADIUS), dynamic alloca-
Networking Devices
tion of addresses, and quality of service (QoS).
Device Typical Latency
L2F has been superseded by the newer Layer 2 Tunneling
Network interface card < 5 msec
Protocol (L2TP), an Internet Engineering Task Force
Asymmetric Digital Subscriber 5–10 msec
Line (ADSL) modem (IETF) standard that provides a vendor-neutral tunneling
Plain Old Telephone Service < 20 msec solution for virtual private networking. L2TP is an exten-
(POTS) landline sion of PPP and supports the best features of the Point-
Integrated Services Digital Net- 20–30 msec to-Point Tunneling Protocol (PPTP) and the L2F protocol.
work (ISDN) terminal adapter Implementation
V.90 analog modem ~ 150 msec As an example, when PPP is used with L2F, PPP pro-
Global System for Mobile ~ 150 msec vides the connection between a dial-up client and the
Communications (GSM) cellular
network access server (NAS) that receives the call. A
Voice over IP (VoIP) system 80–500 msec
PPP connection initiated by a client terminates at a NAS
Notes located at a PPP service provider, usually an Internet
Latency for bridges and LAN switches can actually be service provider (ISP). L2F allows the connection’s ter-
broken down into two types: mination point to be extended beyond the NAS to a
remote destination node, so the client’s connection
683
Layer 2 switch Layer 2 switch
appears to be directly to the remote node instead of to age, and have lower latency. As a result, most large
the NAS. The function of the NAS in L2F is simply to companies have replaced much of their router infra-
project or forward PPP frames from the client to the structure with Layer 2 switches, relegating routers
remote node. This remote node is called a home gate- mainly to the role of wide area network (WAN)
way in Cisco’s Internetwork Operating System (IOS) access devices. In addition to segmenting large net-
networking terminology. works, such Layer 2 switches are also used to connect
LANs across a campus network and to build col-
See Also: Layer 2 Tunneling Protocol (L2TP),
lapsed backbone networks together with their more
Point-to-Point Protocol (PPP), Point-to-Point Tunnel-
powerful cousins, Layer 3 switches.
ing Protocol (PPTP), virtual private network (VPN)
● Workgroup switches: These are used to provide
high-throughput switched connections to servers and
Layer 2 switch
high-performance workstations. A typical workgroup
An Ethernet switch that forwards frames according to
switch would have 12 or 24 autosensing 10/100
Layer-2 addresses.
megabits per second (Mbps) or 100/1000 Mbps ports
Overview with one or more gigabit uplink ports for connection
Layer 2 switches operate at the data-link layer (Layer 2) to the LAN backbone. Hubs have traditionally been
of the Open Systems Interconnection (OSI) reference used for concentrating servers and workstations into
model. Layer 2 switches are essentially multiport workgroups, but hubs use a shared-media approach
bridges that forward frames based on their destination that cannot match switches in throughput and latency.
MAC address without any concern for the actual net- As a result of falling port prices in Layer 2 switches,
L work protocol being used. Layer 2 switches operate most large companies have migrated their legacy hub
near wire speed and have very low latency compared to infrastructure to Layer 2 switches.
Layer 3 devices such as routers.
Implementation
Layer 2 switching originated in the 1980s with vendors Layer 2 switches can generally be installed transpar-
such as Kalpana, which was acquired by Cisco Sys- ently into networks with no configuration required
tems. Although originally developed for a variety of unless virtual LANs (VLANs) are needed. When Layer
local area network (LAN) architectures including 2 switches first appeared, the mantra “switch when you
Ethernet, Token Ring, and Fiber Distributed Data Inter- can, route when you must” was promoted (this origi-
face (FDDI), by far the most widespread use of these nated with Synoptics, which later became Bay Net-
switches is in switched Ethernet, Fast Ethernet, and works and has now been acquired by Nortel Networks).
Gigabit Ethernet (GbE) networks. Layer 2 switches
Once installed, a Layer 2 switch dynamically learns
have displaced bridges, hubs, and routers in much of
about connected hosts and networks by examining the
today’s enterprise network.
source addresses of frames it receives. The switch
Uses continually builds a cache or database of mappings
There are two main kinds of Layer 2 switches, and each between each port on the switch and the various MAC
type is optimized for its own particular role in the net- addresses of hosts and networks connected to that port.
work. These types are Then, when a frame arrives at a given switch port, the
switch reads the destination MAC address and forwards
● Segmentation switches: These are used to segment
the frame to the switch port to which the destination
large networks into collections of smaller collision
host or network is connected. If the frame’s destination
domains to reduce congestion and improve network
address is unfamiliar or if it is a broadcast frame, the
performance. Routers have traditionally been used for
switch forwards the frame to all of its ports except the
segmenting enterprise networks, but Layer 2 switches
port through which the frame originally entered.
are cheaper than routers, easier to deploy and man-
684
Layer 2 Tunneling Protocol (L2TP) Layer 2 Tunneling Protocol (L2TP)
If a Layer 2 switch has ports of different media types of smaller broadcast domains, and it works well
(for example, Ethernet and FDDI), frame forwarding is with traditional enterprise networks that followed
complicated. Frames that must be forwarded to desti- the 80/20 rule of network traffic distribution. But
nation ports having different media types must first with the ubiquity of Internet-related technologies in
be reformatted at Layer 1 (the PHY or physical layer) today’s network, the pattern of network traffic has
before being forwarded to their destination ports. shifted to become more like 20/80 (20 percent of
traffic is local and 80 percent travels along the back-
Layer 2 switches avoid routing loops by implementing
bone), and VLANs do not work well in such a
a method first used in bridged networks, namely, the
situation, as the optimal network configuration
spanning tree protocol. This protocol works automati-
becomes using a single VLAN again—which takes
cally to ensure that frames are not endlessly switched
us back to the broadcast storm problem! Another
around in loops, which would make other network com-
issue with VLANs is that most approaches to creat-
munications impossible.
ing them are vendor specific, and until the new
Advantages and Disadvantages 802.1Q VLAN standard becomes widely supported,
Advantages of Layer 2 switches over traditional hubs and VLANs will be difficult to implement unless all
routers include higher throughput, lower latency, cheaper Layer 2 switches are obtained from a single vendor.
cost per port, and easier management. Disadvantages of Finally, VLANs make troubleshooting switched
such switches include the danger of broadcast storms and Ethernet networks even harder.
greater complexity in troubleshooting network problems
● By building collapsed network backbones using a
(traditional packet sniffers work on shared media LANs
combination of Layer 2 (bridging) switches with
where they can monitor traffic simultaneously from large
numbers of stations). A broadcast storm occurs when
Layer 3 (routing) switches or by using switches com- L
bining Layer 2/3 functionality (called multiplayer
broadcasts become so common that other forms of net-
switches). This is the most popular solution in
work communication are prevented. Broadcasts typically
today’s enterprise—see the article “Layer 3 switch”
occur due to network advertisements from servers, rout-
elsewhere in this book for more information.
ers, and other devices. Because Layer 2 switches (and
bridges) allow broadcasts to pass, a network built See Also: bridge, Ethernet switch, Layer 3 switch,
entirely of Layer 2 switches represents a single broadcast Layer 4 switch, Layer 7 switch, Open Systems Inter-
domain. When the number of stations in a broadcast connection (OSI) reference model
domain reaches several hundred, broadcast storms are
likely to occur. Layer 2 switches by themselves therefore
Layer 2 Tunneling Protocol
do not represent a scalable solution for building large
enterprise networks. You can solve this broadcast prob-
(L2TP)
lem in several ways: A wide area networking (WAN) protocol used for vir-
tual private networking.
● By combining newer Layer 2 switches with tradi-
tional routers in the network infrastructure. This Overview
brings some of the benefits of switches but leaves The Layer 2 Tunneling Protocol (L2TP) was developed
some of the problems relating to routers such as as a vendor-neutral tunneling protocol that supersedes
cost, and latency, and throughput. proprietary tunneling protocols such as Microsoft Cor-
poration’s Point-to-Point Tunneling Protocol (PPTP)
● By configuring separate VLANs for ports or groups and Cisco Systems’ Layer 2 Forwarding (L2F) proto-
of ports on each Layer 2 switch. VLANs let you col. L2TP can be used to encapsulate Point-to-Point
logically segment the network independently from Protocol (PPP) frames for transmission over a variety of
its physical topology. This approach is functionally network transports, including Transmission Control
equivalent to flattening the network into a number Protocol/Internet Protocol (TCP/IP), X.25, frame relay,
685
Layer 2 Tunneling Protocol (L2TP) Layer 2 Tunneling Protocol (L2TP)
and Asynchronous Transfer Mode (ATM). L2TP is ● Although PPTP supports only one tunnel between
an Internet Engineering Task Force (IETF) standard two endpoints, L2TP supports multiple tunnels
defined in RFC 2661 and is typically used for creating between two points, each of which can have its own
virtual private networks (VPNs) to securely tunnel net- quality of service (QoS) level defined.
work traffic over the Internet and other public data
● L2TP has less overhead because L2TP headers are
networks.
only 4 bytes in length and are compressed and PPTP
L2TP supports the same authentication options sup- uses uncompressed 6-byte headers.
ported by PPP, including Password Authentication Pro-
● L2TP can also support multilink configurations in
tocol (PAP), Challenge Handshake Authentication
which each link terminates at a different L2TP server
Protocol (CHAP), and Microsoft Challenge Handshake
at the service provider. This provides more flexibility
Authentication Protocol (MS-CHAP). L2TP is not a
than Multilink PPP (MPPP), in which all the links
secure protocol in itself, however, for although secure
from the customer premises must terminate at the
authentication is supported, data encryption is not. As
same MPPP server at the service provider.
a result, L2TP is usually combined with Internet Proto-
col Security (IPsec), a Layer 3 protocol that performs The main disadvantage of L2TP compared to PPTP is
encryption to ensure data integrity during transmission. that it requires more processing power due to its use of
This combination is sometimes referred to as L2TP compression and IPsec encryption.
over IPsec or L2TP/IPsec, but since this form is almost
L2TP is also a significant improvement over Cisco’s
always used, it is more common to simply refer to the
earlier L2F tunneling protocol. Some of the differences
combination as L2TP.
L L2TP is supported by both Cisco access routers and by
between L2TP and L2F include
● Although L2F has no defined client, L2TP uses a
the Routing and Remote Access Service (RRAS) of
well-defined client.
Microsoft Windows 2000.
● Although L2F functions in compulsory tunnels
Comparison
only, L2TP can also use voluntary tunnels.
Both L2TP and PPTP are commonly used tunneling
protocols in virtual private networking. L2TP has some ● L2TP provides additional features, such as flow
advantages over PPTP, however: control and Attribute Value Pair (AVP) hiding,
which are not supported by L2F.
● Although PPTP can only be used to create IP tunnels,
L2TP supports a much wider variety of WAN trans-
ports, including X.25, frame relay, and ATM.
Original IP datagram
686
Layer 3 switch Layer 3 switch
687
Layer 3 switch Layer 3 switch
Physical topology
Layer 3
switch
Core Layer 2
switch
Layer 3
switch
Layer 2
switches
Layer 3
switch
Layer 3 Layer 2
switch switches
Layer 2
switches
Core level
L Layer 2
Distribution level
Logical topology
Broadcast
domain
Core Layer 2
switch
Broadcast
domain
Broadcast
domain
Broadcast
domain
Layer 3 switch. Building a switched network backbone using Layer 2 and Layer 3 switches.
688
Layer 3 switch Layer 3 switch
A typical switched network backbone is built in a hier- ● Packet forwarding: This involves examining a
archical fashion in several levels using a combination of packet’s destination IP, looking up this address in
Layer 2 and Layer 3 switches. At the periphery of the the routing table, and determining which port (con-
network is the access level, which uses multiple Layer 2 nected network) to forward the packet to so that it
switches to provide connection points for workgroup can eventually reach its destination.
collections of servers and workstations. These Layer 2
The difficulty with traditional routers is that they are
switches represent collision domains but pass broad-
software-based devices that are slow and unable to keep
casts; consequently, to prevent broadcast storms from
up with today’s gigabit speed networks. Vendors have
occurring they need to be consolidated using Layer 3
found different ways around this problem, all of which
switches. These Layer 3 switches represent the distribu-
generally fall under the umbrella name of Layer 3
tion level of the network, as they are used to distribute
switching. Some of the common solutions are
traffic to different access points for workgroup connec-
tions. Layer 3 switches represent broadcast domains, ● Wirespeed routers: This involves replacing tra-
and the number of connected devices downstream from ditional software-based routing technology with
each switch must be small enough to prevent broadcast hardware-based routing by using specialized ASICs
storms from occurring (a good rule of thumb is a maxi- developed specifically to perform route calculation
mum of 2000 connected devices). Finally, these Layer 3 and packet forwarding. In other words, a wirespeed
switches at the distribution level are connected using router is simply a router that performs its routing
high-speed Layer 2 switches, which form the network’s functions using preprogrammed hardware instead
core level. The network’s hierarchical physical struc- of installable routing software. Wirespeed routers
ture is thus equivalent to a logical star network with
multiple broadcast domains connected using one or
are typically an order of magnitude or more faster
than traditional software routers and can keep up
L
more Layer 2 switches (see diagram on the previous with gigabit data flows and route millions of pack-
page). ets per second. Another name for these devices is
Packet-by-Packet Layer 3 (PPL3) switches since
If you are migrating a legacy routed network to a mod-
they individually examine and forward each packet
ern switched one, you can also simply deploy a Layer 3
in a train of packets. The name switch is really a
switch anywhere in your network a traditional router
misnomer in this case—these devices are actually
is used.
routers, not switches.
Implementation
● Cut-through switches: These devices operate on
This discussion will focus on Layer 3 switching in TCP/
the principle of “Route once, switch many” and
IP running on Ethernet, where the primary Layer 3 pro-
work by separating the two functions of traditional
tocol is IP. Layer 3 switches essentially do the same
routers: calculating routes and forwarding frames to
thing traditional routers do—route (forward) packets to
their destination. When a train of packets (a data
their destination based on their Layer 3 address (see the
stream or communications flow between two hosts
table for a comparison of routers and Layer 3 switches).
or networks) reaches a port on a cut-through switch,
However, traditional routers really perform two differ-
the switch examines the train’s first packet, reads
ent functions:
the destination IP address, looks up the best route to
● Route calculation: This is the process of building the destination in its routing table, and determines
routing tables and usually takes place dynamically which port to forward the packet to. The device then
using a routing protocol such as Routing Informa- switches the entire series of packets in the train to
tion Protocol (RIP) or Open Shortest Path First the outgoing port without examining any further
(OSPF). packets in the train. In other words, routing is
performed on the first packet of the train, and
689
Layer 3 switch Layer 3 switch
switching is performed on the remaining packets. combination is called either a Layer 2/3 switch, a mul-
Switching means that an internal logical circuit is tiplayer switch, a routing switch, or simply a Layer 3
set up between the incoming and outgoing ports on switch. These devices are becoming so common in the
the switch. Since switching is much faster than enterprise that many networking professionals simply
routing, cut-through switches perform significantly call them switches, without any further qualifier.
better than routers while accomplishing the same
Deploying Layer 3 switches in a network is usually
function: forwarding packets on the basis of their
as easy as doing so with Layer 2 switches, which are
destination IP addresses.
essentially plug-and-play in their simplicity, and it is
Within the realm of cut-through switches, there are also much simpler than configuring a router. As a result,
many differences in operation depending on vendors. Layer 3 switches are rapidly displacing traditional rout-
For example, some cut-through switches operate simi- ers in the enterprise, except in the role of WAN access
larly to bridges in the sense that they dynamically learn devices where routers still predominate. Layer 3
the addresses of attached hosts and networks by “listen- switches are generally easy to manage also, and they
ing” to traffic. The difference is that instead of learning typically support Simple Network Management Proto-
the Layer 2 (MAC) addresses of devices attached to col (SNMP) and Remote Monitoring (RMON) manage-
each port, as bridges and Layer 2 switches do, these ment protocols.
Layer 3 switches learn the Layer 3 (IP) addresses of
Traditional Router vs. Layer 3 Switch
connected devices instead. Such Layer 3 “learning”
switches build their routing tables dynamically by lis- Feature Router Layer 3 Switch
tening to traffic on their ports, but they cannot exchange Local area network IP, IPX, IP, IPX,
L this information with similar switches the way routers (LAN) protocols AppleTalk AppleTalk
do using routing protocols. The main use for this type of supported
switch is to “front-end” for traditional routers. For Packet-forwarding Software- Hardware-
example, if a packet arrives at the switch and the switch method based based
does not know what to do with it, the switch simply for- Throughput Lower Higher
wards the packet to the router for handling. Traditional Definition of Per port Per Layer 2
subnet switching domain
routers are also still needed for routing legacy protocols
Support for policy- Less More
such as DECnet and AppleTalk and for providing
based routing
access to the WAN.
Relationship with Peer Layered
By contrast, some cut-through switches perform virtu- bridges
ally all the functions that a traditional router performs, Cost Higher Lower
such as using the packet’s checksum to verify its integ-
rity, updating the packet’s Time to Live (TTL) informa- Marketplace
tion after each hop, processing any option information Layer 3 switches are typically sold in two configura-
in the packet’s header, and sharing their routing table tions: fixed and modular. Fixed switches are simpler
information with similar switches using a standard rout- and cheaper and usually have 8, 12, or 24 autosensing
ing protocol, such as RIP or OSPF, so that they become 10/100 megabits per second (Mbps) or 10/100/1000
aware of the network’s overall topology. In short, they Mbps Ethernet ports. Modular switches are more com-
are identical to routers except that they route only the plex and costly and typically consist of a chassis that
first packet of any train and switch the remainder to supports various kinds of modules, each providing one
improve performance. or more ports of Ethernet, FDDI, Token Ring, or ATM
connectivity.
A common feature of Layer 3 switches is their support
for Layer 2 switching or frame forwarding. This
690
Layer 4 switch Layer 4 switch
691
Layer 4+ switch Layer 7 switch
thus need to be able to store a large number of mappings information. Hence Layer 4+ switches are effectively
for each switch port, namely just Layer 7 switches with a different name. For more
information, see the article “Layer 7 switch” below.
● MAC addresses for each connected device
See Also: bridge, Ethernet switch, Layer 2 switch,
● IP addresses for each connected device
Layer 3 switch, Layer 4 switch, Layer 7 switch, Open
● Multiple port numbers for each connected device Systems Interconnection (OSI) reference model,
router
As a result, Layer 4 switches require a great deal of pro-
cessing power and memory and are more expensive
than their Layer 2/3 cousins. Because of their ability to Layer 7 switch
switch according to port numbers, Layer 4 switches Also called Layer 4+ or Layer 4/7 switch, an Ethernet
enable multiple logical network connections to be switch that forwards frames according to Layer 4
established for each path to a device having a Layer 3 header information.
address. The combination of a Layer 3 address, such as
Overview
an IP address and a port number, is usually called a
Layer 7 switches operate at the application layer (Layer
socket, and a train of frames all having the same socket
7) of the Open Systems Interconnection (OSI) reference
information is referred to as a flow. Most Layer 4
model. In this respect, they fill a niche in e-business net-
switches can enforce Layer 3 traffic flows on a policy
works that Layer 4 switches cannot. Considering Hyper-
basis, making management of complex traffic flows
text Transport Protocol (HTTP) traffic or Web traffic as
simple to implement.
an example, Layer 4 switches can use port numbers to
L Marketplace distinguish Web traffic from other types of Internet
Vendors of Layer 4 switches include Cisco Systems, traffic such as Simple Mail Transport Protocol (SMTP)
with its Catalyst series of switches; Extreme Networks, traffic, but they cannot distinguish static HTTP traffic
with its Summit series; 3Com Corporation, with its (which can be cached) from dynamic traffic (which is
CoreBuilder series; and companies such as Alteon not easily cached). When Layer 4 switches are used to
WebSystems (acquired by Nortel Networks in 2000), front-end a Web server farm, the result is that all forms
F5 Networks, Foundry Networks, and Radware. of HTTP traffic get cached, which is wasteful and adds
unnecessary latency to dynamic Web applications.
See Also: bridge, Ethernet switch, Layer 2 switch,
Layer 3 switch, Layer 7 switch, Open Systems Inter- Enter Layer 7 switches, which can examine Layer 7
connection (OSI) reference model, router HTTP headers in detail and route traffic according to
request type, Uniform Resource Locators (URLs),
cookies, and other information. Layer 7 switches are
Layer 4+ switch thus capable of switching Web traffic to different serv-
An Ethernet switch that forwards frames according to
ers according to URLs requested (called URL switch-
header information found in Layer 4 and higher.
ing), caching different types of traffic differently (cache
Overview switching), and directing traffic to different servers in
Layer 4+ switches combine bridging (Layer 2), routing the farm to distribute the load (load balancing) or to
(Layer 3), and port mapping (Layer 4) with function- servers hosting different types of content (content dis-
ality derived from layers higher than 4 of the Open tribution). As a result, Layer 7 switches are variously
Systems Interconnection (OSI) reference model. What marketed by different vendors under names such as
this usually means in reality is that they can use Lay- Web switches, Web content switches, URL switches,
er 7 (application layer) information found in packet and load balancers.
headers and make routing decisions based upon this
692
LCP LDAP
LCP
G0LXX17 (new to 2E) Stands for Link Control Protocol, the portion of
Layer 7 switch. Using a Layer 7 switch to front-end a Web Point-to-Point Protocol (PPP) responsible for link
server farm. management.
Marketplace See: Link Control Protocol (LCP)
Most Layer 7 switches are special purpose devices ded-
icated to managing HTTP traffic more effectively for
e-commerce systems—true Layer 7 switches that are LDAP
fully configurable for any form of application traffic are Stands for Lightweight Directory Access Protocol,
rare. A Web content switch should typically support a standard protocol for accessing information in a
such additional features as application redirection, con- directory.
tent-intelligent switching, local and global load balanc-
See: Lightweight Directory Access Protocol (LDAP)
693
leased line leased line
694
LEC LEC
costs, leased lines still remain the most popular way for functionality of a router and a CSU/DSU into a sin-
enterprises to connect their remote offices in a WAN, gle device.
primarily because of their high reliability. For mission-
● Telco CO: The telecommunications carrier dedi-
critical or time-sensitive traffic, leased lines still rule—
cates certain switches in its switching fabric to
for less critical traffic, VPN over DSL is a good solution,
set up a permanent circuit between the local and
however.
remote customer premises. Data then flows along a
single permanent path between the two locations.
Access
server Marketplace
Leased lines are generally available from both LECs
Customer and IXCs. Provisioning and service quality vary greatly
premises but in general are good for large Regional Bell Operat-
ing Companies (RBOCs) such as BellSouth Corpora-
Leased
line
tion. IXCs such as AT&T and Sprint are logical choices
for large enterprises wanting to deploy leased lines
across the United States, but these carriers rely on LECs
CO
for the actual provisioning at the local loop level, and
this introduces a second tier into the service end, which
can sometimes cause delays and difficulties. For enter-
prises having a global presence in several countries and
regions around the world, the largest player in the
leased line market is Concert, a joint venture of AT&T
L
Dedicated switched
Access network and British Telecom (BT).
CO
server
Charges for a leased line are typically based on the dis-
tance of the line and not on the bandwidth used—usu-
ally you pay for the available bandwidth even if you do
Leased not use it all. Actual provisioning of a leased line from
line time of order to deployment typically takes four to eight
Customer weeks, depending on demand.
premises
See Also: Asynchronous Transfer Mode (ATM), cen-
G0LXX06 (was G0LUI03 in 1E) tral office (CO), circuit-switched services, customer
Leased line. How a leased line is provisioned. premises, Digital Subscriber Line (DSL), frame
Implementation relay, Integrated Services Digital Network (ISDN),
Provisioning a leased line involves steps at both the cus- inter-exchange carrier (IXC), local exchange carrier
tomer premises and telco ends: (LEC), T-carrier, virtual private network (VPN),
wide area network (WAN)
● Customer premises: Special equipment is required
to connect the customer’s local area network (LAN)
to the line termination point at the customer pre- LEC
mises. This is typically either a combination of Stands for local exchange carrier, any telco in the
router and channel service unit/data service unit United States that provides telephone and telecommu-
(CSU/DSU) or an access server (also called inte- nication services for subscribers within a geographic
grated access device, or IAD) that combines the region.
See: local exchange carrier (LEC)
695
license license
696
Lightweight Directory Access Protocol (LDAP) Lightweight Directory Access Protocol (LDAP)
The advantage of these new licensing paradigms are LDAP was developed by the Internet Engineering Task
that licensing costs can be drastically reduced by bas- Force (IETF) and its current version, LDAPv3, is
ing costs upon actual rather than expected maximum defined in RFC 2251. LDAP is designed to run over
usage—in other words, you pay only for what you use. Transmission Control Protocol/Internet Protocol (TCP/
The downside is that these schemes are more difficult IP) and is a subset of Directory Access Protocol (DAP),
to plan from an accounting perspective and make the part of the X.500 recommendations from the Interna-
IT (information technology) budgeting process more tional Telecommunication Union (ITU).
complex.
History
For More Information Directories store information in a hierarchical fashion.
For current information about Microsoft licensing prac- The first attempt at defining a directory standard that
tices, visit www.microsoft.com/licensing. could scale to global proportions was X.500, which was
developed by the ITU in a series of recommendations
spanning 1984 to 1994. Unfortunately, these recom-
Lightweight Directory Access
mendations were so complex that they were seen as too
Protocol (LDAP) difficult to implement on most computing systems of
A standard protocol for accessing information in a that era. For example, the Directory Access Protocol
directory. (DAP), a part of X.500 that defined how X.500 clients
Overview would communicate with X.500 directory services, was
The Lightweight Directory Access Protocol (LDAP) so complex that its footprint would be too large and too
defines processes by which a client can connect to an slow to implement on a standard PC workstation. As a
X.500-compliant or LDAP-compliant directory service result of these problems with X.500, a process was L
to add, delete, modify, or search for information, pro- launched to develop a simpler directory standard that
vided the client has sufficient access rights to the direc- would be easy to implement on PCs while remaining
tory. For example, a user could use an LDAP client to fully backward-compatible with X.500. The result of
query a directory server on her network for information this development process was an open standard called
about specific users, computers, departments, or any LDAP.
other information stored in the directory. Initial work on the LDAP standard and the first LDAP-
The term LDAP can mean three different things, compliant server, called SLAPD, was developed by re-
depending on the context: searchers at the University of Michigan in conjunction
with PSINet and the ISODE Consortium. LDAP began
● LDAP data format: This defines the manner in as a simple replacement for DAP that was intended to
which information is stored and recalled in an work with X.500 directory services—it was not intend-
LDAP-compliant directory. This is called the ed to define a separate standard for directory services
LDAP Data Interchange Format (LDIF). themselves. Version 2 of LDAP, defined in RFC 1777,
● LDAP protocol: This defines the processes that are took things a step further by divorcing LDAP from the
involved when an LDAP client and LDAP server X.500 standard proper, and it allowed for the develop-
interact with each other—for example, when a cli- ment of stand-alone LDAP directory servers to replace
ent queries a server for some information. the more complex directory service agents (DSAs) of
a full X.500 directory service. LDAPv2 directory serv-
● LDAP API: This is a set of application program- ers were stand-alone in the sense that they could not
ming interfaces (APIs) that defines how applica- perform referrals. For example, if a client queried an
tions can programmatically interact with LDAP LDAPv2 server for information that the server did not
servers. possess, the server would return a negative response to
697
Lightweight Directory Access Protocol (LDAP) Lightweight Directory Access Protocol (LDAP)
the client and would not be able to refer the client to ● Programmable: LDAP employs a standard set of
other LDAPv2 servers that might have the information. APIs written in C/C++ and defined by RFC 1832.
This limitation severely affected the scalability of These APIs specify how LDAP client applications
LDAPv2 directory service systems. can programmatically query and obtain information
from LDAP servers.
To overcome the scalability issues and other limitations
of LDAPv2, a new version, LDAPv3, was developed by ● Scalable: LDAPv3 supports referrals that allow
the Internet Engineering Task Force (IETF) in 1997 and LDAP directory services to scale easily to millions
was standardized as RFC 2251. LDAPv3 is the version of objects for enterprise deployments.
of LDAP widely used in today’s directory products,
Architecture
including Microsoft’s Active Directory directory ser-
To understand how LDAP works, you need to know its
vice, and it is a superset of LDAPv2 that remains
terminology first. A good way of understanding LDAP
backward-compatible with DAP and X.500. LDAPv3
terminology is to compare it with terminology for rela-
has the following enhancements over earlier versions:
tional databases. Despite the similarities between these
● Internationalization: Support for Unicode instead two systems, LDAP is not intended to replace relation-
of the American National Standards Institute al databases because it lacks features such as locking,
(ANSI) used in previous versions. transactional processing, reporting, and efficient stor-
age of binary large objects (BLOBs). The following are
● Referrals: An LDAP server that cannot answer a
the basic LDAP terms and concepts:
client’s query can refer the client to a different
LDAP server that knows the answer. This makes ● Object: Also called entries, objects are anything
L LDAPv3 a highly scalable standard that can be used about which you want to store data in the directory.
in large enterprises. Objects are typically users, groups, computers, print-
ers, organizational units, and domains. Objects are
● Security: LDAPv3 supports both Transport Layer
for LDAP what records are for a relational database.
Security (TLS) and Kerberos security protocols.
● Attribute: Information about an object. For exam-
● Extended operations: LDAPv3 is extensible and
ple, a user object might have attributes such as last
supports extended searching operations.
name, first name, address, phone number, and
Advantages and Disadvantages e-mail address. An attribute can sometimes have
Some of the qualities of LDAP that have enabled it to more than one value—for example, a user might
gain widespread popularity include have several e-mail addresses. Attributes are for
LDAP what fields are for relational databases. An
● Open: LDAP is an open standard running on TCP/
LDAP server stores the values of an object’s attri-
IP that specifies a protocol for communication
butes in name/value pairs.
between LDAP clients and servers but leaves imple-
mentation details for servers up to the vendors ● Classes: Define what attributes go with what
themselves, who develop various LDAP products. objects. Classes are for LDAP what tables are for
relational databases—but unlike tables, classes are
● Secure: LDAP supports various kinds of security
extensible and allow additional attributes to be
to preserve the integrity of directory data on a
defined for objects as required.
network.
● Schema: The collection of classes and attributes
● Extensible: The LDAP schema can be extended by
used for a particular implementation of an LDAP
defining new classes of objects and attributes to
directory service. LDAP schemas are extensible
support applications that need these.
and allow new classes and attributes to be defined
as required. Schemas have no counterpart in rela-
tional database terminology.
698
Lightweight Directory Access Protocol (LDAP) Lightweight Directory Access Protocol (LDAP)
699
Linear Tape Open (LTO) line booster
● Oracle Internet Directory, an LDAP directory built of fast restores—data that is required can be usually
upon the Oracle database platform retrieved from tape in less than 10 seconds.
● IDDS and Directory Portal, from Innosoft Interna- Marketplace
tional and Sun Microsystems More than 30 different storage vendors have licensed the
LTO tape format for implementation in their tape backup
● DirX, from Siemens
products. The first vendor to ship an LTO tape library
● Global Directory Server, from Critical Path was Exabyte Corporation with their 110L tape library,
which has since been replaced by the 221L tape library.
There is also an open source LDAP directory called
OpenLDAP that is based on the University of Michi- See Also: backup, tape format
gan’s SLAPD server.
Notes line booster
In Windows 2000, the standard C/C++ LDAP APIs A device for connecting peripherals to computers when
of RFC 1823 are implemented in a library called distances are longer than cabling normally supports.
Wldap32.dll. Applications can programmatically query
Overview
Active Directory using either Active Directory Services
Line boosters work by regenerating or boosting the sig-
Interface (ADSI), which is implemented as a Component
nal strength so you can use longer cables than specifica-
Object Model (COM) interface that is layered on top of the
tions usually allow. Because the signal strength in a serial
LDAP library, or by employing the LDAP APIs directly.
or parallel transmission line decreases with the length of
L See Also: Active Directory, directory, Directory Access
Protocol (DAP), distinguished name (DN), Uniform
the cable being used, line boosters are sometimes needed
to connect peripherals to computers when the distances
Resource Locator (URL), X.500 involved exceed normal cabling capabilities.
Computer
Linear Tape Open (LTO)
A high-capacity tape backup technology.
Overview
Linear Tape Open (LTO) was developed in 1998 by a
consortium that includes Hewlett-Packard, IBM, and
Seagate Technology. LTO is intended to be an open, 19.5 feet (6 meters)
multivendor tape architecture comparable in speed and Line
capacity to the more proprietary SuperDLT architecture booster
developed by Quantum Corporation. LTO is intended
for heterogeneous enterprise networking environments
and has been implemented in both stand-alone tape
drives and robotic tape libraries. 19.5 feet (6 meters)
Printer
Architecture
LTO has a native data capacity of up to 100 gigabytes
(GB) per tape uncompressed or 200 GB compressed
with a standard 2:1 compression ratio. Using a standard
single-reel drive architecture, LTO supports data trans-
fer rates of 10–20 megabytes (MB)/sec uncompressed G0LXX07 (was G0Lui05 in 1E)
or 20–40 MB/sec compressed. LTO can also be imple- Line booster. Using a line booster to connect a computer
mented as a dual-reel system that offers the advantage to a printer.
700
line coding line coding
For example, a typical line booster used with a serial light pulses) use two different voltages (or intensi-
RS-232 interface can generally double the distance over ties) but not zero voltage (or intensity). NRZ is
which an attached peripheral can transmit, increasing employed in serial interfaces such as RS-232 and by
the limit from 49 feet (15 meters) to 98 feet (30 meters). many of the block coding schemes described below,
For parallel printers, line boosters can typically increase including those for Integrated Services Digital Net-
allowed distances from 19.5 feet (6 meters) to 40 feet work (ISDN), Fast Ethernet, and Gigabit Ethernet
(12 meters). (GbE). NRZ requires that signal pulses all have
equal duration with no gaps between them and that
Notes
the transmitter and receiver be synchronized in
When deploying line boosters, be sure to install them at
order to communicate with each other.
the midway point between the computer and the periph-
eral, not at one end of the connection. ● NRZI: This stands for Non-Return to Zero Inverted
and uses a transition (either low-high or high-low)
See Also: RS-232, serial transmission
to indicate a binary 1, while a lack of transition
indicates a zero. This scheme is more reliable than
line coding NRZ and requires less power to transmit.
Any algorithm for transforming binary information into
● Bipolar-AMI: In this scheme, both a positive and
discrete (digital) signals.
negative pulse represents binary 1 and no pulse
Overview indicates a zero. Unlike NRZ and NRZI, there is no
A line coding mechanism specifies a mathematical rela- DC component to the signal. Bipolar-AMI is easy
tionship between the binary information in a bitstream
of data and the square-wave signal variations on the
to synchronize between the transmitter and receiver
and a lost pulse can be easily recovered. On the
L
medium the signals are transmitted over. For copper other hand, it requires more power to transmit than
wires, these signals are expressed as time-varying volt- NRZ/NRZI.
ages, but on fiber-optic cabling, they are transmitted as
● Pseudoternary: This is just the opposite of Bipolar-
discrete light pulses.
AMI and has the same advantages and disadvantages.
Types
● Manchester encoding:. This scheme is the one
Many types of line coding mechanisms are used in com-
used by standard 10 megabits per second (Mbps)
puter networking and telecommunication technologies.
Ethernet. In Manchester encoding, a low-high tran-
Some of these schemes are simple to encode and
sition in the middle of a pulse interval represents
decode but unreliable in their transmission, and others
binary 1 and a high-low transition represents binary
are reliable even in the presence of external noise but
zero. This kind of digital signal encoding scheme is
require CPU-intensive processing to encode. Selecting
known as a biphase scheme and has the advantage
the right line coding scheme for a particular technology
that no prior synchronization between transmitter
requires a good understanding of information theory,
and receiver is required, as in NRZ/NRZI. Man-
electromagnetic theory, and engineering.
chester encoding is an inefficient scheme that
Encoding schemes are classified into two basic catego- encodes one bit of information into two baud or
ries: digital signal codes and block codes. Digital signal code bits, but this “wastefulness” actually makes
codes specify the details of how the voltages (or light Manchester simple to encode and decode and thus
intensities) vary with time in copper (or fiber-optic) easy to implement in electronic devices. (An encod-
cabling. Common digital signal codes include ing scheme that is more efficient in converting bits
to baud is said to be “rich,” but the downside is that
● NRZ: This stands for Non-Return to Zero and sim-
the richer the encoding scheme, the more complex
ply means that the discrete electrical signals (or
701
line coding line coding
and processor-intensive the actual encoding mecha- ● 8B/10B: This scheme is used by GbE and Fibre
nism becomes.) Channel and is patented by IBM. The coding effi-
ciency is 1.25 baud/bit.
● Differential Manchester encoding: This is an off-
shoot of Manchester encoding in which either a ● 2B1Q: This stands for “2 binary, 1 quaternary” and
high-low or low-high transition at the start of a is used by the U interface of the Basic Rate Inter-
pulse indicates binary 1 and no transition indicates face ISDN (BRI-ISDN) flavor of ISDN. The U
binary 0. interface is located at the line termination point at
the customer premises, where a two-wire metallic
By contrast to the digital signal codes above, the fol-
cable terminates with an RJ-11 jack. The 2B1Q
lowing line coding schemes are sometimes called block
encoding scheme is actually used only in the United
codings. This is because their purpose is to transform a
States, as European ISDN uses a different 4 binary,
block of data (collection of bits from a bitstream) into a
3 ternary (4B3T) for BRI-ISDN.
block of electrical or light pulses. Some common exam-
ples of these encoding schemes include ● B8ZS: This stands for Bipolar with 8 Zero Substi-
tution and is used by the U interface of the Primary
● 4B/5B: This scheme is used by the 100BaseX form
Rate Interface ISDN (PRI-ISDN) flavor of ISDN.
of Fast Ethernet. The name 4B/5B stands for “4
The B8ZS encoding scheme is actually used only in
binary, 5 baud” and indicates in shorthand that four
the United States, as European ISDN uses a differ-
bits of data require five baud or code bits for trans-
ent High Density Bipolar 3 (HDB3) for PRI-ISDN.
mission. The 4B/5B scheme is thus (5-4)/4 = 25%
wasteful in terms of bandwidth compared to the
L (2-1)/1 = 100% wastefulness of Manchester encod- Ordinary Binary Transmission
ing. Another way of describing it is to say that 4B/ voltage
5B has a coding efficiency of 5/4 = 1.25 baud/bit. +
The 4B/5B scheme is also used by the Fiber Distrib-
uted Data Interface (FDDI) network architecture. 1 1 1 1
time
0 0
● 5B/6B: This scheme is used by 100VG-AnyLAN
and has a coding efficiency of 1.2 baud/bit.
● 8B/6T: This scheme is used by the 100BaseT4 form
of Fast Ethernet. The name 8B/6T stands for “8 2B1Q Coding
binary, 6 ternary” and indicates that eight bits of voltage
data require six ternary or three-level signals for
transmission. By contrast, 4B/5B uses two-level +3
signals in which there are only two voltages, not
three, for each signal pulse. The 8B/6T scheme has
a coding efficiency of 0.75 baud/bit, which means +1
10 11 11
that more than one bit is crammed into each signal time
00 00 01
pulse. 1
702
line conditioner line conditioner
Other schemes include Discrete Multitone (DMT), Carri- and other sources. They typically contain isolation trans-
erless Amplitude/Phase (CAP) modulation, and Quadra- formers that electrically isolate the circuitry from
ture Amplitude Modulation (QAM), all of which are unwanted DC voltages, impedance-matching circuitry for
used in various implementations of Asymmetric Digital reducing unwanted signal reflections, and surge suppres-
Subscriber Line (ADSL) communications. sors to guard against high-voltage surges (6000 volts or
more) caused by lightning strikes and power failures. Line
Examples
conditioners can also correct sags (drops) in voltages
This example briefly considers one line coding scheme
caused by momentary brownouts, but they are not meant
in more detail, namely BRI-ISDN’s 2B1Q scheme.
to replace or supply power during a power loss. They often
In this scheme, a block of two binary bits can represent include fault indicators and audible alarms.
four different values: 00, 01, 10, and 11. These four values
Line conditioners also ensure that a transmission’s sig-
are mapped to one quaternary value, which is encoded
nal parameters remain within specifications for the
using four different voltages. The first bit represents a
medium or interface being used, even over excessively
positive or negative voltage, and the second bit represents
long or noisy transmission lines. By maintaining signal
either 1-volt or 3-volt line potential. The following table
integrity, line conditioners can thus allow communica-
lists the four possible combinations. The result of using
tion devices to function at higher throughput rates than
2B1Q line coding for BRI-ISDN is that a single electrical
would normally be supported and ensure data integrity
pulse represents two binary bits instead of one binary bit.
over noisy lines. Another common name for line condi-
This effectively doubles the possible bandwidth of the
tioners is line shapers.
communication channel, as shown in the illustration on
the previous page. Uses
You typically use line conditioners in the following
L
Binary Data and Corresponding Voltage Level for
places:
2B1Q Line Coding
Binary Data Voltage of ● In power supplies and in uninterruptible power sup-
Represented Electrical Pulse ply (UPS) systems (power conditioners) to protect
00 -3 computers and networking devices from AC surges
01 -1 coming through power lines.
10 +3 ● In local area networks (LANs) to protect hubs, rout-
11 +1 ers, and other networking equipment from EMI and
unwanted noise coming through the networking cables
See Also: 100VG-AnyLAN, Asymmetric Digital Sub-
and to maintain the integrity of network data signals.
scriber Line (ADSL), Ethernet, Fast Ethernet, Fiber
Distributed Data Interface (FDDI), Fibre Channel, ● In offices to protect modems, telephones, fax
Gigabit Ethernet (GbE), Integrated Services Digital machines, and other equipment by filtering out
Network (ISDN), Manchester coding, signal electrical surges in phone lines and to reduce noise
so that the devices can operate at their nominal
throughput speeds.
line conditioner
Any device that is used to prevent undesirable electrical ● In wide area network (WAN) links for protecting
signals from damaging computer, networking, or tele- Channel Service Unit/Data Service Units (CSU/
communication equipment and to guard against data DSUs) and access servers connected to Integrated
loss due to electrical noise, sags, and surges. Services Digital Network (ISDN), T1, and other
copper telecommunication lines against EMI
Overview
surges. T1 lines must have line conditioners at reg-
Line conditioners contain circuitry that enables them to fil-
ular intervals to ensure the integrity of the signal
ter out noise caused by electromagnetic interference (EMI)
transmitted over the line.
703
line driver line driver
A line driver is essentially a combination of a signal Line driver. Using a line driver to connect a remote
converter and an amplifier. The signal converter per- terminal to a server.
forms line conditioning, and the amplifier increases the Implementation
signal strength. Line drivers are always used in pairs. One line driver is
Line drivers allow signals to be carried over a longer placed at the local site and is connected to the client or
distance than the media or transmission interface nor- terminal, and the other is located at the remote site and
is connected to the server or mainframe. For intrabuild-
L mally allows. Line drivers are typically used to extend
the maximum distance of serial communication proto- ing connections using line drivers, copper unshielded
cols such as RS-232, V.35, X.21, and G.703 and can twisted-pair cabling or the installed telephone lines are
provide either synchronous or asynchronous communi- typically used. For inter-building connections, fiber-
cation in various vendor implementations. optic cabling is preferred.
Uses Line drivers are available for almost every kind of com-
A common type of line driver often used in mainframe munication mode, from 19.2-kilobit-per-second (Kbps)
computing environments is the RS-232 line driver. This RS-232 serial line drivers over 3.5 miles (6 kilometers) to
device is used to extend the distance over which dumb 2-megabits per second (Mbps) single-mode fiber-optic
terminals can be connected to mainframe computers line drivers over 11 miles (18 kilometers). Line drivers
located in different parts of a building or in different can also be used to extend parallel transmission of data
buildings on a campus. RS-232 line drivers support syn- from about 20 feet (6 meters) to several miles.
chronous transmission of data over installed four-wire When you use line drivers, be aware that your maxi-
telephone cabling or fiber-optic cabling and are typically mum bandwidth and transmission distance are inversely
deployed on existing twisted-pair phone lines within a related—that is, the longer the line, the less bandwidth
building or on custom-installed fiber-optic lines laid you have. Considerations for purchasing a line driver
between buildings. These line drivers can extend the include whether it supports full-duplex or half-duplex
maximum distance of RS-232 serial transmission from communication, 2-wire or 4-wire cabling options, and
49 feet (15 meters) to several miles or more. what kinds of connectors are used. Line drivers for
Another common use for line drivers is in Asymmetric customer premises generally are cheaper and have a
Digital Subscriber Line (ADSL) and T-1 circuits smaller footprint than those used by service providers
between a customer and a telco central office (CO). such as telcos at the COs.
704
line filter Line Printer Daemon (LPD)
Notes Notes
For connecting data terminal equipment (DTE) such as Before installing a line filter, you should use a radio fre-
two computers, you should use a modem eliminator quency (RF) spectral analyzer to determine the general
instead. frequency of the source of EMI so that you can choose
an appropriate line filter. Line filters typically filter out
See Also: Asymmetric Digital Subscriber Line (ADSL),
one of the following frequency ranges: low frequency
modem eliminator, RS-232, T-carrier
(LF), high frequency (HF), very high frequency (VHF),
or ultra high frequency (UHF) signals.
line filter
See Also: electromagnetic interference (EMI), line
A device used to suppress noise in a transmission line or
conditioner, modem, Plain Old Telephone Service
cable, caused by electromagnetic interference (EMI).
(POTS)
Overview
EMI is produced by nearby power lines, motors, genera-
tors, and other sources. EMI can introduce noise into a
Line Printer Daemon (LPD)
The UNIX daemon (background service) used for
transmission line or cable that can degrade a signal’s qual-
spooling print jobs.
ity or even make communication impossible. By inserting
a line filter at the appropriate point, you can suppress the Overview
noise and potentially improve transmission speeds. Line Printer Daemon (LPD) is a daemon that resides on
UNIX print servers. Its function is to simply wait and
Modem receive any print jobs submitted from clients using
Transmission lines the Line Printer Remote (LPR) protocol. When LPD L
(source of EMI) receives a job, it temporarily stores the job in the print
queue, a file system subdirectory. There the job sits
waiting to be serviced by LPD. When a print device
becomes available, LPD retrieves the job from the
queue and sends it to the device for printing.
UNIX sends print jobs to printers as raw data streams—
for example, as a Postscript file and does not use print
Line POTS drivers the way Microsoft Windows does. However,
filter sometimes print job formatting is required—for exam-
ple, when you want to send a plain text file to a post-
G0LXX10 (was G0Lui08 in 1E)
script printer. In this case, a printer filter is used to
Line filter. Using a line filter to screen out EMI. properly format the job so the output will not look gar-
Line filters are sometimes needed in homes or small bled. Printer filters are specified in a UNIX system file
businesses that use modems to connect to the Inter- called Printcap.
net through a dial-up connection over the local loop. To view the status of jobs currently waiting in the
High-speed V.90 modems sometimes have difficulty queue, use the Line Printer Queue (LPQ) utility.
attaining their top data transfer speeds because of ambi-
ent line noise caused by nearby sources of EMI. By Implementation
placing a line filter at the customer premises between Both Windows NT and Windows 2000 support UNIX
the modem and the Plain Old Telephone Service LPD printing, although it is implemented differently on
(POTS) connection, you can filter out noise, which each platform.
could improve modem speeds. Windows NT Server has an optional LPD service that you
configure by installing the Microsoft TCP/IP Printing
705
Line Printer Queue (LPQ) Line Printer Queue (LPQ)
service. This service enables computers running UNIX to To support UNIX printing services, Windows 2000
send print jobs to the Windows NT server by using the Server and Windows .NET Server employ Microsoft
standard UNIX LPR command. Windows NT servers can Print Services for UNIX, which provides both LPD and
also use LPR to submit print jobs to either a Windows NT LPR services through two services:
server running LPD or a UNIX LPD print server. The
● LPDSVC: Runs on the Windows 2000 and
Microsoft TCP/IP Printing service thus provides printing
Windows .NET Server print servers and receives
interoperability between the UNIX and Windows plat-
print jobs from native LPR utilities running on
forms for heterogeneous network environments.
