Embed Size (px)
Citation preview
COMP3122 COMP3122 Network ManagementNetwork Management
Richard HensonRichard Henson
January 2012January 2012
Week 1: Technical Issues, Week 1: Technical Issues, People IssuesPeople Issues
Learning Objectives:Learning Objectives:– Explain the relative merits and problems of Explain the relative merits and problems of
managing peoples’ linked computersmanaging peoples’ linked computers– Analyse the knowledge and skills needed to Analyse the knowledge and skills needed to
manage the technology of a networkmanage the technology of a network– Analyse the range of protocols developed to Analyse the range of protocols developed to
manage users and resources so they can get manage users and resources so they can get what need from the networkwhat need from the network
This is NOT just another This is NOT just another technical networks module…technical networks module…
– Question for youQuestion for you– in groups of 3-4…in groups of 3-4…
What does it take to be a What does it take to be a goodgood network manager? network manager?
Some of the Qualities neededSome of the Qualities needed
Knowledge of network technologiesKnowledge of network technologies Understanding of institutional ICT Understanding of institutional ICT
strategy/policystrategy/policy Patience and liking peoplePatience and liking people Ability to explain consequences ofAbility to explain consequences of
– actions (or inactions…)actions (or inactions…)– in non-technical termsin non-technical terms– to non-technical people (like senior managers)to non-technical people (like senior managers)
““Network Manager”Network Manager” is a fulfilling job is a fulfilling job
Easy to say…Easy to say… Whether this is true depends on many Whether this is true depends on many
things that are not necessarily to do with things that are not necessarily to do with technologytechnology
Factors? Over to you again…Factors? Over to you again…
Some Factors affecting Some Factors affecting the role of “Network Manager”the role of “Network Manager”
Size of the organisationSize of the organisation Number of sites within the organisationNumber of sites within the organisation Partners that the organisation shares Partners that the organisation shares
data withdata with
Some Factors affecting Some Factors affecting the role of “Network Manager”the role of “Network Manager”
The structure of the organisationThe structure of the organisation How much an organisation values its…How much an organisation values its…
– datadata– employeesemployees
How much do Network Managers How much do Network Managers get paid?get paid?
Estimates?Estimates?
““Network Manager” is often a Network Manager” is often a well-paid job…well-paid job…
AverageAverage salary (last 3 months): salary (last 3 months):– £52500 approx (!!)£52500 approx (!!)
High salary (large network)High salary (large network)– typically £70000typically £70000
Min salary (small network)Min salary (small network)– typically £20000typically £20000
Vacancies & salaries … currently increasingVacancies & salaries … currently increasing Ref:Ref:
– http://www.itjobswatch.co.uk/default.aspx?page=1&sortby=0&orderby=0&q=network+manager&id=0&lid=2618
Other Networking RolesOther Networking Roles
All networks require some “hands on”All networks require some “hands on”– Network technicians (av. salary £25000)Network technicians (av. salary £25000)
On larger networks, Network Managers On larger networks, Network Managers also have to manage skilled also have to manage skilled professional people as well:professional people as well:– Network engineers (av. salary £41500)Network engineers (av. salary £41500)– Network security (av. salary £5000)Network security (av. salary £5000)
More Questions (1)…More Questions (1)…
Employees are expensive…Employees are expensive… Computer networking kit is expensive…Computer networking kit is expensive…
““Why bother!” Why do organisations link Why bother!” Why do organisations link computers or other digital devices computers or other digital devices together?together?
Question 2…Question 2…
““What are the challenges of linking What are the challenges of linking multiple devices together?multiple devices together?
Question 3…Question 3…
““What background knowledge and skills What background knowledge and skills does anyone even thinking about does anyone even thinking about administering, maintaining and administering, maintaining and provisioning a network need to have?”provisioning a network need to have?”
