Chapter 10

UNIX Operating Systems

Developments in networking connectivity and compatibility have been phenomenal in the past twenty years, and the biggest contributor has been the UNIX operating system. UNIX was developed with networking capabilities built inóas opposed to other operating systems that rely on external network operating systems. Since UNIX is a very sophisticated system, I can't delve into every detail in this chapter. However, I will give you enough of an overview that you will understand how the UNIX network system as a whole operates, along with some of its most prominent features.

In this chapter, you learn the following:

What each UNIX network layer consists of.

The History of UNIX

UNIX (originally known as Unics) was developed by Ken Thompson and Dennis Ritchie in the Bell Telephone Labs at AT&T in 1969 on a DEC PDP-7. In 1970 it was moved to a PDP-11/20. In 1973, Thompson and Ritchie rewrote the kernel in C. Developed in a research environment, the original UNIX was free from commercial constraints and was a hacker's dream. Its kernel was tightly coded and portable, freely distributed, and almost completely modifiable. Most other operating systems of the time were clunky, machine-dependent, expensive, and not changeable.

The kernel is the innermost part of the UNIX operating system.

So if UNIX was so great, why didn't it become another high-priced operating system on the market? Because AT&T was constrained by anti-trust laws from competing in the computer industry. So the company distributed the code to research and educational establishments, who quickly ported and modified UNIX. The first release of UNIX to be distributed for educational purposes was the Fifth Edition (also known as V5). The Sixth and Seventh Edition followed (not surprisingly) in the mid-to-late 1970s. Finally, System V, which was released in 1983, was accepted as the industry standard. Through the 1980s, several releases of System V (SVR2, SVR3, and SVR4) were released. The latest is System V Release 4.2óalso known as Destiny. In 1990, AT&T created a subsidiary called UNIX System Laboratories (USL), which joined forces with Novell to create UnixWareóa compliment to Novell's NetWare.

While AT&T was developing these improved releases of UNIX, the Santa Cruz Operation (SCO), along with Microsoft, developed XENIX, a fully licensed version of UNIX designed to run on the IBM PC. The success of the PC rocketed XENIX into success along with it, and SCO reported the distribution of more than 100,000 licenses by 1987.

The Computer Science Department at the University of California at Berkeley made tremendous contributions to the ongoing development of UNIX. The Berkeley version of UNIX was called BSD, and included features such as the C shell, a text editor called vi, and support for TCP/IP communications protocols. However, Berkeley was not a commercial institution and did not provide reliable support for its versions of UNIX. In June of 1993, Berkeley stopped further UNIX development.

Shells are programs that let you communicate with the operating system. The shell's job is to intercept your commands and protect you from the kernelóand believe me, you want that protection.

The timeline in figure 10.1 summarizes how UNIX developed.

Figure 10.1 This timeline illustrates the development of UNIX.

With the growth of workstations, as opposed to PCs, UNIX became the operating system of choice among Sun Microsystems, IBM, Hewlett Packard, and countless others because of its innate portability and flexibility. Because of all the separate modifications to the original UNIX, there were some compatibility problems between different versions of UNIX. However, many UNIX vendors are working to unify UNIX through the Common Open Software Environment (COSE).

The UNIX Philosophy

In three words, the UNIX philosophy is compatibility, portability, and interoperability. These three words are a theme throughout this chapter and throughout any discussion of UNIX.

The Different Flavors of UNIX

As you saw in our history lesson, many people got involved in "improving" UNIX. Table 10.1 shows many of the varieties of UNIX and each one's vendor.

Table 10.1 Today's Various UNIX Flavors

The biggies are Hewlett Packard's HP/UX, Sun Microsystems SunOS/Solaris, IBM's AIX, and DEC's Ultrix.

UNIX and Networking

A UNIX network can consist of two UNIX machines connected via modem, or it can be a collection of many networks that lets you connect to hundreds of thousands of other machines. The Internet is the perfect example of the latter. Figure 10.2 shows a representative sample of a UNIX network.

Figure 10.2 A UNIX network can consist of a few machines or tens of thousands of machines.

Connecting machines to form a network gives you many more resources than you would have from just one machine. You can share files, send electronic mail, access USENET news articles, perform searches for information, and much more. By connecting your users to each other and even to the world, you can increase their productivity and efficiency.

