System Management

Download Report

Transcript System Management

System Management
• Evaluating an Operating
System
• Four Components of OS
• Measuring System Performance
– Measurement Tools
– Feedback Loops
– Monitoring
• System Security
• Ethics
• Accounting
System
System
Performance System
Security
Accounting
Powered by DeSiaMore
Performance
Management
1
Evaluating an Operating System
• In real-life OS, components don't work in isolation.
– Each component depends on other components.
• Most OS designed to work with certain piece of hardware,
category of processors, or specific groups of users.
– Evolved over time to operate multiple systems.
– Still favor some users & computing environments.
• To evaluate OS, must understand design goals, history,
how it communicates with users, how resources managed,
& what trade-offs made to achieve goals.
– Balance its strengths against its weaknesses.
Powered by DeSiaMore
2
The Operating System’s Components
• Performance of any resource depends on performance of
others.
• Any improvement in system made after analysis of
system’s resources, requirements, managers, & users.
– Key is to consider performance of entire system & not
just individual components.
• Memory Manager
• Processor Manager
• Device Manager
Parts of OS
• File Manager
• Network Manager
Powered by DeSiaMore
3
Memory Management Schemes
• If increase memory or change to another memory
allocation scheme must consider actual operating
environment in which system resides.
• Trade-off between memory use & CPU overhead.
Powered by DeSiaMore
4
File Management
•
Secondary storage allocation schemes help user organize
and access files on system.
1. File organization (contiguous, non-contiguous).
2. Location of a volume’s directory (main memory, disk).
3. Device on which files are stored.
•
Different schemes offer different flexibility, but trade-off
for increased file flexibility is increased CPU overhead.
Powered by DeSiaMore
5
Processor Management Issues
• Trade-off: better use of CPU versus increased overhead,
slower response time, & decreased throughput.
1. System could reach saturation point if CPU is fully
utilized but is allowed to accept additional jobs—result in
higher overhead & less time to run programs.
2. Under heavy loads, CPU time required to manage I/O
queues (which under normal circumstances doesn’t require
much time) could dramatically increase time required to
run jobs.
3. With long queues forming at channels, control units, & I/O
devices, CPU could be idle waiting for processes to finish
their I/O.
Powered by DeSiaMore
6
Ways To Improve I/O
Device Utilization
1. Blocking reduces number of physical I/O requests, but
CPU must block & later deblock records (overhead).
2. Buffering helps CPU match slower speed of I/O, but
requires memory space for buffers which reduces level of
processing.
3. Rescheduling requests helps optimize I/O times, but is
overhead function. Speed of CPU & I/O device weighed
against time to execute reordering.
•
Trade-offs: each of these options also increases CPU
overhead & uses additional memory space.
Powered by DeSiaMore
7
Network Management
• Synchronizes loads among remote processors, determines
message priorities, & selects alternative & efficient
communication paths over multiple data communication
lines.
• Allows network administrator to monitor use of individual
computers & shared hardware, & ensure compliance with
software licenses.
• Simplifies process of updating data files & programs on
networked computers by coordinating changes through
communications server.
• Security management.
Powered by DeSiaMore
8
System Security
• System has conflicting needs: to share resources while
protecting them.
• In early days, system was physically guarded & only
authorized users were allowed in vicinity.
• With advent of data communication, networking, personal
computers, telecommunications software, web sites, and email, computer security much more difficult.
• When networks connected to Internet, vulnerability & need
for information security increased exponentially.
Powered by DeSiaMore
9
Levels of Protection
• Depending on system’s connectivity, protection required:
– Computer level.
– Network level.
– Internet level.
Configuration
single computer
(without e-mail)
network
connected
Internet
connected
Ease of
Protection
high
Relative
Risk
low
medium
medium
low
high
Powered by DeSiaMore
Vulnerabilities
passwords, viruses
sniffers, spoofing
(+passwords, viruses)
e-mail, web servers,
FTP, telnet (+sniffers,
spoofing, passwords,
viruses)
10
Techniques to Protect
Hardware & Software
• Passwords -- unusual combination of characters &
numbers that is memorable, changed often.
