Presentation6 - University Of Worcester
Download
Report
Transcript Presentation6 - University Of Worcester
COMP2221
Networks in Organisations
University of Worcester
March 2012
Week 6: Booting up a
Network Operating System
Objectives:
– Describe the software layers of a network
operating system
– Describe each of the six boot-up stages
– Explain the terms firmware, ACPI, and
plug-n-play
– Relate the booting up process to the
principle of fault tolerance
Architecture of a NOS
User Interface
operating i/o subsystem, system functions
os kernel (diff versions for diff hardware)
BIOS
CPU, network card
Stages in Boot Up
Load & run hardware test software
If hardware all OK, load essential operating
system components into memory and execute
Either
– present user interface for immediate use
Or
– present logon screen
– create user interface according to logon credentials
Why does A Windows Boot-up
take so long?
Lot of software needs to be loaded,
mostly from hard disk…
Six “fault tolerant” stages required
before the user gets their desktop:
–
–
–
–
–
–
Power-on self test (POST)
Initial startup
Boot loader
Detect and configure hardware
Kernel loading
Logon
Stage 1: POST
No matter which operating system is
installed…
– CPU starts up & loads BIOS software from
motherboard ROM
– CPU runs POST program
» POST = Power-On Self-Test
» essential to check that basic hardware is OK
before loading ANY operating system into
memory…
POST…
Checks the following:
– crucial hardware matters, such as amount of
memory present
– presence of the devices needed to start the
operating system
Retrieves:
– low level functions from BIOS (basic input-output
system)
– system configuration settings from CMOS memory
(complementary metal-oxide semiconductor)
If POST fails… screen errors indicate
hardware faults. Replace & restart…
Stage 2: Initial Start-up
Other BIOS-controlled processes:
– motherboard “add-on” adapters run their
own firmware carry out internal diagnostic
tests
» e.g. video and hard drive controllers
– settings in CMOS memory determine the
device(s) the computer will use to load an
operating system
» e.g. floppy disk, hard disk, CD/DVD, USB
» fault tolerance: if device not working reboot and
change CMOS “boot” settings
Stage 3: The Boot Loader
In a pre-Windows operating system:
– files all loaded from media into memory
– executed to create a command line
interface…
– option for user to type username/password
To set up a GUI (Graphical User
Interface) a lot more needs to happen…
– especially with Windows/NT combo…
» all systems XP onwards
Stage 3:
Windows Boot Loader
First boot device in the CMOS boot list
activated
– “boot loader” file (NTLDR) detected and
loaded from activated disk’s boot sector…
If NTLDR is not found…
– depending on the device:
» EITHER an error may comes up…
Fault tolerance: if file(s) corrupted, can be booted up to
cmd prompt and corrupted files replaced…
» OR control may pass to the next device on the
list
Stage 3: The Boot Loader
boot sector
NTLDR…
– sets the system for “32-bit mode”
– “starts” the file system (e.g. NTFS)
» i.e. loads into memory
» executes through CPU
Hard disk
data
CPU
RAM
– loads other essential start-up files
from designated partition on chosen
disk:
»
»
»
»
»
Boot.ini – partition boot options
Ntdetect.com – hardware detection
Ntbootdd.sys
Ntoskrnl.exe
Hal.dll
Stage 4: Detecting and
Configuring Hardware
NTDETECT then loaded:
– extracts text info from:
» boot.ini file
» the registry
– gets hardware data from firmware routines
– passes data gathered to NTLDR
NTLDR
– structures data from NTDETECT
– passes it to NTOSKRNL
Stage 5: Kernel Loading
Operating system
kernel
All this, and still no
operating system
kernel has been
loaded!
Now… NTLDR creates the
“WINDOWS EXECUTIVE”
to control the kernel…
Hard disk
data
CPU
RAM
Stage 5: Setting up the Kernel
Windows is potentially multi-platform
NTLDR selects correct hardware
abstraction layer file
– HAL.dll by default (Standard Intel PC)
Other Example HAL files:
» Halacpi.dll (Advanced Configuration and Power
Interface (ACPI) PC)
» Halmacpi.dll (ACPI Multiprocessor)
» Halaacpi.dll (ACPI Uniprocessor)
Fault tolerance: as with stage 4… use cmd prompt
to recopy file(s)
Stage 5: Setting up the
“Live” Registry
Still controlled by NTLDR…
– CPU reads & processes
systemroot\System32\Config\System file
» contains essential information for determining
which drivers need to be loaded
– CPU creates HKEY_LOCAL_
MACHINE\SYSTEM registry key
» usually includes several “control sets” as subkeys
» set up and presented as menu options before the
system key can be used
Stage 5: Kernel Fault Tolerance
(Registry - System key “control sets”)
Configuration depends on the registry.