Networking is inherent in the UNIX operating system. UNIX was built with networking and connectivity in mind from the beginning. The first UNIX connectivity protocol was the UNIX-to-UNIX Copy Program (UUCP), which let you connect two machines via serial line. The original service provided by UUCP was simply to copy files between the two machines, but the developers quickly added additional services on top of UUCP that let you execute certain commands (like sending mail). The most common version of UUCP today is Basic Networking Utilities (BNU). Now that most networks are larger than two computers linked together, TCP/IP has overtaken UUCP. TCP/IP is discussed in detail in "The Layers of a UNIX Network" further on in this chapter.

A UNIX network is based on the client/server model, in which a client requests services of a server and the server responds, and the Open Systems Interface Reference Model. By conforming to standards like the client/server model and the Open Systems Interface Reference Model, networks can communicate and work together much more easily. For a good understanding of networks and their components, read chapter 1, "Network Background."

The Client/Server Model

Everywhere you turn, people are talking about client/server, but what exactly is it? In the most general sense, client/server refers to a basic change in computing styleóthe shift from machine-centered systems to user-centered systems.

More specifically, a client/server system is one in which a network ties various computing resources together so clients (the front end) can request services from a server (the back end) that can supply information or additional computer power as needed.

Why is client/server such a hot topic? It is mainly because some of the expected goals of client/server computing include the following:

As you can see from these goals, organizations that move forward to client/server technology greatly increase their competitive edge.

Let's look at the client/server process a bit more closely. The client process first sends a message to "wake up" the server. Once the client and server have established communication, the client can submit the request. Figure 10.3 shows how clients and servers interact.

Figure 10.3 Exchanges between clients and servers basically consist of a request and a response to that request.

The client is the requester of services. Even though most illustrations shows the client as being a workstation, the client is really no more than a process. Services requested by a client may exist on the same workstations or on remote workstations and hosts connected via a network. The client always initiates the communication. Read chapter 6, "The Workstation Platform," for a complete discussion of the network client.

The client is the most important part of the client/server system. The client should be the only part of the system that the user is aware of, and the network and server should exist to answer the client's needs.

Servers respond to requests made by clients. Just as clients are processes, so are servers. Servers are the process that responds to client requests by performing the desired actions. A client can act as a server if it is receiving and processing requests as well as sending them (for example, a workstation also used as a printer server for others). Servers do not initiate communicationÅ97Ÿthey listen for client requests. Read chapter 5, "The Server Platform," for a complete discussion of the network server.

Let's use a simple example of a network printer server: the client asks the server to print a document on a specific printer, the server adds the print job to the queue, then notifies the client when the document has been successfully printed. The client process may physically reside on the same workstation as the server process. In this example, a print command could be issued on the network server workstation, making use of the print server process on that workstation.

The OSI Model

Open systems follow standards that allow different machines and platforms to communicate with each other as if they were the same. The standards define the format in which data is exchanged, how remote systems are accessed, and how systems are invoked.

The Open Systems Interface (OSI) reference model is a set of seven functional layers that define how information is exchanged over a network. As data is passed from machine A to machine B, it passes down through each layer on machine A and then up through each layer on machine B. Each layer is self-contained, which means that one protocol can be replaced with another at a particular layer without affecting the layers above or below it.

The seven layers are application, presentation, session, transport, network, data link, and physical. As figure 10.4 shows, the layers are categorized into upper and lower. Each layer requests services or data from the layer above it, and satisfies requests from the layer below it. Read chapter 3, "The OSI Model: Bringing Order to Chaos," for a complete explanation of the OSI model.

Figure 10.4 The seven layers of the OSI model provide a way to standardize network creation.

The upper layers rely on the lower layers functioning independently of one another.

Table 10.2 describes the function of each layer of the OSI model.

Table 10.2 The Seven-Layer OSI Model

Now let's look at each layer in more detail and see what protocols are used for UNIX networks.