UNIX workstations
● LPRMON: Runs on the Windows 2000 and
UNIX-to-Windows Printing Print device
Windows .NET Server print servers and forwards
print jobs to native LPD processes running on
Windows NT Server UNIX computers with attached printers
(LPD service)
The startup configuration for the LPD service on
Windows 2000 and Windows .NET Server is set to
Manual by default and should be changed to Automatic
if this feature is used.
See Also: daemon, Line Printer Queue (LPQ), Line
UNIX Printer Remote (LPR), printing terminology, UNIX
workstation
L
LPR/LPQ
Line Printer Queue (LPQ)
A UNIX command used for querying the status of a
print queue.
Overview
On the UNIX platform, print jobs are submitted to print
Windows-to-UNIX Printing Print device servers using the Line Printer Remote (LPR) command,
which sends them to the print queue to wait for spooling
to an available print device. UNIX print servers employ
UNIX print server
(LPD) a daemon called Line Printer Daemon (LPD), which
waits in the background for print jobs to be submitted to
the queue from LPR clients. It is often useful to be able
to examine the queue to determine which jobs are still
waiting for spooling—the LPQ command does just that.
You can use the LPQ command on a UNIX platform to
Windows NT
determine
Workstation ● What jobs are waiting for spooling in the print
queue
LPR/LPQ
● Who submitted these jobs to the print server
● Which print device each job is destined for
706
Line Printer Remote (LPR) line sharer
V.35
Line Printer Remote (LPR)
.V.35.
A UNIX networks command used to submit print jobs
to print servers.
PSTN Line Sharer
Overview
PC Phone PSTN
Line Printer Remote (LPR) is the standard protocol for
submitting print jobs to print servers. On the UNIX Fax
platform, print servers use the Line Printer Daemon
(LPD), a service that runs in the background waiting for
RJ11
L
print jobs to be received. When LPD receives a job, it
Line
temporarily places it in a queue. When a print device Modem RJ11
sharer
becomes available, the job is spooled or moved from the
queue to the print device for printing. Note that files to RJ11
be printed using LPR must be either text files or files
.RJ11.
specially formatted for the printer being used (for
Internet Line Sharer Two phone
example, a PostScript file for a PostScript printer).
lines
PC
LPR is a Transmission Control Protocol/Internet Pro-
PSTN
tocol (TCP/IP) protocol defined in RFC 1179 and is
implemented on all UNIX platforms and on Linux.
PC
Microsoft Windows NT and Windows 2000 can also
use LPR by installing optional components to support RS-232 Line
sharer
UNIX printing. In UNIX implementations, LPR con- RS-232
nections (both inbound and outbound) are formed only
on TCP ports 721 through 731. On Windows 2000 and V-90
RS-232 modem
on Windows NT 4 service pack 3 or later, however, LPR
may use any port in the range 512 through 1023.
Examples PPP link
To print the file Readme.txt using the print queue called
Laser12 on an LPD print server named Lazyboy, you
Internet
would use the command lpr -S Lazyboy -P Laser12
readme.txt.
See Also: daemon, Line Printer Daemon (LPD), Line
Line sharer. Three varieties of line sharer.
G0LXX12 (was G0Lui10 in 1E)
708
Link Access Protocol, D-channel (LAPD) link aggregation
exchange carrier (LEC), Regional Bell Operating field, variable-length octet-aligned data payload, and a
Company (RBOC), wide area network (WAN) 2-byte frame check sequence (FCS).
See Also: data-link layer, D channel, full-duplex, Inte-
Link Access Protocol, grated Services Digital Network (ISDN), multiplexing,
D-channel (LAPD) Open Systems Interconnection (OSI) reference model,
The data-link layer protocol for D channel communica- serial transmission, synchronous transmission
tions in Integrated Services Digital Network (ISDN).
Overview link aggregation
ISDN uses two separate channels for communication: a Any technology for combining multiple physical data
D channel for signaling and control and one or more B links into a single logical link.
channels for data transfer. As shown in the table, these
Overview
different channels use different protocols at the data-
Link aggregation occurs at Layer 2 (the data-link layer)
link and network layers of the Open Systems Intercon-
of the Open Systems Interconnection (OSI) reference
nection (OSI) reference model. Link Access Protocol,
model. The basic idea is to combine two or more data-
D-channel (LAPD) is the data-link protocol for the D
link connections into a single fat logical connection. An
channel and is defined by the Q.921 specification from
aggregated link has several advantages over a single
the International Telecommunication Union (ITU).
physical link:
ISDN Protocols for Bottom Three OSI Layers
● Scalability: If demand for bandwidth increases,
OSI Layer B Channel D Channel
Physical ITU’s I.430 (Basic ITU’s I.430
another physical link can simply be added to the
logical bundle. Likewise, if demand for bandwidth
L
layer Rate Interface, BRI) (BRI) or I.431 decreases, a physical link can be deallocated from
or I.431 (Primary Rate (PRI) the aggregation and assigned elsewhere as needed.
Interface, PRI)
Data-link High-level Data Link LAPD (Q.921) ● Fault tolerance: If one physical link goes down in
layer Control/Point-to- a logical bundle, there is no interruption in trans-
Point Protocol mission, just a reduction in allowed bandwidth.
(HDLC)/PPP) Link aggregation is also a useful way of implement-
Network Internet Protocol/ Q.931 ing redundancy on point-to-point connections.
layer Internetwork Packet
● Load balancing: Links from several sources can be
Exchange (IP/IPX)
load balanced by combining them into a single log-
Architecture ical pipe.
LAPD provides full-duplex transmission over synchro- Link aggregation is also known sometimes as port
nous serial links and supports both point-to-point and aggregation or trunking in vendor literature.
point-to-multipoint communications links. LAPD also
supports multiplexing of multiple logical channels over Uses
a single physical D channel. Link aggregation has two main uses in the enterprise:
LAPD frames always begin with a standard flag (binary ● Increasing throughput of switch-switch connec-
01111110) to identify the start of the frame. This is fol- tions in collapsed backbones.
lowed by a 2-byte address that identifies the ISDN ● Combining data streams from multiple network
device transmitting the frame, a 1-byte or 2-byte control interface cards (NICs) on a multihomed server into
a single logical network connection.
709
Link Control Protocol (LCP) Link Control Protocol (LCP)
Implementation
1 Switch-switch links Early implementations of link (or port) aggregation
were vendor-specific technologies that required solu-
tions to be built and deployed using technologies from a
Layer 2 single source. Examples of proprietary Layer 2 link
core switch
LAN aggregation technologies include
● Cisco Systems’ proprietary Fast EtherChannel (FEC)
and Giga EtherChannel (GEC) technologies, which
enable up to four full-duplex Fast Ethernet or Gigabit
Ethernet (GbE) links to be combined into a single log-
ical link having throughputs of 800 megabits per sec-
ond (Mbps) or 8 gigabits per second (Gbps). FEC and
GEC employ Cisco’s proprietary Port Aggregation
Four physical
links equals
Protocol (PagP) to automate the process of discover-
LAN
one logical ing and configuring link aggregation.
Layer 2 link
core switch ● Cisco’s proprietary Inter-Switch Link (ISL) trunking
technology, which allows link aggregation across
Cisco Catalyst switches.
● Adaptec’s proprietary Duralink port aggregation
L 2 Server-switch links technology.
High-performance server Prospects
Proprietary link aggregation technologies and interop-
erability problems are soon to be a thing of the past as
vendors implement the new Institute of Electrical and
Electronics Engineers (IEEE) 802.3ad standard, which
defines a vendor-neutral approach to port aggregation.
As more vendors implement this new standard in
LAN
Three switching and NIC technologies, enterprise network
gigabit architects will be able to aggregate links across equip-
NICs ment from different vendors.
See Also: 802.3ab, data-link layer, Ethernet switch,
Layer 2 core Fast Ethernet, Gigabit Ethernet (GbE)
switch
Three physical
links equals one Link Control Protocol (LCP)
logical link The portion of Point-to-Point Protocol (PPP) responsi-
ble for link management.
Overview
G0LXX13 (new to 2E)
The Link Control Protocol (LCP) operates at the data-link
Link aggregation. Two uses for link aggregation in the
enterprise. layer (Layer 2) of the Open Systems Interconnection (OSI)
reference model and is responsible for opening and clos-
ing PPP connections and negotiating their configuration.
710
link state routing algorithm link state routing algorithm
During session establishment, LCP establishes the link, link state routing algorithm
configures PPP options, and tests the quality of the line An algorithm for dynamic routing that was designed to
connection between the PPP client and PPP server. address scalability limitations of distance-vector rout-
Architecture ing protocols.
During the negotiation phase, LCP handles four main Overview
functions: authentication, callback, compression, and The first dynamic routing protocols were based on the
multilink establishment. After a PPP link has been distance-vector routing algorithm, which required that
established at the physical layer and a modulation routers periodically advertise their routing tables to
method selected, the client must then be authenticated. neighboring routers. Routing protocols such as Rout-
Different authentication protocols are supported for ing Information Protocol (RIP) that are based on the
satisfying the security needs of different networking distance-vector algorithm suffer from two main prob-
environments. LCP can negotiate the following authen- lems: large amounts of routing updates, which consume
tication protocols: valuable network traffic, and slow convergence, which
● Password Authentication Protocol (PAP): Trans- results in an inability to scale to large internetworks.
mits passwords in clear text using a two-way As a result of these problems, the link state routing
handshake algorithm was developed. Routing protocols that use
● Shiva PAP (SPAP): A vendor-specific implemen- link state include
tation of PAP ● Open Shortest Path First (OSPF): This is the
main link state protocol in use today and can be
● Challenge Handshake Authentication Protocol
(CHAP): Passes a password hash using a three-way used to build large IP internetworks. L
handshake and is more secure than PAP or SPAP ● NetWare Link Services Protocol (NLSP): This
● Microsoft Challenge Handshake Authentication is a legacy protocol used on Internetwork Packet
Protocol (MS-CHAP): Microsoft Corporation’s Exchange (IPX) networks but not much used
implementation of CHAP, which is more secure anymore.
than regular CHAP ● Intermediate System to Intermediate System
Once an authentication method has been negotiated that (IS-IS): This is not much used anymore.
is understood by both the PPP client and server and the Architecture
client has been successfully authenticated by the server, Link state routers advertise changes in network topol-
the next phase is callback. This phase is optional and ogy to other routers using link state packets (LSPs). The
allows the client to request that the server hang up and router advertises these LSPs only when changes occur
call it back to ensure greater security or to reverse bill- in the network—for example, a router going down or a
ing charges. After callback is complete, the next phase new router being brought up. When a network change
is compression. This phase is also optional and a variety occurs, LSPs are sent to all routers everywhere on the
of different compression algorithms are supported, network, not just to neighboring routers as in distance-
including Predictor, Stacker, Microsoft Point-to-Point vector routing.
Compression (MPPC), and Transmission Control Pro-
tocol (TCP) header compression. The final phase of Using the LSPs a router receives from other routers on
LCP is aggregation of multiple PPP links using Multi- the network, link state routers use the Shortest Path
link PPP (MPPP). This last phase is also optional. First (SPF) algorithm to construct a logical tree that rep-
resents the topology of the entire network based on the
See Also: Challenge Handshake Authentication Proto- local router as the root of the tree. The router then uses
col (CHAP), Multilink Point-to-Point Protocol (MPPP), this tree to calculate the optimal paths to different parts
Password Authentication Protocol (PAP), of the network and populates routes in its internal
Point-to-Point Protocol (PPP)
711
Linux Linux
routing table with this information. Every link state information, causing black holes and other routing
router on a network thus knows the exact router topol- problems. Most link state routers now use time
ogy of the entire network. stamps and sequence numbers to ensure that con-
vergence occurs properly.
Comparison of Link State and Distance Vector
Routing Protocols Notes
Link State Distance Vector Link state routing protocols are classless routing proto-
Fast convergence Slow convergence cols, a feature that enhances their scalability by allow-
Highly scalable Small to mid-sized networks ing discontiguous subnets and variable length subnet
only masks (VLSMs) to be employed to reduce the amount
Broadcasts entire Broadcasts link status of interrouter traffic propagated on the network.
routing table information See Also: distance vector routing algorithm, dynamic
Sends updates Sends updates only when a routing protocol, NetWare protocols, Open Shortest
periodically change occurs to the network Path First (OSPF), Routing Information Protocol
Views network from Views network from
(RIP), routing protocol
perspective of itself perspective of neighbors
Calculates optical routes Calculates optimal routes
based on lowest metric based on least cost factors, Linux
including hops, segment An open-source UNIX-like operating system.
speeds, and traffic flow
patterns Overview
L Advantages and Disadvantages
Linux is a Portable Operating System Interface for
UNIX (POSIX)–compliant operating system that is
Link state routing protocols have several advantages freely available from numerous sites on the Internet.
over distance-vector protocols: Linux is available on a large number of hardware plat-
forms including Intel, Alpha, MIPS, PowerPC, Sparc,
● Faster convergence and even IBM S/390 mainframe. Linux provides a mul-
● Better scalability tiuser multitasking operating system environment that
supports symmetric multiprocessing (SMP) and clus-
● Less traffic due to router updates tering. The platform supports a wide range of file
On the other hand, there are some issues with link state systems and standard architecture features such as
protocols: interprocess communications (IPCs), remote proce-
dures calls (RPCs), and dynamic and shared libraries.
● They are more processor-intensive and memory-
intensive in their operation, hence routers using link History
state are usually more expensive. Linux was developed in 1991 by Linus Torvalds, a stu-
dent at the University of Helsinki in Finland. The plat-
● They are more complex to configure than form’s name is a contraction of Linus and UNIX and
distance-vector routing protocols. reflects the similarity between Linux and the UNIX
● When several link state routers start up, there can be operating system. Unlike UNIX, however, Linux was
a large amount of network traffic associated with released under the GNU Public License (GPL) as open
router discovery, a problem called link state flood- source software whose underlying code base is shared
ing. This can temporarily saturate the network and openly. Under this license, others can share in the Linux
make other communications impossible. development process, and a whole community has
arisen whose job is to refine and evolve Linux into a
● If LSPs are not synchronized properly, it is possible better and more powerful platform. Development of the
for routers to acquire wrong or incomplete link state
712
Linux Linux
standard Linux kernel development tree, however, is Linux kernel), lack of support for running widely used
still controlled by Torvalds himself. business applications such as Microsoft Office (even
though Win4Lin from NeTraverse allows you to run a
The first distribution of Linux to appear was Slackware,
Microsoft Windows 98 emulator on a Linux box and the
which became available in 1993. A distribution is typi-
StarOffice suite from Sun Microsystems is also avail-
cally a package that contains the Linux kernel and sup-
able for Linux), lack of implementers and administra-
porting modules, the GNU C/C++ compiler, Xfree86,
tors skilled in the Linux platform, limited support from
or some other freeware version of the X Windows
commercial vendors (even though Red Hat has set an
graphical interface, the Apache web server, various
example of how a vendor can base a business on ser-
applications and tools, an installer, and source code for
vices and support of the Linux platform), and the slow
everything. Version 1 of the Linux kernel appeared in
desktop upgrade cycle of large IT departments. Some
1994. Since that time, the kernel has gone through sev-
analysts estimate that Linux had less than 2 percent of
eral revisions and now stands at version 2.4.
the client operating system market in 2000, though it
Uses has passed the Apple Macintosh platform and now
Linux has found a niche in many companies for specific holds second place behind the dominant desktop plat-
server-based needs, including Web servers, mail gate- form, Microsoft Windows. Corel Corporation’s depar-
ways, file servers, and Domain Name System (DNS) ture from the Linux desktop market was probably
name servers. Although the fact that Linux is free another setback to Linux on the desktop; the fact that
would seem to make it an appealing solution for compa- there are two competing Linux desktop environments,
nies wanting to build out their server infrastructure K Desktop Environment (KDE) and GNU Network
while saving money, many companies have been reluc-
tant until recently to embrace Linux in their mission-
Object Model Environment (GNOME), may be
another.
L
critical operations. Reasons for this reluctance have
Another tree of Linux platform development targets the
included the lack of a single company responsible for
embedded device space, where Linux’s small footprint
the platform’s development and support, as well as the
is an advantage. For example, Red Hat has developed a
fact that trained Linux professionals are in high demand
set of Linux APIs called EL/IX that can run Linux and
and are thus difficult and expensive to hire. Recently,
applications having 32 kilobytes (KB) memory.
however, Linux has consolidated its toehold in large
companies through developments such as the appear- Architecture
ance of easy-to-install Linux distributions such as Red The core of the Linux operating system is the kernel.
Hat and Caldera, and through system management soft- Linux is built on a modular (as opposed to monolithic)
ware that allows large numbers of Linux servers to be kernel architecture, which enables custom kernels to be
remotely managed from a central console. For example, built using subsystem modules, device drivers, and pro-
companies such as Google.com have successfully tocol stacks. The Linux kernel follows two different
deployed up to 5000 Linux servers to provide Internet development trees:
services. Although the low cost of Linux distributions
● Odd-numbered versions: Kernel builds having
would seem an inducement to deploying Linux in a cor-
odd numbers such as 2.1, 2.3, and so on are devel-
porate environment, most IT (information technology)
opment (experimental) builds. These are used for
departments carefully weigh this against the cost of
trying out new features of Linux and are generally
supporting and administering a Linux environment
not recommended for use in production systems.
before choosing to deploy Linux servers.
● Even-numbered builds: These are builds intended
Linux on the desktop is less visible in the enterprise
for production systems and are tested until they are
than Linux on the server end. Reasons for this include
believed to be stable. Recent examples include ver-
a lack of device drivers (improved universal serial bus
sions 2.2 and 2.4.
[USB] support is provided in current release 2.4 of the
713
Linux Linux
Features of the most recent Linux kernel (version 2.4) Linux Personal Digital Assistants (PDAs) are also
include available. Linux also forms the basis for a number of
server appliance platforms, such as the 1U rack-
● Improved symmetric multiprocessing (SMP) that
mountable Qube2 and RaQ 4r server appliances from
supports up to 32 processors on Intel x86 servers
Cobalt Networks. Preconfigured Linux servers are
and scales better than previous kernel versions
available from Penguin Computing and also from large
● Up to 64 gigabytes (GB) of addressable physical vendors such as Compaq Computer Corporation and
memory Dell Computer Corporation.
● Support for large file systems up to terabytes of Linux on the mainframe is one new development that
stored data has given Linux greater credibility as an enterprise-
class operating system. IBM’s S/390 platform can run
● Kernel-level Web daemon called kHTTPd that pro-
thousands of Linux virtual machines (VMs) on a single
vides high-performance delivery of static Web
mainframe and provides significant cost savings over
pages
running Linux on thousands of separate PCs instead.
● Support for Intel’s 64-bit Itanium (IA-64) processor A side effect of this is that stodgy old mainframes are
architecture now viewed as a cutting-edge platform for application
development, giving a boost to the badly sagging main-
● Support for Network File System (NFS) version 3
frame market.
● Logical Volume Manager (LVM) that improves
The most popular server-side applications for the Linux
how files and volumes are handled
L ● Improved USB support
platform are probably the Apache Web server (still used
by more than half of all public Web sites) and Samba, a
program than enables a Linux server to provide file and
Marketplace
print services to other platforms such as Windows and
Although the core Linux platform is freely available for
Apple Macintosh. Popular open-source network moni-
download from various places on the Internet, Linux is
toring tools for Linux include NetSaint and Multi-Router
also available as commercial Linux distributions from
Traffic Grapher (MRTG). Caldera International has
a number of companies, including Red Hat, Caldera
released a systems management platform called Volu-
International, SuSE, Turbolinux, Debian, and many
tion that allows secure remote administration of thou-
others. Some distributions include special tools or other
sands of Linux servers and desktops. Volution employs
“value-adds” to meet specific needs of enterprise users.
a standard Web browser interface; uses a Lightweight
For example, Turbolinux includes its TurboCluster
Directory Access Protocol (LDAP)-compliant directory
tools for building clustering solutions, Red Hat Linux
service for storing system object information; provides
includes Red Hat PowerTools to enable administrators
remote installation, inventory, and monitoring services;
to remotely manage servers, and VALinux Systems pro-
and supports policy-based and profile-based manage-
vides vendor-neutral turnkey Linux systems. Both the
ment similar to Microsoft’s Active Directory directory
Red Hat and Helixcode distributions have proved popu-
service and Novell’s ZENworks platforms.
lar for deploying Linux on the desktop.
Prospects
A thin-client version of Linux is also available from
Some of the largest players in the enterprise computing
Neoware Systems and is designed for use in devices
market have embraced Linux to various degrees. Exam-
such as firewall appliances, smart card readers, and cash
ples include IBM, Oracle Corporation, Sun Microsys-
registers. This platform is called NeoLinux and is a cus-
tems, Hewlett-Packard, and others. IBM has ported
tomized version of Red Hat Linux. Korea’s LG Elec-
their DB2 Universal Database, WebSphere Application
tronics has a Linux tablet PC called Digital iPad, and
714
list server list server
Server e-commerce platform, and Lotus Notes group- For More Information
ware to Linux. Hewlett-Packard has done many Linux A good general source of Linux information is Linux
deployments, including running SAP AG’s Enterprise Online at www.linux.org. Advanced Linux users can
Resource Planning (ERP) software on Linux. Compaq, visit Linux Journal at www.linuxjournal.com. A popu-
Dell, and Hewlett-Packard all offer pre-installed Linux lar event for Linux users is LinuxWorld, found at
systems for customers who request it. And Oracle has www.linuxworldexpo.com.
ported its Oracle 8i database platform to Linux.
See Also: Apache, GNU General Public License
IBM’s commitment to supporting the Linux platform is (GPL), GNU Object Modeling Environment (GNOME),
probably the biggest development in the Linux story. K Desktop Environment (KDE), open source, POSIX,
IBM has demonstrated a 512-node cluster running UNIX
Linux at the Albuquerque High Performance Comput-
ing Center in New Mexico and has built in support for
list server
Linux using the SuSE distribution across its full range
A program that allows people to subscribe to an e-mail
of computing platforms, from PC servers to its S/390
mailing list.
and zSeries mainframes.
Overview
Linux’s most significant impact on the enterprise net-
Organizations typically set up list servers for facilitat-
working scene will probably be the displacement of
ing the discussion of marketing issues, asking and
most versions of the UNIX operating system by Linux.
receiving answers from technical support, announcing
Industry analysts indicate that Linux is already outsell-
new products and services, disseminating tips and tricks
ing all versions of UNIX combined. Although Windows
has firmly established itself as the market leader in
for using software, and similar activities. To use a list, L
users must first subscribe to the list using a special
application server platforms and is indisputably king
e-mail command, although nowadays many lists also
of the desktop, Linux is likely to establish itself and
have Web interfaces for doing things such as subscrib-
remain the number two player in the server arena due to
ing, unsubscribing, posting messages, and receiving
its entrenched use in specific niches of enterprise net-
help. Once a user successfully subscribes to the list, the
working such as DNS name servers, public Web serv-
user generally receives a copy of every message posted
ers, and a few other popular applications.
to the list, and every message the user posts is distrib-
Notes uted to all members of the list. Other common list
An application that runs on one Linux distribution may options include receiving daily collections of messages
not automatically run on another, as there are small dif- compacted into a single message and accessing archives
ferences between where different distributions store key of old messages.
system files and other issues. The Linux Development
Marketplace
Platform Specification (LDPS) developed by the Linux
Two common list server programs are Listserv and
Standard Base (LSB) project is expected to reduce these
Majordomo. Of these, Listserv is the older and was
interoperability problems by ensuring that an applica-
originally developed for the BITNET/EARN network.
tion developed for one distribution runs on others.
Notes
The U.S. government, through the National Security
Do not subscribe to too many mailing lists, because the
Agency (NSA), is also developing a hardened version
e-mail traffic might clog up your mailbox.
of Linux called Security-Enhanced Linux. This ver-
sion will include mandatory access controls for type For More Information
enforcement and role-based access. Search CataList, the official catalog of LISTSERV lists
at www.lsoft.com/catalist.html.
715
LLC layer load balancing
716
load balancing load balancing
717
Local Access and Transport Area (LATA) local address
718
Local Area Data Channel (LADC) local area network (LAN)
on a different subnet. To communicate with a host hav- Local Area Data Channel
ing a remote address, IP packets must be routed across (LADC)
subnet boundaries by routers or Layer 3 switches. A telco service for transmitting data using line drivers.
Examples Overview
As an example of a local address, consider a Transmis- Also called telco restricted lines, Local Area Data
sion Control Protocol/Internet Protocol (TCP/IP) net- Channel (LDAC) conforms to the Bell 43401 standard
work with the following subnetting scheme: published by AT&T and basically specifies DC continu-
● Network ID = 181.55.0.0 ity. This means that metallic (copper) conductors must
be used, typically the unshielded twisted-pair (UTP)
● Subnet Mask = 181.255.240.0 cabling employed for phone lines. The LADC standard
Using the above class B network and custom subnet also indicates that these lines must also be unloaded—
mask, there will be 16 different subnets of 4094 hosts that is, without terminators, loading coils, or protection
each, specifically circuitry that can add to the inductance of the line and
thus distort signals.
● Subnet 1 has hosts 181.55.0.1 through
181.55.15.254. LADC lines are available to distances of 3 miles (5 kilo-
meters) from the telco’s central office (CO). The longer
● Subnet 2 has hosts 181.55.16.1 through the distance for a line, the lower the carrying bandwidth
181.55.31.254. supported.
● Subnet 3 has hosts 181.55.32.1 through See Also: central office (CO), unshielded twisted-pair
181.55.47.254. (UTP) cabling L
…
● Subnet 16 has hosts 181.55.240.1 through local area network (LAN)
181.55.255.254. Typically, a group of computers located in the same
room, on the same floor, or in the same building that are
Now consider the following three hosts on the network: connected to form a single network.
● Host A = 181.55.22.147 Overview
● Host B = 181.55.28.12 Local area networks (LANs) are the simplest forms of
computer networks and enable groups of users to share
● Host C = 181.55.43.6 storage devices, printers, applications, data, and other
From the point of view of Host A, which is located on resources on the network. LANs are typically limited to
Subnet 2: a single location but can sometimes span several build-
ings or even a campus. The collection of cabling and
● Host B is located on the local subnet (Subnet 2), so networking devices used to build a LAN is known as its
Host B’s address is local to Host A. infrastructure.
● Host C is located on a remote subnet (Subnet 3), so LANs do not contain any telecommunications circuits
Host C’s address is remote to Host A. such as phone lines in the infrastructure—if they do,
See Also: Internet Protocol (IP), IP address, routing, they are properly called wide area networks (WANs)
subnetting instead. LANs come in all shapes and sizes, including
● Workgroup LANs: Typically a group of worksta-
tions deployed in a single room or on a single floor.
719
local exchange carrier (LEC) local exchange carrier (LEC)
● Shared LANs: These use legacy hubs and bridges ● Network interface card (NIC): This must be
to connect stations. installed in each computer in an available slot on
the motherboard, together with a software driver, to
● Switched LANs: These use Ethernet switches to
control the card’s functions. The network cabling is
connect stations and have largely displaced shared
then connected to the NIC in each computer to form
LANs in the enterprise.
the actual network.
● Campus LANs: These LANs span several build-
See Also: bridge, cabling, Category 5 (Cat5) cabling,
ings across a few miles and usually consist of
Ethernet switch, hub, infrastructure, NetBEUI, net-
smaller workgroup LANs connected by routers or
work, protocol, router, server, Transmission Control
Layer 3 switches.
Protocol/Internet Protocol (TCP/IP), unshielded
Implementation twisted-pair (UTP) cabling, wide area network (WAN)
Building a LAN from a group of stand-alone computers
requires the assembly and configuration of a number of
local exchange carrier (LEC)
components:
A telco in the United States that provides telephone and
● Network architecture: The vast majority of telecommunication services for subscribers within a
today’s LANs are of the Ethernet type, usually geographic region.
10BaseT or Fast Ethernet.
Overview
● Cabling: This is used to join the computers so they Traditionally, the local exchange part of the term local
can communicate with one another. The most com- exchange carrier is another word for the telco’s central
L mon type of cabling used in LANs is Category 5 office (CO), and the carrier part means they are the
(Cat5) unshielded twisted-pair (UTP) cabling. This company that “carries” telephone and data traffic for
cabling is typically installed in a topology called their customers. In other words, your local exchange
structured wiring, which is essentially a hierarchi- carrier (LEC) is simply the company that sends you a
cal or cascaded star topology employing hubs, telephone bill each month. The LEC owns the local
switches, and routers. loop wiring between their CO and their subscribers’
premises, and these premises are in a geographic area
● Network protocol: To communicate on a network,
known as the Local Access and Transport Area (LATA).
computers must speak a common “language" or
Any calls that take place within a given LATA are con-
protocol, the most popular of which is Transmission
sidered local calls and are billed accordingly. A single
Control Protocol/Internet Protocol (TCP/IP), which
LEC may have control over the local loop in one or
is necessary for Internet connectivity.
more LATAs.
● Network-aware operating system: This must be
The largest LECs came into existence with the breakup
installed on the computers to enable them to share
of AT&T in the early 1980s, which led to the formation
their resources with other computers (thus acting as
of a number of independent Regional Bell Operating
a server) and access resources on other computers
Companies (RBOCs). However, a number of smaller,
(acting as a client). The choice of operating system
independent LECs in the United States, especially in
depends on whether the network will be a peer-to-
rural areas, were never part of the Bell system.
peer network or a server-based network. Microsoft
Windows 98 or Windows Millenium Edition (Me) LECs directly handle traffic, including both local and
is a good choice for small peer-to-peer workgroup long distance types, only within their area of jurisdic-
LANs, while Windows 2000 offers the security and tion. For subscribers of one LEC to communicate with
scalability needed to support a larger server-based those in a different LEC, long-distance carriers called
network. inter-exchange carriers (IXCs) are used. In the United
720
local group local group
States, the “Big Three” IXCs are Sprint Corporation, companies that can afford to invest heavily in new tech-
AT&T, and MCI/WorldCom. nologies and services or even acquire LECs outright.
Types The landscape is still changing after six years, but it
Several different types of LECs are in the marketplace appears to many analysts that the Telecommunications
today: Act has largely failed to deliver on its promise of open-
ing up more competition in the telephone and telecom-
● Incumbent Local Exchange Carriers (ILECs):
munications industry. Many CLECs, particularly those
These include the RBOCs that came into existence
that specialized in offering digital subscriber line (DSL)
through the AT&T divestiture, plus various inde-
services, went out of business during the dot-com bust
pendent telcos such as Verizon Communications.
of 2001. Meanwhile, RBOCs, traditionally viewed as
They are called “incumbent” because they own the
dinosaurs when it comes to implementing technological
local loop wiring in their service areas.
innovation, have modernized their services and consol-
● Competitive Local Exchange Carriers (CLECs): idated their positions in the local loop. And the “Big
These arose as a result of the Telecommunications Three” IXCs remain just three, with little expectation of
Act of 1996 and include mainly resellers of voice things changing in that arena.
and Digital Subscriber Line (DSL) services. Some
See Also: central office (CO), Competitive Local
CLECs provide services regionally, but others, such
Exchange Carrier (CLEC), Incumbent Local Exchange
as Intermedia Communications, have become a
Carrier (ILEC), inter-exchange carrier (IXC), Local
national presence or transformed themselves into
Access and Transport Area (LATA), Regional Bell
other types of service providers.
● Building Local Exchange Carriers (BLECs):
Operating Company (RBOC), telco L
These are essentially offshoot CLECs that focus on
local group
provisioning voice and data services to office tow-
A type of group that exists only on the Microsoft
ers, hotels, industrial parks, and so on.
Windows 2000 computer on which it is created.
Prospects Overview
The Telecommunications Act of 1996 changed the
Local groups reside within the local security database
landscape of the telephone system in the United States
of the computer on which they are created. Local
by allowing LECs to compete in the deregulated long-
groups are intended for use only on Windows 2000
distance market and by allowing IXCs to provide ser-
computers that are not part of a domain and are used for
vices directly to customer premises through mergers,
granting users who are interactively logged on to the
acquisitions, and new technologies. Before 1996, each
computer access to resources on that computer. Local
LEC was essentially an incumbent LEC (ILEC) that
groups can contain only local user accounts from the
was the sole provider of telephone services to subscrib-
same machine. You create local groups on a stand-alone
ers in its geographical region. The Telecommunications
Windows 2000 machine using the Local Users and
Act allowed new companies to become competitive
Groups console.
LECs (CLECs) that could compete directly with ILECs
in their areas of jurisdiction by mandating the leasing or Notes
purchasing of local loop and switching services from Another type of Windows 2000 group called domain
the ILECs or installing their own separate distribution local groups have a domain-wide scope and can be used
and switching systems. LECs have an advantage over to provide users with access to resources located any-
IXCs, however, in that they already own a right-of- where in a domain.
access to customer premises, but IXCs have an advan-
See Also: AGLP, built-in group, global group, group
tage in that they are larger, more highly capitalized
721
localhost Local Multipoint Distribution Service (LMDS)
localhost Prospects
In many respects, the local loop represents the bottle-
The friendly name used in the HOSTS file for the loop-
neck in providing subscribers with high speed voice,
back address, a special Internet Protocol (IP) address
data, multimedia, and Internet access services. This is
used to test the protocol stack on a host.
because of two issues:
See: loopback address
● The copper nature of the local loop wiring makes it
much less efficient than fiber-optic cabling at carry-
local loop ing large amounts of information.
The portion of the telephone system that connects a
● The local loop wiring is owned by the Incumbent
subscriber to the nearest telco central office (CO).
Local Exchange Carrier (ILEC) in your area, typi-
Overview cally a Regional Bell Operating Company (RBOC).
The wiring used in the local loop is typically unshielded This legislated monopoly means that the main com-
twisted-pair (UTP) four-wire copper cabling terminated petition for providing customers with broadband
at RJ-11 jacks in the customer premises. With traditional services generally has to come from technologies
Public Switched Telephone Network (PSTN) lines that other than traditional copper local loop wiring. Fur-
use analog transmission, the maximum distance allowed thermore, because of their monopoly, RBOCs have
between the customer premises and the CO is about 3 miles generally been slow to bring about promised inno-
(5 kilometers). In many urban and commercial areas, the vation such as fiber to the curb (FTTC), which was
local loop has been upgraded to Integrated Services Digital promised decades ago but never delivered.
L Network (ISDN), which employs the same wiring but pro-
vides all-digital transmission for better voice and data con-
For residential customers, the main competition for the
traditional copper local loop consists of cable modem
nections. Local loop wiring can also carry a combination of
and satellite dish systems. For business customers,
voice and data at high speeds using various forms of Digital
cable modems are generally not an option due to the
Subscriber Line (DSL) technologies.
lack of cable television infrastructure in industrial parks
and office towers. Instead, business customers have
Customer
premises other alternatives, such as Local Multipoint Distribu-
Local tion System (LMDS), a fixed wireless broadband ser-
loop vice, and optical Ethernet, which involves provisioning
fiber to office towers in dense urban areas.
Copper
twisted-pair Telco CO
See Also: analog transmission, central office (CO),
cabling Digital Subscriber Line (DSL), digital transmission,
maximum fiber to the curb (FTTC), Incumbent Local Exchange
3 miles Carrier (ILEC), Integrated Services Digital Network
(5 kilometers) (ISDN), Local Multipoint Distribution Service (LMDS),
optical Ethernet, Public Switched Telephone Network
Fiber-optic (PSTN), Regional Bell Operating Company (RBOC),
cabling
telco, unshielded twisted-pair (UTP) cabling
Switching
network Local Multipoint Distribution
Service (LMDS)
An emerging wireless broadband technology operating
G0LXX15 (was G0Lui12 in 1E)
722
local network local network
Overview Prospects
Local Multipoint Distribution Service (LMDS) is a new Trial deployments of LMDS are currently underway.
wireless telecommunications technology that can The technology is expected to be deployed mainly in
simultaneously carry voice, data, and multimedia at dense urban areas by implementing wireless rings to
speeds as high as 155 megabits per second (Mbps). serve a region of customers. The main issue with
LMDS is primarily targeted toward the business market LMDS is that communications are easily affected by
and is designed to help alleviate the bottleneck of the moisture and bad weather, but efforts are underway to
telco local loop. LMDS is simple to deploy and rela- work around these problems. Some companies that
tively inexpensive, and it provides businesses with have licensed LMDS frequencies include Advanced
speeds higher than those of Digital Subscriber Line Radio Telecom Corporation, NextLink Communica-
(DSL) technologies. It can also be deployed where tions, Teligent, and WinStar Communications.
cable modem infrastructures generally do not exist,
See Also: cellular communications, Digital Subscriber
such as industrial parks and office towers.
Line (DSL), local loop
Implementation
LMDS is a cellular communications system in which
local network
coverage areas are typically 2.5 to 6 miles (4 to 10 kilo-
The network on which your computer resides, as
meters) in diameter. Each cell is served by one or more
opposed to a remote network.
LMDS transmitters. A transceiver is deployed with a
fixed antenna at the customer premises, usually on a Overview
rooftop or other high location (LMDS does not support The local network consists of all computers having the
mobile users and does not support roaming between same network number as your machine. For example, L
cells). on a Transmission Control Protocol/Internet Protocol
(TCP/IP) network, if your computer is assigned the IP
LMDS operates in the millimeter range at frequencies
address 208.16.8.25, then your network ID number is
between 27.5 and 31.3 gigahertz (GHz). Transmissions
208.16.8.0, and your local network would consist of all
in this range require precise line of sight between trans-
computers having the same network ID number. Each
mitter and station and are strongly affected by reflec-
computer on a network has the same network ID num-
tions of walls and other surfaces. Since frequencies
ber but a different host ID to distinguish it from other
used by LMDS are those at which water molecules
hosts on the local network. In the above example, your
absorb energy (which is how a microwave oven works),
host ID would be .25 and host IDs for other hosts on
rain and moisture can absorb and scatter LMDS trans-
your local network might be .26, .27, and so on. The
missions, causing dropouts. Deploying multiple trans-
IP address of a host is a combination of the host ID
mitters per coverage area may lessen this effect,
and network ID. For example, if your network ID is
however.
208.16.8.0 and your host ID is .25, your IP address
LMDS can operate in two configurations: would be 208.16.8.25.
● Point-to-multipoint (PMP): This is the usual way The term local network is also used in another context
of deploying LMDS and uses a single base station to describe hosts that are on the same physical LAN
transmitter or “hub” broadcasting to multiple fixed segment, such as all the hosts connected to the same
end stations. Range is typically less than 6 miles (10 hub in an Ethernet network. The usage of the term is
kilometers) for this configuration. sometimes vague, and you must determine its meaning
from the context in which it is used.
● Point-to-Point (PTP): This is used to connect two
LMDS stations and can sustain longer distances up See Also: IP address, network, subnet, Transmission
to about 12 miles (19 kilometers). Control Protocol/Internet Protocol (TCP/IP)
723
LocalSystem local user account
724
local user profile locking
725
log log
726
Logical Link Control and Adaptation Layer Protocol (L2CAP) logoff
727
logon logon script
logging off. You do this by pressing Ctrl+Alt+Delete ● A designated machine or group of machines on
followed by Lock Computer. You can unlock your the network: For example, on a Windows 2000–
workstation by pressing Ctrl+Alt+Delete again and based network that has Active Directory directory
reentering username and password. This approach is service installed, special Windows 2000 servers
faster than logging off and allows applications such called domain controllers store and maintain infor-
as your e-mail program to continue running in the mation about valid user accounts for all users on the
background. network. These domain controllers are then used for
validating users’ logon attempts. When the user tries
See Also: Active Directory, logon
to log on interactively to his or her local machine,
the machine forwards the user’s credentials to a
logon nearby domain controller using a mechanism called
The process by which a user’s credentials are verified pass-through authentication. The domain controller
by a network security authority so that the user can be authenticates the credentials and then builds and
granted access to resources on the local machine or returns an access token to the user, granting that user
network. suitable levels of access to resources on the network.
Overview Notes
There are two basic types of logons: Windows 2000 includes a feature called Run As that
lets an administrator temporarily log on to a client
● Interactive logons: Occurs when a user sit at the con-
machine without requiring that the user first log off
sole of his local computer and enters credentials (usu-
from his machine. This feature is useful, for example, if
L ally username and password) in the logon dialog box.
an administrator needs to install an application or trou-
● Remote logons: Occurs when a user has already bleshoot some problem while at the user’s machine.
logged on interactively to a machine but wants to
See Also: logoff
establish a network connection with a remote com-
puter. For example, if the user tries to map a drive let-
ter to a shared folder on the remote computer, a logon script
remote logon must take place during the process so A batch file that automatically runs on a user’s client
that the remote computer can be sure that the user has machine every time the user logs on to the network.
the right to perform the action.
Overview
When a user attempts an interactive logon on a local Logon scripts allow administrators to run a special series
computer, the user’s credentials are verified by a security of commands each time a user logs on to her machine.
authority. On Microsoft Windows networks, this security These commands can perform functions such as
authority may be
● Configuring the desktop working environment for
● The local machine itself: This scenario typically the user
occurs on computers that are configured to belong to
● Configuring legacy network clients and launching
a workgroup rather than a domain. In the workgroup
network connections
security model, each machine maintains its own sep-
arate list of valid user accounts in its own local secu- ● Automatically launching certain applications the
rity database. For example, when a user performs an user will need
interactive logon to a stand-alone machine running
● Communicating a “message of the day” and other
Windows 2000, the machine itself validates the
information to users
user’s credentials.
728
long packet error Long Reach Ethernet (LRE)
On the Microsoft Windows 2000 and Windows .NET can be complex and expensive. In-building digital sub-
Server platforms, logon scripts are primarily used for scriber line (DSL) is one solution, but this approach can
configuring legacy Windows clients and non-Windows be expensive due to costs of installing Digital Sub-
clients that belong to a Windows 2000 network. On a scriber Line Access Multiplexer (DSLAM) equipment
pure Windows 2000 network, logon scripts are rarely at the customer premises. DSL is also complex to provi-
needed because Windows 2000 employs Intellimirror sion because it involves Asynchronous Transfer Mode
technologies for performing tasks such as configuring (ATM) technology and generally ties customers in
the user’s desktop, synchronizing home folders, and to a single service provider, their Incumbent Local
establishing network and printer connections. Exchange Carrier (ILEC). Fixed wireless services are
another approach, but these services are currently lim-
Examples
ited to a few dense urban locations.
On Windows NT networks, however, logon scripts still
perform many useful functions. A typical Windows NT To open up the last mile marketplace, Cisco has devel-
logon script might contain a series of Net.exe com- oped a new technology called Long Reach Ethernet
mands that synchronize the client computer’s clock (LRE). This system provides customers with the plug-
with a particular server, ensure that mapped network and-play simplicity of Ethernet running over existing
drives are available, restore printer connections, and in-building telephone wiring. In addition, LRE can be
perform other actions to configure the user’s work used to simultaneously carry voice, data, and video traf-
environment. fic over a single wiring infrastructure, and it can simul-
taneously support Plain Old Telephone System (POTS)
The following simple script runs when a Windows cli-
analog voice, Integrated Services Digital Network
ent logs on to a Windows NT Primary Domain Control-
ler (PDC). The script synchronizes the workstation’s
(ISDN), and even asymmetric digital subscriber line L
(ADSL).
clock with the server, maps the drive letter K to a share
on the server, and then exits. LRE supports data transmission at speeds between 5
and 15 megabits per second (Mbps). It can run over dis-
net time \\pdc /set /yes >nul
net use k: \\pdc\home
tances as long as 4970 feet (1515 meters), which is con-
exit siderably greater than the 330 feet (100 meters) that can
be achieved using standard 10 Mbps Ethernet. LRE thus
See Also: IntelliMirror, scripting allows Ethernet to be deployed in scenarios where pre-
viously it could not be used due to distance limitations
long packet error and nonstandard wiring. LRE also saves money by
eliminating the need to deploy a separate networking
A random, malformed frame of data that is sent contin-
infrastructure by laying twisted pair or fiber-optic
uously by failed circuitry in a networking component.
cabling throughout a building.
Better known as jabber.
Implementation
See: jabber
LRE operates over existing telephone wiring and does
not require deploying a parallel Category 5 (Cat5)
Long Reach Ethernet (LRE) cabling infrastructure or laying fiber. LRE makes use of
A new technology from Cisco Systems that supports several Cisco products working together, including
Ethernet over older telephone wiring.
● Cisco Catalyst 2900 LRE XL switches: These
Overview are available in either 12-port or 24-port
Provisioning new high-speed data services to multi- configurations.
tenant units (MTUs) such as office towers and hotels
729
loop loopback
● Cisco 575 LRE Customer Premises Equipment packets between autonomous systems (ASs) in an Inter-
(CPE): These devices have an RJ-11 port for con- net Protocol (IP) internetwork. All routing protocols
necting to phone lines and an RJ-45 port for con- today include mechanisms for detecting and eliminat-
necting to a computer or network. ing loops, which is essential in a strongly meshed net-
work topology such as that of the Internet.
● Cisco LRE 48 POTS Splitters: These are installed
at the customer’s private branch exchange (PBX) See Also: Border Gateway Protocol (BGP), Exterior
and allow coexistence of voice and data traffic on Gateway Protocol (EGP), routing
the telephone lines.
See Also: Asymmetric Digital Subscriber Line (ADSL), loopback
Asynchronous Transfer Mode (ATM), Digital Sub- A test circuit that goes from one device to another and
scriber Line (DSL), Digital Subscriber Line Access back again.
Multiplexer (DSLAM), Ethernet, Incumbent Local
Overview
Exchange Carrier (ILEC), Integrated Services Digital
Loopback tests are used to check line integrity and the
Network (ISDN), Plain Old Telephone Service (POTS)
proper functioning of customer premises equipment
and to diagnose and troubleshoot problems with tele-
loop communications equipment. Loopback tests can be per-
In routing terminology, a route that causes packets to be formed by wide area network (WAN) access devices
forwarded until they time out. such as Channel Service Unit/Data Service Units (CSU/
DSUs) and routers to place calls to themselves over a
L Overview
A routing loop—a packet that enters a loop circle end-
WAN to test the WAN link’s integrity.
lessly until its Time to Live (TTL) value decrements to Implementation
zero and it is dropped by a router interface—is an unde- In loopback testing, a test signal is typically sent from a
sirable thing. Routing loops result in dropped packets service provider’s central office (CO) to the customer
and retransmissions and waste network bandwidth. premises and is returned or echoed by the customer pre-
mises equipment (CPE) back to the service provider.
Early routing protocols such as the Exterior Gateway
If the loopback signal fails to return, the WAN link is
Protocol (EGP) lacked the intelligence to detect and
down and must be repaired. If the signal returns, the
eliminate loops from their routing topologies. For this
device compares the original signal with the returned
reason, EGP was eventually replaced with a superior
one; any discrepancies can be used to troubleshoot
routing protocol called Border Gateway Protocol
communication problems.
(BGP), which guaranteed loop-free forwarding of
Loopback. An example of how loopback testing can be used to verify the integrity of a telecommunications link.
730
loopback address LTO
731
M
MAC address
will work.
A Layer 2 address for a network node.
The uniqueness of MAC addresses for network devices
Overview
is ensured by the Institute of Electrical and Electronics
On an Ethernet network, a MAC address is a unique
Engineers (IEEE), which allocates vendors of network-
6-byte (48-bit) address that identifies a computer, router
ing devices specific blocks of MAC addresses. The first
interface, or other node on the network. The MAC in the
3 bytes (24 bits) represent the manufacturer of the card,
term MAC address stands for media access control, a
and the last 3 bytes (24 bits) identify the particular card
sublayer of the Layer 2 or data-link layer of the Open
from that manufacturer. Each group of 3 bytes can be
Systems Interconnection (OSI) reference model for
represented by 6 hexadecimal digits, forming a 12-digit
networking. MAC addresses are sometimes called
hexadecimal number that represents the entire MAC
Ethernet addresses, hardware addresses, or physical
address. Examples of manufacturer 6-digit numbers
addresses.
include the following:
MAC addresses enable devices on a network to commu-
● 00000C (Cisco Systems)
nicate with each other. On an Ethernet network, for
example, each frame contains a source MAC address
and destination MAC address in its header information.
