I have talked a lot about networking hardware and about the TCP/IP protocol. The networking hardware is used to establish a physical connection between devices, while the TCP/IP protocol is essentially the language that the various devices use to communicate with each other. In this article, I will continue the discussion by talking a little bit about the computers that are connected to a network.
Even if you are new to networking, you have no doubt heard terms such as server and workstation. These terms are generally used to refer to a computer’s role on the network rather than the computer’s hardware. For example, just because a computer is acting as a server, it doesn’t necessarily mean that it has to be running server hardware. It is possible to install a server operating system onto a PC, and have that PC act as a network server. Of course in most real life networks, servers are running specialized hardware to help them to be able to handle the heavy workload that servers are typically subjected to.
What might make the concept of network servers a little bit more confusing is that technically speaking a server is any computer that hosts resources over a network. This means that even a computer that’s running Windows XP could be considered to be a server if it is configured to share some kind of resource, such as files or a printer.
Computers on a network typically fall into one of three roles. Usually a computer is considered to be either a workstation (sometimes referred to as a client), server, or a peer.
Workstations are computers that use network resources, but that do not host resources of their own. For example, a computer that is running Windows XP would be considered a workstation so long as it is connected to a network and is not sharing files or printers.
Servers are computers that are dedicated to the task of hosting network resources. Typically, nobody is going to be sitting down at a server to do their work. Windows servers (that is, computers running Windows Server 2003, Windows 2000 Server, or Windows NT Server) have a user interface that is very similar to what you would find on a Windows workstation. It is possible that someone with an appropriate set of permissions could sit down at the server and run Microsoft Office or some other application. Even so, such behavior is strongly discouraged because it undermines the server’s security, decreases the server’s performance, and has the potential to affect the server’s stability.
The last type of computer that is commonly found on a network is a peer. A peer machine is a computer that acts as both a workstation and a server. Such machines typically run workstation operating systems (such as Windows XP), but are used to both access and host network resources.
In the past, peers were found primarily on very small networks. The idea was that if a small company lacks the resources to purchase true servers, then the workstations could be configured to perform double duty. For example, each user could make their own files accessible to every other user on the network. If a user happens to have a printer attached to their PC, they can also share the printer so that others on the network can print to it.
Peer networks have been traditionally discouraged in larger companies because of their inherent lack of security, and because they cannot be centrally managed. That’s why peer networks are primarily found in extremely small companies or in homes with multiple PCs. Windows Vista (the successor to Windows XP) is attempting to change that. Windows Vista will allow users on traditional client/server networks to form peer groups that will allow the users and those groups to share resources amongst themselves in a secure manner, without breaking their connection to network servers. This new feature is being marketed as a collaboration tool.
Earlier I mentioned that peer networks are discouraged in favor of client/server networks because they lack security and centralized manageability. However, just because a network is made up of workstations and servers, it doesn’t necessarily guarantee security and centralized management. Remember, a server is only a machine that is dedicated to the task of hosting resources over a network. Having said that, there are countless varieties of servers and some types of servers are dedicated to providing security and manageability.
For example, Windows servers fall into two primary categories; member servers and domain controllers. There is really nothing special about a member server. A member server is simply a computer that is connected to a network, and is running a Windows Server operating system. A member server might be used as a file repository (known as a file server), or to host one or more network printers (known as a print server). Member servers are also frequently used to host network applications. For example, Microsoft offers a product called Exchange Server 2003 that when installed on a member server, allows that member server to function as a mail server. The point is that a member server can be used for just about anything.
Domain controllers are much more specialized. A domain controller’s job is to provide security and manageability to the network. I am assuming that you’re probably familiar with the idea of logging on to a network by entering a username and password. On a Windows network, it is the domain controller that is responsible for keeping track of usernames and passwords.
The person who is responsible for managing the network is known as the network administrator. Whenever a user needs to gain access to resources on a Windows network, the administrator uses a utility provided by a domain controller to create a user account and password for the new user. When the new user (or any user for that matter) attempts to log onto the network, the users credentials (their username and password) are transmitted to the domain controller. The domain controller validates the user’s credentials by comparing them against the copy stored in the domain controller’s database. Assuming that the password that the user entered matches the password that the domain controller has on file, the user is granted access to the network. This process is called authentication.
On a Windows network, only the domain controllers perform authentication services. Of course users will probably need to access resources stored on member servers. This is not a problem because resources on member servers are protected by a set of permissions that are related to the security information stored on domain controllers.
For example, suppose that my user name was Brien. I enter my username and password, which is sent to a domain controller for authentication. When the domain controller authenticates me, it has not actually given me access to any resources. Instead, it validates that I am who I claim to be. When I go to access resources off of a member server, my computer presents a special access token to the member server that basically says that I have been authenticated by a domain controller. The member server does not trust me, but it does trust the domain controller. Therefore, since the domain controller has validated my identity, the member server accepts that I am who I claim to be and gives me access to any resources for which I have permission to access.
No comments:
Post a Comment