The Layers of a UNIX Network

Networks are the cloudiest component of the client/server equationóand that means that client/server computing is doing its job. People generally don't know much about how networks really work with client/server systems because client/server systems are designed to make the network transparent to the user. In addition to being transparent to users, networks must be reliable. Without the network, the client/server system does not exist. Therefore, the network must be able to maintain connections, detect errors, and recover immediately from failures.

The networking side of UNIX is designed to control the server's communication services and to protect client and server programs from having direct contact with each other. The system focuses on providing reliable service, minimizing traffic across the network, and minimizing downtime.

Let me give you an example of how information is transferred over a network. Let's say you want to mail a letter to a friend. You would perform the following steps:

1. Place the letter in the envelope.

2. Address the envelope with the your friend's address and your return address, along with any special instructions (for example, first class or air mail).

3. Drop the letter off at the post office.

4. The post office delivers the letter.

5. Your friend gets the letter out of the mailbox, opens the envelope, and reads the letter.

Transferring data over the network is similar to mailing a letter. The data is packaged, addressed, and sent to its destination, where it is unpacked and read. Each of these steps is controlled by a layer in the OSI Reference Model.

The Physical Layer

The physical layer is, quite simply, the actual hardware (cables, hubs, and so on) required to create a connection between two devices. When you mail a letter to your friend, the mail delivery truck and the roads traveled make up the physical layer. Ethernet mediaóthin, thick, and twisted-pair cables and various connectors and convertersóare common to UNIX networks.

The Data Link Layer

The data link layer moves the transmitted signal from the hardware to the software by creating frames addressed to a unique network addressóthe media access control (MAC) address. Frames are series of data bits with a beginning (the header) and an end (the trailer). For example, you begin your letter with "Dear Ingrid" and end it with "Sincerely, Kay". You put that letter in an envelope, or a packet, and then write the address on the envelope. The Ethernet interface makes sure packets are sent and arrive correctly.

MAC addresses are also known as physical addresses or hardware addresses.

MAC addresses are 48 bits long. The first 24 bits are assigned to network equipment manufacturers to ensure that each manufacturer has a unique prefix, and the manufacturer is responsible for assigning each machine a unique 24-bit suffix. The addresses are represented as pairs of hex digits separated by colons like this:

ï 9:1:17:fh:7:5a

The data link layer uses the source and destination MAC addresses to send the packet to the correct machine on the network.

The Network Layer

The network layer determines the actual physical routing of the packet (also called a datagram at this layer) from node to node, taking into consideration network conditions and priorities. For example, if you send a letter via overnight express mail, the post office will send your letter by plane. However, if you send your letter third class, the post office may send your letter by truck. The protocol used by UNIX networks for the network layer is the Internet Protocol (IP).

In the 1970s, the United States Department of Defense created the Defense Advanced Research Projects Administration (DARPA). DARPA was given the task of creating the Internet, the network of networks. Originally, the network was called the ARPAnet, and it used IP to control the connections.

One of the primary functions of IP is routing, which is the process of directing datagrams over a network. IP only keeps track of the first hop, or jump to another network. For example, if you send an email message to someone, your message hops from network to network until it reaches its destination. Each node in the path only knows two things: the node the packet just came from and the next node in the path. This procedure is called store and forward routing, and it is controlled by IP (see fig. 10.5).

Figure 10.5 Store and forward routing means a node only has to know the packet's immediate destination, not its final destination.

***

Routing is automatic; however, you can turn off the automatic forwarding by modifying some TCP parameters. This modification is called a firewall, and is used to prevent breaches of security.

***

IP identifies the recipients by a unique 32-bit IP address, also called a dotted quad. The IP address is written as a set of four 8-bit octets separated by decimals, like this:

ï 152.52.2.2

The IP address refers to a machine's connection to the network, not to the actual machine itself. Therefore, if you move the location of a machine on the network, you must change the IP address.

IP addresses are assigned by the Network Information Center (NIC) at the Stanford Research Institute. (However, if your network is not connected to the Internet, you can determine your own numbering.) Each IP address falls into one of four categories: Class A through Class D. Table 10.3 shows the format of each class.

