Transcript manag - Personal.psu.edu

Managing A Network
Managing
• Why?
• Who – Network Manager / Network
Administrator
• Credentials
– MSCE, CNE
– Sun Certified System Administrator Solaris
– Sun Certified Network Administrator Solaris
Managing
• Systems
– Clients, Servers, Network Hubs, Routers,
Remote Access Devices, Printers, etc.
– Users
– Interfacing with other organizations
– Audits, backups
– Software updates
Server Managing
• Hardware Issues
– CPU Power & Number
– Memory
– Hard Disks, size, type, storage architecture
• SCSI, IDE
• Striping, Mirroring, Raid
Managing Servers
• Busy disks or printers store information in
queues, (memory or disk space)
• Disks use an area know as swap space as if
it were memory, when memory gets filled.
– Free disk space is critical to good performance
• Fragmentation is another concern
Managing Servers
• Drives need to be defragmented routinely
• Drives need to be scanned for bad sectors as
numerous writes and re-writes damage the
media.
Managing Servers
• Memory
– Memory gets sub-divided into page frames
– Programs and information are loaded as needed
• Paging
• Look ahead capability
• Page fault occurs when the machine can’t load the
next program piece into memory
– Order more memory
Managing Servers
• Stored data errors
– Disks wear out
– Maximize redundancy against cost
• Redundancy
• Fault tolerance – back-up mechanisms
– Trade offs against budget
Data storage models
• Mirroring ( Shadowing)
– Two disk exactly the same.
• Hardware & software mirroring
• One controller – two drives
– Duplexing
• Town controllers, two drives
Mirror
Duplex
Data storage models
• Raid
– Redundant array of inexpensive (independent)
disks ( Hardware or software)
– Involves disk striping
– Raid levels 0 thru 5
– The RAID appears as one logical disk
• RAID –1 is a disk mirror
Data storage models
• Raid
– RAID – 5 has at least three disks
• The more spindles, the smaller the impact on disk
space
• Data is written across all the disks, including parity
• If a disk fails, the parity is used to restore the data
when a new disk is installed
– See - http://www.acnc.com/04_01_00.html#top
Raid 0
RAID Level 0 requires a minimum of 2 drives to implement
Raid 0
• Characteristics/Advantages
RAID 0 implements a striped
disk array, the data is broken
down into blocks and each
block is written to a separate
disk drive
• I/O performance is greatly
improved by spreading the I/O
load across many channels and
drives
• Best performance is achieved
when data is striped across
multiple controllers with only
one drive per controller
• Disadvantages
Not a "True" RAID because it
is NOT fault-tolerant
• The failure of just one drive
will result in all data in an
array being lost
• Should never be used in
mission critical environments
Raid 0
• Advantages Cont.
• No parity calculation
overhead is involved
• Very simple design
• Easy to implement
• Recommended
Applications
• Video Production
and Editing
• Image Editing
• Pre-Press
Applications
• Any application
requiring high
bandwidth
Copyright © 2000 Advanced
Computer & Network Corporation.
Raid 5
• Characteristics/Advantages
Highest Read data transaction
rate
• Disadvantages
Disk failure has a medium
impact on throughput
• Medium Write data transaction
rate
• Most complex controller design
• Low ratio of ECC (Parity) disks
to data disks means high
efficiency
• Good aggregate transfer rate
• Difficult to rebuild in the event
of a disk failure (as compared
to RAID level 1)
• Individual block data transfer
rate same as single disk
Copyright © 2000 Advanced
Computer & Network Corporation.
Raid 5
•
•
•
•
•
•
Recommended Applications
File and Application servers
Database servers
WWW, E-mail, and News servers
Intranet servers
Most versatile RAID level
Copyright © 2000 Advanced
Computer & Network Corporation.
Tape Drives
• Historically proven to confuse people
– too many standards across manufacturers
• Cheaper for mass storage of data
• QIC Standard (Quarter inch Cartridge)
– 60 megs / 9 data tracks / 300 ft. of tape
– cartridge was too big
Tape Drives
• Second Standard (cassette)
• Lead to DC (large cartridge)
– MC (small Cartridge)
• Better the controller / faster the backup
• QIC-40
• FAT
• 20 Tracks
• 68 segments of 29 sectors
Tape Drives
• DAT (Digital Audio Tape)
– helical scan technology
• digital formatting
• high capacity / reliability
• 8mm
– high throughput
• DLT (Digital Linear Tape)
– 20 to 40 G compressed @ 1.5 - 3 M/sec
Tape Drives
• TRAVAN (3M)
–
–
–
–
–
–
proprietary, levels TR-1 through TR-4
400 meg uncompressed TR-1
800 meg uncompressed TR-2
1.6G uncompressed TR-3
4G uncompressed TR-4
All drives feature 2 to 1 compression
Tape Drives
• Which one?