Fault tolerance provides a range of
“Control Sets”:
» \CurrentControlSet, a pointer to a ControlSetxxx
subkey
where xxx represents a control set number, such as
001 designated in the \Select\Current entry
» \Clone
a copy of \CurrentControlSet, created each time the
computer starts
» \Select options (next slide)
\SELECT control set options
1. Default:
– points to the control set number for next
startup
» e.g. 001=ControlSet001
» if no error or manual invocation of the
“LastKnownGood” startup option
assuming that a user is able to log on successfully…
BECOMES the Default, Current, and
LastKnownGood entries
2. Current:
– last control set that was used to start the
system
\SELECT control set
options
3. “Failed”:
– a control set that did not start Windows XP
Professional successfully
– updated when the LastKnownGood option is used
to start the system.
4. LastKnownGood:
– the control set used during the last user session
– updated during logon with configuration
information from the previous user session
Creating the “Hardware” Key
Once the Control Set is loaded…
– kernel uses the data structures provided by NTLDR
to create the
HKEY_LOCAL_MACHINE\HARDWARE key
» hardware data collected at system startup
» includes information about various hardware components
and system resources allocated to each device
The Starting up progress indicator at the bottom
of the screen monitors and displays aspects of
the kernel load process during the creation of
this key
Drivers, Services, and
Kernel Initiation
Drivers:
– kernel-mode components required by
devices to function with the operating
system
Services:
– components that support operating system
functions and applications
– can run in various different contexts
– typically do not offer many user-configurable
options
Drivers are treated as services…
Which Services are loaded
during kernel initiation?
Services loaded before user login
– act independently of the user
– typically stored in the systemroot\System32 and
systemroot\System32\Drivers folders
– use .exe, .sys, or .dll file name extensions
Each Service has a “start” value to determine
conditions of loading…
– can be altered by those with admin rights
Service “Start” values
0 (Boot)
– Specifies a driver that is loaded (but not started)
by firmware calls made by Ntldr. If no errors occur,
the kernel starts the driver.
1 (System)
– Specifies a driver that loads at kernel initialization
during the startup sequence by calling Windows
XP Professional boot drivers.
2 (Auto load)
– Specifies a driver or service that will be initialized
at system startup by Session Manager (Smss.exe)
or Service Controller (Services.exe)
More “Start” values
3 (Load on demand)
– a driver or service that is manually
started by a user, a process, or
another service
4 (Disabled)
– a disabled (not started) driver or
service
Loading Services and creating
the system key
During kernel initialization:
– NTLDR reads
HKEY_LOCAL_MACHINE\SYSTEM\Curren
tControlSet\Services\servicename, then…
» Ntldr searches the Services subkey for drivers
with a Start value of 0
e.g. hard disk controllers
» Ntoskrnl.exe searches for and starts drivers,
that have a Start value of 1
e.g. network protocols
Kernel Control…
Starts the session manager
– SMss.exe
Important initialization functions:
– creates system environment
variables
– starts kernel-mode part of the
Windows subsystem
» loaded from
systemroot\System32\Win32k.sys
More about Session Manager
Enables Windows to switch from text mode
(16-bit) to graphics mode (32-bit)
User-mode portion of the Windows
subsystem loaded from systemroot
\System32\Csrss.exe
– Windows-based applications can run in
“Windows subsystem”
– applications can now access operating system
functions, e.g. displaying information to the
screen
Session Manager (continued)
Windows subsystem and the
applications that run within it are all
“user mode” processes
– run at a lower priority than kernel-mode
processes
– no direct access to hardware or device
drivers
– virtual memory (if required) dependent on
the kernel to page memory from user-mode
processes to disk
Session Manager (continued)
Logon Manager loaded from
systemroot\System32\Winlogon.exe
– creates additional virtual memory paging
files
– performs delayed rename operations for
files listed in the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\Session
Manager\PendingFileRenameOperations
» e.g. prompts to restart the computer
after installing a new driver or application
so that the file in use can be replaced
Session Manager (continued)
Finally, searches the registry for service
information that is contained in the following
subkeys:
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
olSet\Control\Session Manager
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
olSet\Services\servicename
– HKEY_LOCAL_MACHINE\SYSTEM\CurrentContr
olSet\Control\Session Manager
\Subsystems
Subkey Information for SMss
Session Manager key provides a list
of commands to be executed before
loading services
– e.g. Autochk.exe tool
» specified by the value of the BootExecute entry
and virtual memory (paging file) settings
stored in the Memory Management subkey
» version of the Chkdsk tool
» runs at startup if the operating system detects
a file system problem that requires repair
before completing the startup process
Subkey Information for SMss
Service Control Manager key initializes
services that the Start entry has
designated as Auto-load
Finally,
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Session Manager\Subsystems
– available subsystems
– allows Csrss.exe (user-mode portion of the
Windows subsystem) to be selected
NO WONDER IT TAKES SO LONG!!!