● 00001D (Cabletron Systems) M
● 0004AC (IBM)
Devices such as bridges and Layer 2 switches examine
the source MAC address of every frame received and ● 0020AF (3Com Corporation)
then use these MAC addresses to dynamically build
● 00C0A8 (GVC Corporation)
internal routing tables for directing further traffic. They
then use these tables to forward future frames received ● 080007 (Apple Computer)
to the specific port or network segment on which the
● 080009 (Hewlett-Packard Company)
station having that particular destination MAC address
resides. In order for computers to communicate on a network,
frames must be addressed using Layer 2 or MAC
Implementation
addresses. To simplify network communications, how-
On a computer, the MAC address is assigned to the net-
ever, computers are given Layer 3 addresses instead,
work interface card (NIC) that is used to connect the
which in Transmission Control Protocol/Internet Proto-
computer to the network. The MAC address is typically
col (TCP/IP) consist of IP addresses. A TCP/IP proto-
hard-coded into the card’s read-only memory (ROM).
col called Address Resolution Protocol (ARP) is then
Some cards come with a software utility that you can
used to translate Layer 3 addresses into Layer 2
use to change the card’s MAC address, but this is gener-
addresses.
ally not a good idea. If you accidentally configure two
network cards on your network to have the same MAC Notes
address, address conflict problems will result and the To determine the MAC address of your computer’s
computers will not be able to communicate on the net- NIC, use the following commands:
work. Token Ring cards, however, actually require you
733
Macintosh MADCAP
734
mail client mail system
735
mainframe mainframe
maintenance. Disadvantages include limited secu- ● Outlook Web Access (OWA): A Web application
rity, high processing load for the client, and poor for Microsoft Exchange Server that allows users
scalability. to access their mail using a Web browser such as
Microsoft Internet Explorer
● Client/server mail systems: Here the mail server
and client share the task of processing messages. Exchange Server provides a comprehensive messaging
An example of a client/server mail system is the solution that supports
Microsoft Exchange Server/Microsoft Outlook
● Internet standard Simple Mail Transport Protocol
combination. Advantages of client/server mail sys-
(SMTP) messaging
tems include lower network traffic, scalability, and
security. The main disadvantage is that they require ● Connectivity with legacy mail systems such as
more powerful servers than shared-file mail sys- Microsoft Mail and IBM PROFS/SNADS
tems do.
● Connectivity with foreign mail systems such as
Mail systems can also be distinguished by the address Lotus cc:Mail, Novell GroupWise, and X.400
formats they employ. Examples of mail address formats messaging systems
include industry-standard formats such as the Simple
Exchange can be deployed as a messaging backbone
Mail Transfer Protocol (SMTP) used on the Internet
within a heterogeneous mail system environment and
and the Originator/Recipient (O/R) format developed
also includes a Migration Wizard that lets you migrate
by the International Telecommunication Union (ITU)
users and mailboxes from legacy and foreign mail sys-
for its X.400 messaging standards. Examples of propri-
tems to Exchange. Consolidation of multiple disparate
etary address formats include the Microsoft Mail ver-
mail systems into a single messaging system through
sion 3.x format and the Lotus cc:Mail format. The
migration can both simplify administration and reduce
M following table illustrates examples of these different
address formats.
costs.
See Also: e-mail, Exchange Server, Simple Mail
Examples of Address Formats Used
Transfer Protocol (SMTP), X.400
in Electronic Messaging
Address Format Example
SMTP mitch@northwind.microsoft.com
mainframe
A general term for a high-level, typically large com-
X.400 O/R C=US;a=Sprint;p=microsoft;
o=northwind;s=Tulloch;g=Mitch; puter that is capable of performing demanding compu-
Microsoft Mail microsoft/northwind/mitch tational tasks.
cc:Mail Tulloch, Mitch at northwind Overview
Mainframes were the original computing platform devel-
Marketplace
oped at the dawn of the computer age in the 1950s and
The most popular mail system used in the corporate
1960s. Mainframe computers typically operated as cen-
world today is Microsoft Corporation’s Exchange
tralized computing systems in which dumb terminals
Server platform, which can be deployed with a variety
were attached through serial connections to a central
of clients, including
mainframe computer. Users entered text-based com-
● Microsoft Outlook: A full-featured messaging, mands into these terminals, and the terminal forwarded
scheduling, and collaboration client the commands to the mainframe, where all the process-
ing was performed. The results of the processing were
● Microsoft Outlook Express: A lightweight mail
returned to the terminal and displayed. Modern main-
and news client included free with Microsoft
frames typically offer standard 3270 or 5250 terminal
Windows versions
communication and also support connections to “smart
736
MAN Management Information Base (MIB)
737
Management Information Base (MIB) Management Information Base (MIB)
iso = 1
org = 3
DoD = 6
Internet = 1
MIB II = 1 Enterprise = 1
branch
managed by
M Microsoft
G0MXX01 (replace the older G0Mui02.eps from 1E with the new G0MXX01 drawing I have made for 2E)
Management Information Base (MIB). The general structure of the SNMP MIB hierarchy.
The diagram illustrates the general structure of the MIB Alternatively, MIB objects are also assigned a numeri-
tree, which consists of a number of objects represented cal label (called an object identifier or OID) that pro-
in ASN.1 notation. Note that a managed device will vides a more compact representation of these objects
typically contain only the portion of the entire MIB tree than text strings can provide. Using the numerical val-
that is relevant to its particular operation. The root of ues in the diagram, the root Printer object would be
the MIB tree is International Organization for Standard- uniquely described by
ization (iso), followed by Organization (org), Depart-
.1.3.6.1.2.1.43
ment of Defense (dod), and then Internet (internet). The
main public branch is then Management (mgmt), which The Private branch of the MIB tree contains branches
defines network management parameters common to for large companies and organizations. These are orga-
devices from all vendors. Underneath mgmt is MIB-II nized under an object called Enterprise, and each ven-
(mib-2), and beneath this are branches for common dor has a root branch node under this object. For
management functions such as system management, example, IBM’s root branch node is ibm (2), Cisco
host resources, interfaces, and printers. For example, in Systems is cisco (9), Sun Microsystems is sun (42),
the diagram we see that the root of the MIB branch that Microsoft LAN Manager MIB II is lanman (77), and
contains objects for SNMP manageable printers is Microsoft Corporation is microsoft (311). Vendors can
called Printer. In MIB notation, this object is uniquely apply to the Internet Assigned Numbers Authority
defined by the text string (IANA) to have specific MIB numbers reserved for
their enterprise. Each company or organization has
.iso.org.dod.internet.mgmt.mib-2.printer
738
Management Information Format (MIF) Management Information Format (MIF)
complete authority over what objects will be created composed of computer industry leaders whose aim is to
within their own branch of the MIB tree and what OIDs lead the development, adoption, and unification of stan-
will be assigned to each object. All MIB objects must dards for managing systems. MIF can be used in con-
comply with a common definition of SNMP informa- junction with DMI to manage networked PCs using
tion called Structure of Management Information systems management software such as Microsoft Sys-
(SMI), which defines the various data types allowed. tems Management Server (SMS).
Using Microsoft (.1.3.6.1.4.1.311) as an example of an Implementation
enterprise, various MIB branches are defined under its The MIF database on a computer system is imple-
root node, as seen here: mented as a collection of plain text files called MIF
files. MIF files are text files that are supplied with each
.1.3.6.1.4.1.311.1.3 for Dynamic Host Configuration
manageable hardware or software component installed
Protocol (DHCP)
on the system and that contain information about the
.1.3.6.1.4.1.311.1.7.2 for File Transfer Protocol (FTP) attributes of that component. These MIF files provide
system management software with configuration infor-
.1.3.5.1.4.1.311.1.7.3 for Hypertext Transfer Protocol
mation concerning the various hardware and software
(HTTP)
components on the system. A program called a DMI
and so on. Service Provider that runs locally and is resident on the
system being managed collects and manages the infor-
Implementation
mation from MIF files and delivers it to the central
MIBs are incorporated into special software called
management station. You can retrieve and display the
SNMP agents that run on SNMP-manageable devices.
information in the MIF database using any standard
This is done by using MIB files, which are plain text
management interface (MI) utility.
files constructed using a special format. Once these
MIB objects are compiled by the agent software, the Notes
M
device can be managed using a network management Microsoft SMS uses six types of MIF files for collect-
system that supports SNMP. You can use SNMP com- ing and storing information in the SMS database:
mands to retrieve the value of a MIB object or, in some
● PersonalComputer (.mif)
cases, to change the object’s value.
● SMSEvent (.emf)
For More Information
Try out the MIB Browser at www.ibr.cs.tu-bs.de/ ● UserGroup (.umf)
cgi-bin/sbrowser.cgi.
● JobDetails (.jmf)
See Also: network management, Simple Network
● PackageLocation (.pmf)
Management Protocol (SNMP)
● CustomArchitecture (.mif)
Management Information SMS can also use MIF files to add information to the
Format (MIF) SMS database about objects such as routers with cus-
A standard format for describing hardware and soft- tom architectures. Note that MIF files differ slightly in
ware management information. syntax between SMS 2 and the earlier SMS 1.2.
739
Management Service Provider (MSP) Manchester coding
caught in the trap of technological obsolescence by Manchester coding. Example of how Manchester coding
obviating the need to lock in to management systems works for standard Ethernet.
that may become legacy platforms. Manchester coding employs a two-state transition of
line voltage to represent one bit of information. In other
MSPs are part of an evolving breed of xSPs that include
words, two baud (voltage changes) are used for one bit
ASPs and storage service providers (SSPs). MSPs gener-
(piece of information). A binary 0 is represented by a
ally provide their services to client companies on a sub-
transition from high to low voltage in the time set for
scription basis, helping smaller companies avoid the high
transmitting one bit (that is, one “bit time”), while a
capital outlay of running their own IT department. MSPs
binary 1 is represented by a transition from low voltage
differ from ASPs, whose primary aim is servicing end
to high. For Ethernet networks, the high voltage is typi-
users on behalf of companies—MSPs instead provide
cally +0.85 volts and the low is typically -0.85 volts,
high-level services to businesses and IT departments.
making each voltage transition equal to 1.7 volts. This
Marketplace also results in Manchester encoding being balanced for
The MSP marketplace is new and evolving rapidly, DC operation, which enables signals to pass through
but some of the players that have made names for devices such as transformers without being corrupted.
740
mandatory user profile manual switch
741
MAPI MAPI
on the front and connectors on the back. These connec- by physically switching to it. Some manual switches
tors could be standard DB9, DB15, RJ-11, RJ-45, RS- include key locks that control access.
232, V.35, BNC, or Centronics connectors.
Types
Examples of different types of manual switches include
the following:
● Stand-alone manual switches: Generally small
boxes with a rotary switch on the front and a set
of connectors on the back. They can be used for
switching connections between printers, monitors,
keyboards, and other devices.
● Rack-mounted manual switches: Standard 19-
One printer inch (48-centimeter)-wide rack-mounted boxes,
typically with a number of rotary switches on the
Many-to-one front and connectors on the back. These are used
switch more rarely and essentially combine a number of
stand-alone switches into one rack-mounted box.
● Many-to-one switches: Allow several users to
share one device or allow one user to access differ-
ent devices. For example, a user can use a many-to-
one switch to manually switch between a color laser
Four
M workstations
printer and a black-and-white printer. Or an admin-
istrator can manually switch a server from a primary
10BaseT Ethernet network to a secondary network.
These switches are typically either two-to-one or
four-to-one switches.
● X switches: Allow several users to share several
Two devices in different configurations. These switches
printers are typically two-to-two switches.
Two MAPI
workstations Stands for Microsoft Application Programming Inter-
face, a Microsoft technology that allows developers to
use the Windows messaging subsystem for writing
G0MXX03 (was G0Mui04 in 1E)
messaging applications.
Manual switch. Two manual switch configurations: a
many-to-one switch and an X switch. See: Messaging Application Programming Interface
Manual switches are typically used in high-security (MAPI)
environments in which a user can access a device only
742
mapped network drive markup language
743
master boot record (MBR) master browser
simple Web pages for communicating information MBR virus. In this case, when you try to boot your sys-
and, in its basic essence, is so simple anyone can tem, you may see one of the following messages:
learn to use it. Most Web pages are created using
● Error loading operating system
special HTML editors instead, however, rather than
requiring that HTML tags (markup) be added man- ● Invalid partition table
ually to plain text documents. The main drawbacks
● Missing operating system
to HTML that led to the search for a replacement
(later found in XML) are the limitations of the fixed In Microsoft Windows 2000 and Windows .NET
tag set used by HTML, the fact that HTML can only Server, you can sometimes repair corruption of the
be used to present information rather than to com- MBR by using the Recovery Console’s Fixmbr
municate the meaning of a document, and that data command.
hierarchies are not supported (HTML is flat).
● XML: This markup language is basically a bare- master browser
bones version of SGML (the DTD for XML is only A Microsoft Windows 2000 computer that participates
about 20 percent the size of that for SGML). XML in the Computer Browser service.
has the expected advantages over HTML that a suc-
Overview
cessor would be expected to have, namely, support
The master browser collects and maintains a list of
for creating user-defined tags, ability to describe
available servers that have shared network resources in
both the presentation and meaning of a document,
its domain. This list, known as the browse list, is created
and support for data hierarchies.
when individual servers announce their presence on the
See Also: document type definition (DTD), Hypertext network by sending a server announcement to the mas-
M Markup Language (HTML), Hypertext Transfer Proto-
col (HTTP), International Organization for Standard-
ter browser.
The master browser also collects and maintains a list
ization (ISO), World Wide Web Consortium (W3C),
of all Windows 2000 domains on the network. If the
XML
domain of a master browser spans several subnets, the
master browser maintains only the browse list for its
master boot record (MBR) own subnet and one master browser will exist for each
A key data structure on a hard disk. subnet in the domain.
Overview Backup browsers obtain a copy of the browse list from
The master boot record (MBR) performs an essential role the master browser. Backup browsers automatically con-
on a hard-disk system of a computer: when a computer tact the master browser every 15 minutes to request a
boots up, the basic input/output system (BIOS) executes copy of both the browse list and a list of domains on the
a small portion of code residing in the MBR. This code network. The backup browser caches this list and distrib-
scans the partition table (found within the MBR) to deter- utes it to any client on the network that requests it.
mine which is the active partition, then scans the active
The master browser for a domain is usually the first
partition to locate the boot sector on this partition, loads
domain controller installed in that domain.
the code it found in this boot sector into RAM (random
access memory), and then transfers control to this resi- See Also: backup browser, Computer Browser service,
dent code to continue execution or the boot process. domain master browser
Sometimes the MBR for a disk system can become
corrupt—for example, when a system is invaded by an
744
master domain master name server
745
master station matrix switch
Notes Overview
When you configure zone transfers between name serv- The term matrix switch originates from a mathematical
ers, be sure that the start of authority (SOA) record for structure called a matrix, which is a two-dimensional
the secondary name server is correctly configured with structure with N rows and M columns representing N
the name of the master name server from which it will times M values. Likewise, a matrix switch with N input
obtain its resource records. No configuration is required ports and M output ports has N x M switching possibil-
with the master name server itself. ities. Typical configurations for these switches include
4 x 4 and 4 x 8 matrix switches, in which any input
See Also: caching-only name server, Domain Name
device can be connected to any output device by operat-
System (DNS), name server, primary name server,
ing the switch.
secondary name server
master station
Any network device that controls the operation of other
network devices.
Four
Overview printers
The term master station is typically used in mainframe/
terminal networking. For example, in a point-to-point
connection between an IBM controller and a 3270 termi-
nal, the controller is the master station while the terminal
is a slave station. Or, in a multipoint circuit, one of the
devices might function as a master station while all the
M rest are slaves.
Typically, the master station polls all the slave stations
regularly in order to determine whether a slave wants to
initiate communication with the master. This is differ- Keypad
ent from a peer multipoint circuit such as an Ethernet Matrix switch
network, where each station contends for control of the
media. Four
workstations
Notes
Another scenario where the term master station some-
times is used is in Token Ring networks, where one of
the devices can function as a master station and be
responsible for detecting and replacing tokens lost by G0MXX04 (was G0Mui05 in 1E)
other stations. Matrix switch. Using a matrix switch to connect four print-
ers to four computers.
See Also: 3270, Ethernet, mainframe, terminal, Token
Ring Types
A typical matrix switch would be an electronic switch
that has multiple ports and that can be controlled using
matrix switch a keypad or some other front-panel interface on the
A multiport switch that supports any-to-any connectivity. switch. Another type of switch called a code-operated
switch is basically a switch that can be operated using
746
MAU MBone
747
MBR media
748
media access control (MAC) layer media access control method
Another type of media is not really media at all: wire- for implementing the particular media access control
less networking. This type of networking transports sig- method on a network and thus distinguishes different
nals through empty space using radio and microwave networking architectures such as Ethernet and Token
frequency electromagnetic radiation traveling at the Ring. The table illustrates the different types of MAC
speed of light. Although most wireless networking layers defined by Project 802.
signals travel near the Earth’s surface and hence go
MAC Layers Defined by Project 802
through air, this air is not considered a medium—elec-
tromagnetic waves do not require a medium in which Project 802 Channel Management
to travel. Wireless networking is sometimes said to Committee Type of LAN Algorithms Defined
employ “unguided media” in contrast to the “guided 802.3 Carrier Sense Binary backoff after
media” provided by wires and cables. Another way of Multiple Access collision detection,
saying this is to contrast “wireline” (guided) networks with Collision framing, error
with wireless (unguided) ones. Detection detection
(CSMA/CD)
Notes 802.4 Token Token passing, priority
Another common use of the term media is to refer to a bus LAN scheme, framing, error
combination of cabling and topology used for different detection
types of Ethernet networks. Thus, for example, 10BaseT 802.5 Token Token passing, priority
refers to a star topology using unshielded twisted-pair ring LAN scheme, framing, error
(UTP) cabling, and 10Base2 refers to a bus topology detection
using thinnet cabling. You can loosely refer to these
examples as 10BaseT and 10Base2 Ethernet media. As part of the OSI protocol stack, the MAC layer receives
framed data from the LLC layer immediately above it,
See Also: cabling, coaxial cabling, fiber-optic cabling,
twisted-pair cabling, wireless networking
which is media independent, and reframes the data, add- M
ing a source and destination physical address or MAC
address to the frame for transmission on the medium. The
media access control (MAC) MAC layer is also responsible for making sure that data is
layer delivered without errors to layers above it.
A sublayer of the data-link layer. See Also: 802.3, 802.4, 802.5, Carrier Sense Multiple
Overview Access with Collision Detection (CSMA/CD), data-link
The Project 802 specifications of the Institute of Elec- layer, Ethernet, Institute of Electrical and Electronics
trical and Electronics Engineers (IEEE) subdivide the Engineers (IEEE), logical link control (LLC) layer,
data-link layer (Layer 2) of the Open Systems Intercon- media access control method, Open Systems Intercon-
nection (OSI) reference model into two sublayers: nection (OSI) reference model, Project 802, Token Ring
749
media converter media converter
permitting the smooth flow of traffic on a network and usually patented by the companies that developed them
either prevent collisions entirely or provide a graceful and are hard-coded into application-specific integrated
way of dealing with them when they occur. circuits (ASICs) to achieve the best possible perfor-
mance. For example, in full-duplex Fast Ethernet and
Media access control methods are implemented at
Gigabit Ethernet (GbE) networking, the most popular
Layer 2, the data-link layer, of the Open Systems Inter-
MAC layer is that designed by Alcatel, from which
connection (OSI) reference model. Specifically, media
most switch and router vendors lease their MAC tech-
access control methods are the responsibility of the
nology. The Alcatel MAC is used in more than half of
media access control (MAC) layer, one of two sublayers
all GbE ports on the market today and in more than 80
of the data-link layer. Four main media access control
percent of all Fast Ethernet ports. Network engineers
methods are used in local area networks (LANs):
should note that mixing switching equipment from ven-
● Carrier Sense Multiple Access with Collision dors that use different MACs can sometimes lead to
Detection (CSMA/CD): Used in half-duplex interoperability problems.
Ethernet (full-duplex Ethernet uses switched
See Also: 802.3, 802.4, 802.5, 802.11a, 802.11b,
instead of shared media and hence does not require
802.12, AppleTalk, Carrier Sense Multiple Access with
a media access control method). CSMA/CD is the
Collision Avoidance (CSMA/CA), Carrier Sense Multi-
most commonly used media access control method
ple Access with Collision Detection (CSMA/CD),
used in LANs, reflecting the dominance of Ethernet
demand priority, Fiber Distributed Data Interface
over other forms of LAN architectures. CSMA/CD
(FDDI), Institute of Electrical and Electronics Engi-
is defined by the 802.3 committee of Project 802 of
neers (IEEE), media access control (MAC) layer,
the Institute of Electrical and Electronic Engineers
Project 802, Token Ring
(IEEE).
M ● Carrier Sense Multiple Access with Collision
media converter
Avoidance (CSMA/CA): Used in legacy Apple-
A device that connects two different networking media.
Talk networking and in some forms of wireless net-
working, such as 802.11a and 802.11b. CSMA is Overview
defined for AppleTalk by IEEE 802.3 and for wire- Media converters are commonly used for Ethernet net-
less networking by IEEE 802.11. works where each type of Ethernet has different specifi-
cations for the media that can be used. For example,
● Token passing: Used in Token Ring and Fiber Dis-
10Base2 and 10Base5 use different media types (thin-
tributed Data Interface (FDDI) networking. Token
net and thicknet cabling, respectively) and 10BaseT
Ring employs a token passing method defined by
employs unshielded twisted-pair (UTP) cabling. Media
IEEE 802.5, but FDDI uses a different method
converters allow these different types of cabling to be
defined by the American National Standards Insti-
joined together transparently.
tute (ANSI).
Implementation
● Demand priority: Used in 100VG-AnyLAN net-
Media converters come in many types, with many dif-
working and defined by IEEE 802.12.
ferent kinds of connectors. They range from simple
Implementation two-port small boxes for connecting two different
In real-life networking devices such as network inter- cables to expensive rack-mounted chassis units with 8
face cards, switches, and routers, media access control or 16 modular ports that support a wide range of config-
methods are implemented using a MAC algorithm. uration options. Some media converters also include
Although the algorithms for Ethernet and Token Ring bridging functionality and can be deployed wherever
networks are publicly defined by the IEEE standards bridges or switches are used.
described above, those used in full-duplex Ethernet are
750
media-dependent adapter (MDA) media-dependent adapter (MDA)
Fiber
Media converter
ST
connectors
UTP
RJ-45
connector
G0MXX05 (was G0Mui06 in 1E)
Media converter. Using a media converter to connect unshielded twisted pair (UTP) and fiber optic cabling.
751
Megaco Megaco
Chassis
MDA
Media-dependent adapter (MDA). Inserting an MDA module into an MDA slot to customize a modular Ethernet switch.
Modular Ethernet switches generally consist of a chas- Engineering Task Force (IETF). Megaco is designed to
sis with two to four media-dependent adapter (MDA) support convergence of telephone and data services and
slots on the front panel. To customize these switches for is especially targeted toward the Internet Protocol (IP)
your network, you simply insert MDA modules into the telephony sector to ensure interoperability between
slots to provide the media configuration you require. A gateways and controllers supplied by different vendors.
single MDA module might provide one of the following The name Megaco is short for Media Gateway Control,
typical port configurations: and the ITU standard for this framework is H.248.
● Eight 100/10BaseT ports or 1000/100/10BaseT ports Architecture
M ● Two 100BaseTX or 100BaseFX ports
Integrating circuit-switched systems such as the Public
Switched Telephone Network (PSTN) and packet-
● A single Fiber Distributed Data Interface (FDDI) switched systems such as the Internet are complicated
double-ring connection by the fact that the PSTN actually consists of two
separate networks:
By selecting and inserting different MDAs into a mod-
ular Ethernet switch, you can quickly reconfigure com- ● Traffic network: The network that actually trans-
plex networks. Bridging between the different types of ports voice and data traffic between callers.
media is performed internally by the chassis circuitry
● Signaling network: The network responsible for
inside the switch.
control functions such as call setup and tear down.
See Also: 10BaseT, 100BaseFX, 100BaseT, The signaling network for the PSTN is known as
100BaseTX, Ethernet, Fiber Distributed Data Interface Signaling System 7 (SS7).
(FDDI), fiber-optic cabling, unshielded twisted-pair
In a typical IP telephony system, the IP network inter-
(UTP) cabling
faces with the two PSTN networks using two different
kinds of devices:
Megaco ● Media gateway (MG): Enables data on the PSTN
An emerging framework for connecting voice, fax, and
to be converted into IP packets for transmission
videoconferencing systems to packet-switching networks.
over the Internet and vice versa. The MG interfaces
Overview the IP network with the traffic portion of the PSTN,
Megaco is a standard developed jointly by the Interna- and MGs communicate with each other using proto-
tional Telecommunication Union (ITU) and the Internet cols such as Real Time Protocol (RTP).
752
member server mesh topology
Prospects
In Windows 2000, you can change a member server into M
a domain controller by running the Active Directory
Megaco is intended as an industry standard, vendor-
Installation Wizard.
independent protocol for MG/MGC communication and
is expected to displace the proprietary Media Gateway See Also: Active Directory, domain controller
Control Protocol (MGCP) defined in RFC 2705, which
has established itself as a de facto standard but which
mesh topology
lacks some of Megaco’s advanced capabilities, such as
A network topology that has redundant data paths
peer-to-peer device control (MGCP supports only mas-
between nodes.
ter/slave control). Megaco also replaces earlier protocols,
including Internet Protocol Device Control (IPDC) and Overview
Simple Gateway Control Protocol (SGCP). A mesh network (a network that has a mesh topology) is
any network in which information typically has more
See Also: Digital Subscriber Line Access Multiplexer
than one route it can take between any two end stations.
(DSLAM), H.323, IP telephony, Multiprotocol Label
Meshed topologies are commonly used in backbone net-
Switching (MPLS), Public Switched Telephone Network
works to provide fault tolerance—if a wire, hub, switch,
(PSTN), Voice over IP (VoIP)
or other component fails, data can always reach its desti-
nation by traveling along an alternate path. Meshed net-
member server works are common in older, routed Internet Protocol (IP)
A server that does not perform logon authentication. internetworks and prevent the failure of a single router
from bringing down a portion of the network.
753
message message
LAN
R
R
R R
R R
R
R
754
message digest (MD) algorithms Message Tracking Query Protocol (MTQP)
755
Messaging Application Programming Interface (MAPI) metadirectory
conjunction with SMTP Service Extensions (ESMTP), sending, receiving, and reading messages in a uniform
enabling the exact path that a message takes as it travels fashion regardless of the messaging subsystem used.
between hosts and across routers over the Internet. MAPI provides two sets of interfaces: the client-side
application programming interfaces (APIs) called by
Prospects
the messaging application, and the service-provider
MTQP will be supported by upcoming versions of
interfaces that the Windows messaging subsystem uses
Sendmail and will likely be supported by other Internet
to connect with different messaging-handling systems.
mail platforms as well. MTQP’s full value will only be
realized, however, if it becomes widely implemented Microsoft Outlook is an example of a MAPI-enabled
across the Internet and by major Internet service provid- client, and Microsoft Exchange Server supports MAPI
ers (ISPs). However, MTQP can be implemented on messaging.
a limited basis between companies that frequently
See Also: application programming interface (API),
exchange e-mail and can alert them to problems with
Exchange Server, Outlook
their messaging communications.
See Also: ESMTP, Internet Engineering Task Force
metabase
(IETF), Simple Mail Transfer Protocol (SMTP), X.400
A database for storing configuration settings for
Microsoft Internet Information Services (IIS).
Messaging Application Overview
Programming Interface (MAPI) The metabase is a hierarchical, memory-resident data-
A Microsoft technology that allows developers to use
base that is used to store IIS configuration information.
the Windows messaging subsystem for writing messag-
Prior to version 4 of IIS, such information was stored
ing applications.
M Overview
mainly in the Microsoft Windows NT registry. The
metabase was introduced in IIS 4 as a more flexible and
The Messaging Application Programming Interface expandable repository than the registry, and being
(MAPI) provides a generic programming interface for memory-resident, it also provides better performance
making Windows applications mail-enabled and stan- than the disk-based registry. Some settings for IIS are
dardizes how messages are handled by messaging still stored in the registry, however, for backward com-
applications. MAPI also provides a general messaging patibility with older versions of IIS.
subsystem built into the Windows operating system that
The metabase is stored as the file Metabase.bin in the
can function with any message transport mechanism.
\WINNT\system32\inetsrv directory on a Windows
The messaging subsystem is thus similar to the print-
2000 machine running IIS.
ing subsystem that allows Windows to interface with
any kind of print device and perform standard printing Notes
functions. The Microsoft Internet Information Server Resource
Kit includes a number of administrative scripts that you
Implementation
can use to back up and restore the metabase.
MAPI is a kind of middleman between the messaging
application running on the computer and the underlying See Also: Internet Information Services (IIS), registry
messaging services. The client interface for accessing
these services through MAPI is the same whether the
metadirectory
services are local area network (LAN)-based messaging
A tool for combining diverse data sources into a single
services, e-mail services, fax services, or any other
directory.
messaging service. MAPI allows standard function
calls to access general messaging functions such as
756
metadirectory metadirectory
757
metasearching metropolitan area network (MAN)
758
metropolitan Ethernet metropolitan Ethernet
759
metropolitan Ethernet metropolitan Ethernet
The result of all this is that the MAN has become the (WDM), which enables as many as eight full-duplex
bottleneck between the corporate local area network GbE channels to run over a single fiber pair. Dense
(LAN) and the WAN. Although LAN speeds have risen Wavelength Division Multiplexing (DWDM) offers the
to 100 Mbps Fast Ethernet and higher and WAN speeds potential of squeezing even greater bandwidth out of
within the Synchronous Optical Network (SONET) individual fiber strands.
backbones of carriers is also 100 Mbps or higher, com-
With GbE now supporting distances up to 150 miles
panies trying to join their LANs into a WAN using tra-
(240 kilometers) over single-mode fiber, metro Ethernet
ditional T1 lines find that these lines have become the
can be deployed across even the largest cities to provide
bottleneck in the equation and that upgrading to T3 is
a high-speed alternative to SONET for data transport.
too costly a solution.
The emergence of 10 Gigabit Ethernet (10 GbE) prom-
Enter the metropolitan (or metro) Ethernet service pro- ises to provide even greater capacity for this service.
viders, companies who are building their own sepa-
Advantages and Disadvantages
rate MANs to compete with the existing SONET rings
Metro Ethernet offers a number of advantages over tra-
owned by telcos. These new service providers are build-
ditional SONET rings for building WANs:
ing their MANs using GbE switching gear, laying their
own fiber backbones in dense urban areas to connect ● Simplicity: The fact that Ethernet is running on
their points of presence (POPs) with industrial parks, both sides of the access device at the customer pre-
campuses, and downtown multitenant units (MTUs). mises makes installation, configuration, and man-
The demarcation point at the customer premises now agement of WAN links easier.
becomes as simple as an RJ-45 connection, and custom-
● Cost: Metro Ethernet connections are typically
ers can simply use a Category 5 (Cat5) patch cord to
only 25 to 50 percent of the cost of traditional telco
connect their Ethernet LAN to their carrier’s GbE back-
M bone to build a WAN or receive high-speed Internet
data services, even taking into account the cost of
laying new fiber. The cost of GbE switching equip-
access. Other services supported by some metro Ether-
ment used for WAN access to metro Ethernet ser-
net providers include high-speed connectivity to stor-
vices is about a tenth the prices of traditional ATM
age area networks (SANs), Web and application server
over SONET access devices, which adds up to
hosting, and multicast Internet Protocol (IP) video
another cost savings for metro Ethernet over telco
services.
WAN services. Finally, GbE is a well-known tech-
Implementation nology to LAN administrators, and so the cost of
Metro Ethernet is made possible by the use of new car- hiring or training IT (information technology) peo-
rier-class GbE switches that can be deployed at either ple skilled in ATM over SONET technologies is
the service provider’s POP or the basement of the cus- eliminated, which further reduces the cost.
tomer’s MTU, depending on the scenario. At the pro-
● Scalability: Metro Ethernet is typically provi-
vider’s end, these switches interface with telco SONET
sioned in 1 Mbps increments up to 1 gigabit per
rings to provide connectivity for long-distance WAN
second (Gbps), with prices scaled accordingly.
links; within a downtown area of a city, however, the
Although upgrading a traditional T1 line to T3 can
metro Ethernet provider maintains end-to-end Ethernet
take weeks, increasing bandwidth on a metro Ether-
connectivity for customers without the need of telco
net connection usually takes only a few hours.
SONET services.
Some service providers even offer customers a Web
Metro Ethernet service providers may either lay their interface from which they can provision additional
own fiber downtown or lease dark fiber from other car- bandwidth for themselves as required.
riers. To get the most out of this fiber, providers are
starting to employ Wavelength Division Multiplexing
760
metropolitan Ethernet metropolitan Ethernet
● Manageability: Metro Ethernet simplifies the task Although some of these providers offer services only in
of data management by enabling packets to be pro- a few urban centers, many of them are scaling out to
cessed at Layers 3 through 7 of the Open Systems offer services nationally in large cities across the United
Interconnection (OSI) reference model. This con- States. Some metro Ethernet service providers special-
trasts with SONET, where it is difficult to process ize only in high-speed Internet access or WAN connec-
packets on the backbone. tivity, but others offer a full range of services
comparable to telcos.
● Fault-tolerance: Traditional dual SONET rings
deployed by telcos offer fault-tolerance that GbE Carrier-class GbE switches for metro Ethernet rollouts
networks do not intrinsically possess. By combin- are now available from a number of vendors, including
ing GbE with Dense Wavelength Division Multi- Extreme Networks, Foundry Networks, Cisco Systems,
plexing (DWDM), however, SONET’s dual-ring Nortel Networks, and Riverstone Networks.
architecture can be imitated to provide a robust,
Prospects
fault-tolerant backbone comparable to SONET.
Just as GbE has won out over competing LAN back-
The main disadvantage of metro Ethernet is availabil- bone technologies such as Fiber Distributed Data Inter-
ity: for the foreseeable future, this service will probably face (FDDI) and Asynchronous Transfer Mode (ATM),
be available only in the downtown sections of large the same thing may happen in the WAN, at least for data
urban areas. Another disadvantage is that although dual services. ATM over SONET still offers a much higher
SONET rings deployed by telcos are self-healing (typi- Quality of Service (QoS) for voice communications,
cally in less than 50 milliseconds), GbE networks but the simplicity and price advantages of end-to-end
do not have such built-in recoverability features. Fur- Ethernet in the WAN make it the leading technology as
thermore, while ATM over SONET is a cell-based far as data services are concerned. Unfortunately, metro
connection-oriented technology that is optimized for
voice but can also carry data easily, Ethernet is a con-
Ethernet is likely to remain exactly that—Ethernet
restricted to metropolitan areas where dense clusters
M
nectionless packet-switched technology that suffers of MTUs make laying fiber a cost-effective decision
unpredictable delay and jitter, factors that have little for service providers. Metro Ethernet is unlikely to be
effect on data traffic but which make it difficult to trans- available in the foreseeable future in smaller urban or
port voice traffic (unless bandwidth is far below satura- rural areas, which must continue to rely on telco ser-
tion point). Finally, SONET networks traditionally vices as their only option. Nevertheless, metro Ethernet
offer five-nines (99.999 percent) uptime, which is typi- is having a profound impact on the enterprise WAN cost
cally an order of magnitude better than the best metro model and may even eat into the traditional voice mar-
Ethernet networks available today. ket of telcos as VoIP technologies become more stan-
dardized and widely deployed.
Marketplace
Metro Ethernet service providers offer a wide range of See Also: Asynchronous Transfer Mode (ATM), ATM
services from LAN-LAN interconnection within urban over SONET, dense wavelength division multiplexing
areas to high-speed Internet access and even Voice over (DWDM), Digital Subscriber Line (DSL), Fiber Dis-
IP (VoIP) services. They can provision a single fiber tributed Data Interface (FDDI), Gigabit Ethernet
link to an MTU in such a way that each client within the (GbE), Incumbent Local Exchange Carrier (ILEC),
building has its own secure connection and is billed sep- Integrated Services Digital Network (ISDN), local area
arately according to usage. Popular service providers in network (LAN), metropolitan area network (MAN),
the metro Ethernet marketplace include Yipes Com- storage area network (SAN), Synchronous Optical Net-
munications, Telseon, FiberCity Networks, Cogent work (SONET), T-carrier, Voice over IP (VoIP), wide
Communications, Everest Broadband Networks, Intelli- area network (WAN)
Space, XO Communications, and many others.
761
MExE Microsoft Certified Professional (MCP)
MExE Overview
The Microsoft Certified Partner Program is a partner-
Stands for Mobile Execution Environment, an emerg-
ship between Microsoft and independent companies
ing standard for running Java applications on mobile
where Microsoft provides IT services and products that
phones.
enable these companies to provide solutions for their
See: Mobile Execution Environment (MExE) clients based on leading-edge Microsoft technologies.
The program is global in scope and is the primary chan-
nel by which Microsoft solutions are provided. The
MFC
Microsoft Certified Partner Program evolved primarily
Stands for Microsoft Foundation Classes, a set from the Microsoft Certified Solution Provider pro-
of object-oriented interfaces to the Microsoft gram formed in 1992, and it has over 31,000 partners
Windows application programming interface worldwide.
(API).
Microsoft Certified Partners receive numerous benefits
See: Microsoft Foundation Classes (MFC) to help them deliver Microsoft solutions, including
licenses for internal and marketing use of Microsoft
MFR products, access to prerelease software information and
Stands for Multilink Frame Relay, a new frame relay program codes, sales and marketing resources, tech-
aggregation technology. nical training and support, and direct support from
Microsoft staff. Partners participate in joint marketing
See: Multilink Frame Relay (MFR) ventures and receive valuable customer referrals.
The Microsoft Certified Partner Program has two levels
M MIB of membership:
Stands for Management Information Base, a database
● Member: Companies that receive useful technical,
of information about a device that is managed by
marketing, and sales information, and also licenses
using the Simple Network Management Protocol
for Microsoft products for internal testing and
(SNMP).
development purposes.
See: Management Information Base (MIB)
● Gold: Companies that have demonstrated a high
level of proficiency in building solutions using
microkernel Microsoft technologies within one or more solu-
An operating system architecture in which the kernel is tions areas, including enterprise systems, support
a small component with limited functionality that loads centers, e-commerce, and Application Service Pro-
other components such as drivers and services into vider (ASP) services.
memory only as required to complete requested system For More Information
tasks. Find out more about the Microsoft Certified Partner
See: kernel program at www.microsoft.com/certpartner.
762
Microsoft Certified Professional (MCP) Microsoft Certified Professional (MCP)
763
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) microsoft.com
764
microsoft.com microsoft.com
finding information on a site as large as this is sometimes Essential Links for Networking Professionals on
difficult, as many important Uniform Resource Locators Microsoft.com continued
(URLs) are not found on the site’s home page. This article Relative URL Information on . . .
is designed to simplify this process of finding useful Microsoft download center
/downloads
information for networking professionals by providing (redirection)
a summary of links to valuable information found on Microsoft eBooks home
/ebooks
Microsoft’s Web site. The URLs listed here are mostly
/education Microsoft education home
top-level URLs that are unlikely to change frequently
(many have remained the same for several years), and /embedded Windows Embedded home
(redirection)
even if the site managers change them, these URLs are
/enable Microsoft accessibility
likely to be redirected automatically to the updated
information
information. The URLs in the main table below are listed
/games Microsoft games official Web site
in short form as relative URLs; for example, /windows is
short for www.microsoft.com/windows. /giving Microsoft giving programs
/hcl Hardware compatibility list
Note that a few URLs listed below are redirections to other (HCL) for Microsoft products
Microsoft Web sites, such as the Microsoft Developer /hwdev Windows driver and hardware
Network (MSDN) site at msdn.microsoft.com. And infor- development site
mation about Microsoft’s suite of developer products is /insider Microsoft consumer products and
actually found on the MSDN site rather than on the main services
www.microsoft.com site. For example, the site for Micro- /jobs Jobs at Microsoft
soft Visual Studio is found at msdn.microsoft.com/vstudio /kids Free stuff and special offers for
instead of www.microsoft.com/vstudio, but the latter URL kids
actually redirects you to the former. /mac Mactopia, Microsoft products for M
Macintosh
Essential Links for Networking Professionals on /mba Microsoft jobs for MBAs
Microsoft.com Mindshare User Group Support
/mindshare
Relative URL Information on . . . Program
/backofficeserver Microsoft BackOffice Server /mobile Mobile Devices and Pocket PC
home home
/backstage Inside view of microsoft.com /mscorp Corporate information about
operations Microsoft
/billgates Bill Gates’s home page /msft Microsoft investor relations
/business Microsoft business products and /museum Microsoft museum online
services /net Microsoft .NET platform home
/catalog Catalog of all Microsoft products Microsoft Office main site (see
/office
/certpartner Microsoft Certified Partners home Note 1 later in this article)
/college Microsoft jobs for college /partner Microsoft for partners home
students /piracy Microsoft anti-piracy home
/ddk Microsoft Windows Driver Devel- Microsoft news and press releases
/presspass
opment Kits
/reader Microsoft Reader with ClearType
/directx Microsoft DirectX home
/security Microsoft security home
/diversity Microsoft Diversity home
/seminar Microsoft Multimedia Central
(continued)
(continued)
765
microsoft.com microsoft.com
766
Microsoft Consulting Services (MCS) Microsoft Corporation
4 URLs for versions of Microsoft Windows are usu- See Also: Microsoft Operations Framework (MOF),
ally obvious; for example, www.microsoft.com/ Microsoft Solutions Framework (MSF), Microsoft
windowsxp for Windows XP, www.microsoft.com/ Technology Center (MTC)
windows2000/ for Windows 2000, and so on. This
pattern breaks, however, with Windows CE, where Microsoft Corporation
the URL is instead www.microsoft.com/windows/ The worldwide leader in software for business and per-
embedded/ce. sonal computing.
See Also: Microsoft Corporation, Microsoft Developer
Network (MSDN), TechNet
767
Microsoft Challenge Handshake Authentication Protocol Microsoft Challenge Handshake Authentication Protocol
768
Microsoft Data Access Components (MDAC) Microsoft Data Access Components (MDAC)
769
Microsoft Developer Network (MSDN) Microsoft Disk Operating System (MS-DOS)
770
Microsoft Disk Operating System (MS-DOS) Microsoft Disk Operating System (MS-DOS)
771
Microsoft Foundation Classes (MFC) Microsoft Foundation Classes (MFC)
772
Microsoft Management Console (MMC) Microsoft Management Console (MMC)
● File and database classes for storing and retrieving Windows 2000 and later versions include a number of
files in databases or on disks. These include classes preconfigured consoles known as administrative tools.
for file input/output (I/O), Data Access Objects These tools are used for performing specific adminis-
(DAO), ActiveX Data Objects (ADO), and open trative tasks, and you can access them using the Admin-
database connectivity (ODBC). istrative Tools shortcut in the Programs group of the
Start menu.
● Internet and networking classes for exchanging
information between computers and over the Inter- Implementation
net. These include classes for Windows Sockets and By itself, the MMC does not provide any system or net-
Internet Server API (ISAPI). work management capability. Instead, it provides an
environment in which administrative tools called snap-
● OLE classes for creating compound documents and
ins can be run. A snap-in is a software component that
OLE objects, using Automation, creating ActiveX
provides some system or network management capabil-
controls, and other functions.
ity for administrators to perform standard tasks.
● Debugging and exception classes for error handling
and debugging applications.
See Also: ActiveX, application programming interface
(API), Data Access Objects (DAO), open database con-
nectivity (ODBC)
Microsoft Management
Console (MMC)
A tool and software framework for administering sys- M
tems running Microsoft Windows 2000 or later.
Overview
The Microsoft Management Console (MMC) was first G0MXX09 (was G0Mui14 in 1E)
included with Microsoft Windows NT Option Pack to MMC console. Computer Management, an example of an
provide an integrated management framework for a MMC console.
wide range of administrative tasks. The MMC later When one or more snap-ins have been added to a blank
became the standard administrative interface for man- console, the configuration can be saved as an .msc file
aging the Microsoft Windows 2000 operating system and then shared with other administrators by e-mail or
and server applications such as Microsoft Exchange by sharing it on a file server. The MMC also supports
Server and Microsoft SQL Server. deregulation of different levels of management capabil-
MMC offers the following features: ity to other administrators. For example, an administra-
tor might
● Customization: Administrators can create an MMC
tool that contains the exact functionality they need. ● Create a specific console for a specific administra-
tive task. An administrator can thus create a custom
● Integration: MMC integrates all management capa- administrative tool that is not cluttered with unnec-
bility into a single common framework, making it essary functionality and provides just enough func-
easier to learn and perform network administration. tionality to perform the task at hand.
● Flexibility: Third-party companies can create their ● Create a console for unifying a set of different
own snap-ins to further extend the capabilities of administrative tasks. An administrator can thus
MMC. create a single console with which all common
773
Microsoft Market Microsoft Official Curriculum (MOC)
M Overview
Microsoft Market is an Internet-based procurement sys- Microsoft Official Curriculum
tem developed by Microsoft to streamline operations (MOC)
with its supply-chain partners. Although Microsoft Courseware developed by Microsoft Corporation for
Market is used internally by Microsoft and is not open training in Microsoft products and technologies.
to the public, it is an excellent example of how B2B sys- Overview
tems using the Internet can reduce the cost of doing Microsoft Official Curriculum (MOC) courseware
business with a company’s business partners. is designed to provide comprehensive training in
Before deploying Microsoft Market, Microsoft’s pro- Microsoft products to IT (information technology) pro-
curement costs typically were $60 per transaction. With fessionals who develop, implement, administer, and
Microsoft Market implemented, this overhead fell to support business solutions based on Microsoft plat-
less than $5 per transaction. Using Microsoft Market, forms, applications, and tools. MOC courseware are
purchases of goods and services from partners and ven- available for the full range of Microsoft products,
dors can be performed using a standard Web browser including all versions of Microsoft Windows, the .NET
interface. Microsoft Market has helped Microsoft lower Enterprise Server family, and Microsoft programming
its procurement costs and speed up its business cycle; platforms. MOCs are available in different forms,
it has also reduced sales and marketing costs and has including
created new sales opportunities and improved custo- ● Instructor-led courseware designed for use at
mer service. Microsoft Market puts Microsoft in the Microsoft Certified Technical Education Centers
forefront of companies implementing B2B Internet tech- (CTECs) and taught by Microsoft Certified Train-
nologies in streamlining business process to gain a ers (MCTs).
competitive advantage in the marketplace.
● Self-paced training kits available through Microsoft
See Also: B2B, e-business Press.
774
Microsoft Operations Framework (MOF) Microsoft Research (MSR)
775
Microsoft Solutions Framework (MSF) Microsoft Windows
776
Microsoft Windows Microsoft Windows
Windows operating systems evolved in the 1990s from A separate evolutionary path for Windows has pro-
the earlier MS-DOS, Microsoft’s powerful text-based duced the Windows CE 3 operating system, a light-
disk operating system for personal computers. The first weight version of Windows designed for handheld PCs
versions of Windows were 16-bit operating systems and appliances. Windows NT Embedded, another flavor
that essentially ran on top of MS-DOS and provided an of Windows, is a low-footprint version designed for
easy-to-use graphical user interface (GUI) that made industrial control systems and other devices with lim-
computers easier to learn and use. These 16-bit versions ited processing and memory.
included Windows 3.1 and Windows for Workgroups
The table below lists the current versions of Windows.