Technical aspects of Technical aspects of Network Management (1)Network Management (1)
Making sure computers can Making sure computers can communicate very, very quickly and communicate very, very quickly and accurately:accurately:– knowledge and configuration of knowledge and configuration of
communications protocolscommunications protocols– management of IP addressingmanagement of IP addressing– management of other naming systemsmanagement of other naming systems
Technical aspects of Technical aspects of Network Management (2)Network Management (2)
Management ofManagement of– hardware devices and media connecting hardware devices and media connecting
them them – network servicesnetwork services– login/transfer of data/access to serviceslogin/transfer of data/access to services– as above, but across different networksas above, but across different networks
Anticipating/troubleshooting network Anticipating/troubleshooting network problems including backup/recoveryproblems including backup/recovery
Why Communications Why Communications Protocols?Protocols?
Protocol - set of rules/proceduresProtocol - set of rules/procedures Computer protocol:Computer protocol:
– rules programmed into software, carried out rules programmed into software, carried out by a CPUby a CPU
Communications protocolCommunications protocol– software that allows “intelligent” devices to software that allows “intelligent” devices to
exchange digital data rapidly & accuratelyexchange digital data rapidly & accurately
Networks and ProtocolsNetworks and Protocols
Early “networks” Early “networks” contained “dumb” contained “dumb” terminalsterminals– easier to manageeasier to manage– just electronics!just electronics!
Intelligent device? Intelligent device? essentials…essentials…– CPUCPU– storage capabilitystorage capability
Writing Network ProtocolsWriting Network Protocols
Written as “psuedo code”Written as “psuedo code”– can be translated into an implementation in a can be translated into an implementation in a
variety of languagesvariety of languages
Most network protocols written in “C” then Most network protocols written in “C” then compiled into machine codecompiled into machine code– code executes very fast…code executes very fast…
Needs lots of expertise, experience and Needs lots of expertise, experience and knowledge of electronics…knowledge of electronics…
Types of Types of Communications ProtocolCommunications Protocol
Many, many protocols have been Many, many protocols have been developed!developed!
OSI made it easier!OSI made it easier! Rules/procedures invoked depend on…Rules/procedures invoked depend on…
» number of devicesnumber of devices» issues involved in controlling the devices and issues involved in controlling the devices and
datadata» degree of control requireddegree of control required» speed of response requiredspeed of response required» many other factors…many other factors…
Familiarity with LAN hardware Familiarity with LAN hardware is ESSENTIAL…is ESSENTIAL…
RepeatersRepeaters– control up to OSI level 1 control up to OSI level 1
(i.e. no software))(i.e. no software)) BridgesBridges
– control up to OSI level 2control up to OSI level 2 Routers & SwitchesRouters & Switches
– control up to level 3control up to level 3 GatewaysGateways
– control at least up to level 4control at least up to level 4– could be right up to level 7could be right up to level 7
Hubs and Control (1)Hubs and Control (1) A variety of hubs available. All A variety of hubs available. All
need a power supply:need a power supply:– simplest (unmanaged or passive) simplest (unmanaged or passive)
just cleans up and splits the signaljust cleans up and splits the signal
– managed hub or “switch” can either managed hub or “switch” can either read:read:
» frames & MAC addresses (level 2) - frames & MAC addresses (level 2) - bridgingbridging
» packets and IP addresses (level 3) - packets and IP addresses (level 3) - routingrouting
» either can manage traffic to optimise use either can manage traffic to optimise use of network mediaof network media
Hubs and Control (2)Hubs and Control (2)
Some network switches Some network switches can read higher up the can read higher up the protocol stackprotocol stack– e.g. transport layer ports e.g. transport layer ports
(level 4)(level 4)» loading based on TCP dataloading based on TCP data
– more packet processing more packet processing required…required…
Layer 4
Layer 3
Layer 2
Layer 1
Software Development for Software Development for Network ProtocolsNetwork Protocols
Must include:Must include:– a naming/addressing system including a naming/addressing system including
all network devicesall network devices– communication of addresses of sending communication of addresses of sending
and receiving computersand receiving computers– a method of error checking and a method of error checking and
confirming complete deliveryconfirming complete delivery– resolution of other network-related resolution of other network-related
issues…issues…
Examples of LAN protocol Examples of LAN protocol stacks (OSI):stacks (OSI):
TCP/IP (LAN or WAN)TCP/IP (LAN or WAN) IPX/SPX (LAN only)IPX/SPX (LAN only)
IETFIETF International organisation responsible for assessing International organisation responsible for assessing
and agreeing network management protocolsand agreeing network management protocols– established in 1984established in 1984– after OSI model became an International Standardafter OSI model became an International Standard
IETF & “peer review” of new protocols evolved from IETF & “peer review” of new protocols evolved from the small group of computer scientists that developed the small group of computer scientists that developed the Internet (1969)the Internet (1969)– draft protocol circulateddraft protocol circulated– if assessment panel of peer agrees, the draft becomes an if assessment panel of peer agrees, the draft becomes an
RFCRFC
IETF today…IETF today…
Tradition continues… Tradition continues… www.ietf.org Suggestion for an Internet protocolSuggestion for an Internet protocol
– put it to the committeeput it to the committee– if response is good…if response is good…– Becomes a draft RFCBecomes a draft RFC
After several months without flaws…After several months without flaws…– Becomes an RFC (FAME!)Becomes an RFC (FAME!)– 6476 RFCs have been issued to date!6476 RFCs have been issued to date!
