Transcript Chapter 11 Advanced NOS Administration

Chapter 11
Advanced NOS Administration
11.1 Backups
11.2 Drive Mapping
11.3 Partition and Processes Management
11.4 Monitoring Resources
11.5 Analyzing and Optimizing Network
Performance
Backups
Overview of Backup Methods
•
•
•
The backup process involves
copying data from one computer
to some other reliable storage
medium for safekeeping.
Once the data has been archived,
the system administrator can then
restore data to the system from
any previously recorded backup.
Considerations that are relevant
for storage devices:
– Cost
– Size
– Manageability
– Reliability
Overview of Backup Methods
• There are four types of backup procedures that
define how the backup will take place:
– Full - will backup everything on the hard drive at the
scheduled point in the day
– Partial - backs up selected files
– Incremental - only the files that have changed since the
last backup will be selected for back up
– Differential - backs up files created or changed since
the last normal or incremental backup
Drive Mapping
What is Drive Mapping?
• Drive mapping is a useful tool
that allows an administrator to
share resources that are stored
on a server.
• The client computers that are
connected to the network
assign a drive letter that will act
as a direct path to access those
resources stored on a server
over the network.
• After a user identifies a network
resource to be used locally, the
resource can be "mapped" as a
drive.
Mapping Drives
in Windows Networks
• To map a drive with Windows
Explorer, navigate to the folder on
the remote system in Windows
Explorer by selecting Network >
Neighborhood > Server name >
Shared folder name.
• Another way to do this is to
choose the Tools menu, and then
choose Map Network Drive.
• The net use command can be
used instead of mapping drives
through Windows Explorer.
• net use can also be incorporated
into a login script that
automatically runs when the user
logs in to the network.
Mapping Drives in Linux Networks
• A client computer running Linux must be mapped in a slightly
different way.
• Use the mount command to establish a connection to the shared
directory on the server.
• Entering the syntax will map a drive to a Linux/UNIX share.
• The local directory designation that points to the remote share
denoted by the first part of the command is called the directory
mount point.
• The mount point location must already exist before a share can
be mapped to it.
Partition and Processes Management
Using fdisk, mkfs, and fsck
• fdisk is a text-based and
requires the use of one-letter
commands to manipulate the
options.
• type m or ? at the fdisk
prompt to obtain a list of the
commands that can be used.
• Once the partition changes
have been made, a filesystem
must be created on the
partition.
• This is also referred to as
formatting the partition.
• Use the mkfs utility to create
a filesystem in Linux.
Using fdisk, mkfs, and fsck
• The fsck utility is used to
check file systems for
errors, which occur more
frequently than the need
to add, remove, or format
partitions.
• It is a good idea to use
this utility often to check
for file system integrity.
Managing System Processes
with cron Jobs
• The way to schedule tasks to run
at regular intervals on a Linux
system is with Cron Programs.
• Also known as Cron jobs, they
schedule system maintenance
tasks that are performed
automatically.
• System Cron jobs are controls via
the/etc/cron.d directories and
/etc/crontab file.
• The file begins with set of
environmental variables. These set
certain parameters for the Cron
jobs such as the PATH and
MAILTO
• The other lines in this file, specify
the minute, hour, day, month, and
day of the week the job will run.
Core Dumps
• Core Dump is a recording of
the memory that a program
was using at the time it
crashed.
• The purpose of Core Dumps
is to allow programmers to
study the file to figure out
exactly what caused the
program to crash.
• The processes that are
currently running on a Linux
system can be viewed by
using the ps command.
Core Dumps
• The ps command has a
variety of options that can
be used with the command
to manipulate its output.
• These options can be used
together to display the
output wanted using the
ps command.
• There can be some
considerable output that is
generated when the
command such as ps-A –
forest command.
Core Dumps
• The top command functions
much like the Windows 2000
Performance tool by providing
detailed information regarding
CPU and RAM usage.