3.11, the network-aware version of Window 3.1. In the
For more information about particular versions, see the
middle of the decade, Microsoft released a new version
corresponding entries in Chapter W of this book.
of Windows called Windows 95, a desktop operating
system that included a new and more powerful GUI, Current Microsoft Windows Operating Systems
support for preemptive multitasking, and enhanced Version Description
management of system resources. Windows 95 evolved Windows .NET Comes in Standard, Enterprise,
into Windows 98 and then Windows Millennium Edi- Server Datacenter, and Web Server ver-
tion (Windows Me). sions and is the successor to the
Meanwhile, Microsoft also developed a fully 32-bit oper- Windows 2000 family of business
ating system called Windows NT. This new operating operating systems
system was more powerful, robust, and secure than the Windows XP Comes in Professional and Home
Windows 95/98/Me family and was intended for busi- Edition and is the successor to both
the Windows Me and Windows
ness users instead of consumers. Although Windows NT
2000 Professional lines of business
3.51 was based on the Windows 3.1 GUI, the popular
Windows NT 4 employed a GUI similar to Windows 95.
and consumer Windows desktop
operating systems
M
Windows NT 4 was offered in a variety of flavors tar-
Windows 2000 Comes in Professional, Server,
geted at the desktop, local area network (LAN) server, Advanced Server, and Datacenter
and enterprise server operating system markets. Server versions and is the succes-
As the decade concluded, Windows NT was superseded sor to the Windows NT 4 family of
by the powerful Windows 2000 family of operating sys- business operating systems
tems, which offered great stability and powerful fea- Windows Me Successor to Windows 95 and
tures foundational for building strategic e-business Windows 98 consumer Windows
solutions for the enterprise. Most recently, two new desktop operating systems
Windows CE Lightweight version of Windows
Windows platforms have evolved:
designed for handheld computing
● Windows XP: A completely new 32-bit desktop devices and computer appliances
operating system that removes all remaining ves- Windows NT Small-footprint version of
tiges of MS-DOS and comes in two flavors: Embedded Windows NT designed for
Windows XP Home Edition for home users and industrial control systems and
Windows XP Professional for corporate use. small devices
Windows XP is the natural desktop upgrade path for
Windows 95/98/Me, Windows NT 4 Workstation, For More Information
Visit the Windows home at www.microsoft.com/windows.
and Windows 2000 Professional.
See Also: Windows 3.1, Windows 95, Windows 98,
● Windows .NET Server family: The next evolution
Windows 2000, Windows CE, Windows Me (Windows
of the Windows 2000 Server family of operating
Millennium Edition), Windows .NET Server, Windows
systems.
NT, Windows XP
777
middleware Millennium
778
MIME mirroring
Overview MIME
Millennium is a radically new vision for distributed
Stands for Multipurpose Internet Mail Extensions,
computing in which the automatic distribution of appli-
extensions to Simple Mail Transport Protocol (SMTP)
cation processing is the norm rather than the exception.
that allow multipart and binary messages to be sent
The Millennium paradigm assumes that all applications
using e-mail.
are intrinsically distributed across the network rather
than locally centralized on servers. Millennium is based See: Multipurpose Internet Mail Extensions (MIME)
on an advanced network-aware operating system than
can dynamically distribute processing tasks and man-
mirrored volume
age resources across the network. Millennium is based
A type of fault tolerance supported by Microsoft
on four key concepts:
Windows 2000 and Windows .NET Server.
● Abstract distribution of tasks: The network auto-
Overview
matically distributes tasks for execution to different
In Microsoft Windows 2000 and Windows .NET Server,
processing nodes. Programmers do not need to
a mirrored volume is a type of volume created with
worry about how network resources are managed
Disk Management that duplicates data on two separate
for the applications they develop.
physical disks. This provides a measure of fault toler-
● Abstract locality: Applications do not need to ance, for if one physical disk fails, the data is still acces-
know where they reside or are executed. Resources sible from the second disk.
for applications are automatically located by the
In Windows 2000 and Windows .NET Server, mirrored
network and assigned as needed.
volumes cannot be extended and they must be created
Automatic performance tuning: The network on dynamic disks. Although mirrored volumes perform
●
dynamically monitors and adjusts how and where read operations more slowly than RAID 5 volumes, M
processing tasks are distributed in order to optimize they do execute write operations more quickly.
application performance.
Notes
● Dynamic resource management: Hardware and The Windows NT equivalent of a mirrored volume was
software resources are automatically enlisted and called a mirror set.
bound to application processes at runtime and
See Also: dynamic volume, mirroring, mirror set,
released when no longer required.
redundant array of independent disks (RAID)
One of the Millennium prototype projects is called
Coign, which supports the self-configuration and self- mirroring
tuning of Component Object Model (COM) objects Maintaining an identical copy of an information store or
across a network. Coign supports the dynamic partition- disk system for fault tolerance purposes.
ing of applications to improve performance and sim-
plify the management of distributed applications. Overview
Mirroring is one of several different strategies for inte-
For More Information grating fault tolerance into storage systems. Using mir-
Find out more at www.research.microsoft.com/sn/ roring, two identical copies of mission critical data are
millennium. maintained, and if the primary system goes down, the
See Also: Component Object Model (COM), Jini, secondary system can be brought online quickly with
Microsoft Research (MSR) little or no loss of data. Mirroring can be implemented
at various levels from disk mirroring (two identical disk
drives within a server) to server mirroring (two identical
779
mirror set mirror set
servers having the same data and running at different being located at a secure remote location. Local
locations) to mirroring of enterprise storage solutions data is always current on both mirrors, while the
such as storage area networks (SANs). Mirroring at remote mirror is slightly out of sync by a time
higher levels is commonly used in financial institutions period called the “mirror gap.” The result is that if
such as banks and brokerages to ensure speedy recovery both local mirrors go down and the remote mirror is
in the event of a disaster. brought online, some transactions will inevitably
be lost. The advantage is that the WAN link to the
Mirroring is not a replacement for tape backup systems;
remote site does not have to be an expensive high-
instead, it complements the standard backup cycle by
speed link as in remote symmetric mirroring, but
providing additional redundancy and fault tolerance.
can instead be a cheaper low-bandwidth link such
Mirroring of enterprise servers is a popular solution in
as frame relay or Integrated Services Digital Net-
high availability environments because the recovery
work (ISDN). The remote storage system may even
window (the time to bring a mirrored system online
be managed by a separate company such as a stor-
after a disaster) is typically less than an hour, while the
age service provider (SSP), eliminating the cost
time to restore a system completely from backup sets
overhead of needing to purchase three identical
may be 24 to 48 hours. Mirroring does have the disad-
storage systems.
vantage of being expensive compared to tape backup,
since duplicate storage systems are required to imple- See Also: backup, electronic tape vaulting, fault toler-
ment it. ance, frame relay, Integrated Services Digital Network
(ISDN), metropolitan Ethernet, mirrored volume, stor-
Implementation
age, storage area network (SAN), storage service pro-
Mirroring can implemented using several techniques:
vider (SSP), wide area network (WAN)
Symmetric mirroring: Usually simply called mir-
M ●
780
mixed mode MMC
For read operations, mirror sets are slower than other switch your Windows 2000 domain controllers from
redundant array of independent disks (RAID) configu- mixed mode to native mode. Note that this is a process
rations such as stripe sets with parity, but on the other that can be performed only once—you cannot change
hand they are faster for write operations. native mode domain controllers back to mixed mode.
See Also: fault tolerance, mirrored volume, mirroring, Windows 2000 domain controllers are installed in
redundant array of independent disks (RAID) mixed mode by default when you run the Active Direc-
tory Installation Wizard to upgrade a member server to
a domain controller. To change domain controllers from
mixed mode
mixed mode to native mode, use the Active Directory
A mode of running Microsoft Windows 2000 domain
Users and Computers console. During a migration
controllers.
from Windows NT to Windows 2000, after you have
Overview upgraded all your downlevel domain controllers to
When Windows 2000 domain controllers are running in Windows 2000 you should change your domain to
mixed mode, they are backward compatible with native mode in order to take advantage of Windows
domain controllers running the Windows NT operating 2000’s special features, such as multimaster replication,
system. This is because Windows 2000 domain control- nesting of groups, and universal groups. If you are
lers running in mixed mode use Windows NT LAN deploying a pure Windows 2000–based network, how-
Manager (NTLM) as their authentication protocol ever, you should configure your domain controllers to
instead of Kerberos, which allows Active Directory run in native mode from the start.
directory service to communicate with downlevel
See Also: Active Directory, Active Directory
Windows NT domain controllers.
Users and Computers, domain controller, domain
Mixed mode has the following special considerations: modes, Kerberos, native mode, universal group,
Windows NT LAN Manager Authentication
M
● It does not support the use of universal groups.
● It does not support unlimited nesting of groups—
you can only add global groups to domain local
MLP
groups with one level of nesting. Stands for Multilink Point-to-Point Protocol, a wide
area network (WAN) protocol for aggregating multiple
● It does not support policy-based management of Point-to-Point Protocol (PPP) connections.
remote access servers.
See: Multilink Point-to-Point Protocol (MPPP)
● Multimaster replication does not function between
uplevel and downlevel domain controllers—down-
level Windows NT domain controllers replicate MLS
updates from the PDC to the backup domain con- Stands for Multilayer Switching, a LAN switching term
trollers (BDCs) in the usual way. that can have several meanings.
● Some advanced management options for Windows See: Multilayer Switching (MLS)
2000 domain controllers are not available for down-
level Windows NT domain controllers. MMC
Implementation Stands for Microsoft Management Console, a tool and
Mixed mode is designed to be used mainly as a tem- software framework for administering systems running
porary solution during the process of migrating a Microsoft Windows 2000 or later.
Windows NT–based network to a Windows 2000–
See: Microsoft Management Console (MMC)
based one. Once the migration is complete, you can
781
MMDS Mobile Execution Environment (MExE)
782
Mobile Information Server Mobile Transport Serving Office (MTSO)
Mobile Information Server access. The aim is to bring standards and consistency by
Microsoft Corporation’s .NET Enterprise Server for providing guidelines for graphical displays on cellular
enabling wireless access to enterprise data. handsets, transmission schemes for accessing music
and video, and other functions. M-Services is designed
Overview to overcome some of the problems inherent in Wireless
Microsoft Mobile Information 2001 Server provides Application Protocol (WAP), the first generation of cel-
enterprises with a platform for allowing users to access lular Internet access technologies. WAP is generally
data stored on corporate intranets and database servers viewed as too slow and complex for mobile platforms,
from mobile devices such as cell phones and wireless and application development for this platform has
personal digital assistants (PDAs). Mobile Information tended to result in a variety of proprietary extensions.
Server thus extends the reach of .NET enterprise appli-
cations by bringing content to the mobile knowledge M-Services focuses on providing guidelines for appli-
worker. Using Mobile Information Server, people can cation development on General Packet Radio Services
have access to corporate e-mail, calendars, contacts (GPRS), a 2.5G upgrade to existing second-generation
lists, tasks, and any other desired information. (2G) Global System for Mobile Communications
(GSM) cellular systems used widely in Europe and
Mobile Information Server includes two components: becoming more popular in North America. GPRS is
● A server application that acts as middleware viewed as a stepping stone to true third-generation (3G)
between back-end .NET Enterprise Servers such as broadband mobile communications systems, which are
Microsoft Exchange 2000 Server and Microsoft now not likely to be widely deployed until 2005.
SQL Server M-Services is supported by the GSM Association, by
● A client application called Microsoft Outlook manufacturers of mobile technologies such as Ericsson,
Mobile Access that provides a Web-based portal to Motorola, and Nokia, and by mobile operators such as
France Telecom and Telecom Italia Mobile.
M
information residing on these servers
Mobile Information Server offers an extensible archi- See Also: 2.5G, 3G, cellular communications, General
tecture that supports connectors for allowing mobile Packet Radio Service (GPRS), Global System for
users to access information stored on any type of data Mobile Communications (GSM), Wireless Application
server or information store. Mobile Information Server Protocol (WAP)
supports end-to-end security, load balancing and clus-
tering, and content replication and delivery. Mobile Transport Serving
For More Information Office (MTSO)
Find out more at www.microsoft.com/miserver. A component of a cellular communications system.
See Also: cellular communications, Exchange Server, Overview
middleware, .NET Enterprise Servers, SQL Server In a cellular communications system, the region where
coverage is desired is broken up into a series of small
overlapping areas called cells. Each cell is serviced by
Mobile Services Initiative
a base station, which has a transceiver (transmitter/
(M-Services)
receiver) for sending and receiving calls with mobile
A proposed set of standards for broadband cellular
users in that area. For communications to take place,
Internet access.
however, frequencies or time slots (depending on the
Overview cellular technology used) must be allocated without
Mobile Services Initiative (M-Services) is designed to conflict to users in different cells, a function performed
speed the deployment of broadband cellular Internet by a central station called a Mobile Transport Serving
783
MOC modem
Office (MTSO). The MTSO thus coordinates the activ- the analog local loop portion of the Public Switched
ities of the different transceivers within a given region Telephone Network (PSTN). Analog modems generally
and provides a land-based (wireline) link between these have two interfaces: an RS-232 serial transmission inter-
transceivers and the telco central office (CO) for con- face for connecting to the DTE, which is usually a com-
nection to the Public Switched Telephone Network puter; and an RJ-11 telephone interface for connecting to
(PSTN). Connections between base stations and the a standard four-wire PSTN telephone jack.
MTSO, and between the CO and the MTSO, are usually
Analog modems are popular and come in various types:
made using telco trunk lines.
● Internal modems, which are installed as interface
cards inside the computer and might use some of
Base the machine’s CPU (central processing unit) pro-
Cell station
cessing power for functions such as encoding and
data compression. One popular type of internal
modem is the soft modem, an inexpensive modem
PSTN that utilizes some of the processing power of the
computer’s CPU to operate.
MTSO CO
● External modems, which are generally more expen-
sive and connect to the serial port on the computer
using a DB9 or DB25 connector. External modems
are useful when several users need to share a
G0MXX10 (new to 2E)
784
modem eliminator modem sharing
variety of serial interfaces, including RS-232, RS-449, Modem eliminators are similar to line drivers, but
V.35, X.21, and High Speed Serial Interface (HSSI). modem eliminators simply connect two pieces of DTE
and line drivers connect DTE to data communications
See Also: analog modem, cable modem, data commu-
equipment (DCE). Also, line drivers regenerate signals
nications equipment (DCE), data terminal equipment
and thus extend the maximum possible distance, but
(DTE), digital modem, Digital Subscriber Line (DSL),
modem eliminators do not. Finally, line drivers are used
Integrated Services Digital Network (ISDN), ISDN
in pairs (one at each end of the line), and modem elimi-
terminal adapter, Public Switched Telephone Network
nators are used singly and are placed at the midpoint
(PSTN), RS-232, serial transmission
between the two devices being connected.
See Also: data communications equipment (DCE),
modem eliminator
data terminal equipment (DTE), line driver, modem,
A device for connecting two pieces of data terminal
serial transmission
equipment (DTE).
Overview
Modem eliminators provide an easy way to connect two
modem sharing
Any method for sharing a modem among several
pieces of DTE without a modem. Modem eliminators
computers.
accomplish this by simulating a synchronous transmis-
sion data link through generating timing and handshak- Overview
ing signals. Modem eliminators can use a variety of Modem sharing is an inexpensive method for small net-
serial interfaces, including RS-232, RS-422/485, RS- works to share a single Internet or remote access con-
530, V.25, or X.21, and can operate at speeds of up to nection. For example, in a Small Office/Home Office
2.048 megabits per second (Mbps). (SOHO) environment, a cable modem or Digital Sub-
scriber Line (DSL) modem can be used to share a single M
DTE high-speed Internet connection among several users.
Another scenario is in remote branch offices where a
single shared modem can be used for occasional remote
access connectivity over a wide area network (WAN)
link to the head office.
Modem sharing can be implemented in two ways:
● Hardware-based: Hubs and routers that have
RS-232
built-in 56K, DSL, or Integrated Services Digital
Line (IDSN) modems often have modem sharing
Modem
eliminator capability. In this scenario, you simply plug your
phone line into a hub or a router, and then use a
DTE Category 5 (Cat5) patch cord to connect the hub
or router to your local area network (LAN) hub
or switch, and computers on your network trans-
RS-232
parently have access to the external network. In
another approach, you can use a broadband router
to connect your LAN to your DSL or cable modem
to provide high-speed Internet access to users on
your network.
G0MXX11 (was G0Mui15 in 1E)
Modem eliminator. Using a modem eliminator to connect ● Software-based: By connecting a modem to one
two DTE over a serial link. machine on the network and installing modem
785
modulation modulation
sharing software on that machine, other machines is generally called modulation, but for transmission over
on that network gain access to the external connec- digital lines such as T1, frame relay, and Integrated Ser-
tion through that machine. Microsoft Corporation vices Digital Network (ISDN) lines, the term encoding or
includes modem sharing software called Internet line coding is usually used instead. Some reference
Connection Sharing with its Windows Millennium works tend to blur this distinction, however, and there is
Edition (Me), Windows 2000, and Windows XP usually some overlap between the concepts.
operating system platforms. Third-party modem
Types
sharing software is also available from a variety of
Modulation forms the basis of the digital-to-analog
vendors. The main disadvantage of the software-
converter (DAC) component of a standard analog
based approach to modem sharing is that if the
modem. Modulation in modems allows digital binary
computer having the modem goes down, other
information to be received from a serial interface on a
computers on the network cannot use the modem.
computer and modulated into sound waves for trans-
Marketplace mission over the voice-grade PSTN.
Modem sharing hardware for DSL and cable Internet ser-
vices are becoming popular. Some examples of broad- Voltage
band routers from different vendors include the ZyXEL
Prestige 310, Netopia 9100, and WatchGuard SOHO.
Notes
If you use modem sharing to provide your network with AM Time
high-speed connectivity to the Internet, be sure to use a
firewall to secure your network against outside intru-
M sion. If you use Windows 2000, another good step is to
turn off Internet File Sharing.
1 0
See Also: broadband Internet access, cable modem,
Digital Subscriber Line (DSL), hub, Integrated Services Voltage
Digital Network (ISDN), modem, router
modulation FM Time
Converting analog signals into digital signals (the
reverse process is called demodulation).
Overview
Modulation is the process by which digital information is 1 0
encoded into analog electrical signals for transmission
Voltage
over a medium. Digital information is usually binary
information, as represented by a series of 1s and 0s, and
must be converted into analog electrical signals (volt-
ages) for transmission over wires (or into light waves for
PM Time
transmission over fiber-optic cabling).
Modulation is often confused with signal encoding or
line coding, as these processes are inherently similar.
However, for transmission using modems over the Public 1 0
Switched Telephone Network (PSTN) lines, the process G0MXX12 (was G0Mui16 in 1E)
786
modulation modulation
787
MOF MPLS
MOUS Overview
Mozilla is an open-source project aimed at developing a
Stands for Microsoft Office User Specialist, a
free, standards-based Web browser. Mozilla is based on
Microsoft certification for users of Microsoft Office.
Netscape Navigator, a popular Web browser platform
See: Microsoft Office User Specialist (MOUS) developed by Netscape in the mid-1990s which was
itself based on the earlier NCSA Mosaic browser.
moving files Mozilla will run on a variety of operating system plat-
Changing the directory in which a file is stored. forms, including Microsoft Windows, Apple Macin-
tosh, and Linux. The development of the Mozilla
M Overview browser is being coordinated by Mozilla.org, an open-
On Microsoft Windows platforms, files can be moved source organization.
using a graphical user interface (GUI) tool such as
Windows Explorer or from the command prompt using For More Information
the Move command. Some inheritance issues are associ- Visit mozilla.org for details on Mozilla.
ated with moving files on Windows NT and Windows See Also: Internet Explorer, open source, Web browser
2000 platforms that use the NTFS file system (NTFS). In
particular, the effect of moving a file depends on wheth-
er the file is moved within a volume or to a different
MP
volume: Stands for Multilink Point-to-Point Protocol, a wide
area network (WAN) protocol for aggregating multiple
● If you move a file within an NTFS volume, it retains Point-to-Point Protocol (PPP) connections.
its original permissions.
See: Multilink Point-to-Point Protocol (MPPP)
● If you move a file between volumes, it inherits the
permissions of the folder it is moved to.
MPLS
Notes
Stands for Multiprotocol Label Switching, a protocol
If you move an object within Active Directory directory
for efficiently routing traffic across a large Internet
service on a Windows 2000–based network, the object
Protocol (IP) network such as the Internet.
loses any permissions that were assigned to the organi-
zational unit (OU) in which it resided and inherits the See: Multiprotocol Label Switching (MPLS)
permissions assigned to the OU to which it is moved.
788
MPOA MSF
789
MSR Multicast Address Dynamic Client Allocation Protocol (MADCAP)
790
Multicast Dynamic Host Configuration Protocol (MDHCP) multicasting
791
multicasting multicasting
common reserved multicast addresses and their once the last host has left this group, the group
uses. All multicast addresses within the range ceases to exist and the address is released for other
224.0.0.0 through 224.0.0.255 are reserved for spe- uses. Addresses for transient multicast groups
cial use, although some of these addresses have not are chosen from the range 224.0.1.0 through
had their uses specifically assigned yet. Addresses 238.255.255.255, as all other class D addresses
within this range are reserved for local subnet use are reserved as described previously.
only and are not forwarded to other subnets by rout-
IP hosts can support multicasts at one of three levels:
ers, regardless of the time-to-live (TTL) in the
packet headers. Addresses that fall within the range ● Level 0: Cannot send or receive multicast traffic
239.0.0.0 through 239.255.255.255 are similarly
● Level 1: Can send but not receive multicast traffic
reserved. Some addresses in the 224.0.1.0 through
224.0.1.255 are also reserved, and, unlike other per- ● Level 2: Can send and receive multicast traffic
manent addresses, these can be forwarded by rout-
Microsoft Windows 2000 supports Level 2 multicast
ers. Additional addresses are also reserved for
functionality for all forms of IP traffic.
vendor-specific and service provider-specific multi-
cast transmissions. Implementation
Membership in a multicast group is dynamic—hosts
Examples of Reserved IP Multicast Addresses
can join or leave a group as they choose. To join a mul-
Address Description ticast group, a host sends a message to the all hosts mul-
224.0.0.0 Base address (not used) ticast group 224.0.0.1. This informs routers on the local
224.0.0.1 All hosts on the local subnet subnet that the host wants to join a specific multicast
224.0.0.2 All routers on the local subnet group. Routers then periodically send queries to the
M 224.0.0.5 All Open Shortest Path First
(OSPF) version 2 routers on the
same multicast group to ensure hosts are still interested
in belonging to multicast groups. Hosts can belong to
network more than one multicast group simultaneously, and
224.0.0.6 Designated Open Shortest Path multicast groups can span multiple subnets.
First (OSPF) version 2 routers on
the network When the host wants to leave a group, it sends a message
224.0.0.9 Routing Information Protocol to the All Routers multicast group 224.0.0.2. These mes-
(RIP) version 2 group address sages between hosts and routers are sent using the Inter-
224.0.0.18 Internet Group Management net Group Management Protocol (IGMP).
Protocol (IGMP) group address
224.0.1.1 Network Time Protocol (NTP) Routers must be multicast-enabled to support multicast-
224.0.1.24 WINS server group address ing. Multicast routers communicate using multicast
224.0.1.75 Session Initiation Protocol (SIP) routing protocols such as Multicast Open Shortest Path
group address First (MOSPF) and Protocol Independent Multicast
224.0.12.0 to Used by MSNBC (PIM).
224.0.12.63
For More Information
224.0.18.0 to Used by Dow Jones
Visit the IP Multicast Initiative at www.ipmulticast.com.
224.0.18.255
See Also: broadcasting, Class D, classless interdomain
● Transient: Addresses that are used to define multi- routing (CIDR), Internet Group Management Protocol
cast groups formed for specific multicast transmis- (IGMP), Internet Protocol (IP), IP address, multicast
sions such as a videoconferencing session. Each routing, multicast routing protocol, router, unicasting
transient address specifies a multicast group, and
792
Multicast Open Shortest Path First (MOSPF) multicast routing protocol
Multicast Open Shortest Path destination. From the point of view of unicasting, subnets
are well-defined entities connected by routes.
First (MOSPF)
A dense mode multicast routing protocol. Multicast routing is different: multicast packets are for-
warded to multicast-enabled routers and these routers are
Overview responsible for ensuring that hosts belonging to the mul-
Multicast Open Shortest Path First (MOSPF) is a pro-
ticast group specified by the destination address receive
tocol that allows multicast-enabled routers to com-
the transmitted packet. Group members may be located
municate with each other in order to build multicast
in a single subnet or in many different subnets and may
forwarding tables. These tables contain trees of infor-
be concentrated either in a small portion of the larger
mation specifying which subnets have hosts that belong
internetwork or scattered all over the place. To ensure
to different multicast groups. This allows hosts belong-
that multicast packets are not forwarded to subnets where
ing to a specific group to receive multicast transmis-
no interested hosts reside and to ensure that they are for-
sions directed toward that group.
warded from routers on noninterested subnets to other
MOSPF is designed to be used within a single routing routers further downstream, multicast routing protocols
domain or autonomous system (AS). Although it is are used to allow multicast-enabled routers to communi-
classified as a dense mode multicast routing protocol, cate with each other and exchange information.
MOSPF does not work well for networks that have
Information about which subnets interested hosts reside
large numbers of active multicast groups due to the
on is maintained in multicast forwarding tables stored
large amount of overhead involved in recalculating dis-
on multicast-enabled routers. An entry in this table indi-
tribution trees when multicast groups are added or
cates that there is at least one interested host (a host
removed from the network. Performance is best for
belonging to the multicast group to which the transmis-
MOSPF when only a few multicast groups are active,
and, as a result, MOSPF is not widely used for multi-
sion is directed) in the subnet mapped to that entry.
Multicast routing protocols generally store their multi-
M
casting over the Internet.
cast forwarding tables as hierarchical structures called
MOSPF is based on the unicast Open Shortest Path multicast trees. A tree defines the distribution of multi-
First (OSPF) routing protocol and is defined in RFC cast packets from the sending host to all receiving hosts
1584. Cisco routers do not support MOSPF. within its multicast group. Mulitcast trees are created
and maintained by processes known as grafting and
See Also: autonomous system (AS), multicasting,
pruning and can be either source trees which find the
multicast routing, multicast routing protocol, Open
shortest path from the sending host to each potential
Shortest Path First (OSPF)
receiving host, or shared trees which merge source trees
into a single tree for each specific group. Multicast traf-
multicast routing fic is prevented from being sent to subnets where no
Routing of multicast packets across an internetwork interested hosts reside by a process known as scooping.
from the sending host to the receiving group of hosts.
See Also: multicasting, multicast routing protocol,
Overview routing, unicasting
Ordinary routing is unicast routing—that is, the routing
of unicast packets. Unicast routing involves forwarding
Internet Protocol (IP) packets from the sending host
multicast routing protocol
Any protocol used for communication between
to a specific, globally unique receiving host. Routing
multicast-enabled routers.
involves forwarding the packet across multiple subnets to
its final destination, the number of subnets crossed being Overview
the number of hops required for the packet to reach its Multicasting on an Internet Protocol (IP) internetwork
relies on special multicast-enabled routers. These
793
multihoming multihoming
routers enable hosts to register themselves for sending ● Core-Based Trees (CBT): Creates a single dis-
or receiving multicast transmissions. Multicast routers tribution tree for each multicast group. CBT is
communicate with each other using multicast routing defined in RFC 2201.
protocols in order to create multicast forwarding tables
See Also: Core-Based Trees (CBT), Distance Vector
(multicast trees) that ensure that each host that joins a
Multicast Routing Protocol (DVMRP), multicasting,
multicast group receives the transmission directed
Multicast Open Shortest Path First (MOSPF), multicast
toward that group.
routing, Protocol Independent Multicast-Dense Mode
Types (PIM-DM), Protocol Independent Multicast-Sparse
There are two basic kinds of multicast routing protocols: Mode (PIM-SM), routing protocol
● Dense mode: Protocols used when large numbers
of hosts grouped together in dense clusters need to multihoming
receive multicast traffic. Dense mode protocols The process of having more than one network interface
need a large amount of network bandwidth in order on a device.
to operate because they periodically flood the net-
Overview
work with multicast traffic. Examples of dense
Networking devices that have more than one interface
mode multicast routing protocols include
are called multihomed devices. A router is a good
● Distance Vector Multicast Routing Protocol example of a multihomed device because it has several
(DVMRP): An early protocol based on Rout- network interfaces, each usually connected to a differ-
ing Information Protocol (RIP) and now rarely ent subnet.
used. It is defined in RFC 1075.
Computers can also be multihomed by giving them
M ● Multicast Open Shortest Path First
(MOSPF): A protocol based on the unicast
multiple interfaces to a network. This is true even if
the computer has only a single physical interface (net-
Open Shortest Path First (OSPF) routing proto- work interface card, or NIC). For example, Microsoft
col. MOSPF is designed for use within a single Windows 2000 allows you to assign more than one
autonomous system (AS) and is defined in RFC Internet Protocol (IP) address to a single physical inter-
1584. face, resulting in multiple virtual interfaces and making
the machine a multihomed host. When a computer is
● Protocol Independent Multicast-Dense
connected to both a local area network (LAN) using a
Mode (PIM-DM): Similar to DVMRP but uses
NIC and the Internet using a dial-up connection, this
a unicast routing protocol for building its multi-
can also be considered multihoming since the dial-up
cast trees.
connection is also an interface (a wide area network
● Sparse mode: Protocols used when smaller num- [WAN] interface typically running Point-to-Point Pro-
bers of hosts are widely scattered over the network. tocol [PPP]), though the term multihoming is not
Sparse mode protocols utilize less bandwidth than always used in this scenario.
dense mode ones, and they build multicast trees
The most common way of multihoming a computer,
by joining branches to the main distribution tree.
however, is to install two or more physical interfaces
Examples of sparse mode multicast routing proto-
(NICs) and assign separate IP addresses to each NIC.
cols include
Windows 2000 supports all of these methods of multi-
● Protocol Independent Multicast-Sparse Mode homing. Note that the first method of using multiple
(PIM-SM): Similar to PIM-DM but optimized virtual interfaces is sometimes called multinetting and
for sparse multicasting environments. is considered by some not to be true multihoming.
794
multihoming multihoming
Uses
Multihoming has a number of possible uses:
● For turning a computer into a router. If you install
multiple NICs in a Windows 2000 server computer, LAN #1
the machine can be used as a router on an IP inter-
network. The Routing and Remote Access Service NIC 1
(RRAS) of Windows 2000 makes this scenario pos-
sible. If you enable Routing Information Protocol NIC 2 IP= 172.16.8.7
(RIP) on the computer, it can function as a dynamic
router that can exchange routing table information
with other RIP-enabled routers. Or if you do not IP= 172.16.9.4
enable RIP, the computer can function as a static
router, in which case you would manually configure
the server’s routing table from the command
prompt using the Route command. LAN #2
interfaces having different IP address. Multihoming. A multihomed server with two interfaces.
● For connecting Dynamic Host Configuration Proto- Notes
col (DHCP) servers to several subnets simulta- The term multihoming is also used in a different sense
neously for dynamic IP address allocation to hosts. in the modern enterprise: using several Internet Service M
Providers (ISPs) to connect your network to the Inter-
● For connecting a privileged host to both a low-
net. A typical multihoming scenario would see two
security LAN and a restricted high-security LAN.
leased lines joining your network to the Internet. Each
Issues line is leased from a different ISP, and one line is used
Some issues can arise with multihomed hosts: to bring IP traffic into your network while the other is
used to carry traffic out of the network. The motive for
● Multiple default gateways: If you multihome a
this kind of multihoming is to ensure redundant connec-
computer with two or more physical interfaces that
tion for enterprise data centers to the high-speed back-
are not aware of each other’s presence and then
bone of the Internet through different points of presence
assign different default gateway addresses to each
(POPs) belonging to different carriers. This is desir-
interface, network communications problems can
able for companies that view the Internet as a mission-
arise. To solve this, use only a single default gate-
critical resource and cannot afford any downtime.
way and assign the corresponding address to the
interface carrying more traffic. To implement Internet multihoming in this way gener-
ally requires high-end routers and an understanding of
● Remote access: A typical remote access server has
complex protocols, such as Border Gateway Protocol
both a local area network (LAN) interface and a
(BGP), that are used on the Internet’s backbone. Often,
wide area network (WAN) interface. You should
the challenge in this scenario is to get the different ISPs
generally use static routing between these two inter-
to cooperate with one another to ensure your network
faces to avoid routing problems.
does not have IP address space problems. This is
795
Multilayer Switching (MLS) Multilink Frame Relay (MFR)
because a multihomed network needs to have its own high-speed core of an enterprise network. The MLS
autonomous system number (ASN) assigned to it by an architecture is built using several components,
Internet registry such as the American Registry for including a Multilayer Switching Switch Engine
Internet Numbers (ARIN). Many large ISPs usually (MLS-SE), Multilayer Switching Route Processor
will not agree to this kind of multihoming arrangement (MLS-RP), and Multilayer Switching Protocol
unless a minimum of a T3 connection is employed, (MLSP) from Cisco Systems.
which means that only large companies such as IBM,
See Also: Ethernet switch, Layer 2 switch, Layer 3
Hewlett-Packard Company, Amazon.com, and eBay
switch, Layer 4 switch, Open Systems Interconnection
can afford to implement this kind of multihoming. Nev-
(OSI) reference model, router
ertheless, the steady rise in the number of ASNs being
allocated by ARIN over the last few years indicates the
rise in popularity of Internet multihoming among large Multilink Frame Relay (MFR)
enterprises and e-business companies. A cheaper alter- A new frame relay aggregation technology.
native to multihoming for enterprises that need redun-
Overview
dancy is simply to lease several T1 or T3 lines from the
Multilink Frame Relay (MFR) is a new standard from
same carrier and inverse multiplex them into a single
the Frame Relay Forum that allows multiple frame
connection.
relay links to be aggregated using inverse multiplexing.
See Also: American Registry for Internet Numbers The goal of MFR is to make frame relay an attractive
(ARIN), autonomous system number (ASN), Border technology in the market niche between T1 and T3
Gateway Protocol (BGP), Dynamic Host Configura- lines. Enterprises using multiplexed T1 lines that
tion Protocol (DHCP), interface, inverse multiplex- require more bandwidth often balk at the cost of
ing, network interface card (NIC), router upgrading to T3, which offers speeds of 45 megabits
M per second (Mbps) compared to T1’s 1.5 Mbps. MFR is
designed to provide a lower-cost option that can provide
Multilayer Switching (MLS) bandwidth intermediate between T1 and T3.
A local area network (LAN) switching term that can
have several meanings. Implementation
MFR is implemented at the service provider end using
Overview
MFR-enabled carrier-class frame relay switches and at
The term Multilayer Switching (MLS) can have several
the customer premises end using MFR-enabled Inte-
meanings within the context of LAN switching. Specif-
grated Access Devices (IADs). Multilink Point-to-Point
ically, it can refer to
Protocol (MPPP) service providers include competi-
● The ability of a LAN switch to mimic the functions tive local exchange carriers (CLECs), building local
of a router. In other words, the term can be synony- exchange carriers (BLECs), and large Internet service
mous with Layer 3 switching. providers (ISPs). Service providers generally target
midsize businesses and multitenant units (MTUs) for
● A switch that can operate at multiple layers of the
deploying MFR.
Open Systems Interconnection (OSI) reference
model. For example, a multilayer switch could MFR is often used in conjunction with MPPP, a wide
bridge at Layer 2, route at Layer 3, and screen ports area network (WAN) protocol that allows scalable
at Layer 4. bandwidth allocation using dynamic bonding of multi-
ple Point-to-Point Protocol (PPP) links. MPPP devices
● A Cisco LAN switching architecture that allows
can aggregate up to 128 separate frame relay links into
switches and routers to work together within the
796
Multilink Point-to-Point Protocol (MPPP) Multilink Point-to-Point Protocol (MPPP)
a single logical pipe, with individual links ranging from (Kbps) B channels of an ISDN-BRI interface into a sin-
DS-0 to T1. gle 128-Kbps logical channel or aggregate two or more
BRI interfaces together for even greater throughput.
See Also: Building-centric Local Exchange Carrier
(BLEC), Competitive Local Exchange Carrier (CLEC),
DS-0, frame relay, Integrated Access Device (IAD), Modem
Internet service provider (ISP), Multilink Point-to-Point
Protocol (MPPP), multitenant unit (MTU), Modem
Point-to-Point Protocol (PPP), T-carrier PPP
Windows NT
Multilink Point-to-Point PPP Server
Protocol (MPPP) PPP
A wide area network (WAN) protocol for aggregating
multiple Point-to-Point Protocol (PPP) connections. Modem
PPP Multilink PPP
channel
Overview
Modem
Multilink Point-to-Point Protocol (MPPP) can be used
to bundle together multiple physical PPP links into
a single logical link. This is accomplished by using
inverse multiplexing on each end of the link, at both the
customer premises, and at the service provider (for an
MPPP connection to be established, both ends of the
connection must support MPPP). MPPP’s purpose is Windows NT
usually to provide greater bandwidth for a WAN con- Workstation M
nection than a single PPP link can provide, but since G0MXX14 (was G0Mui19 in 1E)
MPPP is a dynamic process, it can also be used to better Multilink Point-to-Point Protocol (MPPP). Using MPPP to
utilize bandwidth and even load-balance between con- bond two PPP links together.
nections. The advantages of using MPPP on WAN links MPPP was the first industry-standard nonproprietary
include increased bandwidth, dynamic bandwidth allo- method for ISDN bonding, and as a result, it is popular
cation, reduced latency, and fault tolerance. MPPP’s where ISDN technologies are still used. Because MPPP
main disadvantage is that it is difficult to support call- is a dynamic protocol, it can also be used to dynami-
back for remote access servers. cally bring online the second B channel whenever the
MPPP is an extension to the industry-standard PPP and bandwidth of a single channel is insufficient and then
is defined in RFC 1990. MPPP is supported by most dynamically release the second channel when it is no
access servers and routers and also by the Microsoft longer required. This is done by configuring a traffic
Windows 2000 operating system. Multilink Point-to- threshold above which the second channel will auto-
Point Protocol is variously abbreviated as MPPP, MP, or matically be activated. MPPP is supported by most
MLP, and is abbreviated occasionally (and wrongly) as ISDN terminal adapters.
MPP or even MLPPP. Sometimes it is simply called A newer use of MPPP is in ISDN Digital Subscriber
Multilink Protocol for short! Line (IDSL), a form of Digital Subscriber Line (DSL)
Uses technology based on ISDN signal coding. By installing
A popular use of MPPP is in Integrated Services Digital an MPPP-enabled IDSL router at the customer pre-
Network (ISDN) networking where it can be used to mises and a similar router at the service provider’s point
either bond (combine) the two 64-kilobits per second of presence (POP), up to four 144 kilobits per second
797
multimaster replication multimaster replication
(Kbps) IDSL links can be multiplexed into a single 576 multiplexing of PPP links also supports session and
Kbps link. MPPP IDSL is a technology pioneered by bandwidth management functions, including the
Netopia and is intended mainly for corporate WAN use dynamic addition or removal of channels without the
and not for residential Internet access. Using MPPP need to reinitialize the link. Both the client and the
IDSL eliminates the need for installing a costly Digital server must support MPP for this to work.
Subscriber Line Access Multiplexer (DSLAM) at the
See Also: Challenge Handshake Authentication Proto-
customer premises and is ideal for environments such
col (CHAP), Digital Subscriber Line (DSL), Digital
as remote telco terminals that are too limited in size to
Subscriber Line Access Multiplexer (DSLAM), Inte-
house DSLAMs.
grated Services Digital Network (ISDN), inverse multi-
Implementation plexing, ISDN Digital Subscriber Line (IDSL), ISDN
MPPP can be implemented over a variety of interfaces, fallback adapter, Link Control Protocol (LCP), Pass-
including asynchronous dial-up modem connections, word Authentication Protocol (PAP), Point-to-Point
Integrated Services Digital Network (ISDN), and even Protocol (PPP), wide area network (WAN)
synchronous connections. MPPP is negotiated during
the Link Control Protocol (LCP) portion of a PPP
multimaster replication
authentication session.
Replication between peers.
MPPP defines procedures for splitting a PPP data
Overview
stream into packets, sequencing the packets into time
Replication is an important aspect of many kinds of net-
slots, transmitting them over a logical data link, and
work services. For example, in network directory ser-
reassembling them at the receiving station. MPPP
vices, replication ensures that each directory server has
works by inverse multiplexing data frames from multi-
an up-to-date version of directory information for the
M ple client PPP connections into a single PPP link, and
then demultiplexing the link to recreate the individual
network. Replication between directory servers can
take place in two ways: master/slave and multimaster
connections at the service provider’s router.
replication.
MPPP supports two kinds of PPP authentication: Chal-
In master/slave replication, the master server maintains
lenge Handshake Authentication Protocol (CHAP) and
the master copy of directory information and replicates
Password Authentication Protocol (PAP).
this information with slave servers through periodic
Notes updates. Directory information can usually only be
A proprietary extension to MPPP supported by some modified directly on the master server—slave servers
vendors is called Multichassis Multilink Point-to-Point usually have read-only versions of directory informa-
Protocol (MMP), which allows MPPP connections to tion. Master/slave replication is reliable but scales
be aggregated across multiple routers and network poorly and has a single point of failure—should the
access servers (NASs) in a way that is transparent to the master server go down, the directory cannot be updated
dial-up MPPP client. In other words, the client initiates unless a slave server is promoted to the role of master.
an MPPP session but is actually connected to several Master/slave replication is used by the Windows NT
MMP-enabled NASs at the ISP instead of only one Directory Services (NTDS) of the Microsoft Windows
NAS, as in the usual scenario. MMP enables the data NT 4.0 operating system, where master servers are
stream to be split, sequenced, and recombined at several called primary domain controllers (PDCs) and slaves
different points to provide a single logical connection are backup domain controllers (BDCs). In Windows
between the client and the ISP. NT, directory information is stored on domain control-
lers in the Security Account Manager (SAM) database,
Another proprietary extension to MPPP is called Multi-
and although the PDC for each domain has a writable
channel PPP (MPP), which in addition to inverse
798
multimode fiber-optic cabling multimode fiber-optic cabling
copy of the SAM database, the BDCs for that domain fiber. This is accomplished by transmitting multiple
have read-only copies of the database. light signals simultaneously through specially con-
structed fiber. This enables multimode fiber to sustain a
In multimaster replication, however, there is no master
much greater bandwidth than single-mode fiber, a type
directory server—all directory servers are peers of one
of fiber that supports only one light signal at a time.
another. Multimaster replication scales well and has no
single point of failure, but it must be implemented prop- The disadvantage of multimode cabling is that multi-
erly using time stamping of updates and time synchro- mode transmission is more complex and incurs greater
nization between servers to ensure that replication risk of signal loss. As a result, multimode fiber runs
occurs properly if collisions are to be avoided. A colli- cannot be as long as single-mode fiber, which can carry
sion occurs when an object in Active Directory direc- signals for several kilometers without degradation. So
tory service has the same attribute modified almost although multimode fiber can carry many times more
simultaneously on two different domain controllers, bandwidth than single-mode fiber, single-mode fiber
and collisions are resolved using timestamps as a tie- can generally carry signals up to 50 times farther than
breaking mechanism. Active Directory in Microsoft multimode.
Windows 2000 uses multimaster replication to replicate
Implementation
directory information between all domain controllers in
Multimode fiber is fiber-optic cabling that has a glass
a domain. Multimaster replication, in fact, means that
core whose index of refraction varies in a specific fashion
all domain controllers are “master” domain control-
with the distance from the core axis. This variation in
lers—in other words, applications and users having suf-
index of refraction is done to ensure that multiple sepa-
ficient privileges can update directory information on
rate light signals can be effectively transported down the
these servers directly.
fiber without interference or signal loss. The variation is
The advantages of the multimaster replication method
supported by Windows 2000 over the PDC/BDC mas-
implemented in one of two ways: M
● Step-index: Here light rays reflect off the inner sur-
ter/slave replication method of Windows NT include
face of the core by a mechanism called total internal
the following:
reflection. By varying the angle at which the rays are
● You can make updates to Active Directory as long incident on the inner surface of the core, different
as any domain controller is functioning on the light paths can be transmitted down the fiber to carry
network. additional light signals, thus increasing the band-
width capacity of the fiber. In long step-index fiber
● When domain controllers are distributed at all sites,
runs, however, these light paths can get out of step
you can make updates to Active Directory any-
with each other at the far end of the fiber and thus
where on the network with a local domain control-
degrade overall signal quality. Step-index fiber is
ler, even when wide area network (WAN) links to
cheaper than graded-index fiber and should be used
other sites are down.
only for shorter cable runs or where less bandwidth is
See Also: Active Directory, directory required.
● Graded-index: Here the core consists of concentric
multimode fiber-optic cabling layers of homogeneous material, each successive
A type of fiber-optic cabling that can carry multiple layer having a lower index of refraction than the
signals simultaneously. layer that it envelops. In this type of fiber, the rays of
light travel along curved paths and all arrive in step
Overview
with each other at the far end of the fiber, which
Multimode fiber-optic cabling allows large amounts of
means that graded-index fiber runs can be longer
information to be transmitted over a single strand of
than step-index ones.
799
multiple master domain model multiple master domain model
800
Multiple Virtual Storage (MVS) multiplexer (MUX)
801
multiplexing multiplexing
T1 line for voice and data combined. You can use a sim- These T1 MUXes often offer advanced management
ilar device to multiplex data and voice for transmission functions. For example, a T1 MUX can usually be
over a public frame relay carrier network. remotely managed using the Simple Network Manage-
ment Protocol (SNMP), and it can be configured to send
T1 MUX a trap to an SNMP management console whenever a
problem occurs with the MUX. Some MUXes are also
used in mainframe environments for connecting remote
terminals to async hosts without the need for individual
cabling to each terminal. These kinds of MUXes are
LAN LAN
generally used in pairs and utilize time-division multi-
Router plexing (TDM). Examples include the following:
● Fiber-optic MUXes for combining several sync or
Router
async data channels onto one duplex fiber-optic
cable. A typical fiber-optic MUX might have 12 or
PBX V.35
24 RS-232 input ports and support speeds in excess
V.35 of 115.2 kilobits per second (Kbps) per channel.
These MUXes are typically used in pairs to connect
DSX-1
remote terminals to an async mainframe host across
a campus environment and are often referred to as
T1 MUX .T1. short-haul or local MUXes.
● Twisted-pair MUXes for multiplexing several
M Fiber-optic MUX
Local MUX
RS-232 serial channels over installed RJ-11 wiring
to save costs.
● Coax MUXes for connecting several 3270 termi-
nals to an IBM controller in order to reduce the
costs of cabling.
Fiber-optic cable
Another type of multiplexer is the Ethernet MUX,
(duplex)
which can multiplex signals from several ports from an
Ethernet switch and transmit the multiplexed signal
Local MUX 3 miles over a single fiber-optic cable at distances up to 1.25
(5 kilometers) Async miles (2 kilometers). Ethernet MUXes are also typically
terminals
used in pairs.
See Also: Channel Service Unit/Data Service Unit
(CSU/DSU), data terminal equipment (DTE), inverse
multiplexing, multiplexing, Simple Network Manage-
ment Protocol (SNMP), T1, T-carrier
802
multipoint multipoint
into a single channel, typically for transmission over a multiplexing is used in WAN technologies such as
wide area network (WAN) connection. For example, frame relay and Asynchronous Transfer Mode
signals from several data terminal equipment (DTE) (ATM).
can be combined into a single signal using a multiplexer
● Dense wavelength division multiplexing
and transmitted over a leased line such as a T1 line. For
(DWDM): A multiplexing technology used in high-
information to be transmitted successfully, the leased
speed fiber-optic backbone networks. DWDM
line must have a bandwidth equal to or greater than the
sends multiple bitstreams through a single strand
combined bandwidth of the signals from the various
of fiber using a different color (wavelength) of laser
DTE.
light for each stream. DWDM is emerging as the
Implementation technology of choice for telcos and other carriers
Several methods of multiplexing signals are commonly who need to enhance the carrying capacity of their
used in telecommunications and networking. Each trunk lines and backbone networks.
method is suited to a specific form of communication.
Some more common methods used include ISDN digital
line
● Frequency-division multiplexing (FDM): This
method is used to multiplex analog signals. In this ISDN terminal
scenario, the total bandwidth of the carrier signal is adapter
subdivided into a series of channels having different
frequencies.