– Guard against intruders who use default passwords, backdoor
passwords, dictionary terms, or “social engineering.”
– Smart card—credit card-sized calculator that requires something
user has with something user knows.
• Making backups & performing other archiving
techniques.
– Layered backup schedule used to back up entire system weekly &
daily backup only files changed during that day.
– Store copies of complete system backups in safe off-site location.
– Help restore systems damaged by viruses or disasters (e.g., fires,
malfunctions, hackers).
Powered by DeSiaMore
11
Techniques to Protect
Hardware & Software - 2
• Written policies & procedures & regular user training are
essential elements of system management.
•
•
•
•
•
•
•
Frequent password changes.
Reliable backup procedures.
Guidelines for loading new software.
Compliance with software licenses.
Network safeguards.
Guidelines for monitoring network activity.
Rules for terminal access.
Powered by DeSiaMore
Recommend
12
Malicious or Accidental Breaches
in Security
• Not all breaks in security are malicious.
– Some are only unauthorized use of resources.
– Some purposeful disruption of system’s operation.
– Others purely accidental -- hardware malfunctions,
undetected errors in OS, or natural disasters.
• Federal Computer Fraud and Abuse Act of 1986.
Powered by DeSiaMore
13
Security Breaches
1. Denial of service attacks -- synchronized attempts to deny service to
authorized users & customers by causing computer to perform task,
often unproductive task, over & over.
2. Accidental incomplete modification of data -- non-synchronized
processes access data records & modify some but not enough of
record’s fields.
3. Data values are incorrectly encoded when fields aren’t large enough
to hold numeric value stored there.
4. Intentional unauthorized access.
5. Browsing -- unauthorized users can search through storage,
directories, or files for info aren’t privileged to read.
6. Wire tapping of data communication lines (passive, active).
Powered by DeSiaMore
14
Security Breaches - 2
7. Repeated trials -- method used to enter systems that rely on passwords
via program that systematically goes through all possible combinations
until valid combination is found.
8. Trash collection -- people read anything thrown out by computer
department for important info used to enter system illegally.
9. Trap doors -- unspecified & non-documented entry points to system
including backdoor passwords.
– Caused by flaw in system design, installed system programmer
for future use or incorporated into system by destructive virus or
Trojan horse program.
Powered by DeSiaMore
15
System Assaults: Computer Viruses
• Virus -- any unauthorized program designed to gain access to
computer system, lodge itself in secretive way by incorporating itself
into other legitimate programs, & replicate itself.
• Worm—it replicates itself but is a self-contained program that’s selfpropagating. Worms thrive in network environments.
• Trojan Horse -- virus disguised as legitimate or harmless program
that sometimes carries within itself means to allow program's creator to
secretly access user's system.
• Logic bomb -- destructive program with time delay. Can spread
throughout network, often unnoticed, until predetermined time when it
goes off' & does its damage.
• Bacteria (rabbits) -- programs that do not explicitly damage any file.
Their sole purpose is to replicate themselves.
Powered by DeSiaMore
16
Sources of Viruses
• Very mobile on networked systems (e.g., Morris worm
infected +6,000 systems one weekend in 1988).
• Public bulletin boards, where easily reproduce.
• Included with illegal pirated software.
• Accidentally included in legitimate applications software.
Powered by DeSiaMore
17
Measures to Protect System
From Viruses
• Level of protection is usually in proportion to importance
of its data.
• Software to combat viruses available for most systems.
– Preventive programs calculate checksum for production program
& store in master file. Later, checksums compared.
– Diagnostic software compares file sizes, looks for replicating
instructions, & searches for unusual file activity.
• Encryption—putting it into secret code.
– Total network encryption, partial encryption, storage encryption.
– Increases system’s overhead.
– System becomes totally dependent on encryption process itself -can’t lose key!
Powered by DeSiaMore
18
Network and Internet Assaults
• Network assaults include compromised web servers, circumvented
firewalls & FTP & telnet sites accessed by unauthorized users.