Table 10.3 The Four Classes of IP Addresses

Class A IP addresses are for very large networks with up to about sixteen and a half million machines. These addresses begin with a number from 1 to 126. Very few Class A numbers are assigned because very few organizations or countries have enough machines to justify a Class A address. Class B addresses are for intermediate networks with up to about sixty five thousand machines. These addresses begin with a number from 128 to 191. Class C addresses are for smaller networks with about two hundred and fifty machines. These addresses begin with a number from 192 to 223. Class D addresses are used for broadcast messages, which are messages sent to all nodes on a network or a subnet. Class D addresses begin with either 0 or 255.

Netmasks are bit masks that distinguish between packets that are local (addressed to your network) and are not routed, or packets that are addressed to other networks and need to be routed. Most versions of IP use the following default netmasks:

As you can see, broadcast messages and netmasks both can start with 255. That's because rarely would you broadcast beyond your own network.

***

IP addresses have to be unique on a network. MAC addresses, on the other hand, have to be unique in the world.

***

The Address Resolution Protocol

Since the network and data link layers are using different addressing schemes, you need a way for the network to identify physical addresses from IP addresses. The Address Resolution Protocol (ARP) does this for you by matching up IP addresses with physical addresses. For example, if a request comes in for a machine with a particular IP address, ARP looks up the corresponding physical address in an cache address translation table. The Reverse Address Resolution Protocol (RARP) does the oppositeóRARP works in the background to transparently convert physical addresses to IP addresses.

Domain Name System

Dotted quad IP addresses are not the most intuitive to remember. You wouldn't normally say to yourself, "Oh, I think I'll get that file off of 152.53.52.12 now." The Internet Domain Name System (DNS) supplies unique addresses that consist of easier-to-remember labels instead of numbers (although, to be quite honest, some of the labels can be quite cryptic). What this allows you to do is to specify the domain name in a command instead of the IP address. A domain name server then maps the name to the correct IP address.

For example, you can type "telnet serenity.kayos.org." Behind the scenes, the DNS client (also called a resolver) sends a query to the domain name server for the IP address that matches the domain name you specified. The domain name server looks up the IP address for serenity.kayos.org (which is 152.53.52.12). If the domain name server doesn't have the IP address for a particular domain name, it may have to send requests to other domain name servers to find it out. The server then sends the IP address to the DNS client. Your system then says to itself, "Oh, telnet serenity.kayos.org really means telnet 152.52.52.12," and proceeds with the command.

The domain names themselves are a series of text labels and, like the IP addresses, are separated by periods and are hierarchical in nature. At the end of the series of labels (all the way to the right) is the most general labelóa label that usually identifies the kind of network to which a machine is connected. Each successive label to the left is more specific, until you reach the label all the way on the left, which usually refers to a specific machine. Each domain name must be unique. See figure 10.6 for an illustration of how domain names work. You would read the domain name of the machine called "mystery" as

ï mystery.cloake_and_dagger.com.

Figure 10.6 The hierarchical nature of the domain name system provides a logical way to assign unique domain names.

The last label can also be a two-letter country code, like au for Australia or uk for United Kingdom. The country codes are specified in the International Standards Organization's document 3166.

The high-level (or root) domainóthe label all the way on the rightóseparates networks into administrative domains. Within each domain, the administrator of that domain is responsible for making sure all domain names are unique. Table 10.4 describes the high-level domains in use today and what they mean.

Table 10.4 High-Level Domains and Their Meanings

The root domain is a direct descendant of the ARPAnet, which created the com, edu, gov, mil, net, and org domains.

***

The country code is a bit tricky at first because it seems to not be consistently used. The logic behind it is this: normally, only countries other than the United States use the country code at the end of the domain name. United States organizations' domain names end in com, edu, gov, mil, net, or org. However, there is one exception (you knew that was coming, didn't you?). Primary and secondary schools, and local organizations and governments end in the country code us.

***

Some domain names actually just refer to other domain namesóthese domain names are called aliases. An alias is just another name for a server, similar to a nickname. Aliases often have functional significance. For example, many aliases begin with ftp because those aliases refer to the servers being used for FTP by particular organizations.

The Transport Layer

The transport layer is responsible for making sure the packet is transferred transparently and without errors. The transport layer is also the interface between the upper, application-oriented layers and the lower, network-related layers. For example, the quality assurance department at the post office makes sure your letter is delivered to the right place and in one piece. UNIX networks are built on two transport protocols: the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). TCP links two computer programs, much like UUCP links two computers. UDP lets two programs send short messages to each other.