• Sometimes a process will cause
the system to lock up.
• The kill command can be used to
terminate the process.
• The signal option represents the
specified signal that is sent to the
process.
• There are 63 different parameters
that can be entered for the signal
that is sent to the process.
Assigning Permissions for Processes
• Typically, programs have the
same types of permission and
can read the same files as the
user who runs that program.
• There are certain programs that
require additional permission to
be run by certain users.
• Regular users cannot execute
the su command, because it
requires root account privileges.
• Programs such as these are run
using the SUID or SGID bit,
which allows these programs to
be run under the permission of
another user.
Monitoring Resources
Disk Management
• By regularly using errorchecking and
defragmentation programs
and continually managing free
disk space, the system
administrator can maintain a
healthy hard drives.
• One preventive disk
management tool available to
system administrators is the
use of "quotas" for user
accounts.
• A quota acts as a storage
ceiling that limits the amount
of data each user can store
on the network.
Memory Usage
• Memory diagnostic tools that
allow RAM intensive
applications to be discovered,
and stopped if necessary, are
typically built into most NOS
platforms.
• System administrators can
compensate for the lack of
memory through the use of
"virtual memory".
• Virtual memory allocates
space on the hard drive and
treats it as an extension of the
system RAM.
CPU Usage
• All information used by the NOS, including the NOS itself,
is processed millions of times per second by the CPU to
display this information to the user.
• Built-in tools are commonly provided to allow system
administrators to monitor the current level of CPU activity.
• This feedback is often presented in terms of the
percentage of the CPU currently being used and is
refreshed at frequent intervals.
Reviewing Daily Logs
• Most computer programs, servers, login processes,
as well as the system kernel, record summaries of
their activities in log files.
• These summaries can be used and reviewed for
various things, including software that might be
malfunctioning or attempts to break into the system.
• In Windows 2000, the Computer Management tool
allows users to browse the logged events generated
by the NOS.
Reviewing Daily Logs
• Linux uses log daemons to
control the events that are
entered in the system log.
• Most of the Linux systems log
files are located in the /var/log
directory.
• The log files that are located in
this directory maintained by
the system log daemon
(Syslogd) and the kernel log
daemon (klogd).
• These two daemons are
configured using the
syslog.conf file.
Checking Resource Usage on Windows 2000
and Windows XP
• System resources are monitored
in Windows 2000 and Windows
XP with the Performance tool.
• This application is found under
the Start menu > Programs >
System Administration >
Performance menu option.
• Users can then right-click on the
graph and select Add Counters
to specify which system
resources to monitor in the
graph.
Checking Resource Usage on Linux
• The df command is used to
display the amount of disk space
currently available to the various
filesystems on the machine.
• When a directory name is
specified, the du command
returns the disk usage for both the
contents of the directory and the
contents of any subdirectories
beneath it.
• The top command functions much
like the Windows 2000
Performance tool by providing
detailed information regarding
CPU and RAM usage.
Analyzing and Optimizing
Network Performance
Key Concepts in Analyzing and Optimizing
Network Performance
•
•
•
The network administrator
should make time to devise a
proactive plan for managing the
network.
This plan enables the detection
of small problems before they
become large ones.
The three key concepts in
analyzing and optimizing
network performance include:
–
–
–
Bottlenecks
Baselines
Best practices
Bottleneck
• It is the point in the system
that limits the data
throughput, which is the
amount of data that can flow
through the network.
• The primary performancemonitoring tool for
Microsoft’s Windows 2000
Server is called
Performance.
• Performance can monitor
nearly all hardware and
software components on a
Windows 2000 server.
Bottleneck
• The various versions of the UNIX/Linux operating
systems have command-line utilities that can be used
to monitor performance of the UNIX/Linux network
server.
• The primary tools are sar, vmstat, iostat, and ps.
• The flags used by these commands can vary among
the different versions of UNIX/Linux.