Example of an early Example of an early Communications ProtocolCommunications Protocol
FTP: Original Spec offered by FTP: Original Spec offered by (Bhushan, 1971)(Bhushan, 1971)– documented in RFC 114documented in RFC 114
» http://community.roxen.com/developers/idocs/rfc/rfc114.html
– comments on spec in RFC 141comments on spec in RFC 141– became part of the Internet infrastructure became part of the Internet infrastructure
via RFC 238via RFC 238– final improved version RFC 959 (in 1985)final improved version RFC 959 (in 1985)
The OSI seven layer The OSI seven layer software modelsoftware model
Agreed in the late 1970sAgreed in the late 1970s– based loosely on TCP/IP & IBM protocol modelsbased loosely on TCP/IP & IBM protocol models
Took until the late 1990s for most network Took until the late 1990s for most network software developers accepted it as a standardsoftware developers accepted it as a standard
Layers together make up a protocol stackLayers together make up a protocol stack– below layer 1, communications sent/received as below layer 1, communications sent/received as
digital signalsdigital signals– above level 7, visual communications reach the above level 7, visual communications reach the
human eyehuman eye
The OSI LayersThe OSI Layers
Physical LayerPhysical Layer
Data link LayerData link Layer
Network LayerNetwork Layer
Transport LayerTransport Layer
Session layerSession layer
Presentation LayerPresentation Layer
Application LayerApplication Layer
Networkmedium
Screendisplay
e.g. TCP
e.g. IP
Practical Exercise (break)Practical Exercise (break) Use the IETF website to locate RFCs Use the IETF website to locate RFCs
covering the following level 7 communication covering the following level 7 communication protocols. Make a note of the level 4 TCP or protocols. Make a note of the level 4 TCP or UDP port in each case:UDP port in each case:– SMTP (Simple Message Transfer Protocol)SMTP (Simple Message Transfer Protocol)– DNS (Domain Name System protocol)DNS (Domain Name System protocol)– HTTP (hypertext transfer protocol)HTTP (hypertext transfer protocol)– HTTP-s (secure http)HTTP-s (secure http)– POP3 (multiple message download to client)POP3 (multiple message download to client)
IETF Network Management IETF Network Management software modelsoftware model
Based on IETF Network Management Based on IETF Network Management Components, defined as:Components, defined as:– Network elementsNetwork elements– AgentsAgents– Managed object Management Information Base (MIB) Managed object Management Information Base (MIB) – Syntax notation Syntax notation – Structure of Management Information (SMI)Structure of Management Information (SMI)– Network management stations (NMSs)Network management stations (NMSs)– Management protocolManagement protocol– ““Parties”Parties”
Network ElementsNetwork Elements
Hardware devices such as computers, Hardware devices such as computers, routers, and terminal servers that are routers, and terminal servers that are connected to networks connected to networks
Sometimes called “managed devices”Sometimes called “managed devices”
AgentsAgents
Software modulesSoftware modules– reside in network elementsreside in network elements– Collect and store management information Collect and store management information
e.g.e.g.» number of error packets received by a network number of error packets received by a network
elementelement
Managed ObjectsManaged Objects Anything that can be managed…Anything that can be managed…
– e.g.:e.g.:» list of currently active TCP circuits in a particular host computerlist of currently active TCP circuits in a particular host computer
– differ from variables (particular object instances)differ from variables (particular object instances)» e.g. a single active TCP circuit in a particular host computere.g. a single active TCP circuit in a particular host computer
Can be scalarCan be scalar– defining a single object instancedefining a single object instance
or tabularor tabular– defining multiple, related instancesdefining multiple, related instances
Management information Management information Base (MIB) moduleBase (MIB) module
A Collection of related managed objects A Collection of related managed objects residing in a virtual information storeresiding in a virtual information store
Syntax notation Syntax notation (MIB managed objects)(MIB managed objects)
Language used to describe these objects in a Language used to describe these objects in a machine-independent formatmachine-independent format
Allows different types of computers to share Allows different types of computers to share informationinformation