Multiplexer
● Time-division multiplexing (TDM): This is a
common method for multiplexing digital signals 64 Kbps
used, for example, in T1 lines. Data from different M
bitstreams are placed in alternating fashion in dif- 32 Kbps
ferent time slots in the carrier signal. One time slot
24 Kbps
is assigned to each incoming stream of data. The
problem with this method is that if one source of 8 Kbps
data has nothing to transmit, the time slot for that
source will not be used and the associated band-
width will be wasted. TDM is suitable mainly for
applications that transmit data in real time, such as
voice, video, or multimedia transmissions. This is G0MXX18 (was G0Mui23 in 1E)
because TDM has predictable latency and can thus Multiplexing. How multiplexing combines multiple
physical data links into a single logical connection.
provide guaranteed levels of Quality of Service
(QoS) for transmissions. See Also: Asynchronous Transfer Mode (ATM), dense
wavelength division multiplexing (DWDM), frame
● Statistical multiplexing (SM): Also called statisti- relay, frequency-division multiplexing (FDM), inverse
cal packet multiplexing (SPM) or statistical time multiplexing, leased line, multiplexer (MUX), statistical
division multiplexing (STDM), this method is sim- multiplexing (STM), time-division multiplexing (TDM)
ilar to TDM but can reassign time slots to different
sources when they are not needed. Statistical mul-
tiplexing thus makes better use of available band- multipoint
width than TDM and is useful mainly for trans- Short for point-to-multipoint, communication from a
missions that have unpredictable latency, such as single sending station to multiple receiving stations.
Internet Protocol (IP) transmissions. Statistical
See: point-to-multipoint
803
Multipoint Multichannel Distribution Service (MMDS) Multiprotocol Label Switching (MPLS)
modem technologies, which have yet to provide the wide area network (WAN), wireless networking
required 99.999 percent uptime needed by today’s
wired enterprise. Despite the dirt-cheap cost of multiport repeater
DSL compared to costly leased lines and despite
An older name for a hub, a device used to connect
DSL’s ability to provide more bandwidth than
shared Ethernet segments into a single LAN.
leased lines, most enterprises have stayed away
from using DSL in their WAN links and for Internet See: hub
access because of the reliability issues still associ-
ated with it.
Multiprotocol Label Switching
● It can be provisioned without the need to install (MPLS)
additional wiring, which is a costly expenditure in A protocol for efficiently routing traffic across a large
older buildings. Internet Protocol (IP) network such as the Internet.
Implementation Overview
MMDS operates in the 2.1, 2.5, and 2.7 gigahertz Multiprotocol Label Switching (MPLS) is an emerging
(GHz) portions of the electromagnetic spectrum. Typi- standard from the Internet Engineering Task Force
cal speeds for MMDS are 384 kilobits per second (IETF) designed for implementation on high-speed
(Kbps) to 1 megabit per second (Mbps) for downstream backbone routers in large IP networks such as the
transmission and 384 Kbps to 512 Kbps upstream. Internet. MPLS is an outgrowth of several proprietary
In a typical MMDS scenario, a base station with vendor-based solutions to the problem of routing traffic
antenna is set up at a high location (building rooftop or through high-speed switched backbones. The most
hill) in or near an urban area. The base station provides prominent of these proprietary solutions is the tag
804
Multiprotocol Label Switching (MPLS) Multiprotocol Label Switching (MPLS)
switching technology developed by Cisco Systems, backbone network. Once the packet is on the backbone,
from which much of MPLS was derived. Other compa- it is label-switched to the LER adjacent to the destination
nies whose technologies have contributed to the devel- network, at which point it is routed using traditional IP
opment of MPLS include Ipsilon Networks (now part of routing to its final destination. LSRs communicate with
Nokia), Cascade Communications, 3Com Corporation, each other using the Label Distribution Protocol (LDP)
IBM, and Cabletron Systems. to let each other know what labels they are assigning to
different traffic flows.
MPLS is designed to bring some of the advantages of
circuit-switched networks to switched IP networks. Uses
These advantages include predictable delay and latency, Because MPLS is a complex protocol, it is unlikely to
the ability to reserve bandwidth, and different levels of be used extensively in the enterprise. Instead, service
Quality of Service (QoS). providers and telcos are likely to deploy MPLS on their
ATM backbones to increase the efficiency with which
Implementation
they carry IP traffic. MPLS offers an alternative to per-
The name MPLS defines two aspects of this protocol:
manent virtual circuits (PVCs) commonly used in telco
● Multiprotocol (MP): MPLS can work with any ATM networks. Using MPLS, ATM switches become
network transport. Although it is intended mainly routers that can dynamically switch traffic to their des-
for IP, it can work with Asynchronous Transfer tination, taking the advantage of multiple redundant
Mode (ATM), IP over ATM, frame relay, and other nondedicated paths to their destination.
transports.
When service providers offer customers MPLS on their
● Label Switching (LS): MPLS works by attaching WAN links, a number of features can be implemented at
labels to packets, uniquely identifying the data flow the IP level by the customer instead of having to imple-
or path that packet takes across a routed network
such as the Internet.
ment them at the ATM level by the carrier. These features
include the ability to perform traffic engineering, support
M
for multiple independent private data streams over a sin-
An MPLS label is simply a four-octet binary number.
gle WAN connection, implementing bandwidth reserva-
The first 20 bits of the label uniquely identify the For-
tion and Quality of Service (QoS), and more.
warding Equivalence Class (FEC) to which the packet
belongs, while the remaining bits specify the time to An example of MPLS deployment at the telco level is
live of the packet and other information. Each data flow AT&T, which has deployed MPLS running on Cisco
through the internetwork is mapped to an FEC—in switches on its frame relay backbone network for more
other words, all packets belonging to the same FEC are efficient transport of IP traffic over that network. MPLS
handled similarly by MPLS-enabled routers. Multiple is used to define different Classes of Services (CoS) and
labels can be attached to each packet, which enables supports virtual private networking (VPN). Another
MPLS to support features such as tunneling and even example of how MPLS can be used is demonstrated by
stacked tunnels. A sequence of labels or a label stack is CoSine, which combines MPLS with Internet Protocol
called a Label-Switched Path (LSP). Security (IPsec) for secure tunneling and virtual routing.
MPLS-enabled routers are called Label Switching MPLS is also expected to find application in pure opti-
Routers (LSRs), and for MPLS to work properly it must cal backbone networks, an emerging technology driven
be supported by routers all across the internetwork. mainly by the demand for greater capacity for Internet
LSRs forward packets by examining their LSP and backbone traffic.
switching them accordingly, a process that can be much
See Also: Asynchronous Transfer Mode (ATM), frame
faster than traditional IP routing. Packets are introduced
relay, Internet Protocol (IP), quality of service (QoS),
into an MPLS domain using a Label Edge Router
routing
(LER) connected to both the local network and the
805
Multiprotocol over ATM (MPOA) Multipurpose Internet Mail Extensions (MIME)
806
multiservice switch Multistation Access Unit (MAU or MSAU)
the message body can have a different content Multiservice switch. A wide area network (WAN) built
using multiservice switches.
type), alternative, parallel, digest, encrypted, and
others In a typical wide area network (WAN) scenario, frame
RFC 1521 also defines six basic data encoding methods
relay might be used at the edge of corporate local area M
networks (LANs) at the ingress and egress points, con-
that can be specified in the Content-Transfer-Encoding
necting the LANs using carrier ATM services as the
headers of SMTP messages. These are 7bit (ASCII text
internetwork backbone technology.
with line lengths less than 1000 characters), 8bit, bina-
ry, quoted-printable, base64 (Uuencoded data), and Multiservice switches conform to two frame relay
x-token. Later RFCs have defined other MIME encod- specifications:
ing methods.
● FRF.5: Frame Relay Permanent Virtual Circuit to
See Also: e-mail, Simple Mail Transfer Protocol ATM
(SMTP)
● FRF.8: Frame Relay Permanent Virtual Circuit to
ATM Service Internetworking
multiservice switch See Also: Asynchronous Transfer Mode (ATM),
A switch that can route packets and switch cells.
circuit-switched services, frame relay, Multilink
Overview Frame Relay (MFR), packet switching
Multilevel switches are generally high-end switches
that can support both Asynchronous Transfer Mode
(ATM) circuit-switching and frame relay packet switch-
Multistation Access Unit (MAU
ing in a single chassis. Multilevel switches have been
or MSAU)
A wiring concentrator (passive hub) used in Token Ring
responsible in part for a rising interest in ATM back-
networks.
boning as a result of evolution in frame relay technolo-
gies such as Multilink Frame Relay (MFR).
807
Multistation Access Unit (MAU or MSAU) Multistation Access Unit (MAU or MSAU)
Overview MAU
Multistation Access Units (MAUs) are the core wiring
components for building Token Ring networks. MAUs
direct traffic from one station to the next around the ring
MAU
I
O
of a Token Ring network. While the logical topology
(electrical path) of a Token Ring network is a ring, the
physical topology (wiring) is actually a star topology
with the MAU at the center and the stations connected MAU Stations
I
O
in a star pattern to the MAU. The MAU thus concen-
trates the wiring and contains circuitry that makes the Main
logical star network operate as a physical ring. ring
I
O
Implementation Stations
A typical MAU is a stand-alone device or a rack-
mounted device that provides 8 or 16 ports for con-
necting stations to the ring. The MAU also generally
includes two additional ports: a ring-out connector and
a ring-in connector. These ports are used to connect
MAUs together to form larger Token Ring networks. Stations
O = Ring-out
For example, a larger network can be constructed by
I = Ring-in
joining several MAUs to form a larger ring by connect-
ing the ring-out connector of one MAU to the ring-in G0MXX20 (was G0Mui24 in 1E)
connector of another and continuing to connect until the Multistation Access Unit (MAU). Connecting several
M ring-out of the last MAU in a series is connected to the MAUs together to create a large Token Ring network.
ring-in of the first to complete the loop. Using this MAU connections typically use either proprietary IBM
method, you can connect up to 33 MAUs into a large universal data connectors for IBM Type 3 cabling (Type
Token Ring network. Some MAUs include ring-in/out 1 Token Ring) or RJ-45 lobe connectors for 100-ohm
connectors for both copper cabling (RJ-45 connectors) shielded twisted-pair (STP) cabling (Type 3 Token
and fiber-optic cabling (typically ST connectors). Ring). MAUs also usually include circuitry that pro-
vides fault tolerance so that if a station fails or is discon-
When interconnecting MAUs to form large Token Ring
nected from the MAU Token Ring, traffic can still
networks, use MAUs that have automatic loopback
continue unaffected around the ring. If you need to
functions on their ring-in/out ports. If a break in the ring
locate Token Ring stations at distances greater than 328
should then occur between two MAUs, the break is
feet (100 meters) from a MAU, you can use stand-alone
automatically detected and traffic is rerouted along a
repeaters or a powered (active) MAU that has built-in
preconfigured backup path.
repeaters to support greater lobe distances.
MAUs often support both 4 megabits per second
Other types of MAUs include
(Mbps) and 16 Mbps Token Ring signaling. Note, how-
ever, that a common way to bring down a Token Ring ● Modular MAU: Lets you add different connector
network is to connect a Token Ring station that has the or repeater modules for greater flexibility of net-
wrong speed for the given network—for example, con- work design
necting a 4-Mbps station to a 16-Mbps network. This
● Stackable MAU: Lets you easily create large
speed mismatch causes beaconing that brings down the
Token Ring networks with up to 256 stations
network. A smart MAU can detect a mismatched station
and lock out the station before a problem can occur.
808
multitasking multitenant unit (MTU)
● Manageable MAU: Includes modules that support each application receives a small portion of time
Simple Network Management Protocol (SNMP) to run before giving this privilege to another
management through in-band or out-of-band application.
connections
Types
● Active MAU: Regenerates signals at each port in There are two basic types of multiprocessing on
order to reduce jitter and extend signaling distances machines that run versions of the Windows operating
beyond recommended specifications system:
Notes ● Preemptive multitasking: The operating system
The acronym MAU also stands for Medium Access Unit decides which thread or process is allowed to run at
or Media Attachment Unit, a term that refers to the cir- any specific time. Windows 95, Windows 98, and
cuitry in an Ethernet hub, Ethernet switch, or Ethernet Windows NT support this form of multitasking.
network interface card (NIC) that enables the correct
● Cooperative multitasking: Each application is
form of electrical or optical connection to be estab-
responsible for voluntarily relinquishing control to
lished with the particular type of media being used.
other applications. Windows 3.x supports this form
This type of MAU, also known as a transceiver, detects
of multitasking.
the carrier signal and data signals on the media, notes
when collisions between signals occur, and forwards Notes
this information to the remaining circuitry for process- Windows 2000 supports symmetric multiprocessing
ing. To distinguish the two different meanings of the (SMP) on multiprocessor machines, whereby the
acronym “MAU,” the acronym MSAU is sometimes Windows 2000 kernel lets processors share memory
used to refer specifically to a Multistation Access Unit, and assign ready threads to the next available processor.
as used in Token Ring networking. This SMP support ensures that no processor is ever idle
or running a low-priority thread when a high-priority
M
See Also: hub, loopback, shielded twisted-pair (STP)
thread is waiting. Windows 2000 also supports soft
cabling, Simple Network Management Protocol
affinity, whereby a thread tries to run on the same pro-
(SNMP), Token Ring
cessor it last ran on, all things being equal. You can
even use Task Manager to assign a specific process to a
multitasking particular processor, a feature called processor affinity.
Running two or more programs simultaneously.
See Also: asymmetric multiprocessing (AMP)
Overview
From the point of view of the user, multitasking makes
programs appear to be executing at the same time, but
Multitenant Broadband Service
from the operating system’s point of view, one of two
Provider (MBSP)
things might be happening: Another name for a building-centric local exchange car-
rier, a telecommunications carrier focused on the Multi-
● On multiprocessor machines: Here each proces- tenant Unit (MTU) market.
sor might be running a separate program simulta-
neously. This is true multitasking, which can only See: Building-centric Local Exchange Carrier (BLEC)
take place on machines with more than one proces-
sor and with operating systems that support multi- multitenant unit (MTU)
ple processors. A building with many tenants, such as a skyscraper.
● On single-processor machines: Here the operating
system time-slices between applications so that
809
MUX My Computer
Overview Examples
Multitenant units are generally large office buildings in An MX record specifying that incoming mail directed
dense urban areas, but the term can also include apart- toward the microsoft.com domain should be forwarded
ment complexes, hotels, industrial parks, and other to the SMTP host called mail.microsoft.com might be
large buildings and complexes. The MTU market is one expressed as
that is rapidly growing in importance as far as telcos
microsoft.com. IN MX 0
and other carriers are concerned—estimates indicate mail.microsoft.com.
there are about 120,000 MTUs in the United States, and
many of these MTUs host businesses that are eager for Here the number 0 is the preference value that specifies
broadband data services. Traditional incumbent local the priority of the SMTP host. This is used if more than
exchange carriers (ILECs) have been slow to provision one SMTP mail exchanger exists for a given domain.
broadband services such as Digital Subscriber Line
See Also: Domain Name System (DNS), resource
(DSL) for this market segment, and, as a result, many
record (RR)
competitive local exchange carriers (CLECs) are target-
ing them. These carriers targeting MTUs for broadband
services are generally called Multitenant Broadband My Computer
Service Providers (MBSPs) or building-centric local A desktop icon in Microsoft Windows that enables
exchange carriers (BLECs). users to browse resources on their computer.
MVS
Stands for Multiple Virtual Storage, a legacy IBM
mainframe operating system.
See: Multiple Virtual Storage (MVS)
MX record
A Domain Name System (DNS) record identifying
Simple Mail Transfer Protocol (SMTP) hosts.
Overview
MX records specify the DNS name and Internet Proto-
col (IP) address of a host that can forward e-mail for
G0MXX21 (was G0Mui25 in 1E)
a given domain. (The acronym MX stands for mail My Computer. Typical contents of My Computer.
exchange.) MX records are required for SMTP hosts to
enable them to forward SMTP mail over the Internet. See Also: My Documents, My Network Places
810
My Documents My Network Places
My Network Places M
A desktop icon in Microsoft Windows 2000, Windows
XP, and Windows .NET Server that displays various G0MXX22 (was G0Mui26 in 1E)
aspects of the network your computer resides on. My Network Places. Typical contents of My Network
Places.
Overview
My Network Places can be used to browse resources on Note also that if you right-click My Network Places and
the network. When you open My Network Places, it choose Properties, you can open your Network Connec-
may contain tions folder, which displays the types of connections
that your computer has with local area networks
● Add Network Place: Starts the Add Network Place (LANs) or the Internet and allows you to configure
Wizard. You use the wizard to create shortcuts to these connections.
network resources such as shared folders, printers,
and File Transfer Protocol (FTP) sites.
● Entire Network: Contains links to all computers
on your network.
● Microsoft Windows Network: Included in Entire
Network and provides access to computers belong-
ing to Windows 2000 and Windows NT domains
and workgroups.
811
N
Nagle’s algorithm ●
813
name lookup name resolution
pipes provide guaranteed delivery of data between com- name and then return the result of that request to the
puters for distributed applications in a client/server resolver. If the queried name server is configured to for-
environment. They provide a reliable, one-to-one, bidi- ward requests, it can perform an iterative query, query-
rectional, connection-oriented form of communication ing several name servers in succession until it resolves
between a client process running on one machine and a the name or runs out of name servers to query.
server process (service) running on a different machine.
See Also: Domain Name System (DNS), fully qualified
Named pipes are implemented as file system drivers
domain name (FQDN), host name resolution, name
and therefore are opened by requests made from the
server
redirector. They take full advantage of the features of
file system drivers, such as security and validation.
name resolution
Examples of situations where named pipes are still used
The process of resolving the name of a host on a net-
include
work into its associated network address.
● WinLogon process of Windows NT Server
Overview
● Client/server applications designed on older Name resolution plays an important part of network
versions of Microsoft SQL Server communication because the logical names of hosts
on the network must be resolved into their network
● Windows 98 and Windows Millennium Edition
addresses before actual communication can take place
(Me), which support client-side named pipes but
between them.
not server-side named pipes
Transmission Control Protocol/Internet Protocol (TCP/
Notes IP) networks running Microsoft Windows operating
Named pipes consume more server-side memory than
systems support two basic name resolution methods:
other IPC mechanisms (such as Windows Sockets) and
generate a bit more network traffic. ● NetBIOS name resolution: Used to resolve Net-
N See Also: interprocess communication (IPC)
BIOS names into IP addresses. Performed by using
broadcasts or by querying a Windows Internet
Name Service (WINS) server. NetBIOS name reso-
name lookup lution was used in Microsoft Windows NT and is
Resolving a fully qualified domain name (FQDN) into supported by Windows 2000, Windows XP, and
its associated Internet Protocol (IP) address. Windows .NET Server for backward compatibility
purposes only.
Overview
In the Domain Name System (DNS), name resolution is ● Host name resolution: Used to resolve fully quali-
the process of a resolver (DNS client) sending a request fied domain names (FQDNs) in the Domain Name
to a name server (DNS server). The resolver sends the System (DNS) into IP addresses. Performed either
name server the host name of an IP host on the network, by using a local Hosts file on the machine or by
and the name server returns the host’s IP address. The querying a name server.
name server is thus said to “resolve” the name of the
Notes
host into its associated IP address.
Once the name of a host has been resolved into its asso-
The query sent by the resolver to the name server is ciated IP address, a TCP/IP protocol called Address
most often a recursive query, which returns either the Resolution Protocol (ARP) is then used on Ethernet
expected IP address or an error. This type of query networks to resolve the host’s IP address into its associ-
makes it possible for a name server to forward the ated physical layer address (MAC address). Once ARP
request on to other name servers if it cannot resolve the has completed this task, frames can then be placed on
814
name server namespace
the wire with the destination MAC addresses embedded typical name lookup from a resolver might involve obtain-
in their frame headers. ing responses from several name servers in sequence.
See Also: Address Resolution Protocol (ARP), Domain Each zone has one name server called the master name
Name System (DNS), Ethernet, frame, fully qualified server that is authoritative over hosts located in the
domain name (FQDN), host name resolution, hosts file, zone. In addition, name servers can be classified on the
MAC address, name server, NetBIOS name resolution, basis of how they store zone information:
Transmission Control Protocol/Internet Protocol (TCP/
● Primary name servers: These name servers keep a
IP), Windows Internet Name Service (WINS)
local file of the information relating to their zone.
This local file or DNS database contains resource
name server records, which are mappings of host names to IP
A host used to resolve fully qualified domain names addresses for hosts in that zone. A DNS administra-
(FQDNs) into their associated Internet Protocol (IP) tor must generally create and maintain the DNS
addresses. database manually on a primary name server,
although with dynamic DNS (DDNS), hosts can
Overview
automatically register this information with name
Name servers are hosts on the Internet (or on large IP
servers. Microsoft Windows 2000 and Windows
internetworks) that can be used to resolve host names
.NET Server support DDNS.
into IP addresses, a process known as a name lookup.
Name servers are an essential part of the Domain Name ● Secondary name servers: These name servers
System (DNS). Because of name servers, when you want obtain their database of resource records from a
to access or reference a host on a TCP/IP network, you master name server, which can be either a primary
can use its friendly DNS name instead of its IP address, name server or another secondary name server. The
which is generally harder to remember. process by which the DNS database is transferred
from a master name server to a secondary name
The distributed system of name servers positioned at var-
ious locations around the Internet makes it possible to
server is known as zone transfer. Secondary name N
servers are provided mainly for fault tolerance and
share the load of name resolution among many such serv-
load balancing.
ers instead of relying on a single server. Just imagine if
one machine had to track the name of every host on the See Also: Domain Name System (DNS), dynamic DNS
Internet—not only would its hardware requirements be (DDNS), fault tolerance, load balancing, master name
astronomical, but it also would represent a single point of server, primary name server, resolver, secondary name
failure for the entire Internet economy! server, zone, zone transfer
Implementation
DNS operates as a client/server-based system, with namespace
name servers forming the server part and resolvers An abstract space of names of nodes on a network.
forming the client part. Each name server has authority
Overview
over a portion of DNS namespace known as a zone,
The term namespace can be thought of as “the space of
which means that the name server can resolve name
all names” for the particular type of network naming sys-
lookups for hosts located within that zone. A resolver
tem under consideration. A simple example is Internet
sends a name lookup request to a name server by pass-
Protocol (IP) address space, the space of all possible IP
ing it the DNS name of a host on the network. The name
addresses. This space is divided into class A, class B, and
server performs name resolution by determining the IP
so on, which represent disjoint subgroups of the IP
address that corresponds to the requested host’s name.
address space. Generally, every node on a Transmission
Name servers can also refer such queries to other name
Control Protocol/Internet Protocol (TCP/IP) network,
servers if they cannot answer them themselves, so a
internetwork, or the Internet must occupy a unique point
815
namespace namespace
in IP address space—that is, it must have a unique IP domain name (FQDN), maps to a unique node on the
address. This ensures that a packet addressed to a partic- Internet. An example might be widgets.support.
ular node (such as a computer, network printer, or router northwindtraders.com, which might map to the address
interface) can be directed to the node using its IP address 10.15.6.133. Names of domains, subdomains, and indi-
as the destination address. If two nodes on a network vidual hosts are maintained on name servers located at
were to have the same IP address number, a packet various points across the Internet or within large private
intended for one might end up at the other. One exception internetworks. If you want to locate a particular node in
to this is multicasting, in which a packet is sent to a group the DNS namespace, you query a name server. The pro-
of hosts simultaneously and ignored by all other hosts. cess of locating a particular DNS node and resolving its
Another exception is when you have a private network FQDN into its associated IP address is called host name
connected to the Internet through a firewall that uses net- resolution.
work address translation (NAT) to hide the addresses of
The NetBIOS namespace used in Windows NT–based
hosts on the private network from hosts on the Internet.
networks (and supported by Windows 2000 and
In this case, if no direct communication is expected
Windows XP for backward compatibility) is simply the
between nodes in the two networks (except through the
space of all NetBIOS names (computer names) of Micro-
firewall), nodes in the private network can be assigned
soft Windows machines on the network. Unlike the
arbitrary IP addresses, such as 10.x.y.z, and two or more
hierarchical tree structure of the DNS namespace, the
private networks can use the same addressing scheme
NetBIOS namespace is flat and is managed using the
without fear of confusion or lost packets.
Windows Internet Name Service (WINS), which runs
Examples on WINS servers in the network. Because the NetBIOS
Some other common examples of namespaces include namespace is flat, it is not as highly scalable as DNS. For
the Domain Name System (DNS) namespace used on example, say that you query a name server to resolve an
the Internet, the NetBIOS namespace used in legacy FQDN such as widgets.support.northwindtraders.com
Microsoft Windows NT networks, and the LDAP name- into its associated IP address. The name server might first
N space used by Active Directory. Unlike the space of IP have to find another name server that is authoritative in
addresses described above which is essentially flat, DNS the northwindtraders.com domain. Next, the name server
namespace is hierarchical in nature and highly scalable. It must find a name server that is authoritative in the support.
also has the advantage of being a logical naming scheme northwindtraders.com subdomain whose database con-
that is easily remembered, in contrast to a physical naming tains a record for the widgets.support.northwindtraders.
scheme such as an IP address, which is hard to memorize com host. Finally, the name server must resolve the infor-
and which is bound to the particular network structure mation in the record into an IP address. The whole pro-
being used. The root of the DNS namespace branches out cess might take only several referrals and a short inspec-
to a relatively small number of top-level domains such as tion of a relatively small database of resource records
.com, .org, and .edu. Organizations, companies, and indi- because each name server on the Internet is authoritative
viduals can register a domain name in one of these over only a small portion of the DNS namespace. Once
domains and then subdivide their branch of the DNS you locate the correct name server through a series of
namespace as they desire. For example, a company named hierarchical queries, the final name lookup deals with
Northwind Traders might register the domain name only a small number of records. The NetBIOS namespace
northwindtraders.com and then create three new sub- is different, however, because each WINS server main-
domains under it named sales.northwindtraders.com, tains a database of records for all NetBIOS names on the
support.northwindtraders.com, and hq.northwindtraders. network. So if you were to use WINS to manage a net-
com. Specific servers and router interfaces exposed to work the size of the Internet with its millions of hosts,
the Internet might then be given specific DNS addresses each WINS server would have a flat-file database con-
to uniquely identify them in the DNS namespace. An taining millions of records, which would need to be
address in the DNS namespace, called a fully qualified
816
naming context naming convention
817
NAP National Institute of Standards and Technology (NIST)
Two users on a network might have the same first or last NAT
name, so your naming convention should include a rule
Stands for network address translation, a method of substi-
to break ties. For example, if Jeff Smith is “jsmith,”
tuting one Internet Protocol (IP) address for another.
James Smith might be “jsmith2.” You might also want
to establish a rule for easily identifying temporary See: network address translation (NAT)
employees, such as “T-jsmith” or “jsmith(temp).”
Notes National Electric Code (NEC)
On Microsoft Windows 2000–based networks, user- A series of specifications for protecting commercial
names of domain user accounts must be unique within and residential buildings from electrical hazards.
the given organizational unit (OU) in which they are
Overview
created in the Active Directory database. Usernames
The National Electric Code is published by the National
can be more than 20 characters long, but only the first
Fire Protection Association (NFPA), an international
20 characters are used as logon credentials.
organization that advocates standards for fire safety and
See Also: Active Directory, domain (DNS), organiza- related issues. The NEC is one of hundreds of standards
tional unit (OU), user account documents produced by the NFPA. The NEC, which is
NFPA standard number 70, deals with how to properly
install and maintain electrical and electronic equipment
NAP in order to minimize fire hazards. In the area of com-
Stands for Network Access Point, a point where Inter- puter networking, the NEC covers the proper installa-
net traffic is exchanged between Internet service tion and construction of copper cabling, fiber-optic
providers (ISPs). cabling, and other network infrastructure. The NEC
See: Network Access Point (NAP) also covers issues relating to the powering of network
devices, such as proper grounding.
N NAPT The NEC is legally enforced in every state in the United
States and in a number of other countries and regions.
Stands for network address port translation, a form of
Most U.S. municipalities have adopted NEC recom-
network address translation (NAT) in which both Internet
mendations in local building codes. Testing of electrical
Protocol (IP) addresses and port numbers are translated.
equipment for compliance with NEC standards is per-
See: network address translation (NAT) formed by Underwriters Laboratories (UL).
For More Information
NAS (network access server) Visit the NFPA at www.nfpa.org.
Stands for network access server, the server at the Inter-
See Also: cabling, infrastructure
net service provider (ISP) end of a dial-up connection.
See: network access server (NAS) National Institute of Standards
and Technology (NIST)
NAS (network attached A U.S. government organization that provides services
storage) and programs to help U.S. industries commercialize
Stands for network attached storage, a storage appli- new technologies and compete internationally.
ance that attaches directly to the network. Overview
See: network attached storage (NAS) National Institute of Standards and Technology (NIST)
certification identifies technologies as meeting federal
818
native mode native mode
government requirements. For example, in the area of and Windows NT to interoperate, which is essential
relational database management systems (RDBMSs), during the migration of a Windows NT–based network
NIST administers a test named Federal Information Pro- to Windows 2000. If your migration is complete, how-
cessing Standard (FIPS) 127-2. FIPS 127-2 is based ever, or if you have a pure Windows 2000 network, then
on the broader American National Standards Institute you should switch your domain controllers to native
(ANSI) SQL92 standard, which ensures portability mode. Domain controllers running in native mode can
across heterogeneous RDBMSs by establishing a com- only be used to authenticate users on a pure Windows
mon set of structured query language (SQL) commands. 2000–based network.
There is no higher standard for SQL database languages
Native mode gives you more options than mixed mode
than FIPS 127-2. Microsoft SQL Server 6.5 was the first
about types of groups. Specifically, you can use univer-
RDBMS to pass the NIST version 5.1 validation tests for
sal groups and you can nest groups to any degree. Run-
Entry Level FIPS 127-2, as it fully complied with both
ning in mixed mode means that universal groups are not
the ANSI SQL92 standard and the FIPS standards.
available, and you can nest global groups only in
The following table shows some of the FIPS cryptogra- domain local groups and only to one level of nesting.
phy standards developed by NIST. One action of NIST
Windows 2000 domain controllers running in native mode
that has had wide impact on the cryptography field is
are incompatible with Windows NT domain controllers,
the contest recently hosted by NIST to find a success-
and if you want to use native mode, all domain controllers
or to the Data Encryption Standard (DES), which has
must be running Windows 2000 and must be configured to
been shown to be no longer secure. NIST selected the
run in native mode, but member servers and client worksta-
Rijndael algorithm developed by Belgian cryptogra-
tions can still run either Windows 2000 or Windows NT.
phers as the replacement for DES and as the basis of
NIST’s new Advanced Encryption Standard (AES). To change domain controllers from mixed mode to
native mode, use the administrative tool Active Direc-
Some Cryptography Standards from NIST
tory Domains and Trusts. Note that if you change a
Standard Description domain controller to native mode, you cannot change it N
FIPS 46-3 Data Encryption Standard (DES) and back to mixed mode, so do not make the change until all
Triple DES your domain controllers are running Windows 2000.
FIPS 81 DES Modes of Operation
FIPS 180-1 Secure Hash Standard (SHS) Notes
FIPS 186-2 Digital Signature Standard (DSS) Windows .NET Server domain controllers can operate
in one of three available modes: Windows 2000 mixed,
For More Information the default; Windows 2000 native; and Windows .NET.
Visit NIST online at www.nist.gov. The first mode is used for the greatest degree of back-
ward compatibility, at the cost of new functionality. The
See Also: Advanced Encryption Standard (AES), cryp-
second mode provides some enhanced functionality but
tography, Data Encryption Standard (DES), encryp-
remains limited. Windows .NET mode does not allow
tion, Structured Query Language (SQL)
for backward compatibility with former OS domain
controllers, but it provides functionality that can be
native mode found only in this latest version of Active Directory.
A mode for running Microsoft Windows 2000 and Domain functional levels can be raised from lower to
Windows .NET Server domain controllers. higher, but once they are, the backward compatibility
with domain controllers of a former OS is eliminated.
Overview
Windows 2000 domain controllers operate in mixed See Also: domain controller, domain modes, native
mode by default. Mixed mode allows Windows 2000 mode, universal group
819
NBF near-end crosstalk (NEXT)
820
NEC NEC
“disturbed pair.” Channel NEXT is the NEXT value Desired Data Rate and the Cable’s
measured between one wire pair and another in the same Minimum NEXT Value
cable; it is measured at both ends of the wire.
Frequency Minimum NEXT Value
The NEXT value for a given cable type is typically 4 megahertz (MHz) 53 dB/1000 feet
expressed in decibels (dB) per 1000 feet and varies with 10 MHz 47 dB/1000 feet
the frequency of transmission. The higher the NEXT 20 MHz 42 dB/1000 feet
value, the greater the cable’s ability to reject crosstalk at 1000 MHz 32 dB/1000 feet
its local connection. For example, the specifications for
Category 5 (Cat5) cabling include the minimum NEXT Types
values shown in the following table. Note that the The various types of NEXT that can be measured are as
NEXT value generally decreases with increasing fre- follows:
quency, indicating increasing interference due to ● Pair-to-Pair NEXT: NEXT between adjacent pairs
crosstalk at higher frequencies. of wire in a twisted-pair cable. A typical four-pair
(eight-wire) unshielded twisted-pair (UTP) cable has
Crosstalk six possible values for pair-to-pair NEXT, which are
then averaged. This simple measurement is not ade-
NEXT quate, however, because every pair of wire generates
crosstalk with every other pair in the cable.
● Power Sum NEXT (PS NEXT): A more rigorous
way of rating a cable’s crosstalk that measures the
total amount of crosstalk between one wire pair and
all its neighboring pairs in the same cable. PS NEXT
is particularly important for cabling used in high-
Crosstalk speed networks such as Gigabit Ethernet (GbE) and N
Power Sum NEXT Asynchronous Transfer Mode (ATM) networks.
● Far-End Crosstalk (FEXT): A measurement of how
the far end of one wire pair affects the near end of
another pair.
Maximum Patch
1/2 inch panel Notes
To minimize NEXT in installations of Cat5 cabling, do
Jack not expose more than 2 inches (6 centimeters) of wire
pairs at the termination point of the cable (the patch panel,
Category 5 Termination wall plate, or RJ-45 connector). Also, do not untwist the
Maximum wire pairs more than 0.5 inches (1.27 centimeters).
2 inches
See Also: cabling
Cable
NEC
Stands for National Electric Code, a series of specifica-
G0NXX01 (was G0NUI01 in 1E) tions for protecting commercial and residential build-
Near-end crosstalk (NEXT). Different types of NEXT. ings from electrical hazards.
See: National Electric Code (NEC)
821
.NET NetBIOS
.NET NetBIOS
Stands for Microsoft .NET platform, Microsoft Corpo- A legacy protocol for network communications.
ration’s new Extensible Markup Language (XML) Overview
Web services platform for building integrated service- NetBIOS, which stands for Network Basic Input/
oriented applications to meet the needs of today’s Output System (though no one calls it that anymore), is
Internet businesses. a specification originally created by Sytec for IBM in
See: .NET platform the early 1980s. NetBIOS was originally designed to
enable personal computers to communicate with main-
frames running Systems Network Architecture (SNA).
NetBEUI It was later adopted by Microsoft Corporation for its
Stands for NetBIOS Extended User Interface, a net- LAN Manager platform to enable distributed applica-
working protocol developed by IBM and Microsoft tions to access network services running on different
Corporation. machines independent of the transport protocol used.
See: NetBIOS Extended User Interface (NetBEUI) NetBIOS is defined in RFCs 1001, 1002, and 1088.
The original NetBIOS specification could support a
NetBEUI Frame (NBF) maximum of only 72 nodes, though this was later
An enhanced version of NetBIOS Extended User Inter- extended to thousands of hosts through various
face (NetBEUI) supported by Microsoft Windows NT. enhancements. The current version of the NetBIOS
specification is NetBIOS 3.
Overview
Some of the enhancements and special features of Net- Architecture
BEUI Frame (NBF) include From an architectural viewpoint, NetBIOS defines two
things:
Support for network driver interface specification
N ●
(NDIS) version 3 for full 32-bit asynchronous ● An interprocess communication (IPC) mechanism
transport layer communication using the transport and application programming interface (API) that
driver interface (TDI) layer as a NetBIOS emulator allows applications that are NetBIOS-enabled to
communicate remotely over a network and request
● Support for automatic memory tuning through services from lower levels of the protocol stack. This
dynamic memory allocation is the primary and original definition of NetBIOS.
● Support for dial-up clients through the Remote ● A network protocol operating at the session and
Access Service (RAS) transport layers of the Open Systems Interconnection
● An extension of NetBEUI’s limit of 256 concurrent (OSI) reference model that supports functions such
NetBIOS sessions to more than 1000 sessions as session establishment and termination as well as
name registration, renewal, and resolution.
Notes
Although NetBEUI is essentially a nonroutable proto- Implementation
col, NBF supports Token Ring Source Routing on IBM NetBIOS formed an essential part of the Microsoft
Token Ring networks. Windows NT platform. Each Windows NT machine
required a unique NetBIOS name in order to communi-
See Also: NetBIOS, NetBIOS Extended User Interface cate on a network. These NetBIOS names consisted of
(NetBEUI), network driver interface specification 15 characters plus a 16th character that is reserved to
(NDIS) identify various network services to the operating sys-
tem. Also, depending on the underlying network proto-
col over which it is running, NetBIOS on Windows NT
822
NetBIOS Extended User Interface (NetBEUI) NetBIOS Extended User Interface (NetBEUI)
could take different forms. The following table lists running, and other information about hosts on a net-
some common network protocols and the form that work that supports NetBIOS. As a result, once a migra-
NetBIOS takes over each protocol. tion to Windows 2000 or later is complete, NetBIOS
should be disabled if it is no longer required for com-
Examples of NetBIOS Protocol Stacks
munications with machines using earlier versions of
Name When Combined with Windows.
Network Protocol NetBIOS
NetBEUI NBF (NetBEUI Frame See Also: application programming interface (API),
protocol) Domain Name System (DNS), interprocess communica-
NWLink IPX/SPX- NWLink NetBIOS tion (IPC), Nbtstat, NetBIOS name, NetBIOS name res-
Compatible Transport olution, NetBIOS Name Server (NBNS), NetBIOS over
TCP/IP NetBT (NetBIOS over TCP/IP (NetBT), NetBIOS over TCP/IP node types,
TCP/IP) Open Systems Interconnection (OSI) reference model,
Windows Internet Name Service (WINS)
Issues
NetBIOS has been superseded in Windows 2000,
Windows XP, and Windows .NET Server by the industry-
NetBIOS Extended User
standard Domain Name System (DNS), which is used
Interface (NetBEUI)
A networking protocol developed by IBM and
for naming hosts and for name resolution (Windows NT
Microsoft Corporation.
also supported DNS but did not require it). Support for
NetBIOS is still included, however, in Windows 2000, Overview
Windows XP, and Windows .NET Server to ensure NetBIOS Extended User Interface (NetBEUI) is an
backward compatibility with Windows NT, Windows 95, extension of the NetBIOS specification that functions
Windows 98, and Windows Millennium Edition (Me) as a network protocol for workgroup-size local area
computers. There are several instances where incom- networks (LANs) having up to 200 stations. This is
patibilities between the two naming systems can arise, because NetBEUI relies more heavily on broadcast N
however: packets than do protocols such as Transmission Control
Protocol/Internet Protocol (TCP/IP) and NWLink Inter-
● In Windows 2000, Windows XP, and Windows
network Packet Exchange/Sequenced Packet Exchange
.NET Server, host names can be 64 characters long,
(IPX/SPX)-Compatible Transport protocols, which can
but NetBIOS names can only be 15 characters long.
support much larger networks. Because NetBEUI has a
If host names are longer than 15 characters, they are
single-part naming scheme, it is also a nonroutable pro-
truncated, which can lead to collisions.
tocol and therefore generally unsuitable for wide area
● DNS names can use hyphens but not underscores to networks (WANs).
represent spaces, although NetBIOS names have
NetBEUI is a fast and efficient protocol with low over-
traditionally used underscores for such purposes.
head. NetBEUI is self-tuning and implements flow
Since the Windows 2000 and Windows .NET
control and error detection. It also defines a framing
Server versions of DNS support Unicode charac-
mechanism at the transport layer and implements the
ters, this is not really an issue unless support for
Logical Link Control version 2 (LLC2) protocol of the
downlevel name servers is required.
Open Systems Interconnection (OSI) reference model.
Another problem with leaving NetBIOS enabled on
NetBEUI supports two types of network communications:
Windows 2000, Windows XP, and Windows .NET
Server networks is that NetBIOS is not intrinsically ● Connection-oriented: Used, for example, when map-
secure. Using the Nbtstat command, for example, a user ping drives using the Net Use command and starting
can easily find out the name, MAC address, services services remotely using the Net Start command
823
NetBIOS name NetBIOS name resolution
● Connectionless: Used, for example, when sending ● A group name, which applies to a subnet group of
datagrams, registering NetBIOS names, and perform- IP addresses
ing NetBIOS name resolution
● A multihomed name, which applies to a multicast
Implementation group of IP addresses
NetBEUI was developed in 1985 and was implemented
The following table shows some of the more common
as the main networking protocol for the Microsoft LAN
suffixes that constitute the hidden 16th character of a
Manager and Microsoft Windows for Workgroups
NetBIOS name and the networking service with which
operating system platforms. NetBEUI is supported by
they are associated.
most Windows platforms for backward compatibility.
The implementation of NetBEUI on Windows NT is Common Suffixes for NetBIOS Names
properly known as NetBEUI Frame (NBF) protocol. Suffix First 15 Networking
See Also: NetBEUI Frame (NBF), NetBIOS, NetBIOS (Hex) Characters Service
name resolution, Open Systems Interconnection (OSI) 00 Computer name Workstation service
reference model, routing 00 Domain name Domain name
03 Computer name Messenger service
03 User name Messenger service
NetBIOS name 06 Computer name RAS Server service
A 16-byte name for a node on a network supporting the 20 Computer name File Server service
NetBIOS specification. 21 Computer name RAS Client service
Overview 1B Domain name Domain master browser
NetBIOS names are a friendly way of identifying com- 1C Domain name Domain controllers
1D Domain name Master browser
puters on a network that supports the NetBIOS specifica-
1E Domain name Browser service election
tion. This is because alphanumeric names are easier for
N users to remember than network numbers, such as dotted
Internet Protocol (IP) addresses. In Microsoft Windows
Notes
To view the NetBIOS names registered for your com-
NT, for example, NetBIOS names are used to identify puter, use the Nbtstat command. NetBIOS names are
individual machines and also the various networking also supported by Windows 2000, Windows XP, and
services running on each machine. Each service that is Windows .NET Server, but only for interoperability
NetBIOS-enabled requires a unique NetBIOS name to with some Windows NT machines, as they use the
identify it on the network in order for other computers Domain Name System (DNS) instead for naming hosts
to access those services on the machine. and name resolution on a network.
The NetBIOS name (computer name) for a Windows See Also: Domain Name System (DNS), Nbtstat,
NT machine is assigned to it during installation and can NetBIOS, NetBIOS name resolution, Windows NT
be up to 15 characters long. A 16th character is then
suffixed to the computer name (or domain name or cur-
rent user name) to identify the particular network ser- NetBIOS name resolution
vice being referenced. For example, the 16th character Resolving a computer’s NetBIOS name into its corre-
identifying the Messenger service is 03h in hexadeci- sponding Internet Protocol (IP) address.
mal form, so on a computer named SERVER12 the Overview
Messenger service would be uniquely identified on the NetBIOS over TCP/IP (NetBT) enables hosts on a
network by NetBIOS as SERVER12[03h]. Microsoft Windows NT–based network to communicate
NetBIOS names are also distinguished by whether they are with each other. This is accomplished by resolving the
NetBIOS name of a target host into its associated IP
● A unique name, which applies to a single IP address address, a process called NetBIOS name resolution. Once
824
NetBIOS name resolution NetBIOS name resolution
the host’s name has been resolved, address resolution pro- NetBIOS Name Resolution Methods in Order
tocol (ARP) is then used to further resolve the host’s IP Attempted on Windows NT–Based Networks
address into its corresponding physical layer address Method Comments
(MAC address). Then once the host’s physical address is Check local NetBIOS The cache contains recently
known, frames can be placed on the wire and directed to name cache resolved NetBIOS names.
this address. Contact NBNS This method works only if
NBNS is configured. The
The following describes the main NetBIOS over TCP/IP
name server is usually a
(NetBT) naming functions in detail:
Windows Internet Name
● NetBIOS name discovery: NetBT hosts that want to Service (WINS) server on a
communicate with similar hosts must issue a Net- Microsoft network. The
BIOS name query request to resolve the NetBIOS requestor tries three times to
name of the target server into its IP address. contact the name server and
then tries to contact a sec-
● NetBIOS name registration: NetBT hosts must reg- ondary WINS server three
ister their NetBIOS name when they are initialized on times (if configured with
a network to ensure that no duplicate names are on the secondary servers).
network. NetBIOS name registration can be done Perform local broadcast The requestor broadcasts a
either by broadcasts or by directed packets sent to a NetBIOS name query
WINS server. Either or both methods can be used in request packet. The
either order, depending on the NetBT node type of the requestor tries three times
host. before giving an error.
Check local Lmhosts file The requestor checks if an
● NetBIOS name release: NetBT hosts must release (Unique to Microsoft Lmhosts file exists.
their NetBIOS names when they are shut down or networks. If all methods
when a particular NetBIOS-enabled service is stopped
on the server. This enables another host to use the
fail, an error message
states that the computer
N
released name. NetBIOS name release can be done by could not be found on
broadcasts or by directed packets sent to a WINS the network.)
server. Either or both methods can be used in either Check local Hosts file On Windows NT the
order, depending on the NetBT node type of the host. (Unique to Microsoft requestor checks the Hosts file
networks. If all methods if Enable DNS For Windows
Implementation fail, an error message Resolution is selected on the
A number of different methods are used to perform Net- states that the computer WINS Address tab of the
BIOS name resolution. The following table shows the could not be found on Transmission Control Proto-
order in which these are attempted when the Windows NT the network.) col/Internet Protocol (TCP/IP)
machines on the network are configured as H-node property sheet. This option is
machines (see the article called “NetBIOS over TCP/IP not available for Windows
node types” elsewhere in this book). In a typical scenario 2000 and later versions.
where one Windows NT machine tries to establish com- Contact DNS server The requestor contacts the
munication with another, each name resolution method in (Unique to Microsoft DNS server if Enable DNS
the table is successively tried until either the target Net- networks. If all methods For Windows Resolution is
BIOS name is resolved into its associated IP address or the fail, an error message selected on the WINS
name resolution process fails. Note that some methods states that the computer Address tab of the TCP/IP
may not be available—for example, if there is no NetBIOS could not be found on property sheet and the DNS
Name Server (NBNS) or DNS server on the network then the network.) tab has a DNS server specified
these name resolution methods cannot be employed. on it. The requestor also tries
5, 10, 20, and 40 seconds later.
825
NetBIOS Name Server (NBNS) NetBIOS over TCP/IP (NetBT)
826
NetBIOS over TCP/IP node types NetBIOS scope ID
Overview
if an NBNS is configured
on the network.
N
The NetBIOS node type of a computer supporting Microsoft NetBIOS An enhanced broadcast
NetBIOS (such as a Microsoft Windows NT machine) enhanced name cache that utilizes the Lmhosts
determines exactly how NetBIOS naming functions B-node Broadcast file. Default node type
such as name discovery, registration, and release are Lmhosts file for Microsoft clients if
implemented by that machine. In particular, such nam- no NBNS is configured
ing functions can be performed by broadcast, by a on the network.
NetBIOS Name Server (NBNS), or by both methods
See Also: NetBIOS, NetBIOS name, NetBIOS name
attempted in either order. The NetBIOS node type thus
resolution, NetBIOS Name Server (NBNS), NetBIOS
specifies both which methods are used and the order in
over TCP/IP (NetBT), Windows Internet Name Ser-
which they are used.
vice (WINS)
The common NetBIOS over TCP/IP node types are
listed in the following table.
NetBIOS scope ID
A character string appended to a NetBIOS name of a
host that identifies the host as belonging to a specific
group.