• Use the UNIX/Linux man command to get specifics
about the use of these commands.
• The information displayed by the man command also
tells how to interpret the output generated by the
command.
Baselines
• The baseline measurements should
include the following statistics:
– Processor, Memory, Disk
subsystem, Network - Network
queue length
• Determine how efficiently a network
is performing by comparing various
measurements to the same
measurements taken at an earlier
time.
• This point of comparison is called a
baseline, which is the level of
performance that is acceptable
when the system is handling a
typical workload.
Determining Internet
Connection Speed
• The speed of a connection is
limited by its lowest-speed
component or the bottleneck.
• This means that even if the
equipment is capable of a
50-kbps connection, the
connection will be at the
slower speed if the remote
modem supports only 33.6kbps.
Determining Internet
Connection Speed
There are many reasons for a slow Internet connection:
• A poor connection to the ISP remote access server can be
caused by modem problems on either end and noisy lines
• A slow web server, FTP server, or any server on the
Internet to which requests are being sent
• Congested conditions on the primary backbone lines,
which can occur during events of national or international
importance
• Shared bandwidth on the LAN or within the ISP network
Network Monitoring Software
• The network monitor that comes with Windows NT and
Windows 2000 is a functional and useful tool for
performing routine protocol analysis.
• Network Monitor can be used to display the individual
frames of captured data.
• The figure shows that packets for several different
protocols have been captured, including TCP, UDP, and
SMB.
Network Monitoring Software
• The Sniffer products enable
sophisticated filtering based
on pattern matches, IP/IPX
addresses, and so on.
• Sniffer Pro includes a traffic
generator to assist in testing
new devices or applications.
• It can be used to simulate
network traffic or to
measure response times
and hop counts.
• Sniffer uses a dashboardstyle interface.
Network Management Software
The difference between network monitoring software and network
management software is the latter is generally more comprehensive.
Managing the network includes a number of tasks:
• Documenting the devices on the network and the status of each
• Creating an inventory of network software that allows deployment of
software and updates over the network
• Metering software to provide data on what applications are being used
and how, when, and by whom they are being used
• Managing software licensing
• Remotely controlling client machines and servers over the network and
managing remote desktops
• Notifying administrators of events such as failure of network
components or a predefined disk capacity that is reached or exceeded
Network Management Software
There are several network management programs (or, more accurately,
suites of programs) on the market.
•
•
•
•
Microsoft SMS
Novell ManageWise
IBM Tivoli Enterprise
Hewlett Packard OpenView
Management software for small and medium-sized
networks
• SNMP is a protocol that is included in most implementations
of TCP/IP
• CMIP was designed to improve on SNMP and expand its
functionality. It works in much the same way as SNMP, but it
has better security features. Also, it enables notification
when specified events occur.
Management Service Provider (MSP)
• A new development in network management is the
Management Service Provider (MSP).
• A company subscribes to an MSP service, which
provides performance monitoring and network
management.
SNMP concepts and components
• SNMP runs on port 161 by default, it is the only
way to obtain true statistics of network usage under
TCP/IP
• Before setting up SNMP, it is necessary to have IP
addresses or host names of the systems that will
either be the initiators or those that will respond to
the requests.
• At least one management system is needed to
even be able to use the SNMP Service
• The SNMP agent is responsible for complying with
the requests and responding to the SNMP manager
accordingly
SNMP structure and functions
• The data that the management system requests
from an agent is contained in a Management
Information Base (MIB).
• The MIB is the database of information that can be
queried against.
• The SNMP agent knows what to monitor on the
network device by looking at a Management
Information Base (MIB) for the device.
• There really is no established security with SNMP.
SNMP structure and functions
• The data that the management system requests
from an agent is contained in a Management
Information Base (MIB).
• The MIB is the database of information that can be
queried against.
• The SNMP agent knows what to monitor on the
network device by looking at a Management
Information Base (MIB) for the device.
• There really is no established security with SNMP.