Internet management systems use ASN.1 Internet management systems use ASN.1 – a subset of the International Organization for a subset of the International Organization for
Standardization's (ISO's) Open System Standardization's (ISO's) Open System Interconnection (OSI) Abstract Syntax Notation Interconnection (OSI) Abstract Syntax Notation
– to define to define » packets exchanged by the management protocolpackets exchanged by the management protocol» objects that are to be managedobjects that are to be managed
SMI (Structured Management SMI (Structured Management Information)Information)
Defines the rules for describing Defines the rules for describing management informationmanagement information
SMI itself defined using ASN.1SMI itself defined using ASN.1
Network management Network management stations (NMSs)stations (NMSs)
Physically, NMSs are usually engineering Physically, NMSs are usually engineering workstation-calibre computersworkstation-calibre computers– fast CPUsfast CPUs– mega pixel colour displaysmega pixel colour displays– substantial memorysubstantial memory– abundant disk spaceabundant disk space
Also called consoles…Also called consoles… Execute management applications that monitor and Execute management applications that monitor and
control network elementscontrol network elements At least one NMS must be present in each managed At least one NMS must be present in each managed
environmentenvironment
Management ProtocolManagement Protocol SNMP - the Internet community's de facto SNMP - the Internet community's de facto
standard management protocol standard management protocol – Used to convey management information between Used to convey management information between
agents and NMSsagents and NMSs Originally developed as a series of RFCsOriginally developed as a series of RFCs
– architectural Model for SNMParchitectural Model for SNMP» RFC 1065: Rose & McCloghrie, 1988 RFC 1065: Rose & McCloghrie, 1988
– MIB for SNMPMIB for SNMP» RFC 1066: Rose & McCloghrie, 1988 RFC 1066: Rose & McCloghrie, 1988
– The SNMP protocolThe SNMP protocol» RFC 1067: Case et al, 1988RFC 1067: Case et al, 1988
Rationalised in RFC 1157, agreed 1990Rationalised in RFC 1157, agreed 1990
Further Development of SNMPFurther Development of SNMP Evolved into SNMP v2 (RFC 1901, Evolved into SNMP v2 (RFC 1901,
agreed 1996) agreed 1996) – two new operationstwo new operations
» GetBulk - used to efficiently retrieve large blocks of GetBulk - used to efficiently retrieve large blocks of datadata
» Inform - allows one NMS to send trap information Inform - allows one NMS to send trap information to another NMS and to then receive a response to another NMS and to then receive a response
Later, SNMP v3 (RFC 2570, agreed Later, SNMP v3 (RFC 2570, agreed 1999)1999)
» adds security and remote configuration capabilitiesadds security and remote configuration capabilities
““Parties” (SNMP v2)Parties” (SNMP v2) Defined in SNMPv2 as logical SNMPv2 entities Defined in SNMPv2 as logical SNMPv2 entities
that can initiate or receive SNMPv2 that can initiate or receive SNMPv2 communication. Components:communication. Components:– a single, unique party identitya single, unique party identity– a logical network locationa logical network location– a single authentication protocola single authentication protocol– a single privacy protocola single privacy protocol
SNMPv2 messages communicated between SNMPv2 messages communicated between two partiestwo parties
SNMPv2 entity can define multiple parties, SNMPv2 entity can define multiple parties, each with different parameterseach with different parameters– e.g. different parties can use different authentication e.g. different parties can use different authentication
and/or privacy protocolsand/or privacy protocols
Controlling Flow of DataControlling Flow of Data
Data flow management built into protocolData flow management built into protocol Two main types: SYNCHRONOUS or Two main types: SYNCHRONOUS or
ASYNCHRONOUSASYNCHRONOUS– Synchronous:Synchronous:
» sent as a continuous flowsent as a continuous flow
» uses time signals to control flowuses time signals to control flow
– Asynchronous:Asynchronous:» sent as packetssent as packets
» next packet not sent until acknowledgement from receivernext packet not sent until acknowledgement from receiver
source sink
Data Routing TechnologiesData Routing Technologies Connection-Oriented (e.g. TCP use for Connection-Oriented (e.g. TCP use for
confirming receipt of a packet)confirming receipt of a packet)::– source, destination, and network topology all stored source, destination, and network topology all stored
in a databasein a database– single connection channel calculated from available single connection channel calculated from available
data using a routing algorithmdata using a routing algorithm– all data sent along that channelall data sent along that channel
Connectionless (e.g. IP):Connectionless (e.g. IP):– data sent in discrete units called packetsdata sent in discrete units called packets– each packet finds its own way through the network each packet finds its own way through the network
with the aid of routerswith the aid of routers
Connection-OrientedConnection-Oriented
All data follows the same routeAll data follows the same route
ConnectionlessConnectionless
Each packet follows its own routeEach packet follows its own route
Many other Technical Issues Many other Technical Issues resolved and became RFCs… resolved and became RFCs… Network Managers today don’t need to worry Network Managers today don’t need to worry
about developing their own protocolsabout developing their own protocols– so many have been developed…so many have been developed…
They do need to know what is out there, and They do need to know what is out there, and what it does…what it does…– RFC’s provide an exhaustive list of any “open RFC’s provide an exhaustive list of any “open
source” protocols proposed for Internet use since source” protocols proposed for Internet use since 19691969
– RFCs therefore hugely influential… in most cases RFCs therefore hugely influential… in most cases implementations available for popular operating implementations available for popular operating systemssystems
Less Technical Aspects of Less Technical Aspects of Network ManagementNetwork Management
Less technical because management is done Less technical because management is done at the desktop using “wizards”:at the desktop using “wizards”:– Fault ToleranceFault Tolerance– User ManagementUser Management– Control of user access to files & servicesControl of user access to files & services– Server ManagementServer Management– LAN managementLAN management– Multiple-site managementMultiple-site management– Virtual Desktop ManagementVirtual Desktop Management
Fault ToleranceFault Tolerance
ALL network hardware and software ALL network hardware and software should have a backup!!should have a backup!!
In case things go wrong...In case things go wrong...
User ManagementUser Management
More associated with “administration”More associated with “administration”– can also be technicalcan also be technical
Involves:Involves:– putting new users on the systemputting new users on the system– allocating users to groupsallocating users to groups– Making sure groups have appropriate Making sure groups have appropriate
network rights and privilegesnetwork rights and privileges
User Access ControlUser Access Control
At least 2 level access e.g. At least 2 level access e.g. username/passwordusername/password
Usernames & passwords stored in an Usernames & passwords stored in an authentication databaseauthentication database– sensible use of passwords (fixed rules)sensible use of passwords (fixed rules)
Username linked to level of privilegeUsername linked to level of privilege System must use a file system that System must use a file system that
includes file/folder level access controlincludes file/folder level access control
File SecurityFile Security No file security at all by default with DOS & No file security at all by default with DOS &
Windows, until Vista arrived…Windows, until Vista arrived… General principle not to allow users access to General principle not to allow users access to
files/folders they should not need to usefiles/folders they should not need to use Number of types of access:Number of types of access:
– e.g. read, execute, write, change, full controle.g. read, execute, write, change, full control
Files can also be remotely accessed through Files can also be remotely accessed through shares or a network directoryshares or a network directory
Server(s) ManagementServer(s) Management
Active Directory on a Windows networkActive Directory on a Windows network– Controlling user loginControlling user login– Controlling network assetsControlling network assets– Controlling access to server resourcesControlling access to server resources
Managing primary storageManaging primary storage– memory…. (largely automatic)memory…. (largely automatic)
Secondary storageSecondary storage– especially hard diskespecially hard disk
LAN ManagementLAN Management Active Directory (Windows) manages a Active Directory (Windows) manages a
domaindomain– includes servers, clients, users, and connections includes servers, clients, users, and connections
between all of thesebetween all of these– includes a range of other network services :includes a range of other network services :
» printingprinting» applicationsapplications» web accessweb access» file accessfile access
A Client uses services PROVIDED the A Client uses services PROVIDED the current user is given authority by active current user is given authority by active directorydirectory
Client-Server Networks on Client-Server Networks on Multiple SitesMultiple Sites
Multiple domainsMultiple domains Trust relationships between domainsTrust relationships between domains Inter-domain link:Inter-domain link:
– via telecoms line (expensive)via telecoms line (expensive)– via Internet (v. cheap!)via Internet (v. cheap!)– also needs a routeralso needs a router– if domains use different protocols, and/or if domains use different protocols, and/or
NOSs, gateway neededNOSs, gateway needed
Operating Systems serving Operating Systems serving Virtual DesktopsVirtual Desktops
A case of “back to the future”A case of “back to the future” Before the PC (“fat client”), network users Before the PC (“fat client”), network users
didn’t have local processingdidn’t have local processing– everything was centralised on the server(s)everything was centralised on the server(s)
The current trend is for “thin clients” where a The current trend is for “thin clients” where a whole desktop environment provided by the whole desktop environment provided by the server fits into an actual desktopserver fits into an actual desktop– Increased centralisation again on the serverIncreased centralisation again on the server
Why? Suggestions? In groups….Why? Suggestions? In groups….
Issues in client-server Issues in client-server networkingnetworking
Which NOS?Which NOS? Which protocol?Which protocol? How server security?How server security? Which Internet connectivity Which Internet connectivity
method/partner?method/partner? Communications within client-Communications within client-
server applicationsserver applications Thick or thin clients?Thick or thin clients? Network naming system? etc…Network naming system? etc…
Network Operating Systems Network Operating Systems (NOS) for client-server networks(NOS) for client-server networks
Three categories of product:Three categories of product:– Unix/Linux - established late 1970sUnix/Linux - established late 1970s
» many different proprietary versionsmany different proprietary versions» versions “free” to download but COMPLEXversions “free” to download but COMPLEX
– NetWare - established late 1980sNetWare - established late 1980s» best solution for most networks until Internet access became best solution for most networks until Internet access became
an issue. End up joining forces with Red Hat (Linux)an issue. End up joining forces with Red Hat (Linux)
– Windows NT/2000x - established mid/late Windows NT/2000x - established mid/late 1990s1990s
» became a popular rival to Netware largely because TCP/IP was became a popular rival to Netware largely because TCP/IP was packaged with it, and there was HUGE demand for Internet packaged with it, and there was HUGE demand for Internet access. Became the preferred product to Netware by 1997/8access. Became the preferred product to Netware by 1997/8
Summary: Why Network?Summary: Why Network?
Share resourcesShare resources Share dataShare data Authorise usersAuthorise users Keep data secureKeep data secure Manage resources remotelyManage resources remotely Allow all users Internet/email accessAllow all users Internet/email access
Summary: Why not network?Summary: Why not network?
No infrastructure initial & maintenance costNo infrastructure initial & maintenance cost No sharing neededNo sharing needed No risking sensitive dataNo risking sensitive data
– unless copied directly from machine or machine unless copied directly from machine or machine stolen!stolen!
Resources managed and maintained Resources managed and maintained individuallyindividually
No email/Internet access neededNo email/Internet access needed
Rest of this Course… Rest of this Course…
Will focus on network and user management Will focus on network and user management issues with a particular operating systemissues with a particular operating system– Windows 2003Windows 2003
Many issues present themselves on any Many issues present themselves on any networknetwork– most networks use Internet protocols to provide an most networks use Internet protocols to provide an
infrastructure e.g. TCP/IP, SNMPinfrastructure e.g. TCP/IP, SNMP– different operating systems have different features different operating systems have different features
for managing users and servicesfor managing users and services