–
–
–
–
Amount of data
Data throughput required
best for you standard
cost $$$
Tape Drives
• Software Considerations
– Unattended backup
– Macro Capability - changing options / file
selection
– Quick tape-erase
– Partial tape-erase
– Un-erase
– Password Protection
Tape Drives
• http://www.quantum.com/src/whitepapers/wp_reliability.htm
• http://www.quantum.com/src/whitepapers/wp_stp.htm
Backups
• Transferring data from a hard drive to
another medium
– CD, Tape, Disk
• Full Backup
– Image
– File – file
Backups
• Incremental
– Copy the files that have changed since the last
backup.
• Differential
– Files that changed since the last full b/u
• Daily
– Copy files that changed on a particular day
Other Storage Devices
•
•
•
•
•
Jazz Drives
Zip Drives
LS-120 drive
Magneto-Optical
WORM drives
Network Performance
• SNMP- Simple Network Management Protocol
–
–
–
–
Part of TCP/IP
Stores information in MIB, management information base
Collected using software agents
Monitored by a SNMP management station
• CMIP – Common Management Interface Protocol
– Higher memory requirements
– Part of OSI model
• http://www.3com.com/solutions/traffix/demoreq.html
Tools
• Multi Meter
– Voltmeter
– Ohm Meter
• Cable scanner
– Optical Fault Finder
– Time domain reflecometer (TDR)
• Protocol Analyzer
Firewalls
•
•
•
•
•
http://www.spirit.com/CSI/firewalls.html
http://www.firewallguide.com/
http://www.firewall.com/
http://firewall.esoft.com/
http://www.iss.net/customer_care/resource_center/whitepapers/
Firewalls
•
•
•
•
Address filtering
Packet filtering
Network address translation
PROXY server
Vulnerabilities
•
•
•
•
Personal computer
Network
Mainframe
Files & Programs
Vulnerabilities
•
•
•
•
Privacy
People
Building
Equipment
Trends that create vulnerabilities:
• Networking systems are proliferating,
radically changing the installed base of
computer systems and system applications.
• Computers are an integral part of American
Business, computer related risks cannot be
separated from general business risks.
Trends
• The widespread use of databases containing
personal information, i.e. medical or credit
records, places individual privacy at risk.
• Computers are placed in areas that demand
a high degree of trust, (i.e. medical
instruments) increases the likelihood that
accidents can result in death.
The ability to abuse computer
systems is widespread.
• The International political environment is
unstable, raising questions about the
potential for transnational attacks as
computer networks are growing.
• Computers are in demand and easily stolen.
Security
• Security implementation depends upon –
–
–
–
Value of the information protected.
Function the system performs
Cost vs. Benefit
Nature of the organization
The Nature of Security
•
•
•
•
•
Vulnerability
Threat
Countermeasure
Security must be holistic Technology, Management, and Social
Elements
Consists of • Computer hardware, software, network,
facilities, and people
• Safety and Security go hand in hand
• Physical Security - protecting the building
and the personnel within the building.
– Use access control – Cipher locks, fences, guards, TV monitoring
Consists of • Program Security - ensuring that computer
programs are not tampered with and the
physical code is reliable.
• Use frequent audits, local administrator,
configuration control
• Make use of accounting programs
Computer security
• More information is available to more
people. the lack of control over information
increases the opportunity for harm.
• Technology is advancing at a rate that out
paces the legal system.
Authorization vs. Access • Ensuring that those that use the programs
are in fact authorized to perform the
function.
• Password control, access control
• Network Security - monitoring the
computer network for unusual occurrences.
• Network management software
Site Security • Ensuring that the computer location is
protected and that in the event of a disaster
the software & hardware are protected.
• Off sight storage of software and files
• Alternate sight if primary sight is damaged
Personnel Security • Monitoring the employees within an
organization.
• Codes of Conduct, Security clearances,
• Background checks, network software to
• Watch for unusual activity, two-person
control