TCP is very reliable: it keeps track of the order in which to deliver packets and which packets need to be resent because of problems. TCP can do this by maintaining state information for each transmission. State information describes the state of the connection and the transmission (for example, successful or failed). TCP is usually used when datagrams must be delivered in a particular order and when long-term network connections must be maintainedówhich is one reason TCP is used for the Internet.

UDP is less reliable than TCP. Where TCP delivers packets in order, UDP does not. Where TCP resends packets that arrive with errors (or don't arrive at all), UDP does not. However, UDP is a simpler and much faster protocol than TCP, which makes it an attractive choice when you are using applications that can perform TCP's functions themselves.

Both TCP and UDP use port numbers, which are another set of addresses. Where the MAC and IP addresses are equivalent to street addresses, the port number is equivalent to an apartment number. A single machine (which therefore has a single IP and MAC address) can have many processes using TCP and UDP at the same time. Each of these processes uses a port number to send and receive packets of data from other processes, local or remote. The packet header, which includes the source IP address, source port number, destination IP address, and destination port uniquely identifies every connection between two processes on the network. Port numbers from 1 to 1024 are reserved for processes run by superusers (anyone privileged to log in as root on a UNIX system). Port numbers above 1024 can be used by anyone.

Look in the file /etc/services to see the list of services and their assigned port numbers. Here's a sample of a partial /etc/services file. The first column lists the service, and the second column lists the port number and protocol being used.

Whenever a new protocol is adopted as a standard, a port number is assigned to it. That port number will always be used for that protocol.

The Session Layer

The session layer establishes, synchronizes, and controls a communication session between two processes. The communication session is simply a group of transactions. Once the exchange finishes, the session layer terminates the communication. The most common session protocol is the remote procedure call (RPC). RPCs are essentially client and server processes. As figure 10.7 shows, the client process on the originating machine sends a request to the server process on another machine. The session is equivalent to the delivery of your letterófrom when you dropped it off at the post office to when your friend receives it. Once your friend receives the letter, the post office's job is done.

Figure 10.7 A remote procedure call "hides" the remote part of the call from you.

When a request is transparent, the request looks like it is part of the local process; however, it is really coming from another machine on the network.

The Presentation Layer

The presentation layer provides the interface between the application and the services it requires. In other words, the presentation layer formats the data that is being sent or received. This layer can also compress or encrypt the data. The presentation layer corresponds to the process of putting your thoughts into words on the paper, and to your friend reading the words on the paper and understanding what you wrote. You could also have folded the letter up to fit into a very small envelope (compression) or written it in code so no one else could read it (encryption).

The presentation layer is critical in a heterogeneous network, where data is exchanged across multiple platforms. An example of a presentation layer protocol is the External Data Representation (XDR) protocol developed by Sun Microsystems. XDR lets different machines on the same network exchange data regardless of the type of machine that is sending or receiving the data. The way it works is by converting data into a common format called canonical representation. XDR takes machine-dependent data from the application layer and converts it into machine-independent data for the session and lower layers.

The Application Layer

The application layer includes services like electronic mail and network management applications that support users and other applications. In our example, you and your friend are the equivalents of the application layer.

The Network File System

The Network File System (NFS) was developed by Sun Microsystems in the mid-eighties and has revolutionized networking. NFS lets you share files and peripheral devices on different machines transparently, as if all the files or devices were on one machineóeven if those different machines operate on different platforms like mainframes, workstations, and personal computers.

How does NFS work? Well, when you set up the file system, you assign permissions that allow certain files and directories to be shared. The NFS server exports those directories, and the clients (the workstations or PCs on which your users are working) mount the directories they need. Mounting a directory just means accessing a directory remotely (on another machine), but having the directory appear to be local (on your machine).

Let's look at a quick example: Say you set up a small network for three users: Karen, Patty, and Tim. Karen is working on a top-secret project, so no one is allowed to access her files. Karen, however, needs to access Patty and Tim's files because they are producing supporting data for her project. As the system administrator, you set up Patty's and Tim's directories so NFS exports them. Karen can mount them anytime she needs them, and can use the remote files along with her local files. Patty and Tim, on the other hand, cannot mount Karen's directory (see fig. 10.8).