827
NetBT Net commands
828
.NET Enterprise Servers .NET Enterprise Servers
Net Commands for Windows NT, Net Commands for Windows 95,
Windows 2000, Windows XP, and Windows 98, and Windows Millennium
Windows .NET Server Platforms continued Edition (Me) Platforms continued
Command Description Command Description
Net Print Display and manage jobs in a print Net Logoff Break connections to network resources
queue Net Logon Log on to a domain
Net Send Send a message to a user or com- Net Password Change logon password
puter over the network Net Print Display and manage jobs in a print queue
Net Session Display the list of currently con- Net Start Start services
nected sessions on the local Net Stop Stop services
computer Net Time Synchronize the computer’s clock with
Net Share Create, delete, or display shared that of another computer or workgroup or
resources display the time for a computer or work-
Net Start Display a list of running services or group
start a specific stopped service Net Use Connect or disconnect to shared resources
Net Statistics Display statistics about the Server or display information about connections
and Workstation services Net Ver Display information about workgroup
Net Stop Stop a specified Windows service redirector
that is currently running Net View Display a list of computers in the work-
Net Time Synchronize the computer’s clock group or display the shared resources
with that of another computer or available on a specific computer
domain or display the time for a
computer or domain Notes
Net Use Connect or disconnect to shared Some of these commands produce more than one screen
resources or display information of output at the command prompt. To prevent informa-
about connections tion from scrolling off the screen, pipe the output through N
Net User Add, modify, delete, or display user More—for example, type net help accounts | more.
account information in the local or
domain directory database See Also: command prompt
Net View Display a list of computers in the
domain or display the shared .NET Enterprise Servers
resources available on a specific A set of servers that facilitate the deployment, imple-
computer mentation, and management of the Web services foun-
dational to the Microsoft .NET platform.
Net Commands for Windows 95,
Windows 98, and Windows Millennium Overview
Edition (Me) Platforms The .NET Enterprise Servers include
Command Description ● Application Center 2000: Used for deploying and
Net Config Display current computer settings managing Web services and applications across the
Net Diag Run the Microsoft Network Diagnostic enterprise
program to display diagnostic information
● BizTalk Server 2000: Uses Extensible Markup
about a computer
Language (XML) and Simple Object Access Proto-
Net Help Obtain a list of net commands or get help
col (SOAP) to enable the exchange of information
for a specific net command or error message
Net Init Load protocol and network-adapter drivers between business partners
without binding them to Protocol Manager
(continued)
829
.NET experience .NET Framework
● Commerce Server 2000: Facilitates the develop- traditional client/server applications, but with several
ment of Web applications for e-commerce enhancements. Specifically, .NET experiences are
● Content Management Server 2001: Facilitates ● Location-independent: .NET experiences can be
simplified management, rapid deployment, and accessed both offline (for example, at home from a
personalization of Web content on intranets or PC) or online (for example, from a cell phone or
extranets wireless Personal Digital Assistant [PDA]).
● Exchange Server 2000: Provides the underlying ● Personalized: .NET experiences store user profile
support for messaging and for building collabora- information that simplifies user interaction regard-
tive Web-based workflow applications less of the device being used or services being
accessed.
● Host Integration Server 2000: Enables access to
data stores on mainframe computing platforms ● Targeted: A single .NET experience can manifest
itself differently to the user depending on whether
● Internet Security and Acceleration Server 2000:
the user is employing a PC, cell phone, Pocket PC,
Enhances enterprise security through firewall and
Tablet PC, game console, or some other smart
Web caching services
device.
● Mobile Information Server 2001: Enables wire-
See Also: .NET platform
less access to enterprise data from mobile clients
SharePoint Portal Server: Provides the ability to
●
.NET Framework
create intranet portals which facilitate the sharing of
A developer environment for building, deploying, and
information stored in a variety of formats across the
running Web services and applications. The .NET
enterprise
Framework is a key piece of Microsoft’s .NET platform.
● SQL Server 2000: Standard platform for relational
N data storage that supports XML-based access to
Overview
The .NET Framework comprises three pieces:
data
● Common Language Runtime (CLR): Supports
For More Information the execution of code written in any programming
Find out more about Microsoft’s .NET Enterprise
language (the .NET Framework is language-
Servers at www.microsoft.com/servers.
neutral).
See Also: Application Center, BizTalk Server 2000,
● Framework Classes: Self-contained classes that
Commerce Server 2000, Exchange Server, Host
do not require separate type libraries.
Integration Server, Internet Security and Accelera-
tion Server (ISA Server), Mobile Information ● ASP.NET and ADO.NET: The .NET versions of
Server, .NET platform, SQL Server ASP+ and ADO+. ASP.NET provides program-
ming models for building Web Forms and Web Ser-
vices. ADO.NET provides classes for accessing
.NET experience Extensible Markup Language (XML) documents in
A term representing a user’s interaction with Web ser-
relational data stores.
vices based upon the Microsoft .NET platform.
The .NET Framework is designed to run on a variety of
Overview
platforms, including Microsoft Windows 95, Windows
The term experience is often used in modern-day pro-
98, Windows NT 4, Windows Millennium Edition
gramming parlance to describe the interaction between
(Me), Windows 2000, Windows XP, and Windows
the user and the user interface for an application. A
.NET Server. There is also a version called the .NET
.NET experience is similar to user interaction with
830
NetLogon Share .NET platform
831
netstat NetWare
2000 and SQL Server 2000, which have been partially netstat
XML-enabled and provide the underlying “plumbing” A Transmission Control Protocol/Internet Protocol
for Web services to function. Other .NET servers, such (TCP/IP) command that displays current TCP/IP con-
as Application Center 2000 and BizTalk Server 2000, nectivity status and statistics.
carry this aggregation and integration of Web services
to a higher level using special languages such as Overview
XLANG and SOAP. Netstat can be run from the Microsoft Windows 2000
command prompt to view current TCP/IP protocol sta-
● Building block services: These services are designed tistics and connections for the local computer. You can
to ensure that the .NET end-user experience is simple, also use it to view statistics on a per-protocol basis for
consistent, and compelling. Building block services Transmission Control Protocol (TCP), User Datagram
perform functions such as managing identities, pro- Protocol (UDP), Internet Protocol (IP), and Internet
viding notifications, and providing schematized stor- Control Message Protocol (ICMP).
age that are necessary to enable the user experience to
be consistent across different services, applications, In particular, netstat provides information on
devices, and platforms. Microsoft Corporation is ● IP addresses and port numbers of TCP/IP connec-
developing a core set of building block services, but tions, including client and server connections.
many more will be developed by third-party partners Either host names or IP addresses can be displayed.
for corporate use.
● Ethernet statistics, including bytes sent and
● Devices: An important part of the .NET vision is received, directed and broadcast frames sent and
that Microsoft is developing client and device received, discards, and errors.
software that can bring the rich .NET experience
to users through a variety of smart devices such ● The routing table for the local machine.
as Web-enabled cell phones, Pocket PCs, Tablet Examples
N PCs, and other devices. Microsoft is developing
.NET device software for a number of platforms,
To display all connections and listening ports for both
TCP and UDP, type netstat –a at the command prompt.
including Windows XP, Windows 2000, Windows
Millennium Edition (Me), Windows CE, and embed- See Also: Transmission Control Protocol/Internet
ded Windows. Protocol (TCP/IP)
832
NetWare Core Protocol (NCP) NetWare Directory Services (NDS)
easy to administer using text-based menu-driven ● Gateway Service for NetWare (GSNW)
MS-DOS–based utilities such as Syscon, Filer,
● Client Services for NetWare (CSNW)
Fconsole, Pconsole, and Monitor. Security on these
platforms was based on the NetWare bindery, and ● File and Print Services for NetWare (FPNW)
networking was supported by a proprietary suite of
● Migration Tool for NetWare
protocols based on Internetwork Packet Exchange/
Sequential Packet Exchange (IPX/SPX) developed by For More Information
Novell. Visit Novell online at www.novell.com.
NetWare 4 provided a more scalable solution for the See Also: Client Services for NetWare (CSNW), File
enterprise by introducing Novell Directory Services and Print Services for NetWare (FPNW), Gateway Ser-
(NDS), a hierarchical directory service that replaced the vice for NetWare (GSNW), Internet Protocol (IP), Net-
bindery of earlier versions. NDS enabled users and appli- Ware protocols, Novell Directory Services (NDS)
cations to easily locate and access shared resources any-
where on a Novell network regardless of their location.
NetWare Core Protocol (NCP)
NetWare 4 supported single-network logon, in which
A legacy NetWare protocol.
users log on once to the NDS tree, are authenticated, and
can then find and access all resources on the network for Overview
which they have appropriate permissions. NetWare 4 NetWare Core Protocol (NCP) operates at the presentation
also supported industry-standard Internet Protocol (IP) layer protocol of the Open Systems Interconnection (OSI)
by encapsulating IP datagrams within IPX packets. The reference model. NCP enables sharing of file and print ser-
Windows-based administration tool Nwadmin also vices on legacy NetWare 2.x and 3.x platforms and per-
replaced most of the menu-driven MS-DOS–based forms various other accounting and security functions.
administration tools and enabled managing a NetWare
NCP functions by using information learned through
4-based network from a single console.
NetWare 5 included support for native IP, replacing the
Service Advertising Protocol (SAP) broadcasts. It
employs Internetwork Packet Exchange (IPX) as its
N
legacy IPX/SPX used in earlier versions, plus related underlying transport and requires acknowledgment of
Internet protocols such as Dynamic Host Configuration every packet transmitted.
Protocol (DHCP) and Domain Name System (DNS).
NCP is the analog of Server Message Block (SMB),
NetWare 5 also included a new multiprocessing kernel
a protocol used for similar purposes in Microsoft
with support for virtual memory.
Windows platforms.
The latest version, NetWare 6, includes a number of
See Also: Internetwork Packet Exchange (IPX), Net-
enhancements, including Internet file and printing ser-
Ware protocols, Open Systems Interconnection (OSI)
vices, 32-way symmetric multiprocessing (SMP), and
reference model, Server Message Block (SMB)
32-way clustering support.
Notes NetWare Directory Services
Microsoft Windows 2000 includes a number of proto- (NDS)
cols and services that support interoperability between
Old name for Novell Directory Services, the directory
Microsoft Windows and Novell NetWare platforms,
services platform from Novell Networks.
and migration from NetWare to Windows 2000. These
tools include See: Novell Directory Services (NDS)
● NWLink IPX/SPX-Compatible Transport
833
NetWare protocols NetWare protocols
834
network network
ence model, routing, Routing Information Protocol Computer Memory Card International Association
(RIP), Service Advertising Protocol (SAP), Transmis- (PCMCIA) cards for laptop computers and wireless
sion Control Protocol/Internet Protocol (TCP/IP), User access cards for wireless networking.
Datagram Protocol (UDP)
● Network protocol suite: A collection of protocols
that control the exact steps which computers use when
network communicating over a network. An example is the
A group of computers that can communicate with one Transmission Control Protocol/Internet Protocol
another. (TCP/IP) suite, which includes Internet Protocol (IP),
Transmission Control Protocol (TCP), Address Reso-
Overview
lution Protocol (ARP), and Hypertext Transfer Proto-
Networks harness the power of computers by allowing
col (HTTP). Each protocol within a network protocol
them to work together. By creating a network, users can
suite has a specific function to support communication
share resources with one another and send messages to
between computers on a network.
one another. Networks also allow applications to be dis-
tributed across multiple computers. Networks provide In addition to cables, NICs, and computers, most mod-
applications and users with many benefits over stand- ern networks also require some kind of dedicated net-
alone (independent) computers, including working device in order to concentrate (join together)
the cabling into an actual network. These devices fall
● Distributed processing capability
into two general categories:
● Enhanced storage capability
● LAN devices: Used to build local area networks
● Centralized management of security and access to (LANs) and include hubs, bridges, routers, and
resources switches.
● Greater scalability, robustness, and redundancy ● WAN devices: Used to connect LANs using wide
For computers to be connected into a network, they
area network (WAN) services from a telecommuni-
cations service provider. Examples include routers,
N
require three things:
access servers, channel service unit/data service
● Network client: Software running on the computer units (CSU/DSUs), multiplexers, Frame Relay
that makes the computer network-aware (able to be Access Devices (FRADs), analog modems, Inte-
networked to other computers and to communicate grated Services Digital Network (ISDN) terminal
with them). Operating systems such as Microsoft adapters, and a host of other devices depending on
Windows are sometimes called network operating sys- the telecom service employed.
tems because they have built-in network client soft-
Together with the cabling, these LAN and WAN devices
ware and are thus intrinsically network-aware. Older
constitute the infrastructure of a company’s network.
operating systems such as Microsoft Disk Operating
System (MS-DOS) were not networkable by them- Types
selves and required additional software such as the Networks can be classified in many ways. For example,
Microsoft Network Client 3 for MS-DOS in order to they can be distinguished according to
communicate on a network.
● Administration: Networks can be private networks
● Network interface card (NIC): A card inserted into a (owned and operated by a company or organization)
slot on the computer’s motherboard. The card pro- or public networks (shared or leased to companies by
vides a physical connection and the necessary elec- a service provider). The Internet is a collection of
tronics in order for a network cable to be connected to public networks connected together and running the
the computer. Other forms of NICs include Personal TCP/IP protocol suite. Not all public networks are
835
network network
part of the Internet, however—for example, AT&T’s ● Topology: The term topology refers to the manner
Frame Relay network is a telecommunications and complexity of interconnections between comput-
network that companies can lease and use to connect ers on a network. Possible network topologies include
networks located in geographically separated regions. the bus topology, star topology, ring topology, and
mesh topology. Networks can also be described as
● Architecture: This describes the way signals are
either flat (using one of the topologies listed previ-
transmitted across the network. Examples of common
ously) or hierarchical (using combinations of differ-
network architectures include Ethernet (including
ent topologies or multiple levels of a single topology).
Fast Ethernet and Gigabit Ethernet), Token Ring,
Fiber Distributed Data Interface (FDDI), Asynchro- ● Media: Computers can be physically connected
nous Transfer Mode (ATM), and even serial transmis- together in various ways including using coaxial
sion using RS-232, V.35, and other interfaces. cabling, twisted-pair cabling, and fiber-optic cabling.
Computers can also be networked without wires, an
● Physical size: Depending on the number of comput-
approach called wireless networking.
ers involved and the location of these machines, net-
works can be variously labeled as local area networks Notes
(LANs), campus area networks (CANs), metropoli- In TCP/IP networking, the term network is sometimes
tan area networks (MANs), or wide area networks used to refer specifically to a group of hosts having the
(WANs). LANs and CANs are usually owned and same network ID. Several such networks can then be
managed by a single company or organization, connected using routers to form a larger network called
MANs are typically owned and managed by telcos an internetwork. Individual networks within an internet-
and other service providers and leased to companies work are usually referred to as subnets or subnetworks.
to connect their LANs, and WANs typically consist of
See Also: analog modem, Asynchronous Transfer
LANs owned and operated by one or more organiza-
Mode (ATM), backbone, bridge, bus topology, cabling,
tions and connected using leased services owned by
campus area network (CAN), coaxial cabling, domain
N another organization.
controller, domain (DNS), Ethernet, Ethernet switch,
● Protocol: Networks use a variety of different proto- Fast Ethernet, Fiber Distributed Data Interface
cols, that is, methods for packaging information into (FDDI), fiber-optic cabling, Gigabit Ethernet (GbE),
frames, packets, or cells for transmission across a net- hub, infrastructure, Internet, internetwork, ISDN ter-
work. Common examples of networking protocols minal adapter, local area network (LAN), mesh topol-
include TCP/IP, Internetwork Packet Exchange/ ogy, metropolitan area network (MAN), multiplexer
Sequential Packet Exchange (IPX/SPX), and Systems (MUX), network architecture, network client, network
Network Architecture (SNA). design, network ID, network management, network
operating system (NOS), network troubleshooting, ring
● Security: Networks vary depending on how clients
topology, router, serial transmission, star topology,
are authenticated and how resources are secured. Two
subnet, Systems Network Architecture (SNA), Token
common ways of implementing this include the
Ring, Transmission Control Protocol/Internet Protocol
workgroup, where every computer controls its own
(TCP/IP), twisted-pair cabling, wide area network
security, and the domain, where a special server
(WAN), wireless networking, workgroup
called a domain controller manages security for the
entire network. Both the workgroup and the domain
model are supported by Windows 2000, Windows
XP, and Windows .NET Server.
836
Network Access Point (NAP) network access server (NAS)
Network Access Point (NAP) To lessen the traffic burden on the Internet’s backbone,
A point where Internet traffic is exchanged between major ISPs can connect their services directly to a NAP
Internet service providers (ISPs). in the form of a “peering arrangement,” whereby traffic
that needs to move between two ISPs connected to the
Overview same NAP can move directly from one ISP to the other
Network Access Points (NAPs) are points where sections instead of having to traverse the Internet’s backbone.
of the Internet’s high-speed backbone are connected
together in order to exchange traffic between ISPs—typ- See Also: inter-exchange carrier (IXC), Internet
ically, this means connections between Tier 1 ISPs (large service provider (ISP)
backbone providers) and Tier 2 ISPs (regional provid-
ers). Since the global portion of the Internet’s backbone network access server (NAS)
consists of long-haul fiber-optic cabling and high-speed The server at the Internet service provider (ISP) end of
Asynchronous Transfer Mode (ATM) switching equip- a dial-up connection.
ment owned and is operated by inter-exchange carriers
(IXCs) such as AT&T, Sprint Corporation, and MCI Overview
WorldCom, such NAPs are usually located where these The term network access server (NAS) is a general
carriers interconnect their long-haul lines together, and name for the server at an ISP that supports Point-to-
they contain high-speed switching facilities for transfer- Point Protocol (PPP) connections for dial-up clients.
ring traffic from one carrier’s lines to another’s. The NAS is typically responsible for authenticating the
dial-up client’s credentials and negotiating flow con-
In the Internet’s early days, the National Science Foun- trol and error correction. The NAS is often a general-
dation established four different NAPs in Chicago, New purpose server running special software such as Micro-
York, San Francisco, and Washington, D.C. With the soft Windows 2000’s Internet Connection Services.
growth of the Internet and the changing landscape of Alternatively, a NAS may be a standard router that
telecommunication companies, many more NAPs have supports PPP.
been created. These include the well-known “MAE
The NAS can sometimes also be used to establish tun-
N
West” in San Jose, California, and “MAE East” in
Washington, D.C., both of which are operated by MCI nels through the Internet for virtual private networking
WorldCom. (VPN), for example, by using Point-to-Point Tunneling
Protocol (PPTP).
Network PPTP
Modem access server server
PPTP client bank
Modem
Internet
.PPP.
.PPTP.
G0NXX02 (was G0NUI03 in 1E)
837
network adapter card network address translation (NAT)
Another name for a NAS is a point of presence (POP) nonroutable addresses, and networks using these
server. addresses cannot directly connect to the Internet
using a router. Instead, they need a router or access
See Also: Internet service provider (ISP),
device that supports NAT so that these nonroutable
Point-to-Point Protocol (PPP), Point-to-Point Tun-
addresses can be translated into public addresses for
neling Protocol (PPTP), router, virtual private net-
routing over the Internet.
work (VPN)
● Address multiplexing: NAT allows IP addresses of
multiple hosts on a private network to be exposed
network adapter card
to the Internet as a single public IP address. This
Usually called network interface card, a device that
allows the addresses of hosts on a private network
allows a computer to communicate on a network.
to be hidden from the outside world, improving
See: network interface card (NIC) security on the network. Address multiplexing is
sometimes referred to as network address port
network address translation translation (NAPT).
(NAT) NAT is defined in RFC 1631, and the IP addresses
A method of substituting one Internet Protocol (IP) reserved by IANA for use on private networks is
address for another. defined in RFC 1918.
Overview Uses
Network address translation (NAT) is a mechanism for NAT has several uses in enterprise networks:
translating the IP addresses of hosts on one network
into IP addresses belonging to a different network. NAT ● NAT allows corporate networks using RFC 1918
is usually used at the boundary of two networks, espe- private network addresses to access the Internet
cially where a private network such as a corporate net- through NAT-enabled routers and access servers.
N work meets a public network such as the Internet. NAT also enables older enterprises that deployed
addresses noncompliant with RFC 1918 to connect
The motivation behind the creation of NAT is that to the Internet.
the number of available global (public) registered IP
addresses on the Internet is rapidly being depleted. NAT ● NAT allows corporate networks to hide the address
works around this problem by topology of their networks from the Internet. NAT
is not a replacement for firewalls, though, as in
● Address reuse: NAT allows multiple private net- itself it performs no address or port filtering, just
works to use the same network IDs (same range of translation. In fact, NAT is usually available as an
IP addresses). Private networks (networks not additional feature on most firewall products today.
directly connected to the Internet) can use any
range of IP addresses but usually employ those ● Often two private networks need to join together as
addresses specially reserved by the Internet a result of a merger. If both networks are using the
Assigned Numbers Authority (IANA) for private same RFC 1918 addresses, NAT enables the net-
network usage, such as 10.0.0.0 through works to be united without the needed of readdress-
10.255.255.255 (or 10/8 in classless interdomain ing one of them.
routing [CDIR] notation), 172.16.0.0 through Implementation
172.32.255.255 (or 172.16/12), and 192.168.0.0 In a typical NAT scenario, a NAT-enabled router con-
through 192.168.255.255 (or 192.168/16). nects an internal corporate network with the Internet.
Addresses in this range are designated by IANA as The internal network has multiple IP hosts using private
838
network address translation (NAT) network address translation (NAT)
network IP addresses, while the router has a similar pri- however, for connections between private networks
vate IP address on its near-side (internal) interface and a and the Internet due to the large number of possible
public (global) address on its far-side (internal) inter- connections to Internet hosts, which can make the
face. NAT operates by examining traffic that passes NAT table grow excessively large thus degrading
through the router and building a table that maps the router performance.
connections between hosts inside the network and hosts
or
outside on the Internet. For each connection the table
contains ● Dynamically assigned: NAT-enabled routers can
often dynamically allocate IP addresses to hosts on
● Original IP address and port number of source
the private network by selecting addresses drawn
address
from a specified pool. Dynamic NAT mappings are
● Original IP address and port number of destination also one-to-one mappings between actual and trans-
address lated addresses. This process is similar to Dynamic
Host Configuration Protocol (DHCP) and can be
● Translated IP address and port number of source
done either randomly or, more usually, on a round-
address
robin basis. Each time a connection is formed
● Translated IP address and port number of destination between the external and internal networks, NAT
address assigns a different IP address from the pool to the
internal host being connected to and address infor-
● Transmission Control Protocol (TCP) and Internet
mation in packets is modified accordingly.
Control Message Protocol (ICMP) sequence numbers
Another popular form of dynamic NAT is called address
All packets that enter the network through the router
overloading, masquerading, port address translation
have their addresses translated, and all packets leaving
(PAT), or network address port translation (NAPT). In
the network have their addresses translated back again.
this situation all the IP addresses of the internal private
Implementing NAT on a router or firewall thus involves network are hidden to outsiders, who can access only the N
creating and configuring a NAT table containing these single IP address of the interface exposed to the public
private/public IP address mappings. These address network. Address overloading thus employs many-to-
mappings can either be one mappings of IP addresses and is used when the num-
ber of internal addresses is greater than the available
● Manually created: A static NAT table essentially
number of global addresses. Address overloading differs
consists of a series of manually created NAT rules
from standard NAT in that port numbers are also trans-
that specify how IP addresses will be translated.
lated, not just IP addresses. For example, it is possible to
Static NAT mappings are always one-to-one map-
multiplex many TCP connections through a single global
pings between actual and translated addresses. For
IP address by assigning each connection a different port
example, a typical static NAT rule might be equiva-
number. These numbers might be chosen, for example,
lent to the statement, “Translate all IP addresses
from the range 61,000 through 65,096, which would
belonging to the network 176.43.8.z to IP addresses
allow up to 4096 simultaneous TCP connections through
in the form 145.5.133.z with the subnet mask
a single overloaded IP address. Address overloading is
255.255.255.0 used for both networks.” This rule
often used by firewalls and sometimes for load balancing
results in the address 176.43.8.1 being mapped
Web servers.
to 145.5.133.1, 176.43.8.2 being mapped to
145.5.133.2, and so on. This approach can be used, Advantages and Disadvantages
for example, when corporate networks with con- NAT provides corporate networks with portability by
flicting addresses need to be merged into one net- eliminating the need for an organization to obtain
work. Static mappings are not very useful, globally unique IP addresses from its Internet service
839
network address translation (NAT) network address translation (NAT)
provider (ISP). Should an organization using global as well. The main way of working around this issue
addresses need to change providers, this usually means with IPsec, a popular IP encryption protocol, is to
obtaining new global addresses from the new provider use a router that supports both NAT and virtual pri-
and reconfiguring the network accordingly. With NAT, vate networking (VPN) to tunnel IPsec-encrypted
a company can use RFC 1918 private addresses for packets through unencrypted IP packets that can be
hosts on its corporate network, regardless of which translated using NAT, but this is a complicated
ISP it is connected to the Internet through. And when workaround that increases the router’s processing
changing ISPs, the only reconfiguration that would be load (and therefore the cost).
required would be on the external interface of the com-
● Embedded addresses: NAT does not work with
pany’s router or firewall, which would need a new glo-
protocols that embed address and port information
bal address obtained from the new provider.
within the data portion of packets in a nonpredict-
NAT also reduces cost for large corporate networks that able fashion.
need to connect to the Internet. This is because with-
The following table lists some of the protocols that have
out NAT you would need to purchase a large block of
no trouble working with NAT, that can work with NAT
unique IP addresses from your ISP in order to connect
as long as NAT devices are specially configured to sup-
your network with the Internet, and such address blocks
port them, and that cannot easily work with NAT.
are sometimes scarce and therefore costly. Using NAT,
however, only the far side (public interface) of your Support for NAT by Popular Internet Protocols
router or firewall needs a unique global IP address Work with Can Be
obtained from your ISP—within your network you can NAT by Configured To Cannot Easily
use RFC 1918 addresses because your private network Default Work with NAT Work with NAT
is securely hidden from the outside world behind your Hyptertext Domain Name Boot Protocol
NAT-enabled router firewall. And RFC 1918 addressing Transfer System (DNS) (BOOTP)
provides companies with access to address blocks as
N large as Class A (the 10/8 block) that can support mil-
Protocol (HTTP)
Network File
name resolution
File Transfer
IPsec
Kerberos
lions of different hosts. Try obtaining a Class A from an System (NFS) Protocol (FTP) Novell Directory
ISP today if you think you need one—all Class A Network Time H.323 Services (NDS)
addresses have been assigned years ago, and only a few Protocol (NTP) Internet Control zone transfers
Class B addresses are still available. Rlogin Message Protobol Routing table
Telnet (ICMP) updates
NAT also helps to conserve the available pool of IPv4
Trivial File IP multicast Simple Network
addresses for the Internet, thus postponing the day
Transfer Protocol NetBIOS over Management
when networks will need to be migrated to IPv6, a pro-
(TFTP) TCP/IP (NetBT) Protocol (SNMP)
cess that may be costly for large enterprises and will
require considerable training of network professionals Another disadvantage of NAT is that end-to-end con-
in use of the new protocol. nectivity is effectively lost, which makes it more diffi-
NAT’s main disadvantage is that some protocols (and cult to troubleshoot routing issues. Also, more costly
hence the applications that use them) simply do not routers may be required due to the additional process-
work when IP addresses are translated. This particularly ing overhead incurred by NAT. This processing over-
applies to protocols that involve head can introduce additional latency into internet-
works using NAT-enabled routers, which can degrade
● Encryption: NAT does not work with protocols time-sensitive applications such as Voice over IP (VoIP)
that use encryption schemes, and it can interfere and streaming multimedia presentations.
with authentication systems that employ encryption
840
network architecture network architecture
Marketplace mobile devices just over the horizon, and some countries
Many routers and access servers support NAT. In particu- such as Japan are already starting to roll out IPv6 on these
lar, Cisco System routers running Cisco’s Internetwork devices. Workarounds such as NAT may still be in use for
Operating System (IOS) versions 11.2 and higher sup- years, however, and gateways can be deployed for con-
port NAT. verting IPv6 to IPv4 addresses within the mixed IPv6/4
environment that is likely to characterize the global Inter-
Microsoft Windows 2000 supports two ways of translat-
net of the next decade.
ing IP addresses for connecting a private network with the
Internet: See Also: classless interdomain routing (CIDR),
Dynamic Host Configuration Protocol (DHCP), fire-
● Internet Connection Sharing (ICS): Intended for
wall, Internet, IP address, IPsec, routing, virtual pri-
small office/home office (SOHO) environments to
vate network (VPN)
provide access to the Internet through a designated
Windows 2000, Windows XP, or Windows .NET
Server computer. ICS automatically allocates network architecture
addresses for internal hosts and only supports one Method used for packaging information for transmis-
interface to the internal network. sion over a network.
Prospects
include N
NAT is essentially a workaround to extend the viability of ● Ethernet: This is by far the most popular LAN net-
the current IPv4 system by reducing the number of unique work architecture in use today. Ethernet, together
IP addresses required for connectivity to the Internet. with Fast Ethernet and Gigabit Ethernet (GbE),
NAT is viewed as a temporary solution until existing IPv4 forms the basis of all types of business networks
networks can be fully migrated to the new IPv6 standard. from the small office/home office (SOHO) to the
However, the security advantages of using NAT-enabled enterprise.
firewalls has actually revitalized IPv4 to an extent and
● Token Ring: This architecture was developed by
hence made migration to IPv6 seem less urgent to many
IBM and can support speeds of 4 and 16 megabits
network architects. Thus, while the Internet community
per second (Mbps). In the mid-1990s work was
presses for migration to IPv6, most large enterprises are
going on to push Token Ring to speeds up of 100
content to use NAT and avoid the costs associated with a
Mbps and higher, but these have been largely aban-
mass upgrade to the newer IPv6 protocol.
doned as Fast Ethernet and GbE have displaced
On the other hand, the proliferation of small mobile net- Token Ring in most enterprises.
worked devices such as Web-enabled cell phones and Per-
● Fiber Distributed Data Interface (FDDI): This
sonal Digital Assistants (PDAs) may provide the impetus
architecture runs over fiber-optic cabling and was
needed to push the wider networking community toward
widely used in the late 1980s and early 1990s for
IPv6. The current IPv4 system lacks sufficient available
backbones in campus area networks (CANs). It has
addresses to support the millions of Internet-enabled
largely been replaced by Fast Ethernet and GbE.
841
network attached storage (NAS) network attached storage (NAS)
842
network client Network Client 3 for MS-DOS
843
Network Control Protocol (NCP) network design
844
network design network design
only use different technologies than LANs but also over a period of years. As new networking technolo-
involve leasing telecommunications services from gies are added, existing ones are maintained as legacy
telcos and other service providers, distributing net- services to reduce the up-front cost of migrating archi-
work administration among regional offices, and tectures, services, and data. The result is anything but
dealing with legal and political issues. simple, so anything a network manager can do to
reduce the complexity of an enterprise network should
● Simplicity: Managing a heterogeneous network con-
be done. The most important thing to do, of course, is
sisting of multiple network architectures and protocols
to plan each modification of the network carefully.
can be a headache, but it is also a reality that most large
enterprises grow their network in an organic fashion
Layer 3
switch
Layer 2 or router
switch
Layer 4
Layer 3 switch
switch
or router
Server
Stackable farm
hubs
Layer 3
switch
or router
N
LAN
Workgroup
switch LAN
Departmental
LANs
LAN
Core level
Workstations
Distribution level
Access level
845
network design network design
● Size: Flat networks may suffice for small businesses, are typically used at this level. Many enterprises employ
but in enterprises where thousands of machines need a dual core with redundant switches to ensure that critical
to be networked, a hierarchical network is more scal- backbone traffic is carried uninterrupted. The distribution
able and manageable. level of older enterprise networks employed routers for
routing traffic to and from the core, but modern networks
● Standards: Using protocols and equipment that con-
tend to use Layer 3 switches instead. The access level
form to internationally recognized standards can be a
uses hubs or Layer 2 workgroup switches if greater car-
lifesaver in network design. Although networking
rying capacity is required for multimedia desktop appli-
devices can initially be purchased from a single ven-
cations. The switches for the access and distribution
dor to eliminate interoperability issues, the vendor
layers are often combined in the form of switch blocks as
you purchased from might not be around several
mentioned above.
years later when you want to expand your network.
Purchasing standards-based networking equipment Notes
ensures (usually) that when you later add devices To get an idea of how the science of network design has
from a different (but also standards-based) vendor to evolved over the last decade, consider the following
your existing network, no interoperability issues will table, which describes a typical network problem and
arise to haunt you. how to solve it based on late 1980s and late 1990s net-
work design principles.
Architecture
A typical enterprise network today uses a hierarchical Network Design: Old and New
design having three levels: Issue Old Approach New Approach
LAN traffic Segment the Replace hubs with
● Core level: This is the network’s backbone, and it
is becoming network switches
carries the greatest load of traffic. The network’s core
congested
can be located in a single equipment room (collapsed
Real-time Throw band- Implement Quality
backbone) or spread throughout a building or cam-
N pus (distributed backbone). The core connects the
applications
perform poorly
width at the
problem
of Service (QoS)
switches and routers that form the basis of the next Network is Use a combina- Use multilayer
level of the network, the distribution level. complex, heter- tion of routers, switches
● Distribution level: This is the portion of the network ogeneous, and switches, and
responsible for moving traffic from one site (or multiprotocol load balancers
department or workgroup or floor or building) to Remote users Use expensive Use virtual private
need access to leased lines for networking (VPN)
another. Traffic control features are typically imple-
the network branch offices over the Internet
mented at this level as well. Different blocks of the
and slow dial-
distribution level are connected by the core, and
up for mobile
the distribution level delivers traffic to end users
users
through the access level. Each block of the distribu- WAN traffic Lease a bigger Use a content delivery
tion level (called switch block) defines a separate is becoming WAN pipe network (CDN) or
broadcast domain, typically serving no more than congested redirect traffic to local
2000 hosts to ensure good performance. caching devices
● Access level: This portion of the network provides
See Also: 80/20 rule, backbone, Ethernet, Ethernet
users’ client machines with direct access to the network.
switch, Fast Ethernet, hub, infrastructure, Layer 2
The specific networking technologies and infrastructure switch, Layer 3 switch, local area network (LAN),
used within each level of an enterprise network vary as multihoming, Multilayer Switching (MLS), network,
well. The main function of the core is to transport traffic network architecture, quality of service (QoS),
quickly, and, as a result, large Layer 2 backbone switches router, routing, wide area network (WAN)
846
network driver interface specification (NDIS) Network File System (NFS)
847
network ID network ID
NFS allows clients to locate and access files stored on uses remote procedure calls (RPCs) running over User
remote servers. The original NFS specification was Datagram Protocol (UDP) on server port 2049 for state-
designed for local area network (LAN) use and was not less communication between clients and file servers on
optimized for wide area network (WAN) connections, the network. NFS clients (client machines running NFS
but the current version NFS 3 performs well in the client software) import remote file systems from NFS
WAN as well as the LAN. The features of NFS 3 servers, while the NFS servers export local file systems
include to clients. Machines running the NFS client can connect
to NFS servers and read, modify, copy, move, or delete
● Support for terabyte-size files using 64-bit file size
files on the server using RPC requests such as READ,
indicators (previous versions supported files up to 4
WRITE, CREATE, and MKDIR. To the user accessing
gigabytes in size).
the remote file system from the client, the files appear
● Maximum packet size of 64 kilobytes (earlier ver- to be stored locally on his or her system. Before a user
sions supported only 8 KB packet size). can access files within the directory structure on the
local UNIX file system of the NFS server, the adminis-
● Choice of User Datagram Protocol (UDP) or Trans-
trator must generally mount the portions of the local
mission Control Protocol (TCP) for NFS network
UNIX file system that will be made accessible to clients
transport (earlier versions supported only UDP,
and assign appropriate user privileges.
which performed poorly over a WAN).
Marketplace
● Support for caching of client requests by the server.
Although NFS is widely used on UNIX platforms,
The original NFS specification is defined in RFC 1094 another file sharing protocol called Server Message
and the current NFS 3 version is defined in RFC 1813. Block (SMB) is common on Windows platforms.
Windows 2000 and Windows .NET Server support NFS
Implementation
in Services For Unix (SFU) version 2, and products
NFS uses a layered protocol architecture that maps to
such as Samba implement SMB on UNIX platforms.
N the seven layers of the Open Systems Interconnection
(OSI) reference model as shown in the following table.
Interoperability between SMB and NFS is thus avail-
able both ways for integrating Windows and UNIX
NFS Protocol Suite platforms for common file sharing purposes. A wide
OSI Layer NFS Protocol variety of third-party products are also available that
Physical Any (Ethernet common) implement NFS on the Windows platform, including
Data link Same as Physical ChameleonNFS from NetManage, NFS Maestro from
Network Internet Protocol (IP) Hummingbird International, and many others.
Transport User Datagram Protocol (UDP) and See Also: Internet Protocol (IP), Linux, Microsoft
Transmission Control Protocol (TCP) Windows, Network Information System (NIS), remote
Session Remote Procedure Call (RPC) protocol procedure call (RPC), Server Message Block (SMB),
Presentation External Data Representation (XDR) Transmission Control Protocol (TCP), UNIX, User
protocol
Datagram Protocol (UDP)
Application Network File System (NFS) and Net-
work Information System (NIS)
network ID
NFS is implemented as a client/server system that uses The portion of an Internet Protocol (IP) address that
special NFS servers and NFS client software running on identifies the subnet on which the host resides.
workstations. These servers use NFS to export (make
available) their file system to machines running NFS Overview
clients—to the client machine the exported file system The IP address of a host consists of two parts: the net-
appears as part of its own local file system. NFS typically work ID and the host ID. The network ID portion of an
848
Network Information System (NIS) network interface card (NIC)
IP address uniquely identifies the host’s local subnet. network interface card (NIC)
By contrast, the host ID portion of the IP address iden- Also called network adapter card or network card, a
tifies the host within its local subnet. Together, the host device that allows a computer to communicate on a
ID and network ID uniquely identify the host on an network.
internetwork.
Overview
Examples Network interface cards (NICs) are typically adapter
The network ID is found by logically ANDing the binary cards that plug into a slot on the a computer’s mother-
form of the IP address with the binary form of the subnet board, but they also come in Personal Computer Mem-
mask for the network. For example, if a host has an IP ory Card International Association (PCMCIA) card
address of 172.16.8.55 on a network with a subnet mask format for laptop computers and as cards or external
of 255.255.0.0 (the default subnet mask), the network ID devices for wireless networking. A wide variety of
of the host is 172.16.0.0, or simply 172.16, as it com- devices for home networking also perform the same
prises the first 16 bits of the 32-bit address. general function of a NIC, including devices that plug
See Also: host ID, Internet Protocol (IP), IP address, into Universal Serial Bus (USB), parallel, or serial ports
subnet and transmit network signals over twisted pair wiring,
telephone lines, or even electrical lines in a home. This
article focuses, however, on the use of NICs in servers
Network Information System in enterprise environments, particularly in Gigabit
(NIS) Ethernet (GbE) networking.
A protocol used for naming and directory services on
UNIX platforms. Types
NICs are typically
Overview
Network Information System (NIS) functions as a kind ● Media-specific: UTP and fiber-optic cabling are
the two most common options. Some older combo
of telephone book for locating resources on a Transmis-
sion Control Protocol/Internet Protocol (TCP/IP) net- cards support both thinnet and UTP. N
work. In fact, the original name for NIS was “Yellow ● Network architecture-specific: Ethernet, Token
Pages (YP).” NIS enables users and applications dis- Ring, and Fiber Distributed Data Interface (FDDI)
tributed across a network to locate and access files and each use their own distinctive type of NIC.
applications anywhere in the network by accessing a
central NIS server. The kinds of information typically NICs for Ethernet networks are available in various
provided by NIS servers include password files, host speeds including 10 megabits per second (Mbps) for
tables, and e-mail aliases. Ethernet, autosensing 10/100 Mbps for Fast Ethernet,
and autosensing 10/100/1000 Mbps for GbE. These
NIS operates using broadcasts, and on most UNIX plat- autosensing NICs determine the highest network speed
forms, NIS clients communicate with NIS servers using supported by hubs and switches on the network and
remote procedure calls (RPCs) running over User Data- configure themselves accordingly.
gram Protocol (UDP).
Implementation
The original NIS was not secure and NIS servers were NICs are available for all common system bus types,
often targeted in attacks on UNIX networks. A newer including Industry Standard Architecture (ISA),
version developed by Sun Microsystems called NIS+ Extended Industry Standard Architecture (EISA),
includes additional security features, but it has gained Micro Channel Architecture, and Peripheral Compo-
only limited popularity in the marketplace. nent Interconnect (PCI). PCI cards are available in
See Also: remote procedure call (RPC), UNIX, User 32-bit and 64-bit form and give the best performance. In
Datagram Protocol (UDP) addition, PCI NICs are plug and play and hence easy to
849
network layer network layer
install and configure, in comparison to legacy NICs that e-commerce, as an inferior NIC can easily become a
require manual configuration of interrupt request (IRQ) bottleneck for accessing network services. Some GbE
and base I/O port settings. NICs support advanced features such as onboard Inter-
net Protocol Security (IPsec) processing to offload
A NIC’s role is to convert the parallel stream of data on
workload from the server. Certain NICs from 3Com fall
a computer’s bus to serial form for transmission over
into this category. Other smaller vendors have produced
the medium joining computers together on the network.
high-performance NICs with specialized features, such
This medium is typically either Category 5 (Cat 5) or
as Akamba Corporation’s technology that allows for
enhanced Category 5 (Cat 5e) unshielded twisted-pair
NICs used in Web servers to process Hypertext Transfer
(UTP) cabling, fiber-optic cabling, or in the case of
Protocol (HTTP) traffic, and Alacritech’s technology
wireless networking, free space. The computer can
for implementing a server’s TCP stack in hardware on
communicate with the NIC using several methods,
the NIC.
including memory-mapped I/O, direct memory access
(DMA), or shared memory. A parallel stream of data is See Also: Category 5 (Cat5) cabling, enhanced Cate-
sent to the card and buffered in on-card memory before gory 5 (Cat5e) cabling, Ethernet, Fast Ethernet, Fiber
being packaged into discrete frames for transmission Distributed Data Interface (FDDI), fiber-optic cabling,
over the network. Framing adds headers and trailers to frame, Gigabit Ethernet (GbE), serial transmission,
the data, which contains addressing, clocking, and Token Ring, universal serial bus (USB), unshielded
error-checking information. The frames are then con- twisted-pair (UTP) cabling, wireless networking
verted to electrical voltage pulses that drive an electrical
signal over the wire (for copper wiring), modulated
network layer
light pulses (for fiber-optic cabling), or microwaves (for
Layer 3 of the Open Systems Interconnection (OSI) ref-
wireless networking). The NIC on the receiving com-
erence model.
puter processes the signal in the reverse order, convert-
ing the signal first into a bit stream of frames and then Overview
N into a parallel data stream for the receiving computer’s When two hosts on a network need to communicate, the
bus. Some of the above functions are built into the network layer is responsible for determining a suitable
NIC’s firmware, and the remainder are implemented by path across the network, usually through some form of
the NIC driver software installed on the computer. route calculation. The network layer thus enables hosts
on a network to establish communications with each
Marketplace other. The network layer is also responsible for
The largest producer of enterprise NICs overall is
3Com Corporation, while the top producer of GbE ● Logical addressing of packets so they can be routed
NICs is Intel Corporation, which has almost half of the over the network to their intended destination
enterprise market in this arena. 3Com is in second place
● Fragmenting packets that are too large to be for-
in the GbE NIC market after its recent acquisition of
warded by router interfaces into sequences of
Alteon Web Systems’ GbE adapter technology. Asanté
smaller packets
Technologies rocked the market in 2000 with its intro-
duction of a copper-based 1000BaseT NIC that sold for ● Reassembly of sequences of packets into their orig-
around $150—half the price of other vendors at the inal order
time. The copper GbE NIC market has steadily grown
● Performing congestion control
against the fiber GbE NIC market, and by the end of
2000, half of all GbE NICs shipped were copper Types
1000BaseT NICs. Network layer protocols may be either connectionless
or connection-oriented in operation. Examples of con-
Choosing the right NIC for a high-performance server
nectionless network-layer protocols include
is a crucial consideration in enterprise computing and
850
network management network management
● Internet Protocol (IP): The network layer protocol ● Detecting, diagnosing, repairing, working around,
used on the Internet and predicting the likelihood of failures and other
problems.
● Internetwork Packet Exchange (IPX): A legacy
NetWare protocol ● Installing, upgrading, patching, distributing, con-
figuring, managing, monitoring, and troubleshoot-
The above protocols employ the transport layer proto-
ing operating systems and applications on servers,
cols Transmission Control Protocol (TCP) and Sequen-
desktop workstations, routers, and other hardware.
tial Packet Exchange (SPX), respectively, to ensure
This is often called desktop or systems management.
reliable communications by fragmenting and reassem-
bling packets and requesting retransmissions when Network management may also involve
required.
● Mapping the topology of a network in real time
Examples of connection-oriented network layer proto- through autodiscovery and graphically displaying
cols include X.25 and Logical Link Control Type 2 this information in useful form to administrators.
(LLC-Type 2).
● Maintaining a central inventory database describing
Protocols that enable routers to exchange information all devices, operating systems, and software on the
to create network topology maps also work at the net- network and how they are configured. When a
work layer. Examples of such network layer routing change is made to the configuration of a device or
protocols include Routing Information Protocol (RIP), application, the database is updated with the infor-
Open Shortest Path First (OSPF), Interior Gateway mation automatically.
Routing Protocol (IGRP), Enhanced Interior Gateway
● Setting alarms and establishing automated responses
Routing Protocol (EIGRP), and Border Gateway
to various alert conditions when they arise. These
Protocol (BGP).
alerts may relate to device failure, traffic bottlenecks,
See Also: Border Gateway Protocol (BGP), Enhanced server overload, and other problems.
Interior Gateway Routing Protocol (EIGRP), Interior
● Remotely adding, removing, or rearranging local
N
Gateway Routing Protocol (IGRP), Internet Protocol
area network (LAN) and wide area network (WAN)
(IP), Internetwork Packet Exchange (IPX), NetWare
links, a process called configuration management.
protocols, Open Shortest Path First (OSPF), Open Sys-
tems Interconnection (OSI) reference model, Routing ● Monitoring a network against intrusion by hackers
Information Protocol (RIP), transport layer, X.25 and other attacks.
● Taking remote control of systems to manage, repair,
network management or troubleshoot them.
Managing a network’s hardware, applications, and
● Monitoring service level agreements with vendors
performance.
and service providers.
Overview
● Using artificial intelligence to determine the root
Network management is a broad term describing plat-
cause of network failure and perform needed fixes
forms and applications that can manage the various
automatically.
devices and software that constitute a network. This
includes such general tasks as ● Generating real-time and cumulative logs and
reports of network performance, traffic flow, server
● Monitoring, measuring, and optimizing the perfor-
load, and other information. These can be for audit-
mance of routers, switches, access servers, mul-
ing, management, planning, troubleshooting, or
tiplexers, Web servers, mail servers, and other
provisioning purposes.
network devices and hardware.
851
network management network management
● Managing different aspects of a network from organic collections of tools united by a common user
workstations, using standard Web browsers, and interface (admin console) and back-end database (for
even using wireless Personal Digital Assistants storing network configuration information). They
(PDAs). were large, complex, expensive, and difficult to
implement, often requiring a great deal of customiza-
● Perform policy-based management of network
tion to work properly and never quite living up to their
resources and traffic prioritization, a rapidly emerg-
marketed goals. Such systems were targeted mainly
ing new area in network management.
to large enterprises having deep pockets and have
Implementation found wide acceptance in such environments to this
Most network management platforms employ a combi- day. This failure to fulfill customer expectations was
nation of proprietary solutions and standards-based partly a result of the rapid pace of technological evo-
usage of Simple Network Management Protocol lution in operating system and networking technolo-
(SNMP) and its cousin Remote Monitoring (RMON). gies, with the result that vendors of such network
Other standards from the Distributed Management Task management systems had difficulty keeping up with
Force (DMTF) and Internet Engineering Task Force the pace of change in these technologies. Many of
(IETF) are important also, particularly Web-Based these systems have now evolved into one-size-fits-all
Enterprise Management (WBEM) and the emerging packaged management systems that are easier to
Policy Framework and SNMPConf initiatives. Network deploy and use but which are more limited in their
management platforms support these existing and goals. Some framework vendors have also made their
emerging standards to various degrees. systems extensible to allow third-party point products
to fill gaps in their framework products. Popular
Network management can be accomplished in several
examples of these types of frameworks are listed
ways:
below in the section entitled “Marketplace.”