Stage 6: Logon Phase
Managed by Winlogon.exe
– initializes security and authentication
components
– starts the Services subsystem or Service
Control Manager (SCM): services.exe
» starts the Local Security Authority (LSA)
process (lsass.exe)
» parses the Ctrl+Alt+Del key combination at the
Begin Logon prompt
Logon Phase
The Graphical Identification and
Authentication (GINA) component:
– collects the user name and password
– passes this information securely to the LSA
for authentication
– if the user supplied valid credentials,
access is granted by using either the
Kerberos V 5 authentication protocol or
NTLM
Logon Phase
After the user has logged on:
– control sets are updated according to
group policy settings
– changes to local registry settings take
effect
– user startup programs run e.g.
» login scripts
» programs in startup folders
» services found in registry subkeys & folder
locations
Logon Phase
Services loaded from these registry subkeys:
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
s\CurrentVersion\Runonce
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
s\CurrentVersion\policies\Explorer\Run
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
s\CurrentVersion\Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\Windows\ Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu
rrentVersion\Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu
rrentVersion\RunOnce
Logon Phase
Services loaded from these folder
locations…
– systemdrive\Documents and Settings\All
Users\Start Menu\Programs\Startup
– systemdrive\Documents and
Settings\username\Start Menu\Programs\
Startup
– windir\Profiles\All Users\Start
Menu\Programs\Startup
– windir\Profiles\username\Start
Menu\Programs\Startup
Concluding Logon Phase…
Winlogon provides Plug and Play support for
computers equipped with ACPI firmware
(Advanced Configuration & Power Interface):
– enables enhanced features, e.g hardware resource
sharing
– especially useful for “mobile” users
» use portable computers that support standby, hibernation,
hot and warm docking, or undocking features
Plug and Play Device Detection
– runs asynchronously with the logon process
– relies on system firmware, hardware, device driver,
and operating system e.g. ACPI to detect and
enumerate new devices
Protecting the Server Software
All hardware can go wrong and should have a
backup
What of software… need tools…
–
–
–
–
–
–
what to backup?
when to backup?
how to backup?
where to put the backup?
how long to keep the backup?
can the backed up software be fully restored…
Client Files Backup
Windows (XP onwards) presents four
backup choices:
– all files
– current user settings
– all user settings
– custom choice
» can choose between anything from all files and
folders to none
Where to backup to?
Computer hard disk?
– ideal backup location is a separate partition on the same disk
– e.g. hard disk is partitioned into drive C and drive D
» data is on drive C
» can safely it back up to drive D.
Zip drive or other removable media?
– unfortunately, the Windows Backup utility can't save files
directly to a CD-RW drive (!)
Shared network drive? Limited only by the amount of
free space on the network share
External hard disk drive?
USB? IEEE 1394 (ie LAN)? FireWire? Cloud?
Prioritising Server Backup?
Servers typically hold a lot of data
Generally accepted that “system state”
files are those that are most important
for keeping the NOS functioning
normally
– need to be backed up on a regular basis
System state
Windows “essential files” for boot up:
–
–
–
–
–
Active Directory (NTDS)
System Volume (SYSVOL)
Boot files
Registry
COM+ class registration database
Windows “backup” program enables
system state files to be saved to
another location
– they can be copied back via cmd line in
event of a crash that won’t reboot