Figure 10.8 The network file system means you don't have to keep multiple copies of files and applications on your users' workstations.

Note that your users only mount the files and directories they needóNFS does not automatically make things globally available to all users.

Not only does NFS let users access files more conveniently, but NFS also makes your job as administrator much easier. NFS is a distributed system, which means that you can centralize file system administration. Instead of having multiple copies of files and applications on many machines, you can keep them all on one or more NFS servers and let your users access them remotely.

NFS is based on the client/server model and uses remote procedure calls to make file systems available. In the client/server model, a client issues a request and the server returns a response or takes a series of actions. The server can act on the request immediately or add the request to a queue. Acting on a request immediately might mean the server calculates a number and returns it right away to the client. Adding the request to a queue might mean the request has to "wait in line" to be served. A good example of this is when you print a document to a network printer. The server puts your request in a queue along with print requests from other clients. It then processes the request according to priority, which, in this case, is determined by the order in which the server received the request. NFS makes directories or peripheral devices available in the same way.

***

Servers can be considered to be event-driven, because essentially the server is in a waiting state until it gets a request from the client.

***

In addition to being able to mount file systems on demand, NFS has a feature that lets UNIX auto-mount and dismount file systems as needed.

The Network Information System

The Network Information System (NIS) was developed by Sun Microsystems to...well, to provide information. In fact, NIS used to be called the Yellow Pages, but for legal reasons they changed their name. NIS manages password and group files, and other information needed for administrative reasons. Essentially, NIS takes all the user and group information for all or most servers in a system, and creates a common list. That way, you only have to update the common list instead of the information on each machine.

***

NIS commands begin with yp, a holdover from the days when NIS was known as the Yellow Pages.

***

One example of the convenience NIS provides is passwords. Instead of having a different login and password for every machine and device on the network, NIS allows you to have one login and one password for any machine on the network (that runs NIS). In a word, NIS is a collection of maps. NIS not only lets you easily administer passwords, but also the following services:

Daemons

In UNIX networks, much of the work is done by daemons, which are processes that run in the background. Some of the daemons working for you on a UNIX network are described in table 10.5.

Daemon names end in d, so they are easy to recognize.

Table 10.5 Some UNIX Networking Daemons

The daemons listed in the above table are just a samplingóUNIX has more, as do NFS, NIS, and many other applications. In fact, even some of the daemons have daemons.

Remote Services

The main remote services are the ones with allow you to log in remotely, and transfer files. As you will see in the following sections, rlogin, telnet, rcp, and ftp are very versatile services.

Logging in Remotely

Two services, rlogin and telnet, let you connect to a remote computer over the network. For example, say you're in California for business. You have a laptop computer with you, but you need a file that is stored on your workstation in New York. You can use rlogin or telnet to login to your workstation and retrieve the file.

Both services use the TCP/IP protocol over the network to make the connection. rlogin hostname (where hostname is the actual name of the machine you want to log into) simply logs you into your remote machine and lets you issue commands and manipulate files as though you were actually sitting in New York using your machine. telnet hostname does the same thing. However, the telnet command offers more. If you use telnet by itself, you startup the telnet service in command mode. At the telnet prompt (telnet>), you can issue various commands, like send, which lets you send commands to remote hosts; open, which lets you connect to a particular host; and quit, which closes any existing connection and exits telnet.

Telnet has many commands you can use. Refer to your system documentation for a complete list with explanations of each command. Or, access telnet and type a question mark (?) at the prompt for just the list of commands.

Transferring Files

Files and file systems are the heart of the UNIX system and, therefore, of the UNIX network. Several services let you get the files you need. If you are using NFS, you can mount remote directories on your machine and use them as if they were local. You can use rlogin and telnet to access the files remotely. But what if you want a copy of the file on your own machine? How do you get it? You can use rcp or ftp.

rcp is the remote version of the UNIX copy command, cp. This command lets you copy one or more files from one location to another.

You can also use rcp to copy entire directories from a remote host!

The file transfer protocol, ftp for short, connects to a remote host and lets you manipulate files. The two main differences between ftp and rcp are the following:

ftp has many commands you can use. Refer to your system documentation for a complete list with explanations of each command. Or access ftp and type a question mark (?) at the prompt for help.

Anonymous ftp is a way to get around the need for user authentication. For example, say a university has an ftp server on which it stores shareware that anyone can copy. Now, obviously it isn't going to be very convenient, or even possible, for the university to set up a login and password for everyone who wants to download a file. Instead, users can use the login anonymous and their email address as their password. (Some systems require the login ftp and some other string as the password.) Once you log in as anonymous, you have limited access to an anonymous ftp directory and files and subdirectories contained within.

Anonymous really isn't anonymousómost ftp servers will log the connection, password, and actions taken.

Understanding UNIX Network Management Tasks

The purpose of network management is to build and maintain a network in such a way that you maximize productivity and efficiency. The primary network management tasks, each of which can be broken down into sub tasks, are the following:

Now, each of these tasks apply to any networkónot just UNIX networks. However, UNIX provides built-in ways for you to complete each task easily and efficiently.

Planning the Network

Good planning is a must. Without good planning, I can guarantee you will lose time and moneyówhich you probably have limited amounts to play withóduring both the creation and implementation stages. Consider these basic goals of network design:

UNIX is your best choice for every one of these design considerations, especially if you are running a medium-to-large, heterogeneous network. Read see chapter 2, "Overview of Network Systems and Services," for a complete discussion of networks and their associated systems and services.

Setting Up the Network

Setting up machines on a UNIX network involves several tasksómainly editing some configuration files. As with installing, every flavor has different requirements. However, I can list some of the basic tasks. Then you can refer to your UNIX vendor documentation for more information.

Every flavor of UNIX has different installation requirements and different delivery mechanisms. Refer to the installation documentation for the particular UNIX you are interested in.

The following tasks are examples of setup tasks:

Securing the Network

Securing the network is also called security management. Security management is the process of identifying and authenticating users, and controlling and auditing logical access to network resources.

Not only can you control who can use what data, you can also monitor who attempts to access that data and when. For example, if you find that during certain periods there are many unsuccessful remote login attempts to a database that contains top secret information, you have a security concern. You would check to make sure the database is secure and try to track down the user who is attempting to log in. Several tools automate these security management tasks for UNIX networks.

One of the caveats of a UNIX system is that UNIX was designed for maximum interoperability, which means that potential unauthorized remote logins are a real threat. However, much research has been done in this area over the years. Kerberos, from MIT, is a network security tool that is included in some versions of UNIX. NFS has improved security control, and UNIX itself has improved through the use of shadow files and encryption techniques.

A shadow file is a file that hides the password encryption in the passwd file from the user.

The bottom line in security for UNIX is that you must understand the UNIX system well to be able to set up and enforce a viable security net. Read chapter 20, "Tools for Restricting Access," for more information about security.

Managing the Network

Managing the network (called configuration management) is a very broad category that involves several tasks.

Configuration management is the art of managing the setup of all network devices. Why is configuration management important? Because, as network administrator or system administrator, you need to be aware at all times of what devices make up your network, what versions of software you are running, and so on. Configuration management is a must before you modify, secure, or tune your system. Also, if you are audited, you must be prepared to produce reports. For example, you can count on being audited to find out whether or not you have only legal software on all the devices on your network. If you maintain an inventory and regularly review this inventory, you will be aware of illegal software and will be able to remove it from your network promptly.

Configuration management may not seem very glamorous, but its practicality is essential to running any system.

We can break configuration management down further into these three steps:

Getting current network configuration data can be done manually or automatically. To get the data manually, you would have to remotely log into every device on your network to record the serial number and addresses. However, you need to be able to find every device to do this. Also, if you have several thousand devices on your network, getting the data manually may just not be practical. In this case, you can gather the data automatically, using a network management protocol to regularly record the data or by using an auto-discovery tool to list all devices on a network. Auto-discovery tools can also create a modifiable geographic or functional map of the network.

Analyzing the data and modifying the configuration can be done manually or automatically, depending on whether or not the data was gathered manually or automatically. Automatically is the better way to do it, since the changes made are recorded so others can see what you changed and how. Also, some tools can even confirm whether or not your proposed changes are appropriate and what kind of effect they will have on the network.

Maintaining the configuration information can be done by using a simple ASCII file. The benefit of the ASCII file is that most applications can read ASCII files, and you can use any available text editor to produce them. However, ASCII files consume a great deal of space, and large files are difficult to search. More importantly, an ASCII file is a glob of information that can't create relationships between data. A better way to store the information is in a relational database. Relational databases store, sort, and restore data efficiently and let you search for data quickly and easily. They also let you create relationships between various types of data. However, relational databases require more expertise because they are more complex to administer and often they have their own language (usually a flavor of SQL). Relational databases are also less portable than the simple ASCII file.

Relational databases introduced the Structured Query Language (SQL). SQL lets you perform searches without having to know anything about the structure of the dataódata access is transparent. SQL has been accepted by the computer industry as the standard data access language because of its ability to make databases transparent.

Backing Up and Restoring the Network

Since the UNIX network provides you with a network that is centrally administered, backing up and restoring the network is much easier than it might be on other systems. The following three basic utilities let you back up the network:

Each command basically works by copying the contents of the source host to the target device. Of course, there are any number of commercial products with a graphical user interfaces (GUIs) that are on the market.

A disaster recovery plan is a critical part of any network. See chapter 21, "Disaster Planning for Networks," for more information.

Tuning the Network

Tuning the network is also know as performance management. Performance management is critical to any organization because it is what increases network efficiency and productivity. Performance management involves three subtasks: monitoring performance, analyzing data, and optimizing the system.

Let's look at an example of performance management. If your users start complaining that the system is responding slowly to their requests, you need to do several things. First, determine whether there is a fault. If you determine there is no fault, then you need to examine the performance of each device and connection between the user and the network. When you find a performance problem (such as a device that is at maximum capacity), you decide what action to take. Now, as you can imagine, this process could be like searching for a needle in a haystack, even if your network isn't very large.

Performance management tools are designed to monitor and analyze data to detect problems for you, so you can concentrate on optimizing the performance of the network. See "Troubleshooting the Network" below for some of the utilities that you can use for tuning. And of course, there are plenty of commercial GUI products available.

Troubleshooting the Network

Troubleshooting the network is more formally referred to as fault management. All that means is that you find, identify, and fix problems (faults) in the network.

For example, if a user calls you and says they no longer can access the network, you need to determine what the problem is and fix it. First, you would try to figure out if there really is a network problem (as opposed to a user problem). Once you determine there is a problem, you would have to check each device and connection between the user's machine and the network. Then you would have to figure out how to fix the problem. (See chapter 31, "Locating the Problem: Server versus Workstation versus Links," for more information.)

Now, this process could be very tedious and time-consuming, and let's face it: time is a luxury you don't have. Therefore, instead of trying to troubleshoot manually, you would probably turn to one of several fault management tools available for UNIX systems.

UNIX has standard troubleshooting utilities that are available with all versions, and each vendor has its own tools to add to the list. Some of the standard UNIX utilities are described in table 10.6.

Table 10.6 Some Standard UNIX Troubleshooting Utilities

Comparing UNIX to Other Network Operating Systems

As you have seen thus far, UNIX has utilities to deal with just about every situation you could run into on a network. But how does it stack up against third-party network operating systems? Table 10.7 summarizes some of the main features of the "big three": UNIX, NetWare, and Windows NT.

Table 10.7 Comparing UNIX, NetWare, and Windows NT


If you are running a small network, the differences between these three operating systems might not be very obvious. However, I guarantee that the larger you go and the more diverse platforms you run, the more you need an operating system with the features UNIX offers. To make your comparison between the three operating systems, read chapter 8, "Novell NetWare," and chapter 9, "Microsoft Windows NT."

Summary

As we've said, this is only the tip of the iceberg. UNIX is a very mature, developed system with many features and even more tools available either commercially or as shareware on the Internet. Don't be intimidated by the seeming complexity, though. Ease-of-use has been one of the major improvements over the years, and your users can use the UNIX windowing system instead of working by command line. However, a complete understanding of the system and its philosophy is necessary to efficiently and wisely administer the system.