computer operating system, a network of computers cannot operate without a network operating system. Without a network operating system of some kind, individual computers cannot share resources, and other users cannot make use of those resources. This handout provides a general introduction to network operating systems (sometimes referred to as NOSs). It describes the basic features and functions of a NOS and contrasts these with the capabilities of a stand-alone operating system.
Novell's NetWare is the most familiar and popular
example of a NOS in which the client computer's networking software is added on to its existing computer operating system. The desktop computer needs both operating systems in order to handle stand-alone and networking functions together.
Network operating system software is integrated
into a number of popular operating systems including Windows 2000 Server/Windows 2000 Professional, Windows NT Server/Windows NT Workstation, Windows 98, Windows 95, and AppleTalk.
A computer's operating system coordinates the
interaction between the computer and the programs (applications) it is running. It controls the allocation and use of hardware resources such as: Memory CPU time Disk space Peripheral devices
In a networking environment, servers provide
resources to the network clients, and client network software makes these resources available to the client computer. The network and the client operating systems are coordinated so that all portions of the network function properly. 2. Multitasking
A multitasking operating system, as the name
suggests, provides the means for a computer to process more than one task at a time. A true multitasking operating system can run as many tasks as there are processors (CPUs). If there are more tasks than processors, the computer must arrange for the available processors to devote a certain amount of time to each task, alternating between tasks until all are completed. With this system, the computer appears to be working on several tasks at once.
There are two primary forms of multitasking:
Pre-emptive: In pre-emptive multitasking, the operating system can take control of the CPU whenever it wants to, without the task's cooperation. Non-pre-emptive (cooperative): In non-pre- emptive multitasking, the task itself decides when to give up the CPU. Programs written for non-pre-emptive multitasking systems must include provisions for yielding control of the processor. No other program can run until the non-pre-emptive program has given up control of the processor.
Because the interaction between the stand-alone
operating system and the NOS is ongoing, a pre- emptive multitasking system offers certain advantages. For example, when the situation requires it, the pre-emptive system can shift CPU activity from a local task to a network task.
3. Client software
In a stand-alone system, when the user types a
command that requests the computer to perform a task, the request goes over the computer's local bus to the computer's CPU. For example, if you want to see a directory listing on one of the local hard disks, the CPU interprets and executes the request and then displays the results in a directory listing in the window. In a network environment, however, when a user initiates a request to use a resource that exists on a server in another part of the network, the request has to be forwarded, or redirected, away from the local bus, out onto the network, and from there to the server with the requested resource. This forwarding is performed by the redirector.
3.1 The redirector
A redirector processes forwarding requests. Depending on the networking software, this redirector is sometimes referred to as the "shell" or the "requester." The redirector is a small section of code in the NOS that: Intercepts requests in the computer Determines if the requests should continue in the local computer's bus or be redirected over the network to another server
Redirector activity originates in a client computer
when the user issues a request for a network resource or service. Figure 1 shows how a redirector forwards requests to the network. The user's computer is referred to as a client because it is making a request of a server. The request is intercepted by the redirector and forwarded out onto the network. The server processes the connection requested by client redirectors and gives them access to the resources they request. In other words, the server services - or fulfils - the request made by the client. Figure 1 The operation of a redirector in the client operating system
Using the redirector, users don't need to be
concerned with the actual location of data or peripherals, or with the complexities of making a connection.
4. Server software
The role of the NOS on a server is to process and
act upon requests from clients (redirectors) for network resources managed by the server. For example, in Figure 2, a user is requesting a directory listing on a shared remote hard disk. The request is forwarded by the redirector on to the network, where it is passed to the file and print server containing the shared directory. The request is granted, and the directory listing is provided. Figure 2 A request for a directory listing over a network
The server is also responsible for controlling the
way in which resources are shared over the network. Sharing is the term used to describe resources made publicly available for access by anyone on the network. Most NOSs not only allow sharing, but also determine the degree of sharing. For example, an office manager wants everyone on the network to be familiar with a certain document (file), so she shares the document. However, she controls access to the document by sharing it in such a way that: Some users will be able only to read it Some users will be able to read it and make changes in it
4.1 Security models
It is the responsibility of the network administrator
to ensure that network resources will be safe from both unauthorised access and accidental or deliberate damage. Policies for assigning permissions and rights to network resources are at the heart of securing the network. Two security models have evolved for keeping data and hardware resources safe: Password-protected shares Access permissions These models are also called "share-level security" (for password-protected shares) and "user-level security" (for access permissions).