• System vulnerabilities include file downloads, e-mail exchange, fire
walls, Internet connections, etc
• No guaranteed method of protection against system assaults since
evolve over time.
• Sniffers (packet sniffers) -- peruse data packets as they pass by,
examine each for specific info, & log copies of interesting packets for
more detailed examination.
• Spoofing -- assailant falsifies IP addresses of Internet server by
changing address recorded it packets it sends over Internet.
• E-mail transmissions may allow attachment of rouge programs, macro
viruses, or other destructive code.
Powered by DeSiaMore
19
Computer Industry Associated With
Lack of Ethical Behavior
• Seemingly conflicting needs of users: individual’s need for privacy,
organization’s need to protect proprietary info, public’s right to know.
• Illegally copied software -- lawsuits & large fines per transgression.
• Plagiarism -- illegal and punishable by law in United States.
• Eavesdropping on E-mail, data, or voice communications is sometimes
illegal and usually unwarranted, except under certain circumstances.
• Cracking (hacking) -- gaining access to another's computer system to
monitor or change data, and it’s seldom an ethical activity..
• Unethical use of technology (unauthorized access to private or
protected computer systems or electronic information) -- murky area of
law, but clearly wrong thing to do.
Powered by DeSiaMore
20
How Can Users Be Taught to
Behave Ethically?
• Continuing series of security awareness & ethics
communications to computer users is more effective.
• Publish policies clearly stating which actions will/will not
be condoned.
• Teach regular seminar including real-life case histories.
• Conduct open discussions of ethical questions:
–
–
–
–
–
Is it okay to read someone else’s E-mail?
Is it ethical for a competitor to read your data?
Is it okay if someone scans your bank account?
Is it right for someone to change results of your medical test?
Is it acceptable for someone to copy your software program and
put it on the Internet?
Powered by DeSiaMore
21
Measuring System Performance
• Total system performance -- “the efficiency with which a
computer system meets its goals.”
• Not easy to measure system efficiency because affected
by: user programs, OS programs, & hardware units.
• System performance can be very subjective & difficult to
quantify.
• Even when performance is quantifiable (e.g., number of
disk accesses per minute), it is relative.
– Based on interactions of 3 components & workload
being handled by system.
Powered by DeSiaMore
22
Measurement Tools
•
•
•
•
•
•
•
Throughput.
Capacity.
Response time.
Turnaround time.
Resource utilization.
Availability.
Reliability.
Measures of
system
performance
• Measures of performance can’t be taken in isolation from
workload being handled by system.
Powered by DeSiaMore
23
Throughput & Capacity Measures
• Throughput -- indicates productivity of system as whole.
– Measured under steady-state conditions.
– Gives “the number of jobs processed per day” or “the number of
on-line transactions handled per hour.”
– Also measures volume of work handled by computer system unit.
• Bottlenecks tend to develop when resources reach their
capacity (maximum throughput level).
– Resource becomes saturated & processes in system aren’t being
passed along.
– When main memory over-committed & level of multiprogramming
has peaked.
– Thrashing results from saturated disk drive
Powered by DeSiaMore
24
Response or Turnaround
Time Measure
• Response time -- interval required to process user’s
request from when user presses key to send message until
system indicates receipt of message.
– Important to on-line interactive users.
• Turnaround time -- time from submission of job until its
output is returned to user in batch jobs.
• Measure depends on workload handled by system at
request time & on job/request type submitted.
• To accurately measure system predictability, response time
& turnaround time must include their average & variance.
Powered by DeSiaMore
25
Resource Utilization &
Availability Measures
• Resource utilization -- measure of how much each unit is
contributing to overall operation.
– Given as a percentage of time that resource is actually in use.
– Helps determine if balance among units of system or if system is
I/O-bound or CPU-bound.
• Availability -- indicates likelihood that resource will be
ready when user needs it.
– Unit will be operational & not out of service a user needs it.
– Mean time between failures (MTBF).
– Mean time to repair (MTTR).
Powered by DeSiaMore
26
MTBF & MTTR
• Mean time between failures (MTBF) -- average time that
a unit is operational before it breaks down.