● Using prepackaged tools included with network
● Using loose collections of freeware and open
N operating systems such as Microsoft Windows
and UNIX: For example, Windows 2000 includes
source network management tools: Network
administrators of small to mid-sized companies often
administrative tools such as Performance Monitor,
create their own custom toolkit of useful manage-
Network Monitor, Computer Management, and
ment tools and utilities developed in-house or down-
other utilities that can be used to remotely monitor,
loaded from the Internet and used for monitoring,
manage, and troubleshoot server and network prob-
configuring, and troubleshooting networks and serv-
lems. Command-line tools such as Ping, Ipconfig,
ers. Using such diverse collections of tools, however,
Tracert/Traceroute, Netstat, Nslookup, and others
requires a high level of understanding of how net-
are also available on both Microsoft and UNIX plat-
works actually work and how they ought to work and
forms for configuring and troubleshooting Trans-
requires the discipline of implementing proper pro-
mission Control Protocol/Internet Protocol (TCP/
cedures and processes for maximum benefit.
IP) networks. Trivial File Transfer Protocol (TFTP)
and Telnet are often used for remote management ● Outsourcing network management needs: Small
of Cisco routers and other networking equipment companies often benefit from outsourcing all of their
from a command-line interface. network management needs to a network/systems
integrator, who often can remotely manage network
● Using enterprise network management frame-
performance and troubleshoot server problems by
works: These are suites of tools integrated to various
means of the Internet using browser-based tools.
degrees that enable (or promise to enable) administra-
Larger companies may outsource only specific por-
tors to remotely manage all aspects of a diverse, het-
tions of their management needs, such as allowing tel-
erogeneous network from a central administrator
cos to remotely monitor the channel service unit/data
console. Many of these systems began in the 1980s as
852
network management network management
service units (CSU/DSUs) and T1 multiplexers that and others. Finally, Microsoft has Microsoft Operations
they lease to the customers. Outsourcing is a viable Manager (MOM) that provides enterprise-class event
option for companies that do not have the resources to and application monitoring for the Windows 2000 and
hire their own qualified network personnel. Windows .NET Server operating systems, and .NET
Server application platforms.
Whatever the approach used for managing networks,
most companies do not make this a high enough priority Microsoft Systems Management Server is popular in
or allocate sufficient resources (in terms of both staff the enterprise as a server, desktop, and applications
and money) to this aspect of their business as they do management system. So is LANDesk Management
for their deployments of enterprise resource planning Suite from Intel Corporation and Unicenter TNG from
(ERP) and customer relationship management (CRM) Computer Associates. Windows 2000 also supports a
software. If a company’s customer and product data and number of networking application programming inter-
communication/collaboration abilities are important faces (APIs) that allow information about network
and must be safeguarded and maintained at all costs, resources to be programmatically accessed, and some
then safeguarding and maintaining the network on Active Directory Services Interface (ADSI) interfaces
which information is stored and over which it travels also provide similar functionality for script access.
should be an equally high priority, whatever the cost.
Some vendors of point products that fill specific gaps in
Marketplace the management functionality of framework platforms
Network management frameworks for enterprise use are include Concord Communications, Micromuse, River-
available from both traditional vendors and newer startups. Soft Technologies, Tavve Software, and many others. A
Traditional vendors include Tivoli/IBM, Hewlett-Packard, good example is CiscoWorks, which can be installed as
Computer Associates, BMC Software, and several others. an add-in for popular management frameworks such as
Tivoli Enterprise is a suite of platforms and tools providing HP OpenView and Sun NetManager. A number of start-
desktop, network, storage, security, service, Web, and per- ups provide point products providing root-cause analysis,
formance management. Tivoli products are available
for a wide range of network operating systems, including
automated event correlation, and other features previ-
ously lacking in big-name framework products. These
N
Microsoft Windows, UNIX, and IBM’s OS/390 main- startups include Evidian, Oxydian, Magnum Technolo-
frame platform. Tivoli even has a product line supporting gies, and many others.
end-to-end management of retail solutions that include
Policy-based management tools include Cisco QoS Pol-
point-of-sale terminals and automated teller machines
icy Manager from Cisco Systems and Orchestream
(ATMs). They also have one for managing Personal Digi-
Enterprise Edition from Orchestream. Application
tal Assistants (PDAs), a rapidly growing concern in the
monitoring and performance tools include EcoSCOPE
enterprise environment. Tivoli software is used by 96 per-
from Compuware Corporation, NextPoint S3 from
cent of Fortune 500 companies and is probably the most
NextPoint Networks, eHealth from Concord Commu-
widely used management framework in enterprise envi-
nications, VitalSuite from Lucent Technologies, and
ronments. IBM’s earlier NetView management platform
many others. The most popular remote control software
is also integrated into the Tivoli line of products.
used in enterprise systems management is undoubtedly
Another popular framework product is HP OpenView PCAnywhere from Symantec Corporation. The Termi-
from Hewlett-Packard. Sun Microsystems also offers a nal Services component of Windows 2000, Windows
management platform called Sun NetManager for their XP, and Windows .NET Server offers out-of-the-box
SunOS and Solaris machines. VERITAS Software Cor- remote control functionality for these operating sys-
poration is another contender in the enterprise arena tems. Citrix RMS from Citrix Systems is another net-
with their Veritas NerveCenter—other vendors include work management tool that includes remote control.
Aprisma, NextPoint Networks, Lucent Technologies,
853
Network Monitor Network News Transfer Protocol (NNTP)
Network probes are growing in popularity as weapons ● Monitor and display protocol statistics
in the network manager’s arsenal. These probes are
● Examine individual captured frames in detail
small SNMP-enabled devices that can be plugged into a
WAN demarcation point or LAN segment to monitor
network traffic and collect statistics for network man-
agement stations.
Management of Linux systems can be easily performed
using Volution, a platform from Caldera International
designed for large enterprises, application service pro-
viders (ASPs), Internet service providers (ISPs), and
similar companies that may use large numbers of Linux
machines. Volution is based on Red Hat Package Man-
ager (RPM) technology and supports a number of major
Linux distributions. Also in the open source arena, an
initiative called OpenNMS was acquired by Atipa Tech- G0NXX04 (was G0NUI04 in 1E)
854
network numbers network operating system (NOS)
855
network probe network security
● Centralizing administration of multiple computers a network or plugged into a port on an Ethernet switch.
to a single management console WAN probes are usually best located at the demarc
point, the location where the physical circuit for the
● Running distributed applications that share process-
WAN link first enters the network—in other words,
ing on multiple computers
before the channel service unit/data service unit (CSU/
Marketplace DSU) when using leased lines such as T-carrier circuits.
Examples of popular NOSs include
See Also: Asynchronous Transfer Mode (ATM), Chan-
● Microsoft Windows 2000 nel Service Unit/Data Service Unit (CSU/DSU),
Ethernet, Ethernet switch, local area network (LAN),
● Novell NetWare
network, network troubleshooting, Remote Network
● Various flavors of UNIX Monitoring (RMON), Simple Network Management
Protocol (SNMP), T-carrier, wide area network (WAN)
● Linux
Internetwork Operating System (IOS) from Cisco Sys-
network protocol
tems is an example of a NOS that runs not on computers
A Layer 3 (network layer) of the Open Systems Inter-
but on internetworking devices such as routers.
connection (OSI) reference model for networking.
See Also: Internetwork Operating System (IOS), Linux,
Overview
local area network (LAN), NetWare, UNIX, Windows
Common network protocols include the following:
2000
● Internet Protocol (IP): Part of the Transmission
Control Protocol/Internet Protocol (TCP/IP) proto-
network probe col suite for connectivity with the Internet
A device for collecting network statistics.
● Internetwork Packet Exchange (IPX): A legacy
N Overview
Network probes are generally small devices that can be
Novell NetWare protocol.
plugged into various points of a network to collect sta- ● NetBEUI: A protocol developed from NetBIOS
tistics and forward them to a network management sta- that functions at both the network and transport
tion. These statistics then allow you to perform traffic layers
analysis and identify trends so you can plan proper
Microsoft Corporation’s 32-bit Windows operating sys-
upgrades and identify problems.
tems are implemented in a layered fashion that allows
Implementation multiple network protocols to be bound to multiple net-
Network probes are a complement to existing network work interface cards (NICs) and allows multiple net-
monitoring functionality based on Simple Network work clients and services to access these protocols.
Management Protocol (SNMP) and Remote Monitor- Windows computers can thus establish connectivity and
ing (RMON) and are built in to today’s intelligent net- interoperability with non-Microsoft operating system
work hubs, switches, and routers. Different probes are platforms such as UNIX and Novell NetWare.
available that collect different kinds of information in
See Also: Internet Protocol (IP), Internetwork Packet
various levels of detail, store this information in mem-
Exchange (IPX), NetBEUI, network layer, Open Sys-
ory, and forward it to troubleshooting tools and man-
tems Interconnection (OSI) reference model
agement systems. Probes are available for different
kinds of network architectures ranging from Ethernet to
Asynchronous Transfer Mode (ATM) and from local network security
area network (LAN) to wide area network (WAN) The methods used to protect a network from hostile
usage. LAN probes can usually be attached anywhere in attack.
856
network security network security
857
network service type Networks file
● Patches: Operating systems and applications are link, and physical layers. Delivery methods may be
frequently found to be buggy or insecure, and ven- either
dors issue fixes to address these problems. Keeping
● Reliable: Packets are delivered in the correct order
up to date regarding available patches and applying
without loss or duplication.
them in timely fashion is essential for today’s net-
work administrators. Web servers are especially or
viewed as targets by attackers, and they require con-
● Best effort: Also called the datagram method,
siderable attention to maintain security and protect
packets (datagrams) may be delivered out of order
against newly discovered vulnerabilities.
with possible duplication or lost packets. With best
● Backups and fault tolerance: Every system is effort delivery, the transport layer (Layer 4 of the
liable to be breached at some point, so having OSI model) is usually responsible to ensure out of
redundant hot standby systems is important in sequence packets are reordered, duplicate packets
mission-critical e-commerce systems, and regular are ignored, and lost packets are retransmitted.
backups that are periodically restored for testing
From the point of view of network connectivity, there
purposes are often the last line of defense against
are also two kinds of network services:
attackers damaging corporate databases.
● Connectionless: Each packet is transmitted inde-
● Security policy: Developing, internally publishing,
pendently and contains the full source and desti-
monitoring, and enforcing a corporate security pol-
nation address of the hosts communicating. No
icy is a vital step in securing your network.
session establishment is required before communi-
● Training: Making sure that IT staff are trained in cations can begin—the transmitting host simply
using security tools is essential unless network starts sending packets to the destination, hoping
operations are outsourced to other companies. higher layer protocols will ensure that delivery is
achieved.
N For More Information
Visit the SANS Institute at www.sans.org. Visit the ● Connection-oriented: Also called the virtual cir-
CERT Coordination Center at www.cert.org. cuit (VC) method, this method involves first estab-
lishing a communication session between two hosts
See Also: access control, auditing, authentication
before transmitting data. Once a session has been
protocol, backup, biometric authentication, denial of
established, it is usually assigned some kind of ses-
service (DoS), disaster recovery, encryption, fault
sion identifier in place of full source/destination
tolerance, firewall, hacking, Internet Protocol Secu-
addressing, and all data packets transmitted include
rity (IPsec), intrusion detection system (IDS), remote
this identifier and are routed or switched similarly.
access, virtual private network (VPN), virus
See Also: connectionless protocol, connection-ori-
ented protocol, Open Systems Interconnection (OSI)
network service type
reference model, virtual circuit
The way that a network appears to end nodes communi-
cating over it.
Overview
Networks file
A text file that provides a local method of resolving net-
There are two different ways to consider the service
work names into their network IDs on a Transmission
method employed for host-host communications on a
Control Protocol/Internet Protocol (TCP/IP) network.
network: connection method and delivery method.
These methods are provided through the operation of Overview
the lower three layers of the Open Systems Interconnec- The entries in the networks file are friendly names for
tion (OSI) reference model; namely, the network, data TCP/IP networks; they can be used in TCP/IP commands
858
Network Termination Unit (NTU) Network Time Protocol (NTP)
such as the route command and for TCP/IP network AWG copper twisted-pair cabling. Some newer ISDN-
management. enabled devices have a built-in U interface, making an
NTU unnecessary.
The networks file is at the following location on com-
puters running Microsoft Windows: The following table shows the differences between the
Basic Rate ISDN U and S/T interfaces.
● Windows NT, Windows 2000, Windows XP, and
Windows .NET Server: %SystemRoot%\ Basic Rate ISDN U Interfaces vs. Basic Rate ISDN
system32\drivers\etc S/T Interfaces
● Windows 95 and Windows 98: \Windows Property U Interface S/T Interface
Number of wires 2 4
Examples Connector RJ-45 RJ-45
Each line in the networks file contains a friendly net- Zero-to-peak voltage 2.5 V 0.75 V
work name for the network, followed by the IP address Line coding 2B1Q (or ASI (Alternate
of the network and an optional comment prefixed with a 4B3T in Space Inversion)
pound sign (#). The following example is from the Europe)
sample networks file included with Windows 95 and
Windows 98: See Also: Integrated Services Digital Network (ISDN),
ISDN terminal adapter
loopback 127
campus 284.122.107
london 284.122.108 Network Time Protocol (NTP)
An Internet protocol for synchronizing computer clocks
See Also: hosts file, lmhosts file, protocol file, services
to an accurate reference clock.
file
Overview
Network Termination Unit (NTU) Network Time Protocol (NTP) is used to synchronize
computers with a remote reference system such as a
N
A telecommunications device used in Integrated Ser-
cesium atomic clock. Synchronization of computers on
vices Digital Network (ISDN) networking.
a network is important for distributed applications,
Overview directory services, mail services, and other network ser-
The Network Termination Unit (NTU) allows customer vices to work reliably. NTP solves this problem by pro-
premises equipment to be connected to the switching viding a hierarchical series of time servers from which
equipment at the telco’s central office (CO). ISDN cus- other computers can obtain the exact time, typically
tomer premises equipment, such as routers and ISDN within an accuracy of several milliseconds. NTP time
phones, usually have an ISDN S/T interface, while the servers use Universal Time Coordinated (UTC), a glo-
ISDN termination at the customer end of the local loop bal standard time that is independent of time zones.
usually has a U interface using an RJ-45 connector. The
NTP is defined in RFC 1305 and is supported by most
NTU converts the U termination of the ISDN line to one
UNIX platforms. A simplified version of NTP called
or more standard coding S/T interfaces that are suitable
Simple Network Time Protocol (SNTP) is also widely
for connecting digital ISDN-ready phones, routers, and
used and is supported by Microsoft Windows 2000,
other devices to an ISDN line.
Windows XP, and Windows .NET Server.
NTUs work differently from ISDN terminal adapters,
which allow you to connect analog telephones, faxes, and Architecture
Master clocks are located at the U.S. Naval Observa-
similar equipment to your ISDN line. NTUs typically
tories in Washington, D.C., and Colorado Springs,
support either point-to-point or multipoint connections
Colorado. These clocks are highly accurate atomic
over distances of up to 3.4 miles (5.4 kilometers) on 26
859
network transmission method network troubleshooting
clocks that lose less than a second in a thousand years. network troubleshooting
Stratum 1 NTP servers obtain their time from direct The process of identifying and fixing network commu-
connections to these master clocks. Stratum 2 servers nication problems.
obtain their time from stratum 1 servers and can provide
time synchronization for computers on a network. Overview
Computer networks are complex entities, and problems
See Also: UNIX, Windows 2000 can arise on many levels that can prevent network com-
munications from working. Network troubleshooting
network transmission method involves tools and procedures for identifying, locating,
The way in which information transmitted over a net- repairing, and maintaining networks so they can per-
work is received. form as expected.
● Unicasting: One host transmits to another host. An ● Physical-layer tools: The physical layer (Layer 1)
example is Transmission Control Protocol (TCP), of the Open Systems Interconnection (OSI) refer-
part of the Transmission Control Protocol/Internet ence model is the layer responsible for signaling,
Protocol (TCP/IP) suite. Unicasting is the main trans- that is, for placing voltages on the wire or light
mission method used for sending data over a network. pulses within fiber-optic cabling. Cable testers and
time domain reflectometers (TDRs) are the main
● Broadcasting: One host transmits to all hosts. An tools used for diagnosing and locating cable breaks,
example is Address Resolution Protocol (ARP), fractures, and loose connections.
used by TCP/IP networks running on Ethernet to
resolve Layer 3 (network layer) Internet Protocol (IP) ● Higher-layer tools: For troubleshooting at the data
N addresses into their associated Layer 2 (data link link, network, transport, and higher layers of the
layer) MAC addresses. Broadcasts are often employed OSI model, protocol analyzers are the primary tool.
on networks for advertisements, announcements, Protocol analyzers sniff (capture) network traffic
name registrations, and other purposes. and use various degrees of intelligence to interpret
the nature of this traffic and any underlying prob-
● Multicasting: One host transmits to a select group of lems that may be present. They range from software
hosts. Multicasting is often used for delivery of that can be installed on standard PCs that have net-
streaming audio or video across an IP network. work interface cards (NICs) that support promiscu-
Notes ous mode, to stand-alone devices ranging from
A broadcast’s scope depends on the aspect of the net- handheld to briefcase size.
work under consideration. For example, on IP networks ● Integrated analyzers: These tools package cable
a broadcast is delivered to all hosts on the local subnet, testers and TDRs with protocol analyzers to provide
but on Ethernet networks a broadcast is sent to all hosts an integrated platform for troubleshooting a wide
within a given broadcast domain. range of network problems.
See Also: Address Resolution Protocol (ARP), broad- ● Network probes: Also called Remote Network
cast domain, broadcasting, data-link layer, Ethernet, Monitoring (RMON) probes, these are generally
MAC address, multicasting, subnet, Transmission Con- small devices that can be plugged into a network
trol Protocol (TCP), Transmission Control Protocol/ or into switch ports to capture and buffer traffic
Internet Protocol (TCP/IP), unicasting statistics for forwarding to a network analyzer or
network management system. Network probes
860
network utilization newsgroup
861
NEXT NIC
example of a newsgroup is alt.books.computing, which limits the performance of high-speed data center servers.
is an “alternative” group that discusses books about The PCI bus is limited to about 500 megabits per second
computing. The dotted notation of the newsgroup name (Mbps) of shared throughput. It lacks an error-detection
emphasizes the hierarchical structure of the Usenet sys- mechanism and has relatively high latency. Next Genera-
tem of newsgroups. For example, tion I/O (NGIO) is intended to overcome these limita-
tions. It uses a channel-based architecture that supports
● alt is the root of the hierarchy of alternative newsgroups.
full-duplex transmission speeds of up to 2.5 gigabits per
● alt.books refers to either a newsgroup on alternative second (Gbps).
books or a collection of such newsgroups.
The NGIO Forum recently combined its efforts with a
● alt.books.cooking refers to either a newsgroup on group called Future I/O, which was promoting a different
alternative cookbooks or to a collection of such news- standard. The combined standard will be called System
groups. I/O; its development group is headed by Intel Corporation
and IBM and includes Microsoft Corporation, Sun Micro-
Newsgroups can be either moderated or unmoderated. In
systems, Hewlett-Packard, and Dell Computer Corpora-
moderated newsgroups, all messages posted to the news-
tion. System I/O will use a channel-based I/O architecture
group are first sent to the newsgroup moderator, who
instead of a bus architecture and will use from 1 to 12
accepts or rejects messages depending on their relevance
wires, each having a throughput of 2.5 Gbps. The chan-
to the group’s focus. Unmoderated groups are generally a
nel-based architecture will allow different channels to
free-for-all, although politeness dictates that users post
carry different information to different components
only messages related to the newsgroup’s focus.
simultaneously, which will be a great improvement over
Notes parallel-transmission bus technologies. System I/O will
When you first join a newsgroup, it’s a good idea to also fully support hot-swapping of components.
“lurk” in the background for a while and read the post-
For More Information
ings to understand the focus and tone of the group. Post-
N ing off the topic or at too low a level in an advanced
Visit the NGIO Forum at www.ngioforum.org.
group can cause a “newbie” to get “flamed” (bombarded
with offensive mail). NFS
See Also: Internet, Network News Transfer Protocol Stands for Network File System, a suite of protocols for
(NNTP) accessing file systems across a network.
See: Network File System (NFS)
NEXT
Stands for near-end crosstalk, a measurement of the NGIO
ability of network cabling to reject crosstalk. Stands for Next Generation I/O, a specification
See: near-end crosstalk (NEXT) designed to replace the Peripheral Component Intercon-
nect (PCI) system bus.
862
NIS normal backup
NIS Overview
In computer networking, noise is undesirable random
Stands for Network Information System, a protocol used
electrical transmission that is generated by networking
for naming and directory services on UNIX platforms.
components such as network interface cards (NICs) or
See: Network Information System (NIS) induced in cabling by proximity to electrical equipment
that generates electromagnetic interference (EMI). Noise
is generated by all electrical and electronic devices,
NIST
including motors, fluorescent lamps, power lines, and
Stands for National Institute of Standards and Technol- office equipment, and it can interfere with the transmis-
ogy, a U.S. government organization that provides sion of signals on a network. The better the signal-to-
services and programs to help U.S. industries commer- noise ratio of an electrical transmission system, the
cialize new technologies and compete internationally. greater the throughput of information on the system.
See: National Institute of Standards and Technology Noise can usually be reduced (but never entirely elimi-
(NIST) nated) by using higher-quality components, lowering the
temperature of components, or using shielded cabling. Be
NNTP sure to locate sensitive networking components and
Stands for Network News Transfer Protocol, the Inter- cabling away from heavy machinery, generators, motors,
net protocol for Usenet newsgroups. and other equipment that can generate a lot of EMI. Also
be sure to terminate cables properly at patch panels and
See: Network News Transfer Protocol (NNTP) wall plates to minimize noise due to crosstalk.
See Also: cabling, crosstalk, electromagnetic interfer-
node ence (EMI), network interface card (NIC), signal
A general term for a device on a network that has a spe-
cific physical or logical address.
normal backup N
Overview A type of backup in which all the selected files and
Nodes on a network can be computers, repeaters, folders are backed up.
bridges, or other devices on a network that can transmit,
receive, or process signals. Another name for a node, Overview
especially on Ethernet networks, is a station. Also known as full backup, normal backups are the most
secure way of backing up files and folders to tape. In a
Other common meanings of the term node include normal backup, the archive attribute is marked for each
● A domain or subdomain in the namespace of the file and folder that is backed up. If the file is later modi-
Domain Name System (DNS) fied, the archive attribute is cleared, indicating that the file
needs to be backed up again. Normal backups are the saf-
● An object in the console hierarchy of Microsoft est form of backup but take the longest and use the most
Management Console (MMC) tape. They are also the easiest form of backup to perform
● In clustering terminology, a machine that is a mem- a restore from, because you generally need only one tape
ber of a cluster to perform the restore (unless the amount of information
to be backed up exceeds the capacity of the tape).
See Also: clustering, Ethernet, network
Notes
A good backup plan consists of at least one normal
noise backup each week, with either incremental or differen-
Random disturbances in a transmission. tial backups during the rest of the week.
See Also: backup, backup type
863
NOS NS record
864
NTFS NTFS file system (NTFS)
names of hosts in that zone into their associated Internet NTFS also supports security features for data access
Protocol (IP) addresses. The master name server for a control and ownership privileges that make it suitable
zone (the name server that is authoritative for that zone) for corporate file and application servers. The following
is listed in the SOA record that defines the zone’s char- table shows a comparison between the features of
acteristics. Secondary name servers for the zone are NTFS and FAT.
identified by one or more NS records, one for each sec-
NTFS Compared with FAT
ondary name server in the zone. Each NS record also
requires a matching A record that resolves the fully Feature NTFS FAT
qualified domain name (FQDN) of the secondary name Local security x
server into its associated IP address. File-level access x
permissions
NS records are also used to specify primary name serv- Automatic recoverability x Lazy writes
ers for delegated zones. The full syntax for the NS using lazy writes and only
record is found in RFC 1035. transaction logging
File-level compression x
Examples
POSIX-compliant x
Here is a typical example of an NS record:
Supports Services for x
microsoft.com. IN NS ns2.microsoft.com. Macintosh
Dual boot with x
In this example, hosts within the microsoft.com domain
Windows 95 and
can be resolved using the name server called ns2. In this Windows 98
example IN stands for Internet and NS stands for name Maximum volume size 264 = 32 232 = 4
server. exabytes gigabytes
See Also: A record, Domain Name System (DNS), (theoretical) (GB)
fully qualified domain name (FQDN), name server, 241 = 2
SOA record terabytes N
(practical)
Optimal volume size Less Less
NTFS efficient for efficient for
Stands for NTFS file system, the file system of volumes volumes
Microsoft Windows NT, Windows 2000, Windows XP, under ~50 over ~500
and Windows .NET Server. megabytes MB
(MB)
See: NTFS file system (NTFS)
Windows 2000, Windows XP, and Windows .NET
NTFS file system (NTFS) Server support a new version of NTFS called NTFS5 that
The file system of Microsoft Windows NT, Windows includes additional features not supported by the earlier
2000, Windows XP, and Windows .NET Server. NTFS4 of Windows NT. These features provide greater
manageability and enhanced security and include
Overview
NTFS file system (NTFS) is an advanced, high- ● Multiple data streams: Allow libraries of files to
performance file system designed for use with the be defined as alternate streams.
Windows NT and supported by Windows 2000 and ● Reparse points: Alter the way in which NTFS
later. NTFS provides better performance and reliability resolves path names.
than the file allocation table (FAT) file system first
developed for the Microsoft Disk Operating System ● Change journal: Provides a persistent log of all
(MS-DOS) and used in earlier versions of Windows. changes made to files on the volume.
865
NTFS permissions (Windows 2000, Windows XP, and Windows .NET Server) NTFS permissions
● Encryption: Allows data to be stored in encrypted Default Cluster Sizes for NTFS
form using the Encrypting File System (EFS).
Sectors/
● Sparse file support: Allows programs to create Volume Size Cluster Cluster Size
very large files while consuming disk space only as 512 MB or less 1 512 bytes
needed. 513 KB–1024 MB 2 1 kilobyte (KB)
1025 MB–2048 MB 4 2 KB
● Disk quotas: Allow administrators to control how
2049 MB–4096 MB 8 4 KB
much disk space users have access to. 4097 MB–8192 MB 16 8 KB
● FAT32: Supports an enhanced version of FAT first 8193 MB–16384 MB 32 16 KB
included with the OSR2 version of Windows 95. 16385 MB–32768 MB 64 32 KB
FAT32 supports larger disk partitions than FAT. 32769 MB or more 128 64 KB
866
NTFS permissions (Windows 2000, Windows XP, and Windows .NET Server) NTFS permissions
composed of various groupings of the 18 different spe- To use these standard permissions to secure a file or
cial permissions—for more information, see the “NTFS folder, you must be the object’s owner, have full control
special permissions (Windows 2000, Windows XP, and of the object, or be a member of the Administrators
Windows .NET Server)” article elsewhere in this book. system group. You must explicitly assign a permission
These groupings simplify the job of securing files and to a file or folder for the permission to be granted. If no
folders on NTFS file system partitions and volumes. permission is specified for a given user or group, the
user or group has no access to the file or folder. When
Standard NTFS File Permissions in Windows 2000,
you explicitly assign a permission, you can choose to
Windows XP, and Windows .NET Server
either allow or deny that permission.
File Permission User Access Granted
Read Open the file and view its permis- When you create a file or folder on an NTFS file system
sions, attributes, and ownership volume, it inherits the permissions of its parent folder or
Write Modify the file, modify its volume. When you assign a permission to a parent
attributes, and view its permis- folder or volume, you have the option of propagating
sions, attributes, and ownership that permission to all of its child folders and files.
Read & Execute Delete the file and do everything The following rules apply to assigning permissions for
Read permission allows files and folders on NTFS file system volumes:
Modify Delete the file and do everything
Read & Execute and Write per- ● If a user belongs to two or more groups and the
missions allow groups have different permissions on a given folder,
Full Control Take ownership, modify permis- the user’s effective permission is the least restrictive
sions, and do everything Modify of the permissions. For example, if a user has Read
permission allows permission on a file and a group the user belongs to
has Modify permission, the user’s effective permis-
Standard NTFS Folder Permissions in Windows sion is Modify, which is the least restrictive of the
2000, Windows XP, and Windows .NET Server two. N
Folder Permission User Access Granted
● A permission explicitly denied overrides a similar
Read View contents of folder and view permission explicitly allowed. For example, if a
its permissions, attributes, and user has Read permission on a file and a group the
ownership
user belongs to has been denied Read permission,
Write Create new files and folders in
the user cannot open and read the file.
the folder, modify its attributes,
and view its permissions, ● A permission for a file overrides a similar permis-
attributes, and ownership sion for the folder containing the file. For example,
List Folder View contents of folder if a user has Modify permission on a file and Read
Contents permission on the folder containing the file, the user
Read & Execute View subfolders within the folder can open, read, edit, and save changes to the file.
and do everything Read and List
Folder Contents permissions Notes
allow The differences between NTFS standard permissions
Modify Delete the folder and do every- for the Windows 2000, Windows XP, and Windows
thing Read & Execute and Write .NET Server operating systems and those for Windows
permissions allow NT include the following:
Full Control Take ownership, modify permis-
● Windows 2000, Windows XP, and Windows .NET
sions, and do everything Modify
Server have six folder permissions; Windows NT
permission allows
has seven.
867
NTFS permissions (Windows NT) NTFS permissions (Windows NT)
868
NTFS special permissions (Windows 2000, Windows XP, and Windows .NET Server) NTFS special permissions
the user’s effective permission is the least restrictive NTFS Special Permissions for Both Files and
of the permissions. For example, if a user has Read Folders in Windows 2000, Windows XP, and
permission on a file and a group the user belongs to Windows .NET Server
has Change permission, the user’s effective permis-
Special Permission User Access Granted
sion is Change, which is the less restrictive of the two.
Read Attributes View the attributes (including
● The No Access permission overrides all other per- read-only, hidden, system, and
missions. For example, if a user has Read permis- archive) of the file or folder
sion on a file and a group the user belongs to has No Read Extended View custom attributes that can
Access permission, the user cannot open and read Attributes be defined by certain applica-
the file. tions for the file or folder
Write Attributes Modify the attributes of the file
● A permission for a file overrides a similar permis- or folder
sion for the folder containing the file. For example, Write Extended Modify custom attributes that
if a user has Change permission on a file and Read Attributes can be defined by certain appli-
permission on the folder containing the file, the user cations for the file or folder
can open, read, edit, and save changes to the file. Delete Subfolders Delete subfolders or files
And Files
Notes
Delete Delete the file or folder; how-
For a description of the differences between NTFS stan-
ever, even if this permission is
dard permissions for Windows 2000 and for Windows
denied on a file, you can delete
NT, see the “NTFS permissions (Windows 2000)” arti- it if its parent folder has been
cle elsewhere in this book. granted Delete Subfolders And
In most cases NTFS standard permissions are sufficient Files permission
for controlling access to a file or folder. If standard per- Read Permissions View the permissions on the file
or folder
missions are not sufficiently granular for your purposes,
you can use NTFS special permissions. Change Permissions Modify the permissions on the N
file or folder
See Also: NTFS permissions (Windows 2000, Windows Take Ownership Take ownership of the file or
XP, and Windows .NET Server), NTFS special permis- folder
sions (Windows 2000, Windows XP, and Windows .NET Synchronize Lets threads in multithreaded
Server), NTFS special permissions (Windows NT) programs wait on the file or
folder handle and synchronize
with another thread that signals it
NTFS special permissions
(Windows 2000, Windows XP, NTFS Special Permissions Only for Files in
and Windows .NET Server) Windows 2000, Windows XP, and
Individual permissions granted or denied when NTFS Windows .NET Server
file system (NTFS) standard permissions are not suffi- Special
ciently granular for specific security purposes. Permission User Access Granted
Overview Execute File Execute the file
NTFS special permissions available depend on whether Read Data Read the file
you are securing files or folders. In both cases, 14 special Write Data Modify the file
permissions are available; 10 of these are common to the Append Data Append to the file (but not modify
existing data)
two scenarios. The following tables list the various NTFS
special permissions available in Microsoft Windows
2000, Windows XP, and Windows .NET Server.
869
NTFS special permissions (Windows NT) NTFS special permissions (Windows NT)
NTFS Special Permissions for Folders in Windows There are significant differences between NTFS special
2000, Windows XP, and Windows .NET Server permissions for Windows 2000, Windows XP, and
Windows .NET Server and those for Windows NT.
Special Permission User Access Granted
The most obvious difference is that in Windows 2000,
Traverse Folder Drill down to other files and
Windows XP, and Windows .NET Server, you can assign
folders in the folder even if
any of 14 special permissions, but in Windows NT you
you have no permissions on
have 6 special permissions to choose from: Read (R),
intermediate subfolders
List Folder View the names of subfolders Write (W), Execute (X), Delete (D), Change Permis-
and files in the folder sion (P), and Take Ownership (O). The reason for this
Create Files Create files in the folder difference is that in Windows NT much of the machin-
Create Folders Create subfolders within the ery of NTFS is hidden from the user interface, but in
folder Windows 2000, Windows XP, and Windows .NET
Server, this machinery is exposed in the user interface.
You can grant or deny special permissions by using the
See Also: NTFS permissions (Windows 2000, Win-
Advanced button on the Security tab of a file’s or folder’s
dows XP, and Windows .NET Server), NTFS permis-
property sheet. You can select different combinations of
sions (Windows NT), NTFS special permissions
special permissions to create custom sets of permissions
(Windows NT)
for special purposes. In most cases, however, it is sim-
plest to use NTFS standard permissions for securing files
and folders. If you use special permissions, there is a lot NTFS special permissions
of flexibility in how you can apply them, especially if (Windows NT)
you are applying them to a folder. For example, you can Individual permissions granted or denied when NTFS
apply a custom set of special permissions to file system (NTFS) standard permissions are not suffi-
ciently granular for specific security purposes.
● The selected folder only
N ● The selected folder, its subfolders, and files
Overview
The special permissions available are the same whether
● The selected folder and its subfolders only you are securing files or folders, with the exception that
when you secure a directory you have the additional
● The selected folder and its files only
option of leaving access unspecified instead of assign-
● Subfolders and files of the selected folder but not the ing a specific set of special permissions. In both cases,
folder itself six special permissions are available; these are listed in
the following table.
● Subfolders of the selected folder but not the folder
itself NTFS Special Permissions in Windows NT
● Files in the selected folder but not the folder itself User User Access
Access When When
To use special permissions you must be the object’s Special Applied to Applied to
owner, have full control of the object, or be a member of Permission Symbol Files Folders
the Administrators group. Read R View file View con-
Notes owner and per- tents of the
In Windows XP and Windows .NET Server, the Full missions folder
Control permission is listed in the Special Permissions Read the file View folder
screen. When selected, Full Control gives the user all attributes
special permissions that apply to the file or folder. View folder
owner and
permissions
(continued)
870
NTLM protocol NT Virtual DOS Machine (NTVDM)
NTFS Special Permissions in Windows NT continued permissions (Windows 2000, Windows XP, and
User User Access Windows .NET Server)” article elsewhere in this book.
Access When When See Also: NTFS permissions (Windows 2000, Windows
Special Applied to Applied to XP, and Windows .NET Server), NTFS permissions
Permission Symbol Files Folders (Windows NT), NTFS special permissions (Windows
Write W View file Add files to 2000, Windows XP, and Windows .NET Server)
owner and the folder
permissions Add sub-
Modify file folders NTLM protocol
attributes Modify Another name for Windows NT Challenge/Response
Edit the file folder Authentication, an authentication scheme used in
attributes Microsoft Windows NT–based networks.
View folder
owner and See: Windows NT Challenge/Response Authentication
permissions
Execute X View file View folder NTP
owner and attributes
Stands for Network Time Protocol, an Internet protocol
permissions Browse
for synchronizing computer clocks to an accurate refer-
Modify file folder
ence clock.
attributes hierarchy
Run the exe- View folder See: Network Time Protocol (NTP)
cutable file owner and
permissions
Delete D Delete the file Delete the NTU
folder Stands for Network Termination Unit, a telecommuni-
Change P Change file Change cations device used in Integrated Services Digital Net- N
Permission permissions folder work (ISDN) networking.
permissions
See: Network Termination Unit (NTU)
Take O Take owner- Take owner-
Ownership ship of the file ship of the
folder NTVDM
Stands for NT Virtual DOS Machine, an MS-DOS envi-
By selecting different combinations of special permis-
ronment simulator in Windows NT.
sions, you can create custom sets of permissions for
special purposes. In most cases, however, NTFS stan- See: NT Virtual DOS Machine (NTVDM)
dard permissions are sufficient for securing files and
folders. To use special permissions, you must be the NT Virtual DOS Machine
object’s owner, have full control of the object, or be a (NTVDM)
member of the Administrators system group. For infor- An MS-DOS environment simulator in Microsoft
mation on which sets of special permissions comprise Windows NT.
the various standard permissions, see the “NTFS per-
missions (Windows NT)” article elsewhere in this book. Overview
NT Virtual DOS Machine (NTVDM) is a single-
Notes threaded Win32 application that simulates an MS-DOS
For a description of the differences between NTFS spe- environment on Microsoft Windows NT, Windows
cial permissions for Microsoft Windows NT and for 2000, Windows XP, and Windows .NET Server. The
Microsoft Windows 2000, see the “NTFS special
871
null modem cable NWLink IPX/SPX-Compatible Transport (NWLink)
NTVDM enables the system to properly run MS-DOS terminal equipment (DTE) is specifically called a null
and Windows 3.x applications. Each MS-DOS–based modem cable, but a cable connecting two pieces of data
application running on Windows NT requires its own communications equipment (DCE) is usually called a
NT Virtual DOS Machine (NTVDM). As a result, if an tail-circuit cable and has a different cross-pinning. You
MS-DOS–based application fails while running on can obtain null modem cables for other serial interfaces
Windows NT, it does not affect other MS-DOS-based such as V.35 and those with special types of pinning.
applications.
Notes
You can customize the NTVDM for an MS-DOS–based Use a shielded null modem cable to extend distances up
application by right-clicking on the application’s exe- to 98 feet (30 meters) without using line drivers.
cutable file and choosing Properties. The settings you
See Also: data communications equipment (DCE),
can configure are similar to those available in the
data terminal equipment (DTE), RS-232, serial
Windows 3.x tool PIF Editor.
transmission
See Also: Microsoft Disk Operating System (MS-DOS),
Windows NT
NWLink
Stands for NWLink IPX/SPX-Compatible Transport,
null modem cable Microsoft Corporation’s version of Novell’s legacy
A serial cable with cross-pinning that is used for file Internetwork Packet Exchange/Sequential Packet
transfers and for other specialized communication Exchange (IPX/SPX).
between computers.
See: NWLink IPX/SPX-Compatible Transport
Overview (NWLink)
Null modem cables, also known as file transfer cables,
are used to directly connect two computers for trans-
NWLink IPX/SPX-Compatible
N ferring files between them—for example, by using
the Direct Cable Connection accessory of Microsoft Transport (NWLink)
Windows 95 and Windows 98. Note that parallel data- Microsoft Corporation’s version of Novell’s legacy
transfer cables achieve faster data transfer rates for file Internetwork Packet Exchange/Sequential Packet
transfer than serial null modem cables. Exchange (IPX/SPX).
The most common form of null modem cable is based Overview
on the RS-232 serial transmission interface specifica- IPX/SPX is a legacy networking protocol used in Nov-
tions. Pins 2 and 3 are crossed in a null modem cable to ell NetWare 2.x and 3.x. NWLink IPX/SPX-Compatible
allow you to directly link two RS-232 serial ports on Transport (NWLink) is Microsoft’s 32-bit version of
different computers. Other pins can also be crossed this protocol for the Microsoft Windows NT, Windows
depending on the intended purpose of the cable. The 2000, Windows XP, and Windows .NET Server
most common forms of termination for these cables are platforms.
DB9 and DB25 connectors.
NWLink supports the following features:
Serial RS-232 null modem cables support distances of
● Compliance with network driver interface specifi-
up to about 50 feet (15 meters) and can be used for any
cation (NDIS) 4 on Windows NT and NDIS 5 on
communication for which a direct DTE-to-DTE con-
Windows 2000, Windows XP, and Windows .NET
nection or DCE-to-DCE connection is required. If
Server.
longer distances are needed in serial communication,
you can use a line driver to amplify the signal up to sev- ● Support for NetBIOS over NWLink (NWLink
eral kilometers. A cable connecting two pieces of data NetBIOS)
872
NWLink IPX/SPX-Compatible Transport (NWLink) NWLink IPX/SPX-Compatible Transport (NWLink)
873
O
OASIS
values (such as the First Name attribute of a user
Stands for Organization for the Advancement of Struc- object), but other attributes can be optional (such as
tured Information Systems, a nonprofit consortium that Telephone Number).
promotes Extensible Markup Language (XML) standards.
You can group objects by placing them into container
See: Organization for the Advancement of Structured objects (containers) such as the following:
Information Systems (OASIS)
● Domains: The fundamental units of Active Direc-
tory that share common administration, security,
object (Active Directory) and replication requirements. Domains can also be
An element of Active Directory directory service that
grouped into domain trees and forests to reflect an
represents a network resource.
enterprise’s administrative structure.
Overview ● Organizational units (OUs): Container objects
Some common types of objects in Active Directory
that are used to organize other directory objects.
include
OUs are part of the hierarchical structure of Active
● Users: Required for users to log on to the network. Directory, and allow objects are grouped according
to common functions and purposes to simplify net-
● Groups: Collections of user accounts, computers,
work administration. The hierarchical grouping of
or other groups created for organizational purposes
objects and OUs also simplifies the process of
or for assigning permissions to shared resources.
● Computers: Represent machines that belong to the
searching Active Directory for information about
network resources.
O
domain.
Access to an object in Active Directory is based on the
● Shared folders: Pointers to shared folders on a object’s discretionary access control lists (DACLs),
server on the network. If you create a shared folder which list the users and groups authorized to access the
on a computer running Microsoft Windows 2000, object and their access levels. You can group objects
an associated shared folder object is automatically with similar security requirements into OUs to simplify
created in Active Directory. assignment of permissions to the objects and to facili-
tate administration and control of network resources.
● Printers: Pointers to printers on the network. If you
You can assign permissions to objects by using Active
create a network printer on a machine running
Directory Users and Computers, a snap-in for Microsoft
Windows 2000, an associated printer object is auto-
Management Console (MMC).
matically created in Active Directory.
Objects can be referenced by name by using
Objects have attributes that define and describe them.
For example, the attributes of a user object might ● Distinguished names: Analogous to absolute paths
include the user’s name, e-mail address, and phone of objects within a file system. The distinguished
number. All objects of the same type or class have the name of an object specifies complete information
same set of attributes, but they are distinguished from about the object’s location within Active Directory
each other by having different values for at least one of and includes the domain name, names of OUs that it
875
object identifier (OID) object identifier (OID)
belongs to, and the name of the object itself. Each Open Systems Interconnection (OSI) applications, and
object in Active Directory must have a unique dis- so on. In the directory arena, for example, OIDs are
tinguished name. used to identify the various classes and attributes used
by Microsoft Active Directory for Windows 2000 and
● Relative distinguished names: Analogous to rela-
by Novell Directory Services (NDS).
tive paths of objects in the current directory of a
file system. The relative distinguished name of an OIDs are assigned by organizations that are recognized
object is the portion of the distinguished name that as issuing authorities, such as the International Organiza-
is unique to the object. Any two objects in the same tion for Standardization (ISO), which also maintains a
OU need to have unique, differing relative distin- complete list of the world’s various issuing authorities. In
guished names. the United States, for example, the issuing authority is
the American National Standards Institute (ANSI).
Notes
When you use Active Directory Users and Computers Examples
to view the property sheet for an object, the Security In Microsoft’s Active Directory directory service, for
tab, which displays the Active Directory permissions example, OIDs are used as globally unique identifiers
assigned to that object, is usually not visible. Choose for object classes and attributes. OIDs ensure that when
Advanced Features from the View menu to make this Active Directory is integrated with other directory sys-
tab visible. tems, no conflicts occur, as each attribute and class in
Active Directory has an OID that is globally unique.
If you have resources such as shared folders or printers
The OID for a class or attribute remains unchanged
on computers that are not running Windows 2000 or
even when the distinguished name of a directory object
Windows .NET Server, you must manually publish
is modified because of system configuration changes.
information about these resources in Active Directory if
you want users to be able to locate and access them OIDs are expressed in dotted numeric form using an
through Active Directory. You do this by adding the explicitly defined hierarchy of possible values. For exam-
appropriate type of object for that resource to Active ple, the OID 1.2.840.113556.1.5.4 represents the Builtin-
Directory and having it point to where the resource is Domain class of objects within Active Directory. You can
O located on the network. determine this by parsing the OID tree as follows:
When you create a new Active Directory object, you 1 ISO
usually use a wizard to specify values for the important
2 ANSI
attributes of the object. You can specify other attributes
after the object is created by opening the property sheet 840 United States
for that object.
113556 Microsoft
See Also: Active Directory, organizational unit (OU)
1 Active Directory Service
5 Classes
object identifier (OID)
A numeric value that universally identifies data and 4 Builtin-Domain
syntax elements for certain distributed systems.
An example of an object identifier for a different U.S.
Overview company might be 1.2.840.105670, where 1.2.840 is
Object identifiers (OIDs) are employed in distributed assigned to U.S. companies and 105670 is the number
systems such as X.500 and Lightweight Directory assigned to the specific company. Once your company
Access Protocol (LDAP) directories, Simple Network has an object identifier, you can extend it by append-
Management Protocol (SNMP) management systems, ing dotted decimal portions. So if 1.2.840.105670
876
object linking and embedding (OLE) object linking and embedding (OLE)
877
object (programming) offline browsing
878
Offline Files OLE DB
● Choose Work Offline from the File menu to switch To enable offline file support on a computer running
to offline browsing mode Windows 2000 or Windows XP, open My Computer
and choose Folder Options from the Tools menu. Select
● Select the item from your Favorites list
the Offline Files tab and check Enable Offline Files.
To leave Work Offline mode, choose Work Offline from Specify synchronization options, a cache size, and addi-
the File menu. tional advanced options. To make a share on the net-
work available for offline use, select the share in My
See Also: Internet Explorer
Computer (where it might appear as a mapped network
drive) or My Network Places (where it will appear as a
Offline Files network share) and choose Make Available Offline
A feature of Windows 2000, Windows XP, and from the File menu. The contents of the network share
Windows .NET Server that lets you continue working will be copied to the local computer’s cache in a process
with shared network resources after you disconnect known as synchronizing. You can specify additional
from the network. synchronization settings by selecting Settings in the
Synchronizing dialog box.
Overview
Shared files and folders from any computer that sup-
ports Server Message Block (SMB)–based file and OID
print sharing, such as those running Windows .NET Stands for object identifier, a numeric value that univer-
Server, Windows XP, Windows 2000, Windows NT 4, sally identifies data and syntax elements for certain
Windows 98, or Windows Millennium Edition (Me), distributed systems.
can be made available for offline use by Windows 2000
or Windows XP clients. These clients that are con- See: object identifier (OID)
figured to use offline folders can cache the network
resources in a local folder. When disconnected from OLAP
the network, the client can continue working normally
Stands for online analytical processing, a technology
on the cached files. The client can then synchronize
that allows users to perform sophisticated data analysis
the contents of the cache with the network share when
on typically large amounts of enterprise data to gain O
the connection is restored.
insight on the information it contains.
See: online analytical processing (OLAP)
OLE
Stands for object linking and embedding, a low-level
object-oriented technology that was the precursor of the
Component Object Model (COM).