Implementing password-protected shares requires
assigning a password to each shared resource. Access to the shared resource is granted when a user enters the correct password. In many systems, resources can be shared with different types of permissions. The password-protected share system is a simple security method that allows anyone who knows the password to obtain access to that particular resource.
Access-permission security involves assigning
certain rights on a user-by-user basis. A user types a password when logging on to the network. The server validates this user name and password combination and uses it to grant or deny access to shared resources by checking access to the resource against a user- access database on the server. Access-permission security provides a higher level of control over access rights. It is much easier for one person to give another person a printer password, as in share-level security. It is less likely for that person to give away a personal password. Because user-level security is more extensive and can determine various levels of security, it is usually the preferred model in larger organizations.
4.2 Managing users
Network operating systems also allow a network
administrator to determine which people, or groups of people, will be able to access network resources. A network administrator can use the NOS to: Create user privileges, tracked by the network operating system, that indicate who gets to use the network Grant or deny user privileges on the network Remove users from the list of users that the network operating system tracks
To simplify the task of managing users in a large
network, NOSs allow for the creation of user groups. By classifying individuals into groups, the administrator can assign privileges to the group. All group members have the same privileges, which have been assigned to the group as a whole. When a new user joins the network, the administrator can assign the new user to the appropriate group, with its accompanying rights and privileges. 5. Overview of NOSs
The major server-based network operating systems
are Microsoft Windows NT 4 and Windows 2000 Server, Novell NetWare 3.x, 4.x and 5.x, and UNIX (including Linux and Solaris). The principal peer- to-peer network operating systems are AppleTalk, Windows 95 and 98, and UNIX. Each operating system has its own strengths and weaknesses, and its own supporters and detractors.
6. Windows 2000 Server
Windows 2000 Server is one of the most popular
server-based network operating systems. When you install and configure Windows 2000 Server it establishes a domain. The domain contains information such as what users are allowed to use the network and what computers are parts of the network. Computers must be joined to the domain before they can start to access its resources. The server that is in charge of managing the domain is called the domain controller. The domain controller provides a number of different services (i.e. programs) that carry out different network management functions. Three of the most useful are the Active Directory, the Dynamic Host Configuration Protocol, and the Domain Name Service. 6.1 Active Directory
The Active Directory service performs a number of
functions. One of these is to keep a track of which users are allowed to log on to the network, and what privileges and restrictions have been placed on these users. As was discussed above it is usually desirable to restrict the network privileges of some or all users, to prevent unauthorised access to sensitive information. Different user accounts will have different sets of privileges and restrictions. There is normally one special account, the administrator, which has access to do everything on the network. Only the network administrator knows the password for this account.
Another function of the Active Directory is to
manage which computers are joined to the domain. Just because a computer is physically connected to the domain controller via some form of cabling it does not mean that it is able to access all of the network resources available from it. First it must request permission to join from the domain controller. This permission is only granted if the user attempting to join it is using the administrator account, or another account with sufficient privileges. 6.2 Dynamic Host Configuration Protocol
Every computer on a network must have a unique
address. This address is attached to any packets of data that are intended for transmission to the computer. If the network is using the TCP/IP protocol, these addresses will be IP addresses (i.e. they will consist of 4 numbers between 0 and 255 separated by dots).
There are two ways of assigning IP addresses to
computers. The first is static addressing. In static addressing the network administrator manually assigns a different IP address to each computer. The computer will keep this IP address until the network administrator changes the software settings. If two computers have the same IP address a conflict will occur. If the conflict goes undetected then both computers will compete to receive packets of data sent to their IP address. However, normally the NOS will detect when an IP conflict has occurred and warn the administrator. Static addressing is a simple and easy solution and is commonly used in small networks where significant expansion is not envisaged.
The second way of assigning IP addresses is called
dynamic addressing. In dynamic addressing a program run on the server is responsible for assigning IP addresses to each computer. When a computer is first joined to the servers domain, it requests an IP address from this program, which then assigns an address chosen from a pool of free addresses that it maintains. The address is typically leased to the computer, i.e. it is not permanently assigned. Eventually the computers IP address lease will expire, and it will need to request a new one. This is why the scheme is called dynamic addressing: the IP address of a given computer can change over time, whereas in the static addressing scheme it is fixed, or static.
In Windows 2000 Server the program that is
responsible for leasing IP addresses is called the Dynamic Host Configuration Protocol (DHCP). DHCP maintains an address pool (a list of free IP addresses) and a list of address leases (the addresses that have already been leased).
6.3 Domain Name Service
As well as having a unique IP address, each
computer on a network has a unique computer name. On a local network, this name can just be a single word, for example FBE-SERVER or AWASA. On the Internet the name will consist of a sequence of words separated by dots, for example www.yahoo.com or www.bbc.co.uk. There is a one-to-one mapping between these computer names and IP addresses: every IP address corresponds to a single computer name and vice versa. The reason for using computer names instead of just IP addresses to identify computers is that they are easier for people to understand and remember.
If this one-to-one mapping exists then clearly the
NOS must maintain a list of which IP address maps to which computer name, so that it can translate between the two. For instance, if a user requests a directory listing from the computer AWASA then the NOS must first find out the IP address that corresponds to the name AWASA, and then send a request for the directory listing to that IP address. The process of translating a computer name into an IP address is known as name resolution.
In Windows 2000 Server the Domain Name
Service (DNS) is responsible for keeping the list of IP addresses and computer names and for providing a translation service between the two for client computers. 6.3.1 Naming hierarchies
Although there is a one-to-one correspondence
between URLs and IP addresses, it is important to remember that the positions of the dots in each of them are not significant. For example, if www.bbc.co.uk corresponds to the IP address 27.21.225.129, then it does not follow that 129 represents .uk, and 225 represents .co, and so on. The naming hierarchy is decided on by the local network administrator, based normally upon the structure of the organisation it represents. For example, Figure 3 shows a sample naming hierarchy for the .et domain. If there were a computer called fbe-server in the fbe subdivision of the domain, it would have the name fbe- server.fbe.mekelle.edu.et. The number of different segments to a computer name (in this example it is 5) is determined by the naming hierarchy. There is no global standard. Each organisation can choose how to structure names in its hierarchy.
Figure 3 A sample naming hierarchy for the
.et domain
6.3.2 Distributed lookup
The Internet contains a number of DNS servers. None of these servers knows the names and addresses of every computer on the Internet. DNS uses a system known as distributed lookup to enable every DNS server to be able to translate any address. This means that each DNS server is responsible for providing a translation service for a certain subset of computers only. If it receives a request that it cannot answer, it will forward the request to another DNS server that will know the answer. For example, in Figure 3 the DNS server at mekelle.edu.et provides a translation service for the .edu.et subdivision. If it receives a request for an address that it does not end in edu.et it will forward it to the root DNS server for the et domain.
Summary of Key Points
Without a network operating system of some
kind, individual computers cannot share resources, and other users cannot make use of those resources A network operating system can be part of a computer operating system (e.g. Windows 2000) or a separate application that runs on top of the computer operating system (e.g. Novell NetWare) By multitasking, computers can perform more than one task at a time Multitasking can be either pre-emptive or non- pre-emptive Server software is the means by which an NOS provides services to other computers on a network A redirector is used to forward client requests to the network Network planning must include plans for security. The level of security needed depends on the size of the organization and the sensitivity of the data. The two security models that keep data and hardware resources safe are password- protected shares and access permissions In password-protected shares, each network resource has its own password. If a user knows that password they can access the resource. In the access-permissions model, network rights and restrictions are assigned on a user- by-user basis. Each user has to enter a password when logging on to the network; the server then assigns that users rights and restrictions. In Windows 2000 Server, the Active Directory service is responsible for keeping track of what computers are currently joined to the domain, and which users are allowed to log on to the network. Every computer on a network must have a unique address. If two computers have the same address an address conflict occurs. There are two ways of assigning addresses to computers on a network: static and dynamic addressing. In static addressing, the networking administrator is responsible for manually assigning a unique address to each computer. The computer keeps this address indefinitely. In dynamic addressing, a program run on the server is responsible for leasing an address to each computer. Eventually the lease will expire and a new address must be requested. In Windows 2000, the Dynamic Host Configuration Protocol (DHCP) is the program responsible for leasing addresses. Every computer also has a unique name. Computers names have a one-to-one mapping to their addresses. In Windows 2000 Server, the program that is responsible for translating between addresses and names (and vice versa) is called the Domain Name Service (DNS). The process of translating between computer names and IP addresses is called name resolution. Notes prepared by: FBE Computer Science Department.
Sources: Networking Essentials Plus,
Microsoft Press An Introduction to Computer Networking, Mansfield & Antonakos Mastering Windows 2000 Server, Minasi et al
2006 Consensus Agreement On The Design and Conduct of Clinical Studies With Low-Level Laser Therapy and Light Therapy For Musculoskeletal Pain and Disorders