• Mean time to repair (MTTR) -- average time needed to
fix a failed unit and put it back in service.
Availability (A) =
MTBF .
MTBF + MTTR
Powered by DeSiaMore
27
Reliability
• Measures probability that unit will not fail during a given
time period and it’s a function of MTBF.
R(t) = e–(1/MTBF)(t)
•
where e is mathematical constant approximately equal to
2.71828.
Powered by DeSiaMore
28
Feedback Loops
• To prevent processor from spending more time doing
overhead than executing jobs, OS continuously monitors
system & feed info to Job Scheduler -- feedback loop.
– Scheduler allow more jobs to enter the system or prevent new jobs
from entering until some congestion relieved.
• Negative feedback loop mechanism monitors system &,
when it becomes too congested, signals appropriate
manager to slow down arrival rate of processes.
• Positive feedback loop mechanism monitors system, &
when system becomes underutilized, causes arrival rate to
increase.
– Used in paged virtual memory systems.
Powered by DeSiaMore
29
Monitoring
• Hardware monitors are more expensive but have minimum
impact on system because they’re outside of it & attached
electronically.
– E.g., hard-wired counters, clocks, and comparative elements.
• Software monitors are relatively inexpensive but because
they become part of system they can distort results of
analysis.
– Tools developed for each specific system; difficult to move.
• System measurements include other hardware units & OS,
compilers, & other system software.
• Measurements are made in a variety of ways.
– Benchmarks, simulation models.
Powered by DeSiaMore
30
Accounting
• Most computer system resources are paid for by users.
– With single user -- easy to calculate cost of system.
– In a multi-user environment, costs distributed among
users based on how much each uses system’s resources.
• OS sets up user accounts, assigns passwords, identifies
which resources available to each user, & defines quotas
for available resources (e.g., disk space or max. CPU time
per job).
• To calculate cost of whole system, accounting program
must collect info on each active user.
Powered by DeSiaMore
31
Pricing Policies
• Total amount of time spent between job submission and
completion
– Connect time -- in interactive environments this is the
time from log-in to log-out.
• CPU time is time spent by the processor executing job.
• Main memory usage in units of time, bytes of storage, or
bytes of storage multiplied by units of time.
• Secondary storage used during program execution can be
given in units of time or space, or both.
• Secondary storage used during the billing period is usually
given in terms of number of disk tracks allocated.
Powered by DeSiaMore
32
Pricing Policies - 2
• Use of system software includes utility packages,
compilers, and/or databases.
• Number of I/O operations -- usually grouped by device
class: line printer, terminal, and disks.
• Time spent waiting for I/O completion.
• Number of input records read -- usually grouped by type
of input device.
• Number of output records printed -- usually grouped by
type of output device.
• Number of page faults -- reported in paging systems.
Powered by DeSiaMore
33
Pricing Incentives
• Convince users to distribute their workload to system
manager’s advantage.
• Encourage users to access more plentiful and cheap
resources rather than those that are scarce and expensive.
Powered by DeSiaMore
34
Billing Information
• Some systems only give info on resource use.
• Other systems also calculate price of most costly items
(e.g., CPU utilization, disk storage use, supplies) at end of
every job.
• Advantage of maintaining billing records on-line -- status
of each user checked before user’s job is allowed to enter
READY queue..
• Disadvantage is overhead.
– Memory space is used & CPU processing is increased.
– Can defer accounting program until off-hours, when
system is lightly loaded.
Powered by DeSiaMore
35
Terminology
•
•
•
•
•
•
•
•
•
availability
backups
benchmarks
browsing
capacity
encryption
ethics
feedback loop
logic bomb
• mean time between failures
(MTBF)
• mean time to repair (MTTR)
• negative feedback loop
• password
• pirated software
• positive feedback loop
• reliability
• resource utilization
• response time
Powered by DeSiaMore
36
Terminology - 2
•
•
•
•
•
•
•
•
•
•
smart card
sniffers
spoofing
throughput
trap door
Trojan horse
turnaround time
virus
wire tapping
worm
Powered by DeSiaMore
37