See: object linking and embedding (OLE)
OLE DB
A Microsoft technology for universal data access.
Overview
Based on Component Object Model (COM) technologies,
G0OXX01 (was G0OUI01 in 1E)
OLE DB represents a specification for developing exten-
Offline Files in Windows 2000. Synchronizing with a
network share using Offline Files in Windows 2000. sible COM interfaces designed to provide applications
879
OLE DB OLE DB
with uniform methods of accessing data from diverse data the data using OLE DB. OLE DB providers are
sources that can include available for the full range of data sources, includ-
ing SQL Server, Microsoft Jet databases, Oracle,
● Mainframe databases, including IBM’s Information
and many other common types of data sources.
Management System (IMS) and DB2
There is also a generic OLE DB provider for stan-
● Relational databases, including Microsoft SQL dard ODBC-compliant databases.
Server and Oracle
● OLE DB consumer: Represents the client applica-
● Desktop databases, including Microsoft Access, tion that needs to access data from the data source.
Microsoft FoxPro, and Paradox Because of the standard set of interfaces used in
OLE DB providers, any consumer is able to access
● Other data sources, including file systems, spread-
data from any provider. Furthermore, because pro-
sheets, text files, and e-mail message repositories
viders are COM objects, consumers can access
OLE DB is a key element in Microsoft Corporation’s them using any programming language, including
Universal Data Access (UDA) initiative and facilitates C++, Microsoft Visual Basic, and Java.
the development of applications that combine various
types of queries from diverse data sources. OLE DB is OLE DB consumer
the successor to Microsoft’s earlier data access technol-
ogy, Open Database Connectivity (ODBC), which was
limited mainly to relational databases and was based on
C/C++ application programming interfaces (APIs) OLE DB provider
instead of COM.
A related technology called ActiveX Data Objects
(ADO) provides a simplified front-end for OLE DB that
enables access to diverse data sources through OLE DB Data
using scripting languages such as VBScript and JScript. source
880
OLE DB for OLAP online analytical processing (OLAP)
can thus access source data from host systems without Overview
having to learn about Systems Network Architecture OLE DB for OLAP is included in OLE DB 2 and
(SNA) or host applications programming. The OLE DB leverages the OLE DB architecture to enable online
Provider for AS/400 and VSAM facilitates a broad analytical processing (OLAP) functions for COM-
range of data access, from individual records to com- based applications.
plete files. Using ActiveX Data Objects (ADO), you
See Also: Component Object Model (COM), OLE DB
can develop web-to-host integration solutions using
programming languages such as Microsoft Visual Basic
or scripting languages such as Microsoft Visual Basic, online analytical processing
Scripting Edition (VBScript), and Microsoft JScript. (OLAP)
A technology that allows users to perform sophisticated
Marketplace data analysis on typically large amounts of enterprise
OLE DB is the dominant data access technology on the
data to gain insight on the information it contains.
Microsoft Windows platform and is widely used in
Online Analytical Processing (OLAP) systems that Overview
employ a variety of popular database platforms, includ- Examples of OLAP analysis include financial modeling,
ing Oracle, DB2, and SQL Server. A competitor to OLE budget forecasting, production planning, and determin-
DB is the Java OLAP (JOLAP) initiative, developed by ing broad sales and distribution trends. A query issued in
Sun Microsystems, Oracle Corporation, IBM, and Hype- an online analytical processing (OLAP) system could be,
rion Solutions Corporation. JOLAP is a specification for “What would be the effect on sales over the next three
creating Java-based interfaces for universal data access, quarters if the cost of widgets went up 5 percent while
and JOLAP parallels OLE DB in the same way that Java sales dropped 15 percent?” OLAP systems primarily
Database Connectivity (JDBC) parallels ODBC. focus on queries that ask “What if . . . ?” In other words,
OLAP systems are designed for making predictions,
Notes modeling scenarios, and supporting decision-making.
The name OLE DB for this technology can be confus-
ing for two reasons: The database for an OLAP system is typically struc-
881
Online Certificate Status Protocol (OCSP) OnNow
Microsoft SQL Server includes tools for data warehous- OCSP to ensure that they all share common CRL infor-
ing and online analytical processing, including Data mation. When a B2B trading partner sends a client a
Transformation Services (DTS) Designer and SQL digitally signed document over the Internet, the client
Server OLAP Services (now called Analysis Services). verifies the validity of the certificate by formatting a
You can use DTS Designer to specify the workflow special request and submitting it to a responder. The
steps and transactions for combining multiple heteroge- responder either issues an authoritative reply such as
neous data sources into a data warehouse. You can then GOOD, REVOKED, or UNKNOWN, or forwards the
use OLAP Services to analyze the data, preaggregate request to the trading partner’s responder or to a third-
data into multidimensional cubes for frequently asked party responder for validation.
queries, model data, create new views, and perform ad
See Also: B2B, digital certificate, digital signature,
hoc sets of calculations.
public key infrastructure (PKI)
For More Information
Visit the OLAP Council at www.olapcouncil.org.
OnNow
See Also: database A power-management design initiative from Microsoft
Corporation.
Online Certificate Status Overview
Protocol (OCSP) OnNow combines innovations in PC hardware and soft-
An emerging specification for validating digital ware to produce a computer that is always on but
certificates. appears to be off and that responds immediately when a
user or application makes a request. For example, an
Overview
incoming telephone call could wake the computer and
Traditional public key infrastructure (PKI) systems
start a Telephony Application Programming Interface
allow recipients of digitally signed documents to check
(TAPI)–enabled application. OnNow is designed to
the validity of digital certificates through comparison
make personal computers function like appliances in
with a certificate revocation list (CRL), a list of invalid
the sense that they respond instantly to user action
O or expired certificates. This has several disadvantages:
instead of requiring a warm-up period or boot process.
● It places the burden of processing on the client, and OnNow is based on the Advanced Configuration and
for large CRLs, this can consume a lot of time. Power Interface (ACPI) specification developed by
Intel Corporation, Microsoft, and Toshiba Corporation.
● CRLs are typically updated every few days, so a cli-
ent could receive a document with a compromised The power management functions of Microsoft
certificate and not be able to know it. Windows 2000, Windows XP, and Windows .NET
Server, as well as those of Windows 98 and Windows
As a result of these problems, widespread adoption
Millennium Edition (Me), conform to the OnNow spec-
of digital signatures and certificates in business-to-
ifications. Instead of having the system basic input/out-
business (B2B) e-commerce transactions has been slow.
put system (BIOS) control the power state of the system
To overcome this, the Internet Engineering Task Force
devices and peripherals, OnNow lets the operating sys-
(IETF) has developed the Online Certificate Status Pro-
tem control it. The operating system can place various
tocol (OCSP) specification to speed the process of vali-
devices in a sleep state to conserve power and wake
dating certificates and shift the burden of processing
them to full power instantly when a user or application
away from the client.
issues a request. For OnNow to function as designed,
Implementation the system must have peripherals and applications that
OCSP is implemented using strategically placed special support OnNow power-management functions and the
servers called responders that maintain up-to-date CRL system BIOS must support ACPI.
information. These responders are linked together using
882
OOB open database connectivity (ODBC)
Overview Prospects
Microsoft open database connectivity (ODBC) is a Microsoft ODBC was designed for the Windows plat-
database access technology that specifies a series of C/ form. ODBC is implemented as a set of C/C++ function
C++ application programming interfaces (APIs) that calls and is thus not easily accessed by other languages,
such as Microsoft Visual Basic or Sun Microsystems’
883
Open Data-link Interface (ODI) Open Shortest Path First (OSPF)
Java language. ODBC is considered a legacy technol- earlier Routing Information Protocol (RIP), which
ogy and has been superseded largely by OLE DB, scaled poorly for large internetworks.
Microsoft’s COM-based specification for enabling uni-
OSPF is an interior gateway protocol (IGP) used for
versal data access using any programming language.
routing traffic within an autonomous system (AS),
The parallel to ODBC on the Java platform is Java
which is a large IP network managed by a single auth-
Database Connectivity (JDBC).
ority. Since IGPs such as OSPF are used within (not
See Also: Component Object Model (COM), between) autonomous systems, they are sometimes
dynamic-link library (DLL), OLE DB, Java Database called intra-AS routing protocols (as opposed to inter-
Connectivity (JDBC), Structured Query Language AS routing protocols). OSPF is an open standard devel-
(SQL) oped by the IETF, in contrast to Interior Gateway Rout-
ing Protocol (IGRP) and Enhanced Interior Gateway
Routing Protocol (EIGRP), which are both vendor-
Open Data-link Interface (ODI)
specific IGPs developed by Cisco Systems.
A legacy network protocol software interface used by
early versions of Novell NetWare. OSPF was originally defined in RFC 1131, but this ver-
sion of the protocol was experimental and not widely
Overview
deployed. OSPFv2 is defined in RFC 2328 and is the
Novell and Apple Computer developed the ODI specifi-
most widely deployed version of OSPF in use today.
cation for defining the communication mechanism
The IETF has recently developed OSPFv3, which
between network interface card (NIC) drivers and net-
improves on earlier versions by supporting any network
work protocols. Open Data-link Interface (ODI) is a
layer protocol (not just IP), streamlines link state adver-
legacy standard that was defined primarily for the Inter-
tisements, enhances security, and supports Internet
network Packet Exchange (IPX) protocol on Novell
Protocol version 6 (IPv6).
NetWare 2.x and 3.x networks. ODI allows multiple
NICs to be bound to multiple protocols. Uses
OSPF is widely used in two areas of networking:
Microsoft’s NWLink IPX/SPX-Compatible Transport
O supports ODI for backward compatibility, but ODI has
been superseded on Microsoft platforms by the network
● Enterprise-level private IP internetworks, including
networks that span several countries, regions, or
driver interface specification (NDIS). even continents. OSPF works well in a wide area
network (WAN) environment because it updates
See Also: Internetwork Packet Exchange (IPX), Net-
routing tables only when necessary. Although RIP
Ware, network driver interface specification (NDIS),
is still used for some small and mid-sized networks,
network interface card (NIC)
OSPF has become the de facto IGP for large IP net-
works and is generally used wherever an internet-
Open Shortest Path First work contains about 50 or more routers.
(OSPF) ● The Internet, the collection of publicly accessible
A popular link state dynamic routing protocol for large IP internetworks and backbones connecting them.
Internet Protocol (IP) networks.
OSPF is supported by the Internetwork Operating Sys-
Overview tem (IOS) used by Cisco routers, and by the Routing
Open Shortest Path First (OSPF) is a routing protocol and Remote Access Service (RRAS) of Microsoft
that enables routers on an IP internetwork to dynami- Windows 2000 and Windows .NET Server.
cally share their routing table information with each
other. The Internet Engineering Task Force (IETF) Architecture
designed OSPF in the 1980s as a replacement for the Dynamic routing protocols work by enabling routers to
exchange routing table information with each other
884
Open Shortest Path First (OSPF) Open Shortest Path First (OSPF)
automatically without administrative intervention. advertisements (LSAs) that are picked up by other
OSPF excels in both the way it stores routing table OSPF routers, and a recalculation of the link state data-
information and in how it keeps this information cur- base for all routers is initiated. This recalculation pro-
rent. OSPF is a link state routing protocol, which means cess generally converges quickly, depending on the size
that OSPF routers store information about the “state of of the internetwork and the number of routers used.
the link” between the local router and other routers. LSAs contain information about incremental changes to
OSPF stores this information in a link state database, network topology and therefore are efficient in terms of
which essentially stores a topological map of all routers bandwidth usage. LSAs can be secured by either pass-
in the same administrative portion of the internetwork. word protection or MD5 checksums.
This may either be all routers within the autonomous
Implementation
system, or, if the AS is subdivided into different areas,
The reason OSPF scales well for large internetworks is
all routers within the local area. Each OSPF router
because it is hierarchical in design. OSPF allows large
stores this link state database information in the form of
autonomous systems to be further subdivided into mul-
a tree whose root is centered on the local router itself.
tiple areas. OSPF routers within an area only need to
To construct the link state database, each interface of know about other routers within their own area, not out-
every OSPF router is assigned a cost value. This cost is side their area, and all OSPF routers within a given area
generally inversely proportional to the bandwidth of the share the same link state database. This keeps the rout-
link the interface is connected to, although different ing tables small enough to prevent processing bottle-
cost values can be assigned as desired to shape the flow necks from occurring. OSPF areas within an AS are
of traffic through the network. These cost values are designated by unique 32-bit identifiers and typically
then used to create the metrics for different routes have no more than about 30 or 40 routers within them.
within routing tables, with the route having the least
cost being the preferred one.
Once the link state database has been constructed,
OSPF routers can then use the Shortest Path First (SPF)
algorithm (also called Dijkstra’s algorithm) to compute
the shortest path between any two subnets in the AS or
O
area. Thus, when traffic needs to be routed from one
point of the internetwork to another, the router calcu-
lates the optimal path from the link state database and
forwards packets accordingly. The SPF algorithm
enables routing information to be quickly recalculated
if routers go down, a feature called Fast Convergence.
The algorithm also ensures that routing loops do not
occur.
OSPF routers communicate with each other using
HELLO packets, which are sent periodically every 10
to 15 seconds and basically tell other OSPF routers that
the sending router is still alive. If an OSPF router does
not receive a HELLO packet from another router within
an expected time, it assumes that the other router is
down and that the link state database is no longer accu-
rate. The router then floods the network with link state
885
Open Shortest Path First (OSPF) Open Shortest Path First (OSPF)
886
open source open source
networks and assign each area a small set of network slowed their acceptance of software developed by the
IDs that can be summarized as a small series of routes. hacker community.
Be sure that areas connect to each other through your
In 1998 the term open source was coined to replace the
high-speed backbone area and not directly to each
confrontational free software label and promote accep-
other. (In other words, avoid back doors.) Specify cost
tance of this philosophy in the corporate arena. The
values that relate to the amount of traffic and each
result has been an acceleration of interest in open-
router’s hardware characteristics.
source applications and development by enterprises
See Also: autonomous system (AS), distance vector over the last few years, pushed along by large invest-
routing algorithm, dynamic routing protocol, Enhanced ments in Linux and other open-source technologies by
Interior Gateway Routing Protocol (EIGRP), interior companies such as IBM, Sun Microsystems, Compaq
gateway protocol (IGP), Interior Gateway Routing Pro- Computer Corporation, and others. The result is that
tocol (IGRP), IPv6, Internetwork Operating System today many open-source applications are packaged and
(IOS), link state routing algorithm, Routing Informa- sold by commercial software vendors. These vendors
tion Protocol (RIP), routing protocol, variable-length also provide technical support and customization ser-
subnet mask (VLSM) vices for their open-source packages, a critical factor in
helping open-source software gain acceptance in the
corporate world.
open source
A philosophy of software development that makes Marketplace
application code freely available. Some of the more popular open-source applications and
platforms include
Overview
Open source is a philosophy of application develop- ● Linux: UNIX-like operating system gaining popu-
ment that allows code to be read, redistributed, and larity in enterprise networks, especially at the server
modified based on the GNU Public License (GPL) end in niche applications such as Web servers, mail
formula. The term open source also refers to a loosely servers, and storage appliances. A popular form of
organized community of developers dedicated to pro- Linux is available from Red Hat.
ducing quality software and making it available free or
● Apache: Popular Web server software that runs on
O
at minimal cost.
UNIX and Linux platforms.
Although the open-source operating system called
● Sendmail: Simple Mail Transport Protocol
Linux has recently garnered the majority of media
(SMTP) server software popular on the Internet.
attention for this movement, the underlying ideas of
open-source software development go back more than ● PHP: Programming language for developing Web
20 years to the early days of the Internet. The develop- applications for the Apache/Linux platform.
ment of the BSD UNIX variants FreeBSD, OpenBSD,
● Samba: Popular application that enables Linux
and NetBSD was a pioneering effort in opening up the
file servers to run Server Message Block (SMB)
UNIX platform for development. From this effort
protocol so they can interoperate with Microsoft
emerged the “hacker” culture of the 1980s (the term
Windows-based servers and clients.
hacker originally meant someone who tinkered with
software to make it better, not someone who mali- ● MySQL: Structured query language (SQL) data-
ciously tried to break into systems). The overriding phi- base application available from AbriaSoft Com-
losophy of software development within the hacker pany and Nusphere Corporation.
community was originally that software must be free
● Bluebird: Open-source network management plat-
(without cost to its users), but this sharply ideological
form project originally called OpenNMS and
attitude alienated many in the corporate world and
acquired by Atipa Technologies.
887
Open Systems Interconnection (OSI) reference model Open Systems Interconnection (OSI) reference model
For More Information nected?” and “Does the network card have an IP
Visit the Open Source Initiative (OSI) at address configured?”) before progressing to testing
www.opensource.org. upper layer issues (“Is the httpd daemon running on the
Web server?” or “Are the routing tables up to date?”).
See Also: Apache, GNU General Public License
As such, the OSI model can probably be said to be the
(GPL), Linux, UNIX
networking professional’s fundamental troubleshooting
tool, as it guides the whole troubleshooting process.
Open Systems Interconnection
Architecture
(OSI) reference model The premise behind the OSI model is that communica-
An architectural model for computer networking devel- tion between hosts on a computer network is too complex
oped by the International Organization for Standardiza- a phenomena to be understood as a unity and that it can
tion (ISO). best be understood by breaking it down into simpler
Overview components. The ISO adopted a layered approach in
The ISO began work on the Open Systems Interconnec- which the OSI model was divided into seven logical lay-
tion (OSI) model in 1974 to address the problem that ers. Each layer deals with a certain aspect of communica-
the various networking systems being developed at that tions, and upper layers utilize the functions of lower
time could not communicate with each other. The OSI layers to make network communications possible.
model was intended as a reference model to which ven- You can think of each layer as being logically con-
dor-specific networking systems could be compared so nected to the same layer on a different computer on the
that interoperability solutions could be developed. The network. For example, the application layer on one
OSI model was thus intended to allow heterogeneous machine communicates with the application layer on
systems to communicate easily with each other in an another machine. But this communication is logical
open, standardized fashion and to provide a basis for only; physical communication occurs when packets of
developing standardized network protocols. data are sent down from the application layer of the
Uses transmitting computer, encapsulated with header infor-
O The primary use for the OSI model is as a starting point
for understanding how real-world networking protocols
mation by each lower layer, and then put on the wire at
the transmitting computer’s physical layer. After travel-
work. In other words, the OSI model is a “reference ing along the wire, the packets are picked up by the
model” to which such protocols as Transmission receiving computer’s physical layer, passed up the
Control Protocol/Internet Protocol (TCP/IP), DECnet, seven layers while each layer strips off its associated
and Systems Network Architecture (SNA) can be header information, and then passed to the receiving
compared. These real world-protocols generally map computer’s application layer, where the receiving appli-
only loosely to the OSI reference model, however, and cation can process the data.
usually omit some of the functions, or even levels, of The first table lists the seven layers of the OSI model,
the OSI model. TCP/IP, for example, maps to only starting with the lowest layers and working upward, and
four levels of the OSI model—namely, the physical, provides a brief description of the communications
network, transport, and application layers. functions that operate at each level. The second table
Another popular use of the OSI model is to simplify the provides examples of networking protocols that operate
process of troubleshooting networking problems. The at each layer of the OSI model.
basic idea is that upper layer protocol functions cannot
work unless all lower layer functions first work prop-
erly. This means that when you troubleshoot a network
problem, you should generally begin with lower-layer
issues (addressing such questions as “Is the cable con-
(continued)
888
Open Systems Interconnection (OSI) reference model Open Systems Interconnection (OSI) reference model
889
optical carrier (OC-x) level optical networking
890
opto isolator opto isolator
way to switch light signals themselves. As a result, tra- for data, but the proportion of data to voice traffic is ris-
ditional networks employ devices that transform elec- ing rapidly, a critical factor in driving research and devel-
trical signals into optical ones and back again. opment into new optical switching technologies.
This situation, however, is just beginning to change as Notes
new technologies are being developed to create all- The term optical networking is sometimes incorrectly
optical switches and routers. Companies in the forefront used to refer to either metropolitan Ethernet (also called
of research in this area include Cisco Systems, Nortel Net- optical Ethernet) or lambda switching technologies.
works, Lucent Technologies, and several startups. Some
See Also: fiber-optic cabling, lambda switching, met-
of the technologies being developed include switches that
ropolitan Ethernet, Synchronous Optical Network
route light signals of a given wavelength using
(SONET)
● Tiny adjustable mirrors: An example of a product
using this technology is the Lambda router from
opto isolator
Lucent Technologies. Because this technology
A device for electrically isolating networking compo-
employs mechanical parts, however, industry ana-
nents that are joined by long runs of copper cabling.
lysts do not view it as especially promising.
Overview
● Tiny bubbles in a heated liquid: These bubbles
Opto isolators are commonly used in RS-232 serial con-
can be used to divert light signals in response to
nections between mainframe hosts and terminals con-
changing temperature conditions. Agilent Technol-
nected by long cables. Opto isolation is typically built into
ogies is one company that has worked on this
line drivers for serial communication, so separate opto
approach, which can form the switching fabric of
isolators are not required. Opto isolators also prevent
all-optical mesh networks.
ground loops from damaging networking components.
● Thermo-optic gateways: This uses narrow silica
Implementation
waveguides whose transmission properties change
When a network component or cable transmitting a sig-
with temperature to allow light paths to be switched
nal is connected to one port on an opto isolator, the
on and off in milliseconds. A start-up called Lynx
Photonic Networks is using this approach to devel-
signal is converted briefly into light and then back into O
an electrical signal before exiting through the other port
op all-optical switches.
on the opto isolator. This brief metamorphosis from
Uses electric current into light and back again breaks the elec-
Initial uses for optical switches and routers are likely to trical connection between the two ports of the device,
be in carrier-class switching equipment used by service allowing the signal (alternating current) to flow but pre-
providers and telcos. Some analysts expect such equip- venting direct current from flowing along the cable.
ment to become widely available about 2005. Enterprise
networks may also want to deploy such equipment in
their high-speed switched backbones, but this will not
likely become popular until several years later due to ini-
tial costs of such equipment. Eventually all-optical mesh
networks may displace traditional Synchronous Optical
Network (SONET) ring architectures in the metropolitan
area network (MAN) arena and in cross-connects for
long-haul circuits. SONET was originally designed to
support time-sensitive voice traffic and is not efficient for
carrying packetized data. About half of the capacity of
SONET rings in the MAN environment is currently used
891
Orange Book Orange Book
RS-232 from 1985. The Orange Book, which was named for its
interface orange cover, is actually a part of a series of computer
Light path system security guidelines and standards that are col-
lectively known as the Rainbow Series.
The Orange Book provides methods of assessing the
security of a specific computer system, and it offers
hardware and software manufacturers guidance on how
to create products that can be certified as secure by the
U.S. government and military.
LED
transceivers For example, Microsoft Windows NT Server in certain
configurations complies with the C2 (Controlled
Access Protection) security standards outlined in the
RS-232 Orange Book. C2 is applied not to operating systems
interface
but to specifically tested physical computers running
those operating systems. C2 is one of a family of secu-
rity designations that the Orange Book applies to com-
puter systems, which include the following:
● D (Minimal Protection): For systems that were
evaluated but failed.
Copper
cable C1 (Discretionary Security Protection): Provides
Opto ●
Copper
● C2 (Controlled Access Protection): Adds user
cable accountability to C1 in the form of logons, auditing,
O and other features.
● B1 (Labeled Security Protection): Builds on C2
by including informal written security policies, data
G0OXX04 (was G0Oui04 in 1E)
labeling, and mandatory access control.
Opto isolator. Using an opto isolator to eliminate ground
loops. ● B2 (Structured Protection): Builds on B1 by
See Also: ground loop, RS-232, serial transmission including formal written security policies, separa-
tion of critical and noncritical elements, and protec-
tion against covert entry.
Orange Book
Another name for the publication Trusted Computer ● B3 (Security Domains): Builds on B2 by including
Systems Evaluation Criteria (TCSEC), published by the reference monitoring of all object access to ensure
National Computer Security Center (NCSC) of the U.S. security, a designated security administrator, and
Department of Defense (DoD). system recovery procedures.
892
organizational unit (OU) organizational unit (OU)
● Computers: Includes other computers in the ● Different business units, such as Sales, Support, and
domain Management. Keep it flexible and broad enough so
893
OASIS Orthogonal Frequency Division Multiplexing (OFDM)
● Limited administrative control: The ability to mod- Together with the United Nations/CEFACT body,
ify only certain aspects of objects contained in the OU OASIS has been active in the development of the Elec-
tronic Business Extensible Markup Language (ebXML)
Access to objects in Active Directory is based on dis-
standard, a new XML standard for simplifying the
cretionary access control lists (DACLs), which offer a
exchange of information between business partners
security model similar to that used in the NTFS file sys-
to promote e-commerce. OASIS also sponsors the
tem. Because objects with similar security requirements
XML.ORG site as a reliable source of information
are grouped into an OU, permissions assigned to the
regarding XML standards.
OU are inherited by all objects in the OU. You assign
permissions to OUs and other objects by using Active
Directory Users and Computers.
894
Orthogonal Frequency Division Multiplexing (OFDM) OSPF
895
OS X Outlook Express
896
out-of-band management (OBM) out-of-band management (OBM)
● Customizable three-pane view that shows folders, OBM offers several advantages over in-band manage-
messages, and message content ment systems such as Simple Network Management
Protocol (SNMP) management systems. For one thing,
● WYSIWYG editing of Hypertext Markup Lan-
OBM is more secure than in-band management since it
guage (HTML) messages
typically uses a dedicated serial link for management
● Support for Internet standard protocols, including purposes, Also, SNMP employs the network itself for
Simple Mail Transfer Protocol (SMTP), Post Office communication, so if the WAN link goes down, the
Protocol version 3 (POP3), Internet Mail Access remote station cannot use SNMP to determine the prob-
Protocol version 4 (IMAP4), Lightweight Directory lem because SNMP functions only if the WAN link is
Access Protocol (LDAP), and Network News working. OBM is often used as a backup system for
Transfer Protocol (NNTP) in-band SNMP management, when the devices have
limited SNMP support, or when the cost of an SNMP
● Support for multiple Internet service provider (ISP)
management system cannot be justified. You can often
accounts so that users can receive mail from multi-
manage a device in-band by using a remote Telnet client
ple e-mail accounts and download all messages into
for entering the same commands that are used in OBM.
the same Inbox
Implementation
● Integration with Internet Explorer security zones
In a typical OBM setup, a remote PC is connected by a
● Automatic name resolution (matching address book modem through a phone line to a code-operated switch
entries to a typed username) located at the office local area network (LAN). This
switch controls networking and telecommunication
● Stationery templates for adding a personal touch to
devices such as routers, bridges, switches, CSUs, and
messages
even power supplies through their RS-232 serial con-
● Enhanced Inbox rules for filtering incoming mail nections. Alternatively, the modem might be connected
directly to a remote modem connected to the device
being managed. In either case, the result is a separate
out-of-band management
low-cost dial-up circuit connecting the administrator
(OBM) O
and the network devices that is independent of the main
Remotely managing telecommunications equipment
network connection, which is usually a more expensive
using out-of-band (OOB) signaling.
T1 or other leased line. The administrator can thus
Overview access the WAN device from a remote location even
Out-of-band management (OBM) is a popular method when the WAN link itself is down, and can troubleshoot
of remotely managing the wide area network (WAN) the problem from off-site. OBM also allows administra-
telecommunications components. OBM manages tors to access and configure WAN devices without dis-
devices “outside of the normally used bandwidth,” turbing the WAN link itself.
in other words, using a separate communications
You could use OBM functions on a power supply to
link than the one being used for data transmission.
remotely reboot or reset your network devices when
These out-of-band (OOB) links are typically second-
they go down. You can use out-of-band switches to
ary serial communication links. WAN devices typically
select different serial interfaces remotely over a modem
managed using OOB include routers, switches, access
by issuing simple ASCII commands to different
servers, multiplexers, and Channel Service Unit/Data
devices. You can even use OBM to remotely configure
Service Units (CSU/DSUs). Devices that can be man-
and control devices on your network. OBM devices are
aged out of band usually have an RS-232 port or some
a useful part of a network disaster recovery plan.
other kind of serial interface for remote control of their
functions.
897
out-of-band (OOB) signaling out-of-band (OOB) signaling
898
outsourcing owner
899
owner owner
900
P
P2P
forms can share any kind of file, including text files
Applications that enable computers to function as both
and documents, multimedia files, virus definition
clients and servers.
files, and software patches and updates.
Overview
● Shared processing: This enables multiple client
Although the acronym P2P officially stands for “peer-
machines to share the processing load for certain
to-peer,” the acronym has taken on a somewhat different
tasks, reducing pressure on network servers. A good
meaning than the earlier concept of peer-to-peer net-
example here is the Search for Extra-Terrestrial Intel-
working that evolved in the 1980s. The original idea
ligence (SETI) at Home Project developed by the
referred to networks that were too small to warrant hav-
University of California at Berkeley. SETI at Home
ing dedicated servers, hence client machines could share
has more than 2 million registered users who have
files with one another to facilitate collaboration between
downloaded P2P software and use it to help search
users. Such peer-to-peer networks became popular with
radio telescope signal archives for messages that
the release of Microsoft Windows for Workgroups
extraterrestrials might be sending from other star sys-
(WFW). A key characteristic of such networks was that
tems. Another classic example in this category is
security was distributed—that is, there was no central
Intel Corporation, which has saved $500 million over
authentication server to manage logon security and
10 years by using a P2P program called Netbatch to
access control. As such, peer networking is suitable only
harness the processing power of thousands of work-
for low security environments. Microsoft Corporation
stations for the job of chip design.
developed Windows NT to provide centralized security
for such networks, turning them into domain-based net- ● Automatic software distribution: Many enterprises
works instead of peer-to-peer ones. have expressed interest in P2P as a vehicle for dis-
The concept of peer networking has evolved in the last
tributing software such as virus updates and system P
patches across the network. One company that pio-
few years, however, to include a whole range of power-
neered in this direction is myCIO.com (now McAfee
ful applications that allow client computers to share
AsaP), which developed antivirus definition distribu-
resources while bypassing servers. This new concept is
tion software that employs token-based authentica-
today called P2P and was popularized by the music shar-
tion to ensure secure distribution of updates.
ing service called Napster, which at its peak had over
20 million users worldwide. An essential ingredient in ● B2B collaboration: P2P provides new mechanisms
the popularity of the P2P model is the ubiquity of the for businesses to interact online to integrate supply-
Internet. However, P2P is also making inroads into tradi- chain processes and foster a collaborative business
tional enterprise corporate networks as well. environment. An example of such an application is
Mangomind from Mangosoft, which provides a
Uses
secure real-time Internet-based file-sharing service
Some of the emerging uses for P2P applications and
along the P2P model. Consilient is another company
platforms include
with P2P platforms for B2B linkage.
● File sharing: P2P allows clients to share files with
one another without using network servers. Napster
901
P3P package
Major industry players Intel Corporation, Hewlett- ● Source servers: These contain the original source
Packard, and others have established the P2P Work- files for software to be distributed.
ing Group to steer the development of P2P standards, ● Distribution servers: These store and distribute
especially in the area of security. The Working Group’s the package files.
efforts are directed toward making P2P a more secure
902
packet packet assembler/ disassembler (PAD)
903
packet filtering packet filtering
are actually considered nodes on the X.25 network and hosts (computers) to the PAD using RJ-45 connectors
are therefore drawn within the cloud in the diagram. on twisted-pair cabling. The PAD then connects to a
Channel Service Unit/Data Service Unit (CSU/DSU),
When PADs are used for providing remote access
which interfaces with the X.25 connection using a serial
through dumb terminals over X.25 to mainframe or
interface such as RS-232 or V.35. Some PADs now have
minicomputer hosts, the terminals require PADs but the
integrated CSU/DSU functionality to allow them to be
mainframe hosts do not—they are directly connected to
directly connected to the X.25 networks using serial
the X.25 network. To configure the PAD, the adminis-
interfaces. Some PADs even support both X.25 and
trator must specify a number of PAD parameters such as
frame relay and can thus be used to ease the migration
echo control, data forwarding, break signals, line fold-
path from older X.25 to newer frame relay services.
ing, and binary speed. The PAD parameters (usually 22
for each terminal that the PAD services) are defined by Notes
an International Telecommunication Union (ITU) pro- The Routing and Remote Access Service (RRAS) on
tocol called X.3. Communication between terminals Microsoft Windows 2000 and Windows .NET Server
and PADs is governed by the protocol X.28, and com- support PADs and other ways of connecting to X.25 net-
munication between the PAD and the remote host is works, such as X.25 smart cards and special modems for
governed by X.29. dialing up X.25 carriers such as SprintNet and Infonet.
See Also: Channel Service Unit/Data Service Unit
Terminal (CSU/DSU), data communications equipment (DCE),
data terminal equipment (DTE), frame relay, Interna-
tional Telecommunication Union (ITU), packet switch-
ing, packet-switching services, RS-232, serial
transmission, terminal, V.35, X.25
Terminal
PAD
packet filtering
Controlling a flow of packets based on information con-
tained within the packets.
X.25 network
P PAD Overview
Packet filtering is simply a way of controlling traffic on
Host a packet-switched network such as the Internet. Fil-
tering can be performed on packet attributes such as
source address, destination address, packet type, packet
length, and source and destination port numbers.
Most routers support some degree of packet filtering
capability that enables these routers to provide firewall
G0PXX01 (was G0Pui01 in 1E)
capabilities for protecting a network from unauthorized
Packet assembler/disassembler (PAD). Using PADs to traffic. Such routers are often called packet-filtering
connect dumb terminals to a mainframe host.
routers or screening routers. Note, however, that imple-
PADs come in different configurations. Some PADs menting packet filtering on a traditional hardware
support eight or more asynchronous DTE connections router can cause a performance degradation of about 30
and have multiple DCE interfaces for maximum config- percent on the router’s ability to handle network traffic.
urability. Typically, you connect your asynchronous
904
packet filtering packet filtering
905
packet forwarding packet switching
● Port 20 (the FTP data port) needs to be opened only to the Internet. ISA Server also supports domain filters for
when data will be uploaded to or downloaded from allowing or denying access to Hypertext Transfer Protocol
the FTP server. With static filtering this port would (HTTP) or File Transfer Protocol (FTP) services based on
have to be configured as permanently open, which the source Internet Protocol (IP) address or Domain Name
could provide a door for hacking attempts. Dynamic System (DNS) domain name. ISA Server can issue alerts
filtering allows this port to be opened at the start of an to inform you when packets are rejected or illegal packets
FTP session and then closed at the end of the session. are detected. It will also keep a log of alerts that occur for
analysis and record keeping.
Then, in order to establish an FTP connection with the
client, the FTP server randomly assigns two port num- See Also: Domain Name System (DNS), File Transfer
bers in the range 1024 through 65,535 to the client, one Protocol (FTP), firewall, Hypertext Transfer Protocol
for the control connection and one to transfer data. (HTTP), Internet Security and Acceleration Server (ISA
Because these ports are assigned randomly, there is no Server), Internetwork Operating System (IOS), IP
way to predict which ports above 1024 must be able to address, packet, port, router
be opened by the firewall. With static filtering, you
would therefore have to leave all ports above 1024 per-
packet forwarding
manently open if you wanted to allow FTP access
Accepting a packet and transmitting it to its destination.
through the firewall, which would be a real security
risk. With dynamic filtering, however, you can config- Overview
ure rules on the firewall that will read the packets issued A router receives packets from hosts on one attached
by the server, dynamically open the two randomly network and either forwards them to hosts on another
assigned ports to allow a session to be opened, monitor attached network or forwards them to another router for
the flow of packets to ensure that no unauthorized users further forwarding to a more distant network.
attempt to hijack the session, and close the randomly
The exact way in which a packet is forwarded is typi-
assigned ports when the FTP session ends.
cally based on a comparison of the packet’s destination
Marketplace address with the routing table stored in the router. Each
Most traditional hardware routers today support various act of forwarding performed by a router is called a hop
degrees of packet filtering functions. Packet filtering across the internetwork.
P can be configured on Cisco routers using Cisco Inter-
network Operating System (IOS) commands.
See Also: hop count, packet, router
906
packet switching packet switching
switches that examine and route packets from one such figured for connectionless communication by using
device to another, causing the packets to “hop” from switched virtual circuits (SVCs). An X.25 packet-
switch to switch or router to router. Individual packets switched network typically has a higher and more pre-
belonging to the same communication session might be dictable latency (about 0.6 seconds between end sta-
switched over several different paths, depending on fac- tions) than a TCP/IP internetwork. This is primarily
tors such as traffic congestion and switch availability at because X.25 packet switches use a store-and-forward
any given moment. Once the packets reach their desti- mechanism to buffer data for transmission bursts, which
nation, they are reassembled into a bit-stream to enable introduces additional latency in communication. In
reliable communications to occur. addition, X.25 uses error checking between each node
on the transmission path, while TCP/IP uses only
Types
end-to-end error checking.
Packet switching is the transmission method used for
most computer networks because the data transported Frame relay (formerly called “fast packet switching”) is
by these networks is fundamentally bursty in character another connection-oriented packet-switching service
and can tolerate latency (due to lost or dropped pack- that gives better performance than X.25. It does this by
ets). In other words, the transmission bandwidth needed switching packets immediately instead of using the
varies greatly in time, from relatively low traffic due to store-and-forward mechanism of X.25 networks. Frame
background services such as name resolution services, relay also eliminates flow control and error checking to
to periods of high bandwidth usage during activities speed up transmission. This is possible because frame
such as file transfer. This contrasts with voice or video relay networks use modern digital telephone lines, which
communication, in which a steady stream of informa- are intrinsically much more reliable than the older analog
tion must be transmitted in order to maintain transmis- phone lines on which much of the X.25 public network
sion quality and in which latency must remain still depends. Frame relay supports only connection-
minimized to preserve intelligibility. oriented PVCs for its underlying switching architecture.
The Internet is the prime example of a packet-switched Finally, Asynchronous Transfer Mode (ATM) is yet
network based on the Transmission Control Protocol/ another packet-switching service in which small fixed-
Internet Protocol (TCP/IP). A series of routers located length packets called cells are switched between points
at various points on the Internet’s backbone forwards on a network.
each packet received on the basis of destination address
until the packet reaches its ultimate destination. TCP/IP
Comparison P
Packet switching is different from circuit switching, in
is considered a connectionless packet-switching service
which switches are configured in a fixed state for the
because TCP connections are not kept open after data
duration of the session so that the route the data takes is
transmission is complete.
fixed. A network that is circuit-switched requires a dedi-
X.25 public data networks are another form of packet- cated switched communication path for each communi-
switching service, in which packets (or more properly, cation even if its full bandwidth is not being used. In
frames) formatted with the High-level Data Link Con- packet switching, bandwidth can be used when available
trol (HDLC) protocol are routed between different X.25 for more efficient transmission. Circuit switching is gen-
end stations using packet switches maintained by X.25 erally used in telephone systems, and packet switching is
service providers. Unlike TCP/IP, X.25 is considered a used for computer networks. Digital cellular phone ser-
connection-oriented packet-switching protocol because vices were originally circuit-switched as well, but most
it is possible to establish permanent virtual circuits cellular systems are now packet-switched networks to
(PVCs) that keep the logical connection open even achieve greater efficiency in data transmission.
when no data is being sent. However, X.25 can be con-
907
packet-switching services packet-switching services
Another difference between packet switching and cir- instead of routing traffic over a public packet-switching
cuit switching is that circuits must first be established network.
before any data is sent, and this generally involves a
Implementation
certain amount of setup time. During this process, the
In a typical scenario, the customer’s local network is
request for a circuit connection must pass through the
typically connected through routers, bridges, Frame
circuit-switched network, resources must be reserved
Relay Access Devices (FRADs), or other devices to a
for the connection, and a signal must be returned to the
telco’s central office (CO). These customer premises
initiating station when the circuit is established and data
equipment (CPE) either have built-in technology for
transmission can begin. Circuit-switched networks are
connecting directly to packet-switching services or use
thus useful only when the duration of the data transmis-
intermediary devices such as Channel Service Unit/
sion is much longer than the setup time involved in
Data Service Unit (CSU/DSU) devices. The packet-
establishing the circuit. With packet switching, data can
switching CPE then takes network frames and “packages”
be sent at the start of transmission, which is better
them into packets suitable for the specific type of
suited to the bursty, irregular nature of short network
packet-switching service being used. The packaging
transmissions over a computer network or WAN link.
process varies with the particular service used, but it
Packet switching is thus a connectionless service in
basically consists of breaking down network frames
which it is unnecessary to establish a communications
into relatively small individual packets of data and tag-
line (circuit) before sending a transmission.
ging the packets with the destination address of the
See Also: Asynchronous Transfer Mode (ATM), remote node to which the packet is directed. Each end
circuit-switched services, connectionless protocol, node (local network access device) connected to the
connection-oriented protocol, frame relay, Inter- cloud has a Layer 2, or data-link layer, address that is
net, latency, packet, packet-switching services, known to every other end node. These addresses are
permanent virtual circuit (PVC), routing, switched used to route packet data between individual nodes on
virtual circuit (SVC), Transmission Control Proto- the WAN or to broadcast packets to all nodes when
col/Internet Protocol (TCP/IP), X.25 needed. Other information is also tagged onto the
packets for error correction and other purposes, depend-
ing on the service used. The packets are usually small to
packet-switching services
lessen the load on the switching devices and to enable
P Telecommunications services provided by telcos for
building wide area networks (WANs).
quick retransmission when transmission errors occur.
Packets are individually placed onto the carrier’s
Overview
packet-switched network and switched from circuit to
Packet-switching services are services that route cus-
circuit until they reach their destination. Two packets
tomer traffic over telco packet-switching networks.
forming part of the same network message might take
Such services may include frame relay, X.25, Asyn-
entirely different routes to reach their destination
chronous Transfer Mode (ATM), or Switched Multi-
node—it depends on the best route available at any
megabit Data Services (SMDS).
given moment, as determined by the packet-switching
Packet-switching services are only one form of WAN services themselves. This is different from circuit-
service offered by telcos to enable enterprises to con- switched networks, in which all packets are sent over
nect remote offices. The main alternative to packet- the same switched circuits for the duration of the con-
switched services are circuit-switched services such as nection. At the destination, the packets are reassembled
T-carrier leased lines, which tend to be much more into network frames and delivered to the remote net-
costly because they require dedicated telco switches work, where they are routed to their destination.
908
PAD PAD
909
PAN parity information
910
partition (Active Directory) passive optical network (PON)
If the first disk fails so that the “1” bit stored on it is lost, system on primary partitions. A physical disk can
the missing bit can be mathematically reconstructed have up to four primary partitions.
using the remaining data bits and the parity bit for the
● Extended partitions: A series of logical drives can
stripe as follows:
be created on extended partitions. You can create an
? XOR (0 XOR 0 XOR 1 XOR 1) = 1 extended partition on a disk to overcome the limita-
? XOR 0 = 1 tion of four primary partitions per disk.
Therefore ? = 1
Notes
See Also: fault tolerance, redundant array of indepen- You can create partitions by using the Fdisk command
dent disks (RAID) in MS-DOS and all versions of Microsoft Windows, by
using Disk Administrator in Windows NT, or by using
partition (Active Directory) the Disk Management tool in Windows 2000, Windows
A logical divider for organization information in Active XP, and Windows .NET Server. Using the Fdisk com-
Directory directory service in Microsoft Windows 2000. mand, you can create one primary partition and one
extended partition. Disk Administrator can create up
Overview to four primary partitions or three primary and one
Partitions divide Active Directory into separate sections extended partition. In Disk Management on Windows
and enable it to store large numbers of objects in a dis- 2000, Windows XP, and Windows .NET Server, you
tributed directory over the network. They also allow can create partitions only on basic disks, not on
Active Directory to scale to millions of objects. A parti- dynamic disks (volumes are created on dynamic disks
tion functions as a physical storage container for a por- instead of partitions).
tion of the directory data for an organization. Each
domain’s directory information is stored in a separate See Also: basic disk, dynamic disk
partition and is identified using the distinguished name
of the domain. The global catalog server can find an passive hub
object in Active Directory by using the object’s distin- Another name for a patch panel, a rack-mounted panel
guished name (DN), which can be used to identify a with a series of connectors that provides a branching-
replica of a partition that contains the object. out point for network cabling to leave the wiring closet
See Also: Active Directory, distinguished name (DN),
global catalog server
and make horizontal runs to wall plates in the work
areas.
P
See: patch panel
partition (disk)
A portion of a physical disk that functions like a com- passive optical network (PON)
pletely separate physical disk. A technology for bypassing the bottleneck of the local
Overview loop.
Partitions allow physical disks to function as multiple Overview
separate storage units for isolating operating systems Traditional telco data services have been limited by the
from applications data on a single-boot system or for technology of the local loop, the “last mile” of copper wir-
isolating operating systems from one another on a ing connecting businesses to the Public Switched Tele-
multiboot system. phone Network (PSTN). This copper wiring means that
Disks can have two types of partitions: data rates delivered to customers are far below the speeds
at which data is transported in the core of telco networks.
● Primary partitions: You can install a bootable A passive optical network (PON) provides a way of
operating system along with its associated file
911
passive termination passive termination
working around this bottleneck that analysts estimate to the splitters using fiber-optic cabling (if it has been
affects three-quarters of all businesses in the United States. deployed to the customer premises) or by using existing
copper local loop cabling running high-speed Digital
Implementation
Subscriber Line (DSL) technologies. The result is that
Instead of deploying a full “fiber-to-the-curb” buildout
high-speed data services can be more easily and effi-
with its high cost and complexity, a PON connects an
ciently provisioned to customers without the need to lay
optical access switch (OAS) or optical line terminal
a lot of fiber.
(OLT) located at the telco central office (CO) using a
single strand of fiber-optic cabling to a passive optical PONs multiplex data at the splitters using either time-
splitter or coupler located in the neighborhood of a division multiplexing (TDM) for downstream traffic or
group of customers. The fiber connecting the CO to the time division multiple access (TDMA) for upstream.
splitter is passive—that is, it has no active components Two speed configurations are common: 155 megabits
such as repeaters or optical amplifiers. Instead, a high- per second (Mbps) in both directions or asymmetric
power laser is used to ensure that signals maintain 622 Mbps downstream and 155 Mbps upstream. Some
strength over the trunk length, which is typically lim- faster speeds have been achieved in test bed environ-
ited to 12 miles (19 kilometers). Multiple splitters can ments, such as OC-48 PONS running at 2.48 gigabits
be deployed on a single fiber, up to a maximum of 32 per second (Gbps).
splitters, and these may be configured in various ways
Advantages and Disadvantages
to create star or ring networks as needed and support
PONs help telcos offer high-speed services to more
both permanent virtual circuits (PVCs) and switched
customers without the cost of building out excessive
virtual circuits (SVCs).
amounts of neighborhood fiber structure. The downside
is that they are shared, rather than dedicated, services,
Neighborhood Telco CO but by overlaying dense wavelength division multiplex-
businesses ing (DWDM) on PONs, telcos can provide users with
individual lambdas simulating dedicated links. Such
Intelligent Optical
IOT optical services, however, are likely to be several years away.
access
terminals switch Marketplace
Fiber Several startups have reached market with PON
P Splitter Single fiber
strand
switches, including Quantum Bridge and Terawave
Communications. This market is likely to explode in the
next few years as real-life PON rollouts accelerate.
Copper
Fiber For More Information
DSL Visit the Full Service Access Network coalition at
IOT Copper
www.fsanet.net.
See Also: central office (CO), Digital Subscriber Line
DSL (DSL), fiber-optic cabling, fiber to the curb (FTTC),
permanent virtual circuit (PVC), Public Switched Tele-
G0PXX04 (new to 2E)
phone Network (PSTN), switched virtual circuit (SVC),
Passive optical network. Provisioning business customers telco, Time Division Multiple Access (TDMA),
with high-speed data services using a PON. time-division multiplexing (TDM)
Customers can then be connected to splitters in their
neighborhood either by deploying intelligent optical passive termination
terminals (IOTs) or optical network units (ONUs) A terminator such as a resistor that absorbs signal
located at the customer premises and connecting them energy and prevents signal bounce.
912
pass